radar-rss

A typosquatted package was sitting in PyPI for several years, putting users at risk.

Researchers discover three-year old malicious package in PyPIThe package is a typosquatted version of Fabric, with 37,000 downloadsIts goal is to steal AWS login credentials from the developers

A malicious Python package has been hiding in the Python Package Index (PyPI) for years, stealthily stealing people’s Amazon Web Service (AWS) credentials.

Cybersecurity researchers Socket outlined how a package called “fabrice” was uploaded to the repository back in 2021 – before PyPl deployed its advanced scanning tool.

Since the tools did not scan retroactively, the package remained on the platform and was offered to the users.

Hidden Risk

PyPI is one of the most popular Python package repositories in the world, with millions of daily downloads and a half-million hosted packages.

Fabrice is a typosquatted version of the “fabric” library, a package for SSH-based remote server management, designed to simplify system administration and deployment tasks. It is primarily used for scripting and automating tasks across multiple servers, and enables users to run shell commands remotely over SSH.

According to BleepingComputer, it has more than 200 million downloads, making it extremely popular, however its typosquatted version did not fare too badly itself, being downloaded more than 37,000 times by the time it was identified as malicious.

Fabrice targets both Windows and Linux users, and while it comes with a number of features and persistence mechanisms, its key job is to steal Amazon Web Services accounts. Once identified, the malware exfiltrates them to a VPN server, apparently operated by the the connectivity and cloud services provider, M247, in Paris, France. That makes tracking the actual destination more difficult, it was said.

To defend against these attacks, businesses can do two things – make sure they know exactly what they’re downloading from the internet, and deploy AWS Identity and Access Management (IAM) to manage permissions to the resources.

Typosquatting on PyPI is a common occurrence these days, and is the root cause of some of the bigger software supply chain attacks today.

You might also like

North Korean hackers are targeting Apple users with new macOS malwareHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now

Read More 

Thanks to AI celebrities can continue their careers even after death.

Legendary British TV talk show host Michael Parkinson to return in AI formPolish radio station Off Radio Krakow sacks its hosts and uses AI insteadNew Tom Hanks movie Here uses AI to de-age its stars

AI is being used to launch a new podcast from the late, great British TV talk show host Michael Parkinson, who died in 2023 aged 88. While that might sound creepy to some, the project called Virtually Parkinson is being fully backed by Mike Parkinson, the son of the legendary talk show host, and his estate.

Virtually Parkinson has been produced by Deep Fusion Films and will be an 8-part series launching later this year. Each episode will be unscripted, with the guests talking to the AI-generated Parkinson on headphones, as if he was a real person.

Michael Parkinson, known as “Parky”, was a legend of the British talk show scene, most notable for his TV show called simply Parkinson, which launched in 1971 and was a mainstay of British television until 1982. The show was brought back in 1998 and ran until 2004.

You can hear the AI-generated Michael Parkinson talk on a recent episode of ‘The rest is entertainment’ podcast. The fact that this isn’t Michael Parkinson talking is particularly creepy because it sounds just like him. His son however appears to be totally on board with the project. Each episode of the show is signposted to indicate that this is an AI-generated Michael Parkinson talking, so there is no attempt to deceive the listener. Talking to Podnews, Mike Parkinson commented “The podcast is really a tribute to my Dad. I want audiences to marvel at the technology, the cleverness and the cheekiness of the concept, but mostly I want them to remember just how good he was at interviewing and enjoy the nostalgia and happy memories. Through this platform, his legacy can continue, entertaining a new generation of fans.”

The future of podcasts

Earlier this year I wrote about NotebookLM, Google’s podcast generator that produces a complete AI-generated podcast in minutes from analyzing an article or YouTube video. What astounded, and unnerved me, most about Notebook LM was not how it managed to talk knowledgeably about any subject, but how difficult it was to tell that the podcast was completely AI-generated. The presenters sounded completely human. I knew at that point that this was only the beginning of AI podcasting.

While each podcast NotebookLM creates currently has the same two presenters, it’s still early days for its development and surely it won’t be long before a variety of presenters will be available. At that point, you have to start wondering if there’s even a future for humans presenting podcasts, talk shows, and radio shows.

