radar-rss

The streaming giant says VMware is in violation of five patents, and demands to be paid.

Netflix claims Broadcom’s subsidiary VMware is in violation of five patents
It claims VMware knew it was violating patents for more than a decade
Netflix is now demanding VMware pays for damages caused

Video streaming behemoth Netflix is suing Broadcom over virtual machine (VM) patents.

According to the lawsuit, filed with a California federal court, Broadcom’s subsidiary VMware is in violation of five different patent rights, including the rights for “424 Patent”, “707 Patent”, “891 Patent”, “893 Patent”, and “122 Patent”.

These cover the various aspects of operating virtual machines. Three discuss CPU usage in virtual machines, and two discuss starting up at least one virtual machine in a physical machine by a load balancer.

Deliberate infringment

“Broadcom and VMware, jointly and severally, have infringed, and continue to infringe, at least Claim 1 of the ’424 Patent, either literally or under the doctrine of equivalents, by making, using, selling, and/or offering for sale within the United States and/or importing into the United States products that are covered by at least Claim 1 of the ’424 Patent.

These products include, but are not limited to VMware vSphere Foundation, VMware Cloud Foundation, VMware

Cloud on AWS, Azure VMware Solution, Google Cloud VMware Engine, Oracle Cloud VMware Solution, IBM Cloud for VMware Solutions, Alibaba Cloud VMware Service, as well as any other vSphere-based products and/or services (collectively, the “’424 Accused Products”),” it says in the lawsuit.

Netflix further claims VMware knew about the “424 Patent” since at least early August 2012, “when the ’424 Patent was cited by an examiner at the United States Patent and Trademark Office during a rejection of VMware’s application that ultimately issued as U.S. Patent No. 8,650,564.”

“Broadcom and VMware’s infringement of the ’424 Patent has been and is willful and deliberate,” Netflix concludes in the lawsuit, asking the court to have Broadcom pay for damages, an unspecified amount of money.

Via Reuters

You might also like

Watch out – that dream job offer could be a malware scam
Here’s a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Read More 

We think we might know when the rumored M4 MacBook Air, the iPad 11, the iPad Air 7, and the iPhone SE 4 are showing up.

New MacBook Airs could be next for Apple
After that it’s iPads and an iPhone in March
iPadOS 18.3 and iOS 18.3 are on the way too

Next year is lining up to be a pretty hectic one for Apple, with all kinds of new product unveilings being predicted by those in the know (including for the iPhone 17) – and we just got a little more information about when some of these launches are happening.

According to the usually reliable Mark Gurman at Bloomberg, the M4 MacBook Air refresh is going to be the first big hardware launch from Apple in 2025. That fits in with the prediction he made back in October.

But how early will we see these sleek new laptops? Earlier than the iPad 11, the iPad Air 7, and the iPhone SE 4, apparently. Those products are expected “in the spring” in the US, which will be in the fall in the southern hemisphere.

Typically for Apple, that means around March time – so while we don’t have a fixed launch date for the M4 MacBook Airs, January or February look like good bets. These new models have already been leaked by Apple as well, so a launch appears to be imminent.

Another iPad 11 leak

The iPad 10, launched in 2022 (Image credit: Future)

In a separate leak, the team at MacRumors has discovered that the entry-level iPad 11 will come with iPadOS 18.3 preinstalled – that’s according to an unnamed source “with a proven track record for upcoming Apple software updates”.

The iPadOS 18.3 update (together with iOS 18.3) is said to be coming “in late January or early February”, which would give Apple time to get it set up on new iPads ready for an unveiling sometime in March.

A launch in spring (for the northern hemisphere) is again mentioned here, adding more weight to that particular claim. It’s not clear yet if Apple will hold a press event for the launch, or simply issue press releases with the news.

If we’re getting a new iPad, a new iPad Air, and the iPhone SE 4, then that seems worth a full event, complete with a polished video showing Apple boss Tim Cook wandering around Apple Park in Cupertino – and we’ll let you know as soon as anything is official.

You might also like

The iPhone SE 4 may get a brand new Apple chip
These are the best iPads you can buy
Everything you need to know about the M4 chip

Read More 

Almost two dozen flaws were found in two solutions, granting RCE and site takeover.

Two WordPress plugins found carrying 18 security flaws
Most of them are deemed critical, since they allow RCE, among other things
All have now been patched, so make sure to upgrade your plugins

Two premium WordPress plugins were found carrying more than a dozen vulnerabilities, some of which were deemed critical.

