Roger Grimes on Prioritizing Cybersecurity Advice

This is a good point:

Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations. They are all great recommendations, which if followed, will reduce risk in your environment.

What they do not tell you is which of the recommended things will have the most impact on best reducing risk in your environment. They do not tell you that one, two or three of these things…among the hundreds that have been given to you, will reduce more risk than all the others.

[…]

The solution?

Here is one big one: Do not use or rely on un-risk-ranked lists. Require any list of controls, threats, defenses, solutions to be risk-ranked according to how much actual risk they will reduce in the current environment if implemented.

[…]

This specific CISA document has at least 21 main recommendations, many of which lead to two or more other more specific recommendations. Overall, it has several dozen recommendations, each of which individually will likely take weeks to months to fulfill in any environment if not already accomplished. Any person following this document is…rightly…going to be expected to evaluate and implement all those recommendations. And doing so will absolutely reduce risk.

The catch is: There are two recommendations that WILL DO MORE THAN ALL THE REST ADDED TOGETHER TO REDUCE CYBERSECURITY RISK most efficiently: patching and using multifactor authentication (MFA). Patching is listed third. MFA is listed eighth. And there is nothing to indicate their ability to significantly reduce cybersecurity risk as compared to the other recommendations. Two of these things are not like the other, but how is anyone reading the document supposed to know that patching and using MFA really matter more than all the rest?

from Schneier on Security https://ift.tt/NSCva6K

Tracking World Leaders Using Strava

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running.

Six years later, the problem remains. Le Monde has reported that the same Strava data can be used to track the movements of world leaders. They don’t wear the tracking device, but many of their bodyguards do.

from Schneier on Security https://ift.tt/faFgh5s

You Can Grab the Google Pixel Tablet for $80 Less Right Now

The Google Pixel Tablet, with its aluminum build and choice of porcelain or hazel finishes, looks good and feels comfortable to hold, for when you're lounging around with a book or a show—and right now, it's down to $319 from $399. It has an 11-inch screen (2560x1600 resolution) which reportedly displays vivid colors and handles sunlight surprisingly well, and a four-speaker audio setup that is clear but a bit light on bass. If you’re into more booming sound, this might feel lacking but for everyday streaming or calls, it gets the job done nicely.

Google Pixel Tablet - Android Tablet with 11-Inch Screen and Extra-Long Battery Life - Hazel - 8 GB RAM - 128 GB

$319.00 at Amazon

$399.00 Save $80.00

$319.00 at Amazon

$399.00 Save $80.00

Powered by Google’s Tensor G2 chip, the Pixel Tablet is a solid device for multitasking, with this PCMag review reporting smooth performance even with a dozen apps open at once. This is especially handy for anyone who juggles tasks regularly and relies on split-screen functions. Connectivity-wise, it supports Wi-Fi 6 and Bluetooth 5.2, so you’re all set for reliable streaming and device pairing. Additionally, it comes with 128GB of internal storage, but if you need more, you can double it to 256GB for an extra $80 right now ($100 regularly).

On the camera front, the Pixel Tablet’s 8MP lenses on both the front and back are built more for video chats than photography, with its continuous-framing feature keeping you centered during Google Meet calls. Battery life might be underwhelming if you're hoping for all-day use, with tests showing just over five hours of streaming at full brightness (compared to Google’s claimed 12 hours). Your mileage may vary. You can recharge it with a USB-C cable or use Google’s optional $129 Charging Speaker Dock, which adds value as a charging stand and audio booster (but adds cost). This dock also lets the Pixel Tablet switch into a voice assistant and smart display, a pretty cool feature for those wanting a bit more from their tablet. When docked, it even supports casting with its built-in Chromecast, multi-room audio, and smart display and speaker functions.

If a smart display is what you're looking for, the Google Nest Hub Max at $229 could make a good option. But if it's a powerful tablet that you want, you might want to consider the renewed Apple iPad Pro, now at $449 (down from $549).

from LifeHacker https://ift.tt/YmSVRwz

Google Just Announced a Bunch of New AI Features for Maps

Google Maps is one of those apps that basically does everything I want it to: I punch in my destination, I'm guided to that destination, then I turn the app off. That's not to say there's zero room for improvement, of course. As such, it's always intriguing whenever Google announces a new slew of features and changes for Maps. This time around, many of those changes just happen to be AI-powered.