Recently in Poland, the entire presenting team of radio station, Off Radio Krakow, was replaced with AI bots, and the resulting furore actually helped revive the station’s flagging fortunes. The three Gen Z presenters, Emilia, 20, Jakub, 22, and Alex 23 who come complete with pictures on the station’s website are completely AI-generated. The station isn’t limiting AI to the hosts either, it even bagged an interview with Wislawa Szymborska, a Polish cultural icon, recently, even though she died in 2012. Despite the revived fortunes of the station, which previously had hardly any listeners, the backlash to the sacking of human presenters for AI hosts caused the station to abandon its AI experiment in the end.

Character AI can be used to recreate and interact with famous people from any time in history. (Image credit: Character AI)

AI killed the video star

AI mimics of human presenters won’t stop with podcasts and talk shows. Chatbot website Character AI has already hit the headlines and drawn some controversy, for its unrestricted ability to let you talk to long-dead historical figures like Socrates and Cleopatra, but also to more modern celebrities, both real and fictional like Steve Jobs and Harry Potter.

As the capabilities of AI video generation continue to improve there has been a lot of speculation about AI replicating actors in movies after their death. One Hollywood star who is not keen to be represented by AI in the afterlife is Robert Downy Jr. The star of the Marvel Avengers and Iron Man franchises recently declared that “I will sue all future executives who make AI replicas of me,” during an episode of the On With Kara Swisher podcast.

Currently, it seems that AI is being more commonly used to unsettlingly enhance or manipulate living actors. The $50 million movie Here recently used AI to de-age Tom Hanks and Robin Wright over a 60-year time period, using AI models that require no additional hardware and show the results during filming. It’s a technology that wouldn’t have been possible three years ago, and that is much more efficient than using costly CGI to de-age actors on a frame-by-frame basis.

There’s a lot of concern from the creative industries, particularly among artists and illustrators, that AI is going to steal or devalue their jobs, as AI image creation becomes better and more realistic, but as Virtually Parkinson and the movie Here has shown, AI can actually be used to create experiences that wouldn’t have been possible before. It remains to be seen if, ethically at least, audiences will be comfortable with them.

You might also like…

AI could actually change movies for the better – and fix that awful Game of Thrones finaleYou’ll want to try Meta’s amazing new AI video generatorI tried Google’s new one-click AI podcast creator, and now I don’t know what’s real anymore

Read More 

Themed custom Genmoji are going viral on TikTok as users share Apple Intelligence emojis to huge audiences.

Genmoji is now available in iOS 18.2 public betaUsers have been sharing custom AI emojis on social mediaOne TikTok post has gone viral with over 2.7 million likes

iOS 18.2 public beta is now out in the wild and one of the biggest new Apple intelligence features, Genmoji, is already proving to be a massive hit.

Apple’s generative AI emojis aren’t set to officially launch until next month, but users are already taking to social media platforms like TikTok to share custom-designed emoji packs based on different themes.

One TikTok user, secretlygabi’s video has been viewed 23.7 million times and has 2.7 million likes, pretty incredible considering the feature isn’t even officially released yet.

The video shows themed Genmoji with different sets of emojis such as a holiday-themed set including a Christmas tree, pinecones, and Rudolph the Reindeer as well as a pink-themed set including AirPods Max with pink bows and a pink picnic blanket.

While Genmoji is limited to the best iPhones running iOS 18.2, iPhone 15 owners and below with iOS 18.1 are able to take advantage of the custom-themed icons. By simply selecting the images and turning them into stickers, even iPhones that aren’t compatible with Apple Intelligence can get in on the action.

Custom Genmoji packs

(Image credit: Future / secretlygabi / Apple)

Genmoji has only been available to the public for a week, and it’s still in development, yet we’re already seeing the viral potential of Apple’s AI emojis. I had previously written about Genmoji convincing me that Apple Intelligence would be a huge success and viral social media posts like the one above only make me believe that even more.

Apple Intelligence’s next wave of features including Genmoji, Image Playground, and ChatGPT integration in Siri is set to arrive in December for all compatible devices including the iPhone 16 as well as the best iPads and best Macs.

You might also like…

Apple Intelligence “changed my life” says Tim CookiPhone 16 Pro reviewI’ve used Apple Intelligence Writing Tools and it supercharges the Notes app

Read More 

All cloud models have their advantages but not every model necessarily works well for every application. Every business has its own individual complex infrastructure and performance needs.