This is according to WordPress cybersecurity platform Patchstack, who found the issues in the website builder in late March 2024, and reported them to the developers. Since then, all bugs have been mitigated.

The bugs were found in WPLMS and VibeBP plugins.

Updating plugins

WordPress allows for Learning Management Systems (LMS), platforms that allow users to create, manage, and sell online courses directly from their WordPress website. LMS plugins integrate educational features and functionalities with WordPress, enabling instructors or organizations to deliver courses, track learner progress, and engage students effectively.

One of the more popular LMS platforms around is WPLMS, built by a company called VibeThemes. Purchased more than 28,000 times already, it comes with numerous features such as course creation and management, quizzes and assessments, membership and subscription support, and more.

VibeBP, on the other hand, is a WordPress plugin that integrates BuddyPress with WPLMS, enhancing its social learning features. It allows users to create communities by providing options for user profiles, activity streams, private messaging, and notifications. It was also built by VibeThemes.

Patchstack says it found 18 vulnerabilities, most of which were critical in severity.

They allowed remote, unauthenticated attackers to upload arbitrary files, execute code, escalate privileges, and perform SQL injections. In other words, they could use the bugs to take over websites, steal sensitive data, and more. One bug – CVE-2024-56046 – was even given the maximum score, 10/10, since it allows malicious actors to upload arbitrary files without authentication, potentially leading to remote code execution (RCE).

The full list of vulnerabilities, as well as affected versions, can be found on this link.

WPLMS users should make sure their platform is upgraded to version 1.9.9.5.3 or newer, and VibeBP to 1.9.9.7.7 or newer.

As a rule of thumb, site owners should enforce secure file uploads, SQL query sanitation, and role-based access controls, Patchstack said.

Via BleepingComputer

You might also like

Millions of WordPress sites could be at risk from “one of the most serious” plugin flaws ever found
Here’s a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Read More 

It remains unknown if Builder.ai archive is locked down or not.

Security researchers discovered a major database with 3M+ records
It belongs to Builder.ai, a low code/no code platform
It contains sensitive information, NDAs, and more

Builder.ai may have unwillingly exposed sensitive information on millions of its users, researchers have claimed.

Jeremiah Fowler, a security researcher known for hunting down non-password protected databases containing sensitive intel, said he discovered an archive with more than 3 million records.

The database belongs to Builder.ai, a British no-code/low-code platform that enables businesses to quickly and affordably create custom software applications without requiring deep technical expertise.

Complexities with dependent systems

Fowler said the database contained 3,077,542 records, totaling 1.29TB in size, including cost proposals, NDA agreements, invoices, tax documents, email correspondence screenshots, internal image files, and much more.

“Among the most concerning files were two documents that indicated access and configuration details of two separate cloud storage databases that also included secret access keys,” Fowler said on Website Planet.

“It is hypothetically possible that those access keys could have revealed additional potentially sensitive data if they were to fall into the wrong hands.”

In total, there were 337,434 invoices and 32,810 files labeled Master service agreements. The latter also contained NDA agreements with names, emails, IP addresses, project cost summaries, and other project details.

Fowler disclosed his findings to Builder.ai, however it couldn’t lock the database down even a month later, citing “complexities with dependent systems” – and it isn’t known if the database is still open and accessible.

Misconfigured databases remain one of the number one reasons for data leaks on the internet. Many researchers are warning that organizations don’t understand the shared security model present in most cloud service providers, and that they end up generating enormous databases, filled with valuable information, which are open and accessible to all.

Should cybercriminals find these archives, they could use the information there in convincing phishing attacks, identity theft, and possibly even wire fraud.

You might also like

Watch out – that dream job offer could be a malware scam
Here’s a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Read More 

GIMP 3.0 arrives with a fresh design, compatibility upgrades, and feedback-driven testing for the final version.

GIMP 3.0 revamps the interface for high-resolution screens
Keeps projects compatible with older versions
Extensive testing ensures a bug-free GIMP 3.0

After two decades of anticipation, the latest version of popular image editor GIMP (GNU Image Manipulation Program) is finally set to be released soon.

As a popular, free, and open source Photoshop alternative, GIMP has been a reliable tool for users since its inception in 1995.

The transition from GIMP 2.x to 3.0 marks a major milestone in the software’s long history, bringing modernized features and improvements while maintaining the familiar experience users have come to expect.