Of course, everyone's all-in on AI right now. And Google being Google, the company is using its AI platform, Gemini, to run some of these new features. Most are launching today, but some are also rolling out in the coming weeks. Here's what's new.

Google wants you to ask Gemini where to go

Rather than search for specific destinations, Google wants you to use its AI chatbot for advice on what to do. The company says you can ask Gemini things like "fun fall activities," "interactive date ideas," or "things to do on a relaxing Sunday," and the bot will generate suggestions in Google Maps. I guess that saves you a trip to, um, Google. This feature is rolling out today.

Gemini will summarize all those reviews for you

Generating summaries is one of the features companies advertise most for their AI programs. Apple Intelligence summarizes your notifications, for example, while Google tries to summarize multiple sources into one AI-generated explanation—with sometimes disastrous results.

However, the company wants you to trust Gemini to summarize Google Maps reviews for you: Rather than sift through any number of reviews to determine whether a location is worth your time, Google's view is you should glance at the Gemini summary to learn all you need to. If you want to see where it gets that summary from, you can always look at the reviews themselves.

Google continues to build AI features that generate information based on the work of others—whether that's independent users reviewing a restaurant on Google Maps, or sources across the internet writing articles. This is a minor version of that, but it goes to show that AI-powered feature are often enabled by free participation from users, not by the companies themselves.

This feature launches today.

Check out more stops on your route

Google wants to make it easier to find interesting deviations on your current route: The company says things like "charming local cafes" and "quirky roadside attractions" will pop up if you swipe up on your route preview. If you see something you like, you can add it to your route. This feature also launches today.

Ask Gemini about your destination

You can also check in with Gemini with questions about your destination: That includes things like “are reservations recommended?” “what’s the parking situation?” or “is there indoor seating?" This is coming to Maps today, but will roll out to Search in general in the coming months.

Immersive View Expansion

Google is expanding the list of cities compatible with Immersive View: This feature uses AI to build a 3D image of a city from street view images, and has been slowly rolling out for about the past year and a half. Google says now, the feature is available in more than 100 cities, and will grow to 150 by the end of the year.

There's also now Immersive View for routes, which will highlight things like parking lots, bike lanes, and difficult driving sections. You can pick a spot along your journey to investigate it further. This particular Immersive View feature rolls out Nov. 11.

In addition to Immersive View expansion, Google is also adding more details to general directions. You should know more about which lane you're supposed to be in at any given time, which should reduce those times when you suddenly need to change lanes to make a turn or enter a freeway. That comes out next week.

Report hazards to Waze with your voice

This isn't really about Google Maps, but Google owns Waze so I guess it makes the press release. In any case, this is probably the most useful new feature here. Waze now lets you report hazards on your route using your voice, which is a fantastic update. It never sat right with me that a feature meant for making driving safer required users to fiddle with their phones while driving. That said, you still need to interact with your phone for this feature, but you only need to tap the reporting button before speaking what you're seeing. This option is launching in beta today, in English.

In addition to this Waze feature, Google Maps users will be able to report new types of weather disruptions, like flooded or low-visibility roads. That feature comes out next week in the US, India, Canada, and Australia.

Making it easier to know what to do when you've arrived

Google is working on new features for after you've reached your destination. Maps will light up your destination in the app and highlight available parking, as well as detailed instruction for getting to your destination once you leave your car. You'll also see business information here, so you'll know if your destination is open or closed by the time you get there. This feature is rolling out starting next week.

from LifeHacker https://ift.tt/N7LpGTR

Maintain a Clean House More Easily With the 'Swish and Swipe' Method

There are plenty of techniques you can follow when it's time to get down to business and clean your home, but if you want to maintain that cleanliness in between larger tidying sessions, you'll need to follow another strategy, too. I suggest "swish and swipe," which comes from trusted cleaning pro The FlyLady. I already love her all-over home cleaning technique and this one is no different—although I do think you can and should adapt it for other rooms.

