A Renter-Friendly Home Backup Generator Is Coming

While problems with the power grid aren’t new, electric whole-home backup systems are. Having emergency power on hand is a great idea, but power banks are also expensive, hard to move, and get in the way. Biolite, a new backup power brand on the market, has created a less expensive, easier, renter friendly solution that they'll be demoing at the Consumer Electronics Show (CES) Jan. 7-10th.

Traditional backup generators are big and heavy

In the past few years we’ve seen releases of giant power generators from Anker Solix, Ecoflow, and others called “Whole Home Backups.” These hefty, barely portable devices don’t require solar input (although they’re compatible); they can charge by plugging into your wall. When you need them, you haul them out to the most advantageous spot in your home or office, and they act as a battery backup for multiple appliances in your home, from your fridge to your microwave. They have terrific power capacity and output, but they are chonkers, weighing around 80 pounds, and they take up a lot of space. If you’ve ever used a backup generator, you’ll know it also means extension cords snaking all over your house. 

One solution has been to tie these backup generators directly into your circuit breaker box, so that if the power goes off, the whole house automatically flips over to your backup generator, acting like a giant UPS (uninterruptible power supply). While this is ideal since it doesn’t require you to move things around or plug and unplug them, you can’t actually directly plug into your breaker box—you need a subpanel to do so. That installation is expensive, so now you’ve spent money on the backup generator, the hardware for the subpanel, and the installation of all of it. 

Biolite batteries have more flexibility

Biolite removes the middleman entirely. Although their generators carry the same power output as traditional whole-home generators, they’re flattened (under three inches thick) and lighter. Instead of being stored away in a closet, you mount them where you’ll use them, and the installation is DIY.  The flat profile allows you to stow them in all sorts of places, and Biolite can be stored or installed in almost any orientation, so they’re going to fit most spaces. The battery is encased in such a way—with a corrugated aluminum heat sink—that it maintains temperature and keeps dust out without much airflow. 

You're meant to keep Biolite plugged into the wall, and your appliances plugged into the Biolite. As soon as there’s a power interruption, Biolite acts like a UPS, shifting power so quickly, representatives insist that most devices won’t go offline or lose power. It’s not simply for your fridge, either— the base Biolite unit has a power strip that you can stick to your any magnetized surface, and plug in other appliances. 

A good backup solution for renters

What Biolite has in common with other backup generators is that you can daisy-chain the batteries together for more kilowatt hours. Each Biolite has about 1.5kW, but you string them together for up to 10kW. You don’t have to keep them in the kitchen, either: You can add Biolites around the house, tucking them into small spaces near the items you need powered, waiting for when they need to spring into action. An app helps you manage all your Biolites, and informs you when they’re being used or not, so even if you’re not home, you know if there’s been a power interruption. Because there's no permanent installation, this is a way for renters to obtain backup power throughout the house that they can then take with them when they move. 

How backup power can help you save money

An additional benefit of backup power is that you can use them to “game the grid.” Many people have “time of use” plans with their power company, so power is more expensive during parts of the day or specific weather events. During those times, you can elect to switch to your Biolite backup, subverting the power grid and using your battery backup instead, which should save you money. 

Biolite batteries will be released this summer. The core battery alone will run $2100, and the core battery plus an extra Biolite will run $3000, but because they count as an “installed solution” they qualify for a 30% tax credit.

from LifeHacker https://ift.tt/VDEHB0u

This Ring Alarm 8-Piece Kit Is Over $100 Off Right Now

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

If you’re looking for a home security system for a smaller space and don’t mind going the pre-owned route, this certified refurbished eight-piece Ring Alarm kit is a solid option at $110.99—a 48% discount from its usual $214.99.

Like-New Ring Alarm 8-piece kit

$110.99 at Amazon

$214.99 Save $104.00

$110.99 at Amazon

$214.99 Save $104.00

Designed for single- or double-bedroom homes or apartments, this kit includes a base station, range extender, motion detector, four contact sensors, and a keypad—everything you need to get started. Setting up the system is simple: Just download the Ring app, plug in the base station, place the sensors where needed, and activate them. The system offers three security modes: Home mode keeps outdoor sensors active while ignoring indoor ones, away mode arms all sensors, and disarm mode turns everything off. Just a heads up, according to this PCMag review, when the system is in disarm mode, it doesn’t send you notifications—a potential drawback if you rely on alerts.

Speaking of alerts, if you’re fine with handling alerts yourself, you can skip the $20 monthly fee and opt for DIY monitoring. But if you’d rather not play security guard, the Ring Home Premium plan offers 24/7 professional monitoring with automatic emergency dispatch. This subscription also unlocks integration with Amazon Echo, Alexa, and other Ring devices, giving your system a bit more versatility. That said, if you’re big on third-party compatibility—say with Apple HomeKit or Google Assistant—you’ll find this kit lacking. For that, the Abode Iota is a solid alternative, though at $299.99 (down from $329.99), it’s a bigger investment.

from LifeHacker https://ift.tt/Dup3rLF

Mark These 2025 Celestial Events on Your Calendar

Celestial enthusiasts have much to look forward to in 2025, with eclipses, meteor showers, and planetary alignments lighting up (or darkening) the sky. Here are the events to add to your calendar.

January

The first month of the year will bring a lesser-known meteor shower and some planetary action.

• Jan. 3–4: Quadrantid meteor shower. The Quadrantids are active from Dec. 28 to Jan. 12 but are expected to peak around 4 a.m. EST on Jan. 4. The moon will be only 47% illuminated, and the shower can produce more than 100 meteors per hour in ideal conditions. Viewing is best in the Northern Hemisphere.

• Jan. 13: Wolf Moon. The first full moon of 2025 has extra appeal, as it will pass close to (almost in front of) Mars. The red planet will appear to disappear behind the moon at 9:16 p.m. EST and reappear at 10:31 p.m. EST.

• Jan. 15: Mars at opposition. Peak Mars viewing is happening in January. When at opposition, the Red Planet's entire illuminated face is toward Earth. Look for it in the eastern sky as the sun sets toward the west.

February

February's main event is a planetary parade, when the planets appear to be in one line in Earth's sky. The parade actually begins on Jan. 10 when the Moon joins up with Jupiter and continues through February. Saturn will drop off mid-month, but tiny Mercury will be barely visible in the parade on Feb. 28.

A crescent Venus will also be visible on Feb. 19 when the planet is at its closest point to Earth.

March

March has a pair of eclipses:

• March 14: Total lunar eclipse. As the moon passes through Earth's shadow, it'll cast a deep red hue. Though the total lunar eclipse will be visible around the world, the full 65-minute totality will only happen in the Americas and Antarctica.

• March 26: Partial solar eclipse. Canadians and Americans along the east coast will get the best view of March's partial solar eclipse, which will cover up to 93% of the sun. If you can't travel to see it, you can watch the livestream on YouTube.

April

The Lyrid meteor shower will be active between April 15 and April 30, with a peak on the night of April 21–22. Around 10–20 meteors (and possibly fireballs) are visible per hour in ideal conditions. For best viewing, look for the shower before the moon rises.

May

The Eta Aquarids—one of two showers resulting from Halley's Comet—is expected to peak on the night of May 6–7. Viewers in the Southern Hemisphere may see up to 60 meteors per hour. Those in the Northern Hemisphere will still get a show, but a less spectacular one.