When it comes to maximizing the potential of the cloud, every IT department needs to make critical decisions regarding the appropriate cloud infrastructure for their organization’s data and application workloads. With countless different providers, solutions and models on offer, many IT teams find it hard to make informed decisions and identify the one solution that works best for their organization. Factors such as cost, capacity, scalability and security all come into play, and even deciding between public and private cloud can be a challenging first hurdle to cross.

Spot the difference

When it comes to public cloud, there are several key advantages, not least scalability. You can grow and shrink your resources according to demand and whenever you need additional compute power, storage or networking, it is there on tap. In comparison, private cloud platforms are limited to the available hardware within the environment.

Public clouds also offer increased reliability with consistent, dependable services and minimal downtime (SLAs guaranteeing 99.99% uptime are not unusual). At the same time, they typically enhance compliance with various regulatory requirements demands regarding data.

Cost is another factor that plays a part in decision-making. From a public cloud perspective, they usually offer a flexible subscription model with hourly or monthly billing, meaning no need for a costly upfront investment in software licenses or hardware. Some studies have indicated that the public cloud provides a 30% cost reduction compared to hyperscalers based on standardized workload benchmarks. Depending on your particular use case, that could vary.

On the other side of the question is the private cloud and it too offers a number of benefits. When it comes to security, hosting privately obviously means you are the sole tenant with exclusive access to the resources with no other users on the server. All data and applications reside within your company’s boundaries, minimizing the risk of malicious access and data breaches.

Although public cloud can help with some data compliance regulations, the private cloud approach actually provides better regulatory adherence. That’s because it offers enhanced control over compliance requirements meaning organizations subject to healthcare, government or financial regulations can enforce compliance more effectively.

Private clouds also provide an increased level of customization, so you can tailor hardware, software, and configurations to meet your specific needs. This control allows for fine-tuning to create optimal performance, resource utilization, and bandwidth capabilities. And, when considering cost, private clouds offer long-term predictability. Rather than usage-based pricing, which can rise at the whim of the cloud provider, private clouds have all the costs baked in on a fixed infrastructure. This means you know precisely what resources are in operation and how much they will cost over the years. This helps with budgeting and financial forecasting, making it simple to predict lifetime costs of infrastructure.

Private clouds can also include integrated managed services and self-service tools, enabling authorized users to provision resources as and when required. This versatility enhances operational efficiency and reduces the administrative overhead, while managed services can address maintenance, monitoring, and troubleshooting.

Public cloud use cases

Given scalability is the key advantage of the public approach, it is best suited to deploying web applications, APIs and content delivery networks; spinning up temporary environments for development, testing and prototyping; processing large datasets; and hosting collaboration tools, email exchanges and productivity suites.

Private cloud use cases

When considering the private cloud, having exclusive network and hardware and customization is key. This makes it ideal for storing sensitive data, confidential information and intellectual property; running legacy applications that won’t work in a public environment; meeting industry-specific regulations; and undertaking HPC simulations and modelling.

Best of both worlds

The hybrid cloud approach is an alternative for businesses, combining the flexibility and scalability of the public cloud with the control and security of private infrastructure. This blend allows organizations to balance their need for agility with their requirements for data protection, and regulatory compliance.

With the hybrid model, organisations can also optimise costs by keeping routine workloads and sensitive data in the private cloud while using the public cloud for less sensitive operations that demand more computational power. When it comes to innovation, hybrid provides access to cutting edge technologies such as AI, machine learning and big data analytics via the public cloud without the need for a massive upfront investment, while maintaining sensitive legacy applications on-site.

Whichever model suits you best, there is no doubt that some flavor of cloud will help boost your business. Now is the time to explore how cloud technologies can work best for you.

We’ve featured the best cloud storage.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More 

The government’s plan to realize significant growth via AI risk falling short if we do not limit AI washing in all its insidious iterations.

Ongoing discussions on the economic prospects for the UK have left Labour leaders with an unenviable task. They are under immense pressure to propel growth, secure the UK as a tech leader, and steady the country amidst ever changing economic tides. As part of that conversation, many have noted the promising uplift that AI adoption could deliver, following a landmark few years of rapid technological progress.