GIMP 3.0 release

The leap from GIMP 2.x to GIMP 3.0 has taken far longer than users initially expected, largely due to the complexity of maintaining an open source project with contributions from a large global community of developers.

GIMP has remained on version 2.x for over 20 years, with incremental updates introducing small yet important improvements over time.

Starting with the release of GIMP 2.0 in 2004, subsequent versions like 2.4X (2007), 2.6X (2008), and 2.8X (2012) kept the software relevant in a changing digital landscape. The most recent 2.10X update, released in 2018, has been in use for the past six years.

GIMP 3.0 is now expected to be released in late December 2024 or early January 2025.

Despite the long wait, the release of GIMP 3.0 is expected to deliver a host of modern features that will make the software more user-friendly and capable of handling the needs of today’s graphic designers.

One of the most noticeable changes in GIMP 3.0 is the new user interface. While the layout remains familiar to long-time users, the design has been smoothed out and optimized for high-resolution displays. This is a critical improvement, as older versions of GIMP often struggled with scaling issues on larger, modern screens. In GIMP 3.0, many icons have been converted to SVG (Scalable Vector Graphics), ensuring that they retain their quality no matter the display resolution.

Another major focus of the GIMP 3.0 update is compatibility. The GIMP development team has worked extensively to ensure that projects created in earlier versions of the software will remain usable in the new release. This includes stabilizing the public GIMP API (Application Programming Interface), which will make it easier to port plugins and scripts from GIMP 2.10 to GIMP 3.0.

As GIMP has grown over the years, users have come to rely on a wide array of third-party plugins, so this backward compatibility will be essential for a smooth transition.

As with any major software update, GIMP 3.0 is undergoing extensive testing. The release candidate has been made available to the community for feedback, allowing users to report any bugs or issues they encounter.

According to the development team, the speed of the final release depends on the nature of the bugs found. Small, easily fixable bugs could lead to a swift final release, while more significant issues could prompt a second release candidate for further testing.

Via Tom’s Hardware

You might also like

Take a look at the best photo editors around today
We’ve rounded up the best graphic design software

Workers are being punished for ignoring AI advice – even when they know better

Read More 

Xerox is buying Lexmark in $1.5 billion deal which could build a printer giant capable of taking on HP.

Lexmark acquisition will strengthen Xerox as it seeks to improve footprint in enterprise market
Lexmark was IBM’s former printer arm and, like its PCs and servers, was sold to Chinese investors
Xerox faces huge competition from HP, Epson and Canon

Xerox has announced an agreement to acquire Lexmark in a deal valued at $1.5 billion which will create a new global printer giant.

The company says the deal will allow Xerox to expand its print portfolio, as well as broaden its global footprint and service offerings.

“Our acquisition of Lexmark will bring together two industry-leading companies with shared values, complementary strengths, and a deep commitment to advancing the print industry to create one stronger organization,” said Steve Bandrowczak, CEO at Xerox. “By combining our capabilities, we will be better positioned to drive long-term profitable growth and serve our clients, furthering our Reinvention.”

Strengthening Xerox’s position

Lexmark, founded in 1991 as a spinoff from IBM’s printer division, has been offering imaging solutions and technologies like printers and multifunction devices for more than three decades. Still headquartered in Lexington, Kentucky, the company was acquired by Chinese investors in 2016 but is now preparing to welcome a new owner.

The integration of Lexmark’s imaging technologies with Xerox’s ConnectKey technology and advanced print and digital services is intended to create a comprehensive product portfolio. This move will also strengthen Xerox’s position in the A4 color market and increase its presence in regions like Asia-Pacific.

Together, Lexmark and Xerox hold a top five global share in entry, mid, and production print markets and play a major role in the managed print services industry.

The combined organization will serve over 200,000 clients across 170 countries, supported by 125 manufacturing and distribution facilities in 16 countries, but it faces tough competition from established players like HP, Epson and Canon.

“Lexmark has a proud history of serving our customers with world-class technology, solutions and services, and we are excited to join Xerox and expand our reach with shared talent and a stronger portfolio of offerings,” said Allen Waugerman, Lexmark president and chief executive officer. “Lexmark and Xerox are two great companies that together will be even greater.”

Subject to regulatory and shareholder approvals, the deal is expected to close in the second half of 2025. Until then, both companies will continue to operate independently.