July

The Delta Aquarids and Alpha Capricornids are both peaking at the end of July (29–30). The former may have up to 20 shooting stars per hour with best conditions in the Southern Hemispherel the latter has fewer meteors, but they are very bright. The sky should be relatively dark for good viewing.

August

The usually spectacular Perseids will be a bit less so in 2025; the shower's peak on Aug. 12–13 lands just a few days after the full moon. However, it may still be worth looking for, as it often produces nearly 100 meteors per hour. At the same time, though, you can catch the conjunction of Jupiter and Venus in the eastern sky (an hour before sunrise on Aug. 12).

September

Saturn will be at opposition on the night of Sept. 21. Just like Mars in January, this event will show Saturn at its brightest, visible to the naked eye.

(There's also a second partial solar eclipse visible from New Zealand on the same day.)

October

The Orionids are active from Oct. 2 to Nov. 12, with a peak on the night of Oct. 22–23. The moon will be only 2% full, leaving the sky dark for solid viewing. The shower produces 10–20 meteors per hour.

While the Draconids are peaking just one day after October's full moon (the Hunter's Moon on Oct. 6), astronomers say there's a tiny possibility of a meteor storm this year.

November

The moon and meteors will light up the sky in November:

• Nov. 5: Supermoon. The second supermoon of 2025 will be the biggest and brightest since 2019 thanks to its proximity to Earth.

• Nov. 16–17: Leonid meteor shower. In idea conditions, the Leonids, which come from the 55P/Temple-Tuttle comet, produce 10–15 meteors per hour. On peak night in 2025, the moon will be just 9% full.

December

Finally, the brightly colored Geminids will be active from Nov. 19 to Dec. 24 with a peak predicted for Dec. 13–14. Unlike 2024, the moon won't interfere with viewing. Look for them between mid-evening and 2 a.m., when it's possible to see 120 meteors per hour in the Northern Hemisphere.

from LifeHacker https://ift.tt/DVFsNtu

Seven Ways to Repurpose a Closet Into a Totally Different Space

We may earn a commission from links on this page.

No matter how big your house seemed when you moved in, it will eventually seem too small. Whether it’s a growing family or a shift to remote work, the chances that you’ll eventually wish you had just one more room are pretty high. And with the cost of an addition to your home starting at around $22,000, a lot of folks look for lower-cost ways to claw some more usable space out of their homes.

The good news is that you might have the solution in your house already: your closets. Closets are already pretty useful for storing your stuff out of sight, of course, but if you’re in the market for an extra room and you have a closet to spare, you have the opportunity to trade boring storage space for something a lot more useful. Depending on how large the closet in question is, you have options for repurposing it.

Bedroom

If you’re seeking more square footage because you need an extra bedroom, a decent-sized closet might be the solution. Generally speaking, a bedroom should be a minimum of 70 square feet, and the good news is that a standard walk-in closet is typically pretty close to that at about 65 square feet. Turning a walk-in closet into a usable sleeping space is therefore just a matter of clearing it out and installing a bed.

This won’t be a legal bedroom you can include on a house listing, of course—for that, you typically need an egress like a window or door leading out of the house. But it can be a comfortable spot for guests or a growing child who needs their own private space.

Closets smaller than that can still be transformed into bedrooms, especially for kids. Folding beds or bunk beds attached directly to the walls can create a fun, flexible sleeping area that can be utilized when you suddenly have an army of guests staying over or when the kiddos want that sleepover vibe.

Office

If you work remotely even part of the time, you know a specific office space is key to your sanity and your job performance. If you didn’t anticipate needing an extra room for an office when you bought your home, you also know that trying to work at kitchen counters, dining room tables, and on living room couches with a laptop balanced on your knees is less than ideal.

Even the tiniest extra closet can be transformed into a usable office (or “cloffice,” though we sincerely hope that term doesn’t catch on). Reach-in closets are typically a minimum of two feet deep and range from three to eight feet wide. You can still fit a small desk (or use a folding desk) and plenty of shelving into the short end of that range, giving you an organized, bespoke space for your working hours. And closet offices come with one huge unanticipated benefit: You can close the door when the work day is finished and hide it all away.

Bar

If you’ve dreamed of having a grown-up bar in your house for entertaining purposes (or just because you’re enthusiastic about cocktails), a spare closet in or near the living area offers you an ideal spot. A reach-in closet that’s just two feet deep by three feet wide can house a perfectly respectable bar area in a few relatively easy steps:

1. Remove the doors and door hardware.

2. Remove shelving and hanging bars.

3. Patch and paint interior drywall.

4. Install a small bar fridge, a cabinet with countertop of similar size, and another cabinet or glassware storage on the walls.

5. Add some simple lighting if necessary.

Now all that’s left is to stock the bar and organize a party.

Library

If you love to read but hate how books take over the entire house, a spare closet is the perfect space for a small, cozy library and reading nook. If you have a larger walk-in closet you don’t need, it’s relatively straightforward to install some shelves, a comfortable chair, and a reading lamp to create a small library space for yourself (mini-fridge stocked with snacks is optional). But even a small reach-in closet can be cleared out, outfitted with bookshelves, and stocked with a folding chair to create a cozy reading space.

Pantry

A pantry is really just a food closet, so transforming an underused coat closet into a pantry is pretty straightforward. While your pantry can be located anywhere, a closet near your kitchen is obviously ideal. All that’s needed is to remove existing hanging bars and shelves, install floor-to-ceiling shelving, and add in some hanging baskets and hooks for cooking utensils, aprons, or anything else that normally gets in the way.

If your adorably small pantry is a bit too adorably small, you can add a back-of-door organizer to give yourself a little extra food storage, too.

Laundry room

This one is a bit more ambitious than some of the other projects on this list, but its impact is potentially larger. If you’re not afraid of hiring a plumber and possibly an electrician (or if you’re comfortable doing that kind of work yourself), a closet could become the laundry room you’re currently missing.

To see if it’s even possible, measure your closet and the appliances you need to fit in there. Washers and dryers average about 24-26 inches wide, around 42 inches high, and 30 inches deep, with a lot of variance between brands and models. You’ll need to allow for about six inches of clearance between the wall and the machines, and if you’re using front-loaders, you’ll need to account for the extra depth unless the closet opening is wide enough. Those dimensions mean that a small reach-in closet probably won’t work for this project—you’ll need at least a small walk-in closet to make it work.

Keep in mind that if your closet is just large enough to fit your appliances, there won’t be any room to store detergents and other supplies. If you have to store that stuff elsewhere (or have it in a messy pile nearby), that’s not an ideal solution. You can add some behind-the-door storage, however—or even a behind-the-door ironing rack that can double as a place to fold laundry as it comes out of the dryer.

Recording booth

Whether you’re one of the millions (and millions) of people who host their own podcast or just need a quiet spot for video meetings and calls, a small closet is an ideal spot to build a simple, DIY recording booth/studio. Some acoustic foam panels on the walls and a sound dampening blanket over the door can turn that tiny space into a perfect vocal isolation booth, recording studio, or meeting spot. The small size is a feature here, as it will be relatively cheap to turn that closet into a quiet studio space.

from LifeHacker https://ift.tt/4W17Jyn

All the Home Maintenance Tasks You Should Tackle in January

We may earn a commission from links on this page.