What is the FlyLady's "swish and swipe" cleaning method?

To understand what cleaning influencer legend the FlyLady means when she talks about "swish and swipe" as a way to maintain your bathroom, you have to understand her primary technique, known simply as the FlyLady Method. In her original technique, you break your home into five zones, then focus on a different zone every week. Zone 1 is your entryway, front porch, and dining room, while Zone 2 includes your kitchen and so on. Though your main bathroom is bundled into Zone 3 along with another room like an office or panty, depending on your home, there isn't any space in the five zone categories just for bathrooms. According to her, this is because you should be cleaning your bathroom every day.

She recommends swishing the toilet wand around in the bowl and swiping a cloth across a dirty surface, like the vanity counter, every morning when you're using the bathroom. You don't need to use cleaning liquids for this. The brush and the cloth are fine on their own for maintenance.

The idea is that by incorporating two quick cleaning motions into your morning routine in the bathroom, you keep it cleaner for longer without having to do much.

Adapting "swish and swipe" to help keep the whole house clean

The FlyLady has a great idea here when it comes to your bathroom, but you can expand this thinking to other areas of your home, too. The goal of rethinking how you clean isn't as much about focusing on swishing and swiping the "right" things so much as it is about building a habit of doing small tasks in each environment to keep your space clean. This can involve swiping a rag across a surface, like the FlyLady recommends in the bathroom, or "swiping" an out-of-place item before you leave a room, for instance. Here are a few examples of ways you can adopt this technique all around the house:

• Wipe down your nightstand and take last night's empty water cup to the kitchen before you leave your bedroom each morning.

• Wipe your faucet and fridge handles before exiting the kitchen.

• Sanitize light switches and the remote when you're done in the living room for the night.

• Wipe down your door handle and lock when you get home and lock the door.

• Spritz and swipe mirrors with cleaner before you leave a room.

Whatever you choose or need to do, build the habit of taking on two almost-miniscule cleaning tasks before walking out of any room so eventually, it becomes second nature and you don't have as much to tackle when it's actually cleaning time. These tasks will depend on what small messes you have or want to prevent, but this is less of a guide for what to do than it is for how to think of your ongoing quest to keep your home in shape.

from LifeHacker https://ift.tt/riXYVv0

US charges suspected Redline infostealer developer, admin

The identity of a suspected developer and administrator of the RedLine malware-as-a-service operation has been revealed: Russian national Maxim Rudometov.

Infrastructure takedown

As promised on Monday when they announced the disruption of the Redline and Meta infostealer operations, law enforcement Operation Magnus has unveiled on Tuesday how the takedown played out.

“Investigations into RedLine and Meta started after victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the software. Authorities discovered that over 1,200 servers in dozens of countries were running the malware,” shared Eurojust, the European Union Agency for Criminal Justice Cooperation.

Eurojust coordinated the information exchange between and actions taken by authorities from the Netherlands, the United States, Belgium, Portugal, United Kingdom and Australia, which resulted in three servers taken down in the Netherlands, two seized domains, the disruption of several Redline and Meta communication channels (Telegram), and two people – suspected customers of Rudometov’s – being taken into custody in Belgium.

“The authorities also retrieved a database of clients from RedLine and Meta. Investigations will now continue into the criminals using the stolen data,” Eurojust added.

The security company mentioned in the latest announcements is ESET, which also made available a scanner that Windows users can leverage to check whether they’ve been infected with the Redline or Meta stealers and to remove the malware (if present).

It is estimated that the RedLine and Meta infostealers stole information from millions of victims around the world.

Pinpointing the person behind the operation

Law enforcement managed to connect various online monikers and email addresses used by Rudometov over the years on hacking forums and link some to a VK (Russian social network) account in that name.

“A judicially-authorized search of [the Apple account registered with one of those email addresses] revealed an associated iCloud account and numerous files that were identified by antivirus engines as malware, including at least one that was analyzed by the Department of Defense Cybercrime Center (‘DC3’) and determined to be RedLine,” the unsealed criminal complaint against Rudometov says.