You might also like

We’ve rounded up the best photo printers around today
And here are the best home printers on offer
HP CEO just let slip a major issue with its printing strategy – and it’s going to cost you

Read More 

Max has renewed its DC animated series Creature Commandos for season 2.

Max renews Creature Commandos for a second season

The show marks the first project in the new DC Universe

Creature Commandos tells the story of a secret team of imprisoned monsters that take on deadly missions

Creature Commandos are going on another mission, as the hit adult animated series has been renewed for a second season at Max.

The best Max show is the first project to be released as part of James Gunn and Peter Safran’s new-look DC Cinematic Universe (DCU) and debuted to critical acclaim on December 5. With a 95% score from the critics on Rotten Tomatoes, at the time of writing, it’s no surprise that Creature Commandos has been picked up for another season halfway through its seven-episode run.

James Gunn and Peter Safran, Co-Chairs, DC Studios said in a statement: “We’re thrilled to team up with Max for another season of Creature Commandos mayhem. From our spectacular first season of Peacemaker to the astonishing run of The Penguin to the record-breaking launch of Creature Commandos, Max has consistently delivered above industry expectations and beyond our wildest imaginings. Thank you, Casey, Sarah, Pia, Sono and the entire team for your tremendous support of DC Studios. We are proud to call Max home.”

What is Creature Commandos about?

Creature Commandos follows “a secret team of incarcerated monsters recruited for missions deemed too dangerous for humans. When all else fails… they’re your last, worst option”, reads the plotline.

The voice cast includes Steve Agee, Maria Bakalova, Anya Chalotra , Zoe Chao, Frank Grillo, Sean Gunn, David Harbour, Alan Tudyk, Indira Varma, and Viola Davis, who reprises her role as Amanda Waller from The Suicide Squad and Peacemaker.

In our spoiler-light review of Creature Commandos, TechRadar’s Tom Power reveals that the first season “gets DCU Chapter One, aka ‘Gods and Monsters’, off to a monstrously good start”. Fancy more monster madness? There’s plenty of in-depth coverage and exclusive stories to check out too in our Creature Commandos guide.

Peter Girardi, executive vice president of alternative programming at Warner Bros. Animation shared: “Thanks to the brilliant imagination of James and the talent of our amazing artists, DC fans fell in love with this new family of heroes. We are excited to continue this wild ride with our partners at Max. You want more monsters, you’re getting more monsters!”

You might also like

Creature Commandos stars open up on how episode 4’s two huge plot twists will impact the DCU TV show’s overall story: ‘it’s an interesting reveal’
The White Lotus season 3 trailer has me hooked already and reveals the Max show will return in February 2025
3 new A24 movies coming to Max in January that I can’t wait to watch

Read More 

Two new packages were found on PyPI stealing data and granting access.

Security researchers found two packages on PyPI, showing malicious intent
The packages grant the attackers access to systems and sensitive data
The researchers warn developers to exercise caution when using third-party packages

Experts have warned PyPI continues to be abused after researchers discovered more malicious packages hiding on the platform.

A report from Fortinet’s FortiGuard Labs discovered two packages designed to steal people’s login credentials, grant unauthorized access to devices, and more.

The researchers says they observed Zebo-0.1.0, and Cometlogger-0.1, two packages that masquerade as legitimate code, but hide harmful features behind complex logic and obfuscation.

Smuggling malware

“The Zebo-0.1.0 script is a typical example of malware, with functions designed for surveillance, data exfiltration, and unauthorized control,” the researchers explained. “It uses libraries like pynput and ImageGrab, along with obfuscation techniques, indicating clear malicious intent.”

The Cometlogger-0.1 script, on the other hand, comes with a different set of malicious behavior, such as dynamic file manipulation, webhook injection, infostealing, and anti-VM checks.

Both packages are described as sophisticated, persistent, and dangerous.

Python is one of the world’s most popular programming languages, and by nature, PyPI is one of the world’s most popular open source code repositories. Developers build code blocks and share with their peers via the platform. Other developers can then use those blocks on their projects, cutting down on time necessary to code out different features.

This gives cybercriminals an opportunity to smuggle malicious code, and infect countless projects through the software supply chain. Sometimes, they would break into legitimate developer accounts and poison their solutions and other times they would typosquat popular solutions in hopes people would mistakenly download the malicious package.