Due to the weather in many parts of the U.S., January's home maintenance tasks are often limited to indoor areas, as it’s usually more difficult to do outdoor projects like painting. Also, because you will probably be spending more time indoors during the colder parts of winter, keeping the inside of your home safe and comfortable should take priority.

Here are all the home maintenance tasks you should handle in the month of January.

Check your indoor vents

In the winter, vents in your kitchen and bathroom can get a workout, with holiday cooking and houseguests adding to your regular use. Remembering to clean your vents, check or replace filters, and do any minor repairs that are needed are important steps to keeping your indoor air quality at healthy levels.

To perform maintenance on vents, you can unscrew the cover from the housing and vacuum the dust out of the slats. If you have a washable filter, you can remove it and follow the manufacturer's instructions for cleaning. If the air filter in the vent is a disposable type, you can replace it. While the vent cover is open, inspect the interior parts and check for any damage.

Check your tub and sink caulking

Once a year, it’s a good idea to check the caulking around your tub and sink. If you notice that it’s beginning to peel or develop cracks, it's a good idea to remove the old caulk with a putty knife and replace it. Using a tube of caulk and a five-in-one tool, seal around the edges of your sink, your tub, and between the tub and tile to keep water from getting onto your walls, running into cracks, and causing unseen damage. You can also opt for a caulk repair tool kit that comes with removal tools as well as shaping tools.

Perform an annual Wi-Fi security update

Given the convenience of using wireless internet and connected devices, it might not occur to you to update your device lists and passwords every once in a while. Let January be your time to take a few minutes to check your current list of connected devices to ensure that old devices you aren’t using don’t have access to your home internet, and also make sure that there aren’t any unfamiliar devices using your wifi. You should also take a moment to update passwords for your home internet and other connected devices to keep your network more secure. While these steps might seem small, they can help you to protect your personal data.

Clean out washer drain filters and dryer vents

January is an excellent time to clear all the gunk out of dryer vents and washing machine drain filters. You might not even realize you have a filter for your washer’s drain until it gets clogged and backs up into a fresh load of laundry. Washers that drain onto a utility sink or basin often have a screen to prevent lint from clogging the drain. It can get full of lint and stop draining, so taking a second to empty it can save you a lot of hassle. Some washers also have a screen built into the drain mechanism that’s meant to be removed and cleaned; you can locate that on the back side of your washer, near where the water drains through the hose.

Your dryer vent should be inspected and cleaned out at least twice a year. This can be done by removing the connection from the dryer on the indoor end and the vent cover on the outdoor end and using a vent cleaning brush to remove any lint build-up from inside. When you’re finished cleaning it out, reattach the hose and the vent cover.

Start a home maintenance calendar

January is the perfect time to begin a home maintenance calendar if you don’t already have one. While home maintenance calendars used to be mostly paper files, you can also opt to keep a digital file. Your calendar can include important maintenance dates, like when your furnace filters need to be changed next, when you need to recharge your fire extinguishers, and your next planned chimney cleaning. Other items to include can be things like maintenance records and phone numbers for maintenance professionals so that you will have all the information you need in one place in case you need a repair.

Keeping track of filters and important cleanings will help you to plan ahead for maintenance and remember when it’s time to take care of certain chores.

from LifeHacker https://ift.tt/q5AMwQ9

Don't Use Your Christmas Tree for Firewood (but You Can Recycle It in Other Ways)

When it comes time to take down your natural tree, you might think that tossing it in the fireplace is an economical and simple solution for disposal. However, it’s not a good idea to burn your Christmas tree for firewood—it can cause issues with your fireplace and chimney. Rather than risking your safety, there are other more sustainable ways to reuse your tree and still cut down on disposal costs.

Evergreen trees tend to have pitch or sap, as well as needles. Because of these differences from traditional firewood, your tree could burn very hot, throw lots of sparks, and cause creosote build-up in your chimney. Creosote can cause a chimney fire if it gets thick enough before your chimney is cleaned. An overly hot fire could also damage the bricks or masonry of your chimney, causing it not to work properly to carry smoke safely to the outdoors. An overly smoky fire from uncured wood is also a danger when using a Christmas tree as fuel, so the best practice is to only use seasoned firewood that’s intended to be burned as fuel.

Best ways to recycle a Christmas tree

There are other ways you can "recycle" a Christmas tree, though, that are safer. Here are some ideas:

• Use it as firewood in an outdoor fire pit. Although you should take precautions to avoid igniting surrounding brush or dry grass from escaped sparks, you can choose to burn your Christmas tree in an outdoor fire pit. Since a fire pit doesn’t require a chimney or a flue, you don’t need to worry about causing a chimney fire with pitchy wood. Because needles can cause very hot and unpredictable fires, you should always have proper fire extinguishers and hoses at the ready just in case.

• Use it for mulch. Christmas trees make great wood chips and they can be used as a weed barrier for landscaping projects. In some places, your local trash pick-up might have a tree pick-up program where trees can go to be recycled into wood chips. If not, you can always decide to split a chipper rental with the neighborhood and get some low-cost, fresh-smelling mulch from the deal.

• Get out your chainsaw for some DIY projects. Cutting up the wood from your tree to make some clever DIY coasters from the rounds of the trunk of your tree is a fun way to recycle your tree. You can make a border for your garden bed with sections of your tree’s trunk. As with any chainsaw project, make sure you wear a face shield, heavy gloves, and protective clothing to avoid turning your holiday recycling project into a trip to the ER.

• Use smaller branches as plant markers and plant stakes. Select your branch and remove all the smaller twigs and needles from it. Then, use a vegetable peeler or a sharp knife to remove the bark. You can write the name of your plant on the stake or marker with a permanent marker once the bark is removed.

• Make sachets from pine needles. Using scraps of fabric sewn into small pillows and stuffed with the needles, this type of sachet can be used to keep drawers and cabinets fresh. You can also use needles (or branches with lots of needles) to cover vegetable gardens or perennials during the winter. This practice can add nutrients back into the soil, as well as help prevent mold.

from LifeHacker https://ift.tt/EaBYNTo

The sixth sense of cybersecurity: How AI spots threats before they strike

In this Help Net Security interview, Vineet Chaku, President of Reaktr.ai, discusses how AI is transforming cybersecurity, particularly in anomaly detection and threat identification. Chaku talks about the skills cybersecurity professionals need to collaborate with AI systems and address the ethical concerns surrounding deployment.

How is AI transforming traditional approaches to cybersecurity, particularly in anomaly detection and threat identification?

Cybersecurity used to be a lot like playing catch-up. We were always reacting to the latest problem, trying to fix things after something bad had already happened. But AI is changing that. It’s like we’ve finally found a way to stay a step ahead, spotting problems before they even happen.

For example, AI is really good at finding unusual activity. Whether it’s someone suddenly looking at files they shouldn’t be, or a surge of activity on the network from a strange place, AI can flag these things immediately. It’s like having a sixth sense for suspicious activity.

But AI doesn’t just find the obvious problems. It can look at tons of information and find hidden patterns, revealing threats that we might miss entirely. It’s like having a detective who can connect seemingly unrelated events to stop something bad from happening.

This ability to predict and prevent problems is a game-changer. It allows us to go from reacting to problems to stopping them before they occur.

Given that AI cannot replace human creativity, what skills should cybersecurity professionals develop to collaborate with AI systems?