“Notably, among the malicious files saved to Rudometov’s Apple iCloud Drive was a file entitled ‘MysteryPanel.rar’ which correlates to the [Redline infostealer]. In addition to the registration information indicating Rudometov was the owner of the Apple account, the account contained photos that included Rudometov’s official identification documents and apparent personal photos.”

He has also been tied with a number of cryptocurrency accounts that were used to receive and launder payments, and the malware was hosted on servers controlled and accessed by him.

Rudometov has been charged by the US Department of Justice with access device fraud, conspiracy to commit computer intrusion, and money laundering.

The DOJ press release does not mention whether Rudometov is in police custody, which means he’s most likely not.

from Help Net Security https://ift.tt/umYsDTR

How to Keep So-Called 'No-Damage' Hooks From Ruining Your Walls

Hanging stuff on your walls is a great way to decorate and spruce up your home or add some storage to the place, but that comes with a downside: holes in your walls. Depending on your skill level with spackling and whether you own or rent, a few holes in the wall might not seem like a big deal, but if you’re uncertain of your ability to fix them up and/or worried about losing a security deposit as a result, you might hesitate to drill or hammer into the wall.

Enter so-called “no-damage” adhesive products like Command hooks. In theory, these products stick to your wall, hold enough weight to be useful, and then can be removed without leaving a mark or hole behind, protecting your walls and security deposit from damage. In general, these products work as advertised (as long as you follow the instructions), but they can actually damage your walls if you’re not careful. Instead of assuming you’re safe and paying the price when the time comes to move out and remove everything, keep the following details in mind any time you’re using a “no-damage” adhesive product on your walls.

Know your surfaces

No-damage adhesive products like Command hooks aren’t magic. They’re just specially formulated adhesives, and they absolutely will not stick to just anything. Your first step when planning to hang some on your walls is to read the instructions and make sure you’re putting them on an appropriate surface. Most of these products won’t work well on unfinished wood, exposed brick (or any irregular surface), or any kind of fabric or wallpaper, for example.

The condition of the wall matters, too. If the surface is grimy, crumbling, or peeling, there’s a good chance the adhesive won’t hold. And if the wall was painted recently, you’re better off waiting—the paint needs to be fully cured before you put an adhesive product on it, or it might take the paint right off the wall. For oil-based paints, that’s about a week, but for latex paints you should wait about a month before you put those hooks up.

Clean the walls

When was the last time you dusted your walls? You should be cleaning your walls annually, at least, but a lot of folks don’t bother—especially if they’re renting. But if you’re planning to stick any kind of adhesive on them, cleaning the walls is essential (that’s why it’s literally step one of the instructions on a Command hook). Particles and dirt can get between the adhesive and the wall, weakening the bond, and residue can undermine the bond as well.

That doesn’t mean you should just wipe down the wall with whatever cleaning product you have lying around. Most cleaning products will actually leave behind a residue that can interfere with adhesion, so you’re supposed to use rubbing alcohol.

Appropriate climate

No-damage adhesives are designed to be removed, and as a result they’re more fragile than some other adhesive products. They’re pretty finicky about the climate of the room they’re in, for example—they won’t work well if the space is very cold or very hot (the temperature range is officially 50° to 105° Fahrenheit for most indoor Command products).

You also have to consider humidity. If you’re hanging something on the wall of a bathroom, make sure you buy a product designed for a bathroom and other damp areas, otherwise the humidity and moisture can cause your hooks and shelves to slide off the wall. Luckily, these are pretty easy to find.

Correct removal procedure

The most dangerous moment for your security deposit or pristine, undamaged wall comes when you remove the supposedly no-damage adhesive. Again, you should consult the instructions that came with the product to ensure you’re doing it the right way. But just as important are your expectations: You’ll probably have more trouble getting the adhesive off your wall than you assume, and you’ll probably have some residue left behind (no damage doesn’t mean no residue).

So have a small toolkit ready to go when the time comes to pull everything off the walls:

• A hair dryer can soften up adhesive that doesn’t want to pull free.