The International Investment Summit in October 2024 set out these intentions, with the government announcing major investment plans in emerging growth areas, including AI and infrastructure. But is AI as bankable as some economic commentators believe?

AI fatigue

I recently attended a Californian tech tradeshow. Amongst the excitement and future-gazing that one expects, there was also a sense of AI fatigue. Seasoned tech watchers are already forecasting an emerging story they know all too well: the pioneering breakthrough technology, the fervent early adoption, the mass market hype cycle – and then, the growing gap between expectations and reality, the over-investments weighing heavily on balance sheets, the skeptical backlash, the burst bubble.

Is today’s AI market in danger of repeating such a cycle? To answer that question, we need to take a step back.

The release of ChatGPT in late 2022 almost single-handedly changed the AI landscape. Generative AI is now a technology that everybody is aware of, and the scale of that cultural moment has had two key consequences. Firstly, it has meant many people now hear ‘AI’ and think ‘chatbot’ – overlooking the fact that generative AI is just one subset within a field that has a broader, deeply-researched meaning and impact. Secondly, that speculation and confusion about what ‘AI’ now means has left people susceptible to hype and misinformation about the technology.

A business today surveying their options for AI faces significant hurdles. Spurred by a wave of AI hype, there are now a plethora of allegedly AI-powered solutions, too often with underexplained, overstated, or fundamentally misleading claims about AI components capabilities. You don’t have to work in tech to spot this happening. Adverts for AI-powered toothbrushes are rampant on social media, for example.

This phenomenon – one which is rapidly on the rise – is known as AI washing.

AI washing

AI washing can come in different forms. Sometimes it means significantly exaggerating how advanced or capable the AI technology in a product really is. Other time taking conventional or legacy technology and re-labelling it as AI. And sometimes it simply means obscuring the human labor that actually powers a product.

The government’s plan to realize significant growth via AI risk falling short if we do not limit AI washing in all its insidious iterations. Earlier this year, the U.S. Securities and Exchange Commission levied $400,000 in response to civil penalties for misleading statements about AI. The UK, a leader in the tech space and a formidable player in the AI race, has an opportunity to go further, putting purpose-built frameworks in place to mitigate against this growing phenomenon.

AI-washed products and services threaten real failures for businesses, consumers, and the many public services that will seek to rely on AI in coming years. Left unchecked, misrepresentation of AI capabilities in critical areas such as healthcare, finance, and security could have disastrous consequences. If AI is to be the shot in the arm that the economy needs, it’s crucial that we don’t allow falsely labelled products to damage user trust and purchasing confidence.

Effective implementation

The UK has successfully played the role of catalyst in important international conversations around AI and its effective implementation. Now, equally concerted investments should be made into AI as part of the national industrial strategy: nurturing the businesses building it, protecting the consumers affected by it, and guiding, supporting, and empowering the businesses adopting it.

Thoughtfully-implemented and well-governed AI will revolutionize industries and drive unprecedented efficiencies globally. However, the realization of this potential hinges on one crucial factor: trust. If consumers, businesses, and policymakers cannot trust how AI is marketed, sold, and deployed, the foundation of this technological revolution will be compromised.

We’ve featured the best AI website builder.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More 

Intel previously suspended employee benefits, but it’s now giving workers back access to free tea and coffee.

Intel workers will now get free tea and coffee in the officeOther reinstated employee benefits are unconfirmedCompany revenue dropped 1% YoY last quarter, it could drop again next quarter

In an effort to boost workers’ morale and encourage them to be more productive in the office by giving them more creature comforts, Intel has restored its free tea and coffee provisions.

The gesture comes after a tumultuous few months for the company, which was forced to lay off around 15,000 workers just a couple of months ago.

Intel had previously put an end to employee perks, like free beverages, fruit, fitness trainers and other in-house amenities as a cost-cutting measure, but it has now reinstated what seems to be its lowest-cost offering.

Intel will give workers free hot drinks again

Speaking about the internal changes, Intel CPO Christy Pambianchi said: “We really aren’t in a situation where we could continue to afford benefits and programs that are above market practice.” Free food and drinks at the company reportedly cost it $100 million annually.