AI is a powerful tool, but it can’t replace humans. It’s about helping us do our jobs better. The best cybersecurity people will be those who can effectively work with AI, using it to boost their own skills and knowledge.

Think of it like this: AI is a high-tech tool, but humans are the skilled workers who know how to use that tool effectively.

To make the most of this partnership, we need to understand how AI works. We need to know how it learns, how it makes decisions, and what it can and can’t do. This knowledge allows us to understand AI’s insights, identify potential mistakes, and ensure that AI is used responsibly.

But it’s not just about understanding AI; it’s also about adapting to a new way of working. We need to develop skills in areas like figuring out how threats might affect AI systems, understanding how to protect against attacks that target AI itself, and working with AI to develop stronger security strategies.

How are cybercriminals leveraging AI to develop more sophisticated attack vectors?

Unfortunately, the bad guys are always looking for new ways to cause trouble. And they’re using AI to their advantage. They’re essentially creating new types of cyber threats that are more complex, more targeted, and harder to detect than ever before.

Imagine an army of AI-powered robots constantly looking for weaknesses in your systems, crafting personalized emails that are almost impossible to distinguish from the real thing, and even manipulating your own AI against you. This is the reality we face today.

They’re using AI to develop malware that can change and adapt in real-time, making it incredibly difficult to detect with traditional security tools. They’re using AI to crack passwords faster, analyze social media to identify potential targets, and launch highly targeted attacks that exploit specific weaknesses.

What ethical concerns arise from deploying AI in cybersecurity, and how can organizations address them?

AI is a powerful tool, and like any tool, it can be used for good or for evil. It’s crucial that we use AI responsibly and ethically, especially when it comes to cybersecurity.

One major concern is bias. If an AI system learns from biased data, it can continue those biases, leading to unfair outcomes. Imagine a security system that is more likely to flag people from certain groups as suspicious, simply because of biases in the information it was trained on.

Another concern is transparency. Many AI systems are complex and hard to understand, making it difficult to know how they make decisions. This lack of transparency can make it harder to identify and correct errors.

And of course, there’s the issue of data privacy. AI systems need a lot of data to function, raising concerns about how that data is collected, stored, and used. Organizations must ensure that they are using data responsibly and ethically, protecting user privacy.

from Help Net Security https://ift.tt/tlHiMG8

reconFTW: Open-source reconnaissance automation

reconFTW is an open-source tool that simplifies and automates the reconnaissance process, delivering subdomain enumeration, vulnerability assessment, and gathering intelligence about a target.

Using various techniques — such as passive and brute-force methods, permutations, certificate transparency analysis, source code scraping, analytics tracking, and DNS record analysis — reconFTW ensures comprehensive subdomain enumeration. This approach helps you uncover the most relevant and intriguing subdomains, giving you a competitive edge.

Beyond enumeration, reconFTW performs vulnerability assessments, identifying issues such as XSS, open redirects, SSRF, CRLF, LFI, SQL injection, SSL vulnerabilities, SSTI, DNS zone transfers, and more. It also integrates OSINT methods, directory fuzzing, search engine dorking, port scanning, screenshot capture, and nuclei scans.

reconFTW is available for free download on GitHub.

Must read:

• 33 open-source cybersecurity solutions you didn’t know you needed
• 20 free cybersecurity tools you might have missed
• 15 open-source cybersecurity tools you’ll wish you’d known earlier
• 20 essential open-source cybersecurity tools that save you time

from Help Net Security https://ift.tt/qYtSw2f

Machine identities are the next big target for attackers

86% of organizations had a security incident related to their cloud native environment within the last year, according to Venafi.

As a result, 53% of organizations had to delay an application launch or slow down production time; 45% suffered outages or disruption to their application service; and 30% said attackers could gain unauthorized access to data, networks and systems.

Security and developer teams continue to clash

88% of security leaders believe machine identities – specifically access tokens and their connected service accounts – are the next big target for attackers. 56% have experienced a security incident related to machine identities using service accounts in the last year.

77% of security leaders think AI poisoning will be the new software supply chain attack. A further 84% believe supply chain attacks remain a clear and present danger. However, a worrying 61% say senior management has taken its focus off supply chain security in the last year.

68% of security leaders believe security professionals and developers will always be at odds, with 54% feeling they are fighting a losing battle trying to get developers to have a security-first mindset.

“Attackers are now actively exploring cloud native infrastructure,” said Kevin Bocek, Chief Innovation Officer at Venafi, a CyberArk Company. “A massive wave of cyberattacks has now hit cloud native infrastructure, impacting most modern application environments. To make matters worse, cybercriminals are deploying AI in various ways to gain unauthorized access and exploiting machine identities using service accounts on a growing scale. The volume, variety and velocity of machine identities are becoming an attacker’s dream.”

Respondents also reported the risk of cloud native security coming under increasing pressure as attackers target these environments to compromise AI models and applications:

• 77% are concerned about AI poisoning, whereby AI data inputs/outputs are manipulated for malicious purposes.
• 75% are worried about model theft.
• 73% are concerned about the use of AI-led social engineering.
• A further 72% are worried about provenance in the AI supply chain.

“There is huge potential for AI to transform our world positively, but it needs to be protected,” Bocek continues. “Whether it’s an attacker sneaking in and corrupting or even stealing a model, a cybercriminal impersonating an AI to gain unauthorized access, or some new form of attack we have not even thought of, security teams need to be on the front foot. This is why a kill switch for AI – based on the unique identity of individual models being trained, deployed and run – is more critical than ever.”

Cloud complexity leads to more incidents with machine identities

Machine identities like access tokens used with service accounts topped the list with 56%, but almost as many (53%) experienced incidents related to other machine identities, such as certificates.

Part of the reason these incidents occur with such regularity is the growing complexity of cloud native environments. This creates new challenges for security teams around managing and securing the machine identities that underpin access and authentication in cloud native environments.

74% of security leaders agree that humans are the weakest link in machine identity security. 83% of teams recognize that failing to secure machine identities at the workload level renders all other security obsolete.

69% say that delivering secure access between their cloud native and data center environments is a “nightmare to manage,” while 89% are experiencing challenges around managing and securing secrets at scale.

83% think having multiple service accounts also creates a lot of added complexity, but most (91%) agree that service accounts make it easier to ensure that policies are uniformly defined and enforced across cloud native environments.

Bocek concludes: “Attackers are increasingly zoning in on machine identities in cloud native technologies. Security teams must prioritize machine identity security to the same degree as human identities. The great news is that secrets management, certificate lifecycle management (CLM) and cloud native security are available today. An automated, end-to-end machine identity security program means businesses can enhance their cloud native security, ensuring operational stability and business growth.”

from Help Net Security https://ift.tt/6wcTV02

Cybercriminals tighten their grip on organizations

Cybercriminals are using a variety of new methods to target organizations across industries. In this article, we examine the most pressing trends and findings from the 2024 surveys on the growing threat of cybercrime.

North American financial institutions fielded 10 times more reports of social engineering scams in 2024 than they did a year ago. Account-opening fraud declined by nearly 60% in the last year, as banks implemented additional controls, such as behavioral biometric intelligence. Check and deposit fraud volumes tripled in the last year.

Consumers are falling victim to scams where fraudsters pose as representatives from the government, including agencies like the USPS, the FBI and the IRS. In the first three months of 2024, the average government impersonation scam victim in the US lost $14,000 in cash, totaling more than $20 million. Additionally, between 2022 and 2023, there was 90% increase in losses from cash payments due to government impersonation scams. 