Open-source is arguably more secure, since the code is susceptible to scrutiny from the entire community, but researchers still advise caution, and always verify third-party scripts and executables before running.

Furthermore, businesses should also keep their networks behind firewalls, and set up intrusion detection systems to safeguard their infrastructure.

You might also like

AWS keys stolen by malicious PyPI package with thousands of downloads
Here’s a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Read More 

Sega CEO says the company won’t be making more mini retro consoles.

Sega America and Europe CEO Shuji Utsumi has discussed the company’s philosophy in a recent interview
He stated that Sega “needs to be innovative” to remain relevant
He also confirmed that there will not be any further mini retro consoles

In some bad news for retro game enjoyers, Sega America and Europe CEO Shuji Utsumi has suggested that the company will not be making any more mini retro consoles.

The words come from a recent interview with The Guardian in which Utsumi discusses the company’s current philosophy. “Gamers loved Sega because we showed a new style, attitude and lifestyle to gamers,” he said. “I want to bring that feeling back. But we are not just a nostalgic company, we need to be innovative.”

This approach seems evident in Sega’s recent output, which has included a number of successful new titles such as Metaphor: ReFantazio in addition to new entries in long-running fan-favorite franchises like Super Monkey Ball Banana Rumble. The company has also seen success in its multimedia efforts, with the new Sonic the Hedgehog 3 film already performing well at the box office.

When asked whether the company would pursue any new mini consoles, presumably to follow up the popular Sega Genesis (or Sega Mega Drive for those outside of the US) Mini, he simply replied: “I’m not going for the mini direction. It’s not me. I want to embrace modern gamers”.

The Guardian also states that Sega then clarified that this meant there are currently no plans for any more mini consoles, which is going to be a bit of disappointment for anyone looking forward to a potential Sega Dreamcast Mini or Sega Saturn Mini.

Even so, Utsumi rounds off the interview by reiterating his forward-facing point of view. “We are not a retro company,” he said. “We really appreciate our legacy, we value it, but at the same time, we want to deliver something new – otherwise we’ll become history.”

You might also like…

I’ve quizzed the TechRadar Gaming team and here’s what we’re playing over the Christmas break
Secretlab’s Warhammer 40,000 Ultramarine Titan Evo gaming chair is one of the best examples of limited edition gear I’ve seen, here’s why
Fallout 76 developer on new Gleaming Depths raid and designing the biggest enemy encounter in series history

Read More 

Netflix releases teaser of new Robert De Niro-starring thriller series Zero Day.

The creators of Netflix’s new show also brought us Narcos and Griselda

De Niro is a former President investigating a devastating cyberattack

Zero Day is streaming from February 20, 2025

It’s not every day you see a giant of cinema starring in a TV show: in the pre-streaming era that kind of thing was not something successful stars would do. But this is no ordinary day and this is no ordinary show, which is no doubt why Robert De Niro agreed to be in it. That, and probably Santa-sized sacks of money.

De Niro is the star of Zero Day, a new Netflix show created by Eric Newman and Noah Oppenheim. Between them the two have a stellar CV that includes Narcos, Narcos: Mexico, President, The Watcher, Griselda, The Maze Runner and more. In this show, which has the potential to be one of the best Netflix series, De Niro plays a former US president who leads an investigation into a devastating cyberattack.

What happens in Zero Day?

As you can see from the trailer, the cyberattack has a devastating effect on the US and causes thousands of deaths. And with the US already on a political precipice, the attack threatens to push the nation over the edge.

According to Oppenheim, “The show also looks at the cost of power for those who are asked to take on these enormous challenges – what it means for them personally, and what it means for their families.”

De Niro is former President George Mullen, appointed head of the ‘Zero Day Commission’ into the attacks. And to find the truth he’ll also have to battle his own personal demons.

Mullen, De Niro says, is a straight-shooter. “That’s the spine of my character in the show. Don’t dodge anything. Don’t play games. Be honest about what’s going on so that the public knows what’s going on.”

De Niro is joined by an impressive cast that includes Angela Bassett, Jesse Plemons, Lizzy Caplan, Connie Britton, Joan Allen, Matthew Modine and more.

Zero Day is a limited series and it’ll premiere on Netflix on February 20, 2025.

You might also like

Prime Video movie of the day: De Niro is astonishing in The Deer Hunter
You talkin’ to me? The best Martin Scorcese movies, ranked
The best Netflix shows to watch this month

Read More