Reducing its headcount by 15% and implementing other cost-cutting measures are hoped to save the company around $10 billion in annual expenses.

In its most recent earnings release, the company revealed revenue dropped 1% year-over-year to $12.8 billion, and also predicted poor performance for the next quarter. At its low point of $12.5 billion, revenue could drop even further, but at its high point of $13.5 billion, Intel could see a small uptick.

Intel CFO David Zinsner commented: “Second-quarter results were impacted by gross margin headwinds from the accelerated ramp of our AI PC product, higher than typical charges related to non-core businesses and the impact from unused capacity.”

Previously synonymous with data center chips, Intel has recently been facing stiff competition from AMD, and losing out on business and subsequently subsidizing chip costs has put the company in a troubling situation.

Furthermore, Nvidia’s early entry to the AI chips market has catapulted it to huge successes – earlier this summer it became the third company to hit a market cap of $3 trillion, marking a mammoth increase over where it was two years ago.

TechRadar Pro has asked Intel whether it will be reinstating any further benefits given the sizable reduction in headcount. We are awaiting a response.

Via Tom’s Hardware

You might also like

Find a new career with the best job sites and best recruitment platformsAMD just outsold Intel in the data center space for the first time everWe’ve listed all the best HR software

Read More 

A new Indiana Jones and the Great Circle trailer offers a deep dive into the upcoming game.

A new Indiana Jones and the Great Circle trailer has arrivedIt offers a deep dive into the game’s mechanicsThe game launches on December 9

A new trailer for Indiana Jones and the Great Circle has arrived, giving us an extended look at the upcoming action-adventure game.

The video lasts just over 14 minutes and provides a couple of new details about some of Indy’s abilities. We see his trademark whip being used for everything from impromptu ziplining to swinging over large gaps and even disarming enemies.

We also learn that he is equipped with a camera, which can be used to take collectible photos or to trigger hints in puzzle segments. Maps, letters, and other pieces of important information are stored in Indy’s journal which can then be viewed at any time.

You can see everything for yourself in the trailer below.

Stealth is a key part of the trailer, with Indy donning disguises to sneak around guarded areas. When that doesn’t work out, there is a rich melee combat system with a variety of possible combo attacks to master. You can make use of guns too, either with Indy’s trademark revolver or those recovered from enemies and the environment.

The trailer also outlines the basic details of the story, which is set after the events of the 1981 Raiders of the Lost Ark film. It begins when a mysterious relic is stolen from Marshall College, the Connecticut university where Indy serves as a professor when he’s not out adventuring.

His attempts to discover the meaning behind the theft lead him to the mystery of the great circle, which he will try to solve with the support of allies around the world. The main antagonist is the rival archeologist Voss, who is trying to exploit the power of the Great Circle.

Plenty of interesting locations are shown, including some forbidden tombs, crumbling ruins, the Pyramids of Giza, and a couple more urban environments. A few set-piece moments stand out too, particularly the handful of moments where Indy has to think quickly to escape ancient traps.

Indiana Jones and the Great Circle is set to launch on December 9 for Xbox Series X, Xbox Series S, and PC. This will be followed by a PlayStation 5 version in 2025.

You might also like

Xbox Series S 1TB review: the best option for console buyers on a budgetRockstar is still on track to release GTA 6 next yearFable 4 – everything we know about the new Fable game so far

Read More 

If you’ve had enough of Microsoft’s nagging about your PC needing an upgrade, we’ve got some bad news…

A new patch is being quietly pushed to Windows 10 (and 11) PCsIt’ll force upgrades in certain circumstances to keep the PC in supportThis update will mean more nag prompts coming to your PC

Windows 10 users – and those running an out-of-date version of Windows 11 – are getting an update stealthily pushed to their PCs that will allow Microsoft to force a future update to the OS (to keep it in support), and also to nag users about support running out, too.

Neowin spotted the deployment of patch KB5001716, which the site notes has been quietly installed on Windows 10 PCs following the release of the October cumulative update. (It was also pushed to Windows 11 version 21H2 devices, which ran out of support over a year ago).

The patch is an update for Windows Update, essentially, and Microsoft notes: “When this update is installed, Windows may attempt to download and install feature updates to your device if it is approaching or has reached the end of support for your currently installed Windows version.”