Malware families such as Gafgyt (3.12%), Mirai (2.09%), and Bedevil (1.84%) appeared less often than in prior years, which may be a reflection of attempts to neutralize botnets from propagating. 47% of Microsoft Azure failures were tied to storage account misconfigurations, while 44% of Google Cloud users failed checks related to BigQuery, specifically due to a lack of customer-managed encryption. 

Over the last 12 months, the latest research shows that both basic and advanced bot-driven attacks have increased. The tools and techniques available to cybercriminals to perform these attacks have become more advanced, significantly outpacing traditional defenses. Regionally, Europe is the least protected against simple bot attacks, with 68% of websites unprotected and only 8% fully protected.

According to the FTC, consumers reported losing more than $10 billion to fraud in 2023 alone, representing a 14% increase over the previous year and the highest dollar amount ever reported.  Online privacy (67%), phishing emails or phone scams (65%), and false information or fake news and ads (49%) round out the top five online security concerns for US consumers.

54% of US companies have experienced at least one identity fraud incident affecting a senior executive over the last 18 months, which is 13 points higher than the global average of 41%. 

DDoS attacks surged 106% from H2 2023 to H1 2024. An average DDoS attack now lasts 45 minutes—an 18% increase from last year—costing unprotected organizations approximately $270,000 per attack at an average rate of $6,000 per minute. Manufacturing has replaced retail as the industry facing the largest DDoS attacks, followed by healthcare (up 128.5% compared to H1 2023). 

Cybercrime-as-a-service continues to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up a significant portion of malicious tools in use by attackers. As ransomware continues to be a top security concern for organizations, Darktrace’s Threat Research Team has identified three predominant ransomware strains impacting customers: Akira, Lockbit and Black Basta. 

Fraud surrounding IDs has become pervasive, accounting for 70% of all fraudulent verifications evaluated by Socure’s document verification solution. The other 30% of fraudulent captures is biometric-related fraud, including selfie spoofing and impersonations (15%) as well as a mismatch between the headshot on the ID and the selfie (15%).

Among the top 5 most-widespread malware detections were JS.Agent.USF and Trojan.GenericKD.67408266. Both variants redirect users to malicious links, and both malware loaders attempt to load DarkGate malware on the victim’s computer. Q4 showed a resurgence in script-based threats, as scripts rose the most as an endpoint attack vector, with threats detected increasing 77% from Q3. 

Researchers found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Mobile malware is becoming an attractive attack vector for criminals. Between August and December 2023, SpyCloud recaptured 10.58 million mobile records exfiltrated by malware.

Consumers are increasingly targeted by scammers, who rely on heightened emotions to create fraud opportunities. While the number of individual scam reports from June to December decreased, the total money lost increased, indicating scammers are targeting victims with more effective – and costly – scams.

From fake GoFundMe campaigns, social media giveaways, investment opportunities and text fraud, fraudsters are employing new methods that strike an emotional response from consumers with cause-related asks or too-good-to-be-real offers to gain access to consumers’ vital, personal information.

QR code attacks are the latest evolution of traditional phishing, where threat actors use social engineering to manipulate targets into interacting with malicious QR codes. While every employee is at risk, C-Suite executives were 42 times more likely to receive QR code attacks than the average employee.

83% of US companies saw an increase in cyber fraud attempts on their organization in the past year. Fraudsters primarily used text messages (50%), fake websites (48%), social media (37%), hacking (31%), BEC scams (31%) and deepfakes (11%) to dupe organizations. CEO and CFO impersonations (44%) was the third most common type of fraud.

As their main goals changed, cybercriminals modified their tactics and moved away from using email as a preferred attack vector (down from 52% to 37%), targeting cloud (44%) and compromised applications (39%) instead. By taking a more covert approach, attackers can remain undetected longer and gain continuous access to systems and data, enabling them to ramp up the damage when they choose.

from Help Net Security https://ift.tt/5uj7SAD

Why Your New Year's Resolutions Need 'Cues,' According to Science

Thanks to my gig teaching spin classes, I have a front-row seat to a very reliable annual phenomenon: My classes are packed for the first few weeks of the year as people make New Year's resolutions, but by mid-February, I'm back to teaching normal-sized groups of people who are grateful the "January joiners" have cleared out. I'm always sad to see the new faces go, though, because I do think it's possible to set a New Year's resolution and stick to it, even if it's not the norm.

There are plenty of self-betterment goals you can set as a new year approaches, both in and out of the gym, but no matter what you set out to do, it's important to have an implementation strategy that ensures you'll actually get it done. One way you can better situate yourself for success is by attaching "cues" to your resolutions. Here's why it works, and how to do it.

How to tie your New Year's resolutions to cues

The more specific your goals are, the better they'll turn out. This is true for pretty much everything. If you wake up on a Saturday morning and want to tidy up your living space, you'll have more success defining a room you want to clean up than attempting to just generally "clean the house," you know? When it comes to New Year's resolutions, that specificity is important, since you're planning for 12 months of change and you'll need some kind of road map. Instead of saying your resolution is to "eat healthier," you should define what your diet is missing, then drill down on it: "I want to eat 10 more grams of protein every day," for example.

This is where cues are going to be really valuable. Research shows that adding a cue—literally, a set trigger for action—to your goals can help you implement them better. We rely on automatic processes to do the standard stuff in our daily lives, like how we just automatically turn on the coffee pot after waking up or grab keys on the way out the door. In those cases, waking up and walking out the door are actually cues that signal to our brains it's time to fulfill the second half of the process. Building your resolutions around cues will help them become second-nature habits, too. Here are some examples:

• If your New Year's resolution is to save a certain amount of money by December, make it something like, "When I spend $X, I'll move $Y into savings."

• If you want to be more productive at work, try turning the Pomodoro technique into a resolution: "When I work for 25 minutes, I'll take a five-minute break."

• "When I sit down at my desk, I'll answer all new emails."

• "When my meetings end, I'll take five minutes for meditation."

• "When work is over, I'll put on my sneakers and head straight to the gym."

• "When the 6:00 news ends, I'll call my mom."

Why cues work for New Year's resolutions

There are a few reasons tying your resolutions to existing cues will help you stick with them. First, you're creating those automatic processes in your brain, basically Pavlov-ing your subconscious self into taking action whenever your trigger occurs. It will take a few weeks of conscious effort, yes, but you will already consciously know when you're supposed to act on your new habit, which is half the battle.

Operating this way also leaves less room for error. If you don't have a defined schedule and cues in place, you can easily forget to do your new task—or maybe even actively avoid it. Sticking reminders into your calendar can help here, too, since the push alert can further emphasize that it's time to get down to business—plus, seeing a visual reminder that you have something to do can stop you from double-booking. If your cue to go to the gym is clocking out at 5, it will take a few weeks for you to get into the habit of declining an invitation to go for after-work drinks, so having it blocked out on the calendar every day after work will keep you on track.

Stick with your cues, but give yourself some space those first few weeks. You might find that the timing you set up doesn't work well with your existing schedule. You just won't stick to the goal as well if you can't make it work. Research shows that if you're following the cue method, it will take about two months, on average, for the habit to form, so use that time to take note of what's working, what isn't, and what could be changed. If you have a goal of being more connected to friends and family, for instance, you might align your cue to call home with the time you spend doing the dishes every night, only to find you're too tired in the evening or eat out too frequently for that one to stick. Switching the cue to calling home when you get in the car to head to work in the morning might work better. Just make sure you stick to it once you figure out the best timing.

from LifeHacker https://ift.tt/KBW05ZG

Here's the Smart Home Tech I'm Hoping to See at CES 2025

The Consumer Electronics Show, known as CES, is the premiere annual event for consumer brands debuting new products. The sheer size of the event, which takes over Las Vegas from January 5 to 10, is hard to wrap your head around, as is the breadth of products represented there. Smart home technology makes up a big enough slice of the pie to have its own section of the event, this year at The Venetian.

In some ways, when we talk about what we hope to see at CES, we’re actually saying what we hope to see for the next year, because most things at CES aren't quite ready for the mass market just yet.  While I’ve been getting sneak peeks at what a lot of companies are going to be releasing for CES in 2025, there are still a few types of products I really hope I'll get to see more of.

More types of sensors for better automation

Sensors are a key part of a smart home toolbox, serving as a trigger for various actions. Their utility depends on two factors: that they work reliably, and that the automation software offers enough flexibility in how you can use them. There's still a lot of room for both these factors improve.

There are lots of brands that offer sensors with spotty reliability—particularly those that measure water and temperature. So generally, I’d like to see more big brands in this space release basic sensors (motion, light, presence, temperature, and water) that can be trusted. 

Beyond improving what we already have, there are some newer spaces I'd love to see smart sensors explore. With the explosion of smart lights that I expect us to see at CES, I’d love better and more sensitive light sensors that can sense a color shift—I dream of being able to run an automation where my robot mop is triggered by a sensor recognizing the white tiles are no longer white due to dirt, for example. I’d also like sensors that compare indoor and outdoor air quality with greater detail about where air issues are coming from, and weight sensors that can be used to run automations based on how much weight changes—for instance, a sensor on food and water dishes that can tell me how much my dog ate and drank today.

We already know that the most trusted name in sensors, Aqara, is rumored to release a new presence sensor. As exciting as that is, I’d love to see even more sensors from them—ones that push into new areas of representation like I’ve named above. 

Key improvements in robot vacuums and mowers, please

This year, I've played with an untold number of vacuums, a bunch of lawnmowers, and even a few personal robots like the Enabot. I expect we’re going to continue to see robot vacuums leap forward this year, as they have the past few. I expect we’ll see absurd levels of suction power, and the robots are going to start to develop a whole new set of skills. We had one stair-climbing robot last year, so I expect we’ll start to see more robots with that sort of dexterity. Switchbot started to play with the idea of a robot vacuum as a household butler, shuttling water from the source to humidifiers, and I predict it'll continue to build that idea out. If the robot can shuttle water, what else can it move for you?

What I’d like to see in robot vacuums is consistency in high-end models—by now they should all have a compartment for cleaning fluid on board the charging dock, and they should all have the ability be to directed by remote control in the app.

I’d like to see robot assistants for vacuums go away entirely: they’re unhelpful, unrefined, and just another unwanted voice in my house. Instead, I’d like robot vacuums to better integrate with existing voice assistants. 

Also, I'd love to see robot vacuums take on baseboards. I'm sure this seems small, but brands are obsessed with how close their robots get to the wall, and yet they ignore the baseboards, which remain filthy and ignored. Narwal has started to address this, although in the most basic way, by attaching a muff to the robot that sweeps against the baseboard, but it's not enough.

I predict we’ll see a ton of robot lawnmowers this year, which is exciting. I predict that like the Yarbo and Mowrator, most lawnmowers will also start to do “more,” including collecting and dumping of leaves. What I hope to see is more stability in mid-large size models, with beefier wheels that can handle dips and hills with ease, but with a tighter turn radius that doesn't tear up your lawn. I would love to see a fleet of small robot lawnmowers, perfect for tiny lawns, and for them to be sold at tiny prices. I would not like to see more lawn printing, which allows you to mow designs into your lawn. Though it sounded exciting, it turned out to be pretty silly in practice. 

Will we finally get our personal robots this year?

Remember Ballie, from Samsung? I’d love this to be the year actual personal robots make it into the consumer market in a real way. So far, I’m unimpressed with those I’ve tried. I have an Enabot that is supposed to follow my dog around, but so far, it just runs into my washing machine over and over again. Personal robots don’t have to do it all yet, but I truly think these robots could work for emotional support and a light physical assist in housework or technological chores. But for that to happen, a brand has to (please) get a good one to market already. 

Better smart lighting throughout the entire home

Over the last year, smart home tech has deeply infiltrated the new construction and retrofit market. It’s not enough to have a smart bulb or a lamp on a smart plug, now everything from recessed lights to under cabinet lights to permanent outdoor lights are smart. I hope we continue to see growth in the retrofit market, which benefits renters. 

I’ve noticed a massive uptick in entertainment lighting in the last year—floor lamps that can change to any color, bendable foam lights that resemble neon lights, even light curtains. After falling in love with my glowing Nanoleaf lights, I’d love to see more exploration in LED smart lights for inside the home and office that look like they're for adults, not just kids. There’s really no reason any light in your home should only be able to be tuned to white anymore, and when all your lights can play together as one to engage in shifting color schemes, your whole house becomes a big light therapy factory. 

Where else can smart locks possibly go? 

Every time I think smart locks have been all figured out, something new comes out that improves things yet again. The first facial recognition locks came out this year, and then the palm print lock, and now, it looks like Eufy is going to announce a lock with palm recognition. It feels like Star Trek. 

My biggest wish for smart locks is that they get better about retrofitting older homes, which arguably need the security the most. There are still many kinds of older locks that have few or no smart lock retrofit options. I’d also like to see some smart locks that look like many of our homes do: stately and refined instead of cold and modern.

Better, more secure smart cameras

This year, smart cameras took on a few trends: 24/7 continuous recording, which is more informative than the clips we were used to getting. We also saw an explosion of off-grid cameras which worked well and only needed solar power. The downside of these cameras is the amount of data they use, since they’re not connected to wifi. 

I’d like to see better compression of that video on off-grid cameras so they become more usable. I’d love to see the cameras get smaller and less visible, too. At this point, I’m only interested in PTZ (point, tilt, zoom) cameras, and wonder why anyone would buy something else, so I’d like to see less of the static viewpoint cameras, too. Finally, I hope to see better security around these cameras, with real ways to secure the feeds.

Standards, hubs, and automation

I don’t want this, really, but I expect we will see tons of brands try to relaunch their hubs as multi-hubs—that is, platforms that control not just that brand's devices, but allows them to integrate and interact with all your devices across brands.

Most people utilize Google, Apple, or Amazon for this. Personally, I would prefer to see brands focus on exceptional integration with major multi-hubs that already exist. Of course, I’d like to see Matter—the connection standard that was supposed to revolutionize smart home by getting rid of all your smart hubs and apps so you only needed one—utilized in all new devices as a connection method. Matter has been slow to adoption, but I still believe in its potential.