Microsoft also observes: “After this update is installed, Windows may periodically display a notification informing you of problems that may prevent Windows Update from keeping your device up-to-date and protected against current threats.”

This means that KB5001716 will allow notifications to be presented to Windows 10 (and 11) users telling them that their device is running an unsupported version of Windows that is past its sell-by date for updates and is therefore insecure. For Windows 10 users, this likely translates into further badgering to move to Windows 11.

In some cases, given the first point Microsoft notes, the update may also be forced on your PC (eventually), as we see happening when any given version of Windows 10 or 11 runs out of road and is no longer supported for further upgrades.

(Image credit: Shutterstock/fizkes)

Analysis: Repeat performance – the odd history of KB5001716

What Microsoft is doing here is trying to keep your device secure, so in some ways, it’s a perfectly understandable measure. As you may recall, Windows 10 has less than a year of support left now.

However, there are problems with the approach here: namely the stealthy way in which the update turns up on PCs. After checking for updates, this one seemingly just lands on your system – boom – without any warning.

What’s also odd is that if you search for KB5001716 on the web, you’ll find that there’s a history of this update mysteriously appearing on PCs. As reported on various forums such as Reddit, KB5001716 turned up in April 2024, and was piped to PCs before that in October 2023 as well.

What gives? That’s a good question. Presumably, these are revisions of KB5001716 – tweaked updates – that are being redelivered to Windows 10 (and 11) PCs. However, in some cases in the past, there were errors caused by the reinstallation, which seemingly conflicted with previous installs of the patch in some way. If you’ve recently got a message that KB5001716 failed to install on your PC, this is likely to be what’s happened.

The apparent cure for those scenarios is to go to the Windows Update page (in Settings) and click on View update history, then click on Uninstall updates at the top of the panel. Now, scroll back to find the previously installed KB5001716, then select and remove it. Reboot, head back to Windows Update, and check for updates again – whereupon the latest version of KB5001716 (for October 2024) should install okay (hopefully).

There’s seemingly no getting around this update, as it is a necessary upgrade for Windows Update (it’s possible that it may do other things in the background, too, apart from the reminders to upgrade and everything else mentioned in the support notes).

We should clarify that this won’t force a Windows 11 upgrade on a Windows 10 PC which isn’t compatible with the stricter requirements for the newest OS – but it’ll likely continue to nag you about upgrading (for your own good, Microsoft would obviously argue).

Indeed, we’d be surprised if it fired up any upgrade for Windows 11 automatically, even if the PC in question was compatible – but, we guess, perhaps this could happen. Normally forced upgrades are for feature updates, though, meaning new versions of your current operating system, like 24H2 which recently arrived as this year’s annual update for Windows 11. Migrating to a whole new OS, like jumping from Windows 10 to 11, is a much bigger move.

You may also like…

Windows 11’s feature to allow typing with your Xbox controller has vanished in a blow for owners of handheld gaming PCsDon’t make these 5 big mistakes when using Windows 11Windows 11 remains an unloved OS – but why won’t people upgrade?

Read More 

Microsoft will discontinue the built-in Mail and Calendar apps in Windows 11 after December 31, 2024, urging users to switch to the web-based Outlook app instead.

Microsoft is ending support for Windows 11’s built-in Mail and Calendar apps after December 31, 2024, and users will need to switch to the web-based Outlook appUsers can still access emails and calendar events in view-only mode in the Mail and Calendar apps, but won’t be able to send or receive emailsMicrosoft aims to unify email and calendar management in Outlook, though users are concerned about the web app’s lack of offline access and inconsistent design when compared to the rest of Windows 11

Microsoft is shutting down the built-in Mail and Calendar apps in Windows 11, which means you’ll no longer be able to send or receive emails or manage your calendar using those apps after December 31, 2024. This has been a long time coming, with Microsoft showing pop-up notifications about this in both apps for months – and now the end is officially nigh.

Users are being urged to switch to the new web-based Outlook app for Windows 11, as explained in a support document that outlines how Microsoft is planning to end support for the Mail, Calendar, and People apps on December 31. It appears that Microsoft wants to streamline all of its email and calendar features and services into this one app that will be accessible on every Windows device.