I’d also like to see automation get easier with our assistants and multi-hubs. While AI has started to play a role (Google has recently added Gemini as a possibility for automation help, but I found it clunky), automation remains pretty one-note for most users. It's a lot of "if this happens, do that." It’s difficult to execute multi-step automations or dependent automations with more than one condition. I’d love to see that change. 

from LifeHacker https://ift.tt/u9K8CZ3

Four Easy Tech Jobs to Do for Elderly Family Members While You're Home for the Holidays

There are some traditions that go along with the holidays and visiting family: Eating lots of food, reminiscing about old times, watching classic movies, and of course: fixing all the tech difficulties that your parents or other elderly family members have managed to get themselves into over the previous 12 months.

Of course, the time will most likely come for all of us when we're confused by the latest gadgets and gizmos, and pine for simpler times. However, during your stint as the resident family tech expert, there are some simple jobs you can take care of for your relatives and make sure they're well set up for another year.

Get everything updated

Get phones and laptops right up to date. Credit: Lifehacker

Software updates are important for a whole host of reasons: They squash bugs, they tighten security, they add new features, and they improve compatibility with apps, hardware, and websites. If your parents have been neglecting to get their devices set up with the latest updates, you can sort this out for them.

Checking for updates and getting them installed isn't difficult: Head to Windows Update in Windows Settings, General > Software Update in macOS System Settings, System > Software updates in Android Settings, and General > Software Update in iOS Settings. If you see an option for automatic updates, turn it on.

You might find that really old devices aren't eligible for the latest updates from Microsoft, Apple, and Google—if that's the case, it might be worth having a discussion about whether it's worth the time and money to upgrade to something newer (which will probably be faster, less error-prone, and more secure).

Check app permissions

App permissions in macOS. Credit: Lifehacker

A quick check of app permissions can make a real difference when it comes to device security: You don't want any apps accessing camera and microphone permissions, for example, without explicit permission (and it's all too easy to tap through on these permission requests when they pop up).

You can find these by heading to Privacy and security in Windows Settings, Privacy & Security in macOS System Settings, Security and privacy > Privacy controls > Permission manager in Android Settings, and Privacy & Security in iOS Settings.

If you see an app you're not sure about, check with your parents: If they don't actually use it or have no idea where it's come from, uninstall it from the device and you don't have to worry about what it might be doing. You can always reinstall it again later if it is something your parents have been using.

Audit browser settings

Chrome will warn you about unsafe extensions. Credit: Lifehacker

A lot of screen time is web browsing time, and an insecure and outdated browser can leave you vulnerable. This is particularly true on Windows and macOS, where browsers are dealing with more advanced web apps, managing third-party extensions, and getting deeper hooks into the operating system.

Here are some quick checks to make on your parents' browser of choice: Make sure the latest version of the browser is being used (this is usually handled automatically), look through the list of browser extensions to see if there's anything suspicious or unnecessary, and check the home page and default search settings to check they haven't been hijacked by scammers or affiliate marketing companies.

The exact steps for doing this will vary between browsers, but you should be able to find the necessary options without too much difficulty. In Chrome, for example, you can check for updates by clicking the three dots (top right), then Settings, then About Chrome. Click Extensions on the same Settings page to check the installed add-ons.

Check password security

Apple devices have their own Passwords app. Credit: Lifehacker

Passwords can be a real security problem, whether it's forgetting them, having them hacked and leaked, or revealing them through clever phishing schemes. If your parents have their passwords sorted, that's a significant step towards keeping them and their accounts protected in the future.

You know what's best for your own relatives, but ideally you want to get them to sign up to a password manager of some kind: This means everything gets safely secured, passwords won't be forgotten, and warnings will appear for passwords that are repeated or not strong enough (a good password manager will suggest strong passwords too).

It's also important to have two-factor authentication enabled wherever it's offered (most digital accounts now support it). It adds a little bit of extra inconvenience when logging in to new devices, but it makes accounts much more secure, and protects against password leaks: Again, this is something that the best password managers can handle.

from LifeHacker https://ift.tt/6NLS4oc

Law enforcement agencies see AI as a key tool for reducing crime

A U.S. national survey of first responders reveals strong support for AI adoption, cybersecurity concerns, and increasing demand for cloud-native, data-driven, and interoperable CAD and RMS systems to improve efficiency and public safety outcomes, according to Mark43.

“Public safety agencies across the United States are grappling with challenges such as cyberattacks, legacy system outages, and the resilience and efficiency of their operations,” said Bob Hughes, CEO of Mark43. “To address these concerns, first responders are seeking cloud-native, mobile, and data-driven public safety CAD and RMS systems that strengthen security, enhance resilience and also drive efficiency and better outcomes. A strong foundation—with a unified, open, and interoperable CAD and RMS—is essential.”

First responders seek AI for greater efficiency and better results

90% of law enforcement support their agencies using AI, an increase of 55% over last year’s survey. 65% say it would help them be more productive and efficient and 89% think that leveraging AI would help their agencies reduce crime. 88% of law enforcement trust their agencies to use AI responsibly. This is a 29% increase over last year’s survey.

87% of law enforcement believe AI is transforming the public safety industry for the better. The reasons they cite are largely efficiency improvements that include streamlining report writing, speedy data processing, enhanced analytics, more easily locating certain crimes, and generally improving productivity.

First responders are focused on cybersecurity and resilience concerns

84% of law enforcement acknowledge that their organization experienced a cybersecurity issue in the last year. Respondents reported that scam calls, malware and viruses were the top issues. 57% of first responders cite that their RMS is typically unavailable for over 10 hours a year due to software updates, and 54% say the same for their CAD system. Furthermore, 68% of law enforcement have experienced on-premises system outages due to a lack of updated technology.

95% of public safety professionals cited at least one outage or technology malfunction in the last year. This is an increase of 8% over last year’s survey. 85% of first responders believe disruptive events such as power grid failures, hurricanes and wildfires can overwhelm public safety agencies.

89% of law enforcement are concerned with how their agencies running on legacy systems would handle a tactical response during major events like sports, political conventions, concerts or natural disasters and cyberattacks. 83% believe the general public would feel better if their local public safety agencies were required to adhere to federal government security standards, like FedRAMP, which mandates a premier and standardized approach to security and risk assessment for cloud technologies.

Public safety professionals want data-driven public safety for improved outcomes

86% of public safety professionals believe data reporting processes could be improved at their organizations, and cite the top reason is to save time. 72% of law enforcement agencies have a Real Time Crime Center, and 92% report they are effective in enhancing first responder and officer response.

69% of law enforcement reported a Real Time Crime Center would benefit their agency and agencies in their community, with the top three benefits cited as improved intelligence for greater future efficiency, improved public safety and faster response times to emergency calls.

78% of law enforcement agencies use analytics or business intelligence tools to analyze crime and internal data with 87% reporting it would be helpful to have them integrated into the records management system. The top three benefits of these tools that respondents cite are helping them understand crime patterns, increase operational efficiency, and support case investigations and pattern identification.

83% of first responders think there should be greater crime data and statistics transparency with the general public. This sentiment has grown 26% since 2022 in the 2023 U.S. Public Safety Trends Report.

First responders seek an integrated, mobile platform for efficiency

76% of law enforcement have spent more than half their shifts completing paperwork, with 70% having to use overtime to do so. 88% of law enforcement acknowledge that new, modern technology processes would help them better serve the community. 97% of law enforcement agree that tools saving time from typing the same information multiple times in a report would make an impact.

65% of first responders have had to return to a physical location to fill out reports, which is a 7% increase since last year’s survey. Furthermore, 55% of surveyed first responders need to be at their agency’s office to fulfill their duties. However, there is a desire for more flexible working arrangements, including 80% of emergency telecommunicators who would be more likely to extend their career if there were an option for remote work.

51% of law enforcement have to log in to four to six applications for their role on a daily basis. This reflects an industry need for integrated systems that eliminate application silos and streamline manual processes to save time and resources.

88% of law enforcement feel that switching between multiple applications affects their efficiency in completing tasks. 99% of law enforcement states it would be helpful to have a single, consolidated CAD and RMS platform that integrates all of the data sources they currently use.

80% of law enforcement use their mobile phones as part of everyday work tasks. 87% of law enforcement would find it helpful if they had more information about the location they are responding to on their mobile devices, and 82% cite that having CAD and RMS on their mobile devices would increase confidence and efficiency.

63% of law enforcement cited an increase in requests for record expungement due to new state laws, and over 85% find it challenging to manage record sealing or expungement processes in their jurisdictions.

The report identifies the following emerging trends that will impact public safety in 2025 and beyond:

• AI for accelerating public safety operations
• Cybersecurity and resiliency go hand-in-hand
• Data-driven public safety for improved community outcomes
• Comprehensive platform powers innovation

“In 2025, leading public safety agencies will embrace cloud-native systems and AI to enhance efficiency, strengthen cybersecurity and resilience, improve mobility, and optimize resource allocation—ultimately enabling them to serve their communities more effectively,” Hughes concluded.

from Help Net Security https://ift.tt/5mfXUiD

Infosec products of the month: December 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, Cato Networks, Datadog, Fortinet, GitGuardian, Horizon3.ai, Netwrix, Radiant Logic, RunSafe Security, SecureAuth, Stairwell, Stamus Networks, Sweet Security, Tenable, Trellix, Versa Networks, and Veza.

GitGuardian launches multi-vault integration to combat secrets sprawl

GitGuardian unveiled a comprehensive Non-Human Identity (NHI) security strategy with integrations across major secrets management platforms, addressing the growing challenge of secrets sprawl in enterprise environments.

FortiAppSec Cloud simplifies web application security management

With FortiAppSec Cloud, customers have deep visibility and control over web applications within their complex, multi-cloud environments. They can configure and manage security features and performance tools via an easy-to-use console, streamlining business operations while ensuring the protection of their network.

Tenable Patch Management prevents problematic updates

Tenable Patch Management mobilizes teams to take action against vulnerabilities with full control to determine when, how and where a patch is deployed. Organizations can autonomously patch with confidence, with customizable controls and automatic patch testing that blocks problematic updates from going out.

Datadog Cloud SIEM accelerates security investigations

Datadog announced its modern approach to Cloud SIEM, which doesn’t require dedicated staff or specialized teams to activate the solution. This approach makes it easy for teams to onboard, de-risk migrations and democratize security practices while disrupting traditional models, which can be costly and resource intensive.

Radiant Logic provides continuous identity hygiene assessments via real-time streaming data

With the debut of Identity Observability from Radiant Logic, organizations can now have a clearer picture of all identity data available in real time, quickly measure identity hygiene, and remediate risk with the help of Radiant Logic AI Data Assistant (AIDA).

Sweet Security helps organizations protect their cloud environments

Sweet’s platform integrates the capabilities of Application Detection and Response (ADR), Cloud Detection and Response (CDR), and Cloud Workload Protection Platform (CWPP) into one comprehensive solution. This approach delivers detection and response capabilities, unifying insights from every layer of the cloud stack.

Veza Access Requests reduces the risk of identity-based threats

When a manager or employee requests access, Veza’s platform identifies the least privileged most secure role, obtains approval if needed, and provisions the access in the target system or application. Veza Access Requests works on the power of Veza’s Role Engineering capabilities to ensure that users requesting access are provisioned according to the principle of least privilege from day one.

Trellix Drive Encryption enhances security against insider attacks

Trellix Drive Encryption offers enhanced security against insider attacks with new self-protection capabilities, addressing threats from privilege escalations. Organizations can deploy protection for employee devices to prevent data breaches, produce reports on the encryption status of devices inside and outside the network, and administer policies in a single console.

Cato Networks extends SASE-based protection to IoT/OT environments

With the introduction of Cato IoT/OT Security, Cato Networks is enabling enterprises to simplify the management and security of Internet of Things (IoT) and operational technology (OT) devices. Cato IoT/OT Security converges device discovery and classification, policy enforcement, and threat prevention in a SASE platform.

Stamus Networks Clear NDR uncovers unauthorized activity

Stamus Networks announced Clear NDR, an open and transparent NDR system that empowers cyber defenders to uncover and stop serious threats and unauthorized activity before they cause harm to the organization. It can be deployed as a standalone NDR solution or integrated into an organization’s AI-driven SOC, delivering essential network data that supports even more sophisticated cross-platform threat detection.

Horizon3.ai NodeZero Insights enables executives to visualize changes in their security posture

NodeZero Insights ensures leaders have up-to-date data at their fingertips, seamlessly integrating into monthly or quarterly board updates to meet the executive demand for consistent and actionable security metrics.

Versa Endpoint DLP prevents data exfiltration

Versa Endpoint DLP helps ensure that sensitive data residing on endpoints is safeguarded against accidental exposure, insider threats, and cyberattacks. Integrated into Versa’s lightweight SASE client, it extends network DLP to the endpoint, providing end-to-end real-time visibility and control. This ensures compliance with corporate data security regulations and reduces risk without compromising the user experience.

SecureAuth protects sensitive information with biometric continuous identity assurance

SecureAuth is releasing biometric continuous identity assurance (BCIA). This ability is designed to safeguard a company’s sensitive information for the duration of a user’s session — providing additional protection from emerging threats in today’s hybrid and remote work environments.

RunSafe Security Platform enhances risk management with automation

RunSafe Security has released the RunSafe Security Platform that automates risk identification, exploit prevention, and runtime software monitoring. Now, developers can generate a high-fidelity software bill of materials (SBOM) at build time, ensuring the highest level of accuracy in identifying software components and related vulnerabilities.

Stairwell Core boosts threat intelligence for security teams

With Stairwell Core, users can upload their files to their private Stairwell vault. Stairwell Core seamlessly integrates with leading EDR solutions to preserve detected malware, enabling security teams to determine whether an incident is isolated or part of a broader, coordinated campaign.

Appdome protects applications running on mobile-enabled platforms

With this release the Appdome Platform can defend mobile businesses and users from fraud, bot, malware and cyber attacks as well as game cheating on mobile apps deployed on VR headsets like Apple Vision Pro and Meta Quest. For the Apple ecosystem, the Appdome Platform now protects iOS apps deployed on macOS M-series, Apple TV, and Apple CarPlay. For the Google Android ecosystem, the Appdome Platform now protects Android apps deployed on Android Auto, Android TV, and Google Play Games for Android on Windows PCs.

Netwrix 1Secure enhances protection against data and identity access risks

Netwrix released a new version of its SaaS platform, Netwrix 1Secure. The latest version builds on its existing security monitoring functionality with more robust access rights assessment and expanded security auditing capabilities to overcome the lack of control when relying only on native security tools in Microsoft 365.

from Help Net Security https://ift.tt/M1cKChW