If you want to use those apps after December 31, it appears you can still do that by switching off the ‘New Outlook’ setting (by unchecking it) found in the new Outlook app’s settings, specifically Outlook > Settings > General > About Outlook.

Windows Latest reports that this will likely be a ‘view-only’ mode, allowing you to view your emails, drafts, contacts, and other details in the Mail and Calendar apps, but you won’t be able to send or receive emails, and will be redirected to the web-based Outlook. It apparently doesn’t work offline yet, and Microsoft is working on adding support for this in the next few weeks, which is good news as most people would expect a desktop email client to let you see and compose emails even if you briefly lose your internet connection.

(Image credit: Shutterstock/Drazen Zigic)

What this means for Mail and Calendar app users

What this means for you is that starting January 1, 2025, you’ll have to switch to the new Outlook or use a third-party app. In the meantime, you can choose to follow Microsoft’s advice or close the reminder pop-up, clicking the ‘Not now’ option, although this will reappear the next time you use these apps.

One other workaround that you can try is to downgrade your Mail and Calendar apps to the previous versions, which seemingly gets rid of the pop-ups altogether, but this loophole will also stop working on December 31, 2024.

If you have emails, calendar events, and contacts in the Mail and Calendar apps that are saved only on your device, and you want to be able to access them in the web Outlook app, you’ll be able to export this information by using the ‘Export’ feature in both apps to add those emails or events to either a suitable third-party app of your choosing or to Outlook.

It looks like the reception of the new web Outlook app isn’t so hot, with some people complaining that it doesn’t ‘feel’ like the rest of the operating system. There seems to be a disconnect with the rest of Windows 11, and along with the lack of offline access, it still feels more like a website than a convenient app for many.

Along with Microsoft’s recent mishaps and problems brought on by the new Windows 11 24H2 update, I don’t see this move winning many people over. I think being able to see all of your admin information in one place is useful, but users of the Mail and Calendar apps may have come to rely on using these built-in applications which have been tightly integrated into Windows 11.

If the replacement Outlook web app lacks features and polish, I think Windows 11 users will feel let down at a time when Microsoft needs more people to switch to its latest operating system.

YOU MIGHT ALSO LIKE…

Alt + Tab trouble: Windows 11’s 24H2 update turns time-saving shortcut into ten-second headacheWindows 11 24H2 misery continues, as Microsoft’s buggy update is now breaking printers – especially on Copilot+ PCsWindows 11 update fails are becoming a joke – but it looks like Microsoft is working hard on fixing them

Read More 

Palo Alto says it doesn’t have any more details to share, but it is actively monitoring for signs of abuse.

Palo Alto Networks says it’s aware of claims of flaws in the firewallsCompany is advising users to be extra cautious and tighten up on securityA patch will be deployed when more details about the bug are found

Palo Alto Networks has revealed it was recently made aware of an alleged vulnerability in its firewall offering which could allow threat actors to remotely execute malicious code.

Since it doesn’t know the details of the flaw, and is yet to see any evidence of in-the-wild abuse, the company says it doesn’t have a patch lined up just yet, but said it was “aware of a claim” of a remote code execution vulnerability in the PAN-OS management interface and has, as a result, started actively monitoring for signs of exploitation.

In the meantime, Palo Alto Networks has advised its users to be extra cautious, noting: “At this time we believe devices whose access to the Management Interface is not secured as per our recommended best practice deployment guidelines are at increased risk.”

Mitigating the problem

“In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practice,” the company added.

BleepingComputer found a separate document on Palo Alto Networks’ community website, with additional information on how to secure the firewalls:

Isolate the management interface on a dedicated management VLAN.Use jump servers to access the mgt IP. Users authenticate and connect to the jump server before logging in to the firewall/Panorama.Limit inbound IP addresses to your mgt interface to approved management devices. This will reduce the attack surface by preventing access from unexpected IP addresses and prevents access using stolen credentials.Only permit secured communication such as SSH, HTTPS.Only allow PING for testing connectivity to the interface.

At the moment, Cortex Xpanse and Cortex XSIAM users seem to be the most vulnerable ones. Prisma Access and cloud NGFW are most likely not affected.

Via BleepingComputer

You might also like

Thousands of D-Link NAS devices have serious backdoor security issuesHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now

Read More