• A putty knifecan get behind adhesive and gently pry it away from the wall. You can also use dental floss—slide it behind a hook that won’t come off and gently saw downward until it’s free.

• A microfiber cloth and some warm water should get any residue off the wall, but if it’s stubborn the putty knife can be used to scrape it off (gently). If it really doesn’t want to come off you can try a little more rubbing alcohol to scrub it off.

from LifeHacker https://ift.tt/vAgl2t9

Get In Line Now to Try Apple's AI Image Generator Early

The latest iOS 18.1 update finally brought with it some of the Apple Intelligence features that were promised way back in June. But new Siri and Photos features are just a small sliver of what Apple has planned. The next roll-out, coming sometime in December, will finally add ChatGPT integration, Visual Intelligence, and the much awaited Genmoji and Image Playground to the mix. While the final release is still far out, you can install the Developer Beta to try out the features right away.

How to enable AI features with iOS 18.2 Developer Beta

The name of the game is "waitlist." Apple Intelligence itself is already a waitlisted feature, even for iOS 18.1 users. And within the iOS 18.2 beta, there's already another waitlist for Image Playground, Genmoji, and Image Wand.

But let's take this step by step. First, update to the iOS 18.2 Developer Beta. To do this, go to Settings > Software Update > Beta Updates and choose the iOS 18.2 Developer Beta. Then hit the Back button and wait for a moment until you see the iOS 18.2 Beta option pop up. Tap on Update Now to get started.

If you don't see it, first make sure your iPhone is updated to the latest available software. You might also be asked to log in to Apple's Developer website with the Apple ID associated with your iPhone.

Credit: Khamosh Pathak

After updating to iOS 18.2, you'll first need to sign up for the Apple Intelligence waitlist (if you don't already have it enabled). Go to Settings > Apple Intelligence & Siri and tap the toggle next to Apple Intelligence to get started (read on here for more details).

We aren't done yet. Next, you'll need to sign up for the Image Playground waitlist to enable the generative images features in Image Playground, Genmoji, and Image Wand. Open the Image Playground app, tap Request Early Access, and then wait. Unlike the Apple Intelligence beta, which usually gets approved in just a couple of hours, you might need to wait weeks to get access to the Image Playground beta. Apple is letting users in quite slowly here.

Chat with ChatGPT

Before we get into the waitlisted features, let's talk about some of the features you can use right away. ChatGPT integration is ready to go as soon as you get Apple Intelligence and update to iOS 18.2. Ask Siri a slightly complicated question, like "plan a three-day trip to Paris" and Siri may politely ask if it can throw things off to ChatGPT instead. Tap Use ChatGPT, and in a second or two, you'll get a long ChatGPT response right where Siri would normally pop up. You can scroll through to read, and you can bring up Siri to ask follow-up questions, too. You can also tap the Copy button in the top-right corner to copy the response. As of writing, ChatGPT can only answer questions in text, so it can't interact with images. Siri features like taking action based on what you see on screen, multi-context app actions, and so on will be shipping later on, early next year.

Credit: Khamosh Pathak

There are some Settings options to play with. In Settings > Apple Intelligence & Siri > ChatGPT, you can disable the popup that asks you to confirm if you want to use ChatGPT, so Siri will direct questions it can't handle straight to ChatGPT without asking for permission first (you can also just start your query with "Ask ChatGPT" to go straight to it, and any ChatGPT generated responses will still be clearly marked). You can also sign in with a ChatGPT account to keep a record of your requests (access to paid models will come down the line). From here, you can also easily disable the whole ChatGPT feature.

Look Up Anything With Visual Intelligence

The new beta also enables the Visual Intelligence feature that's exclusive to the iPhone 16 series. Press and hold the Camera Control and you'll see a new camera interface. Take a photo of something, anything, and Apple will show you relevant info about the photo subject. If it's a phone number, you will get an option to call it; if it's a restaurant, you'll see reviews and photos of dishes.

Credit: Khamosh Pathak

You'll also see an "Ask" icon to the left. Here, you can ask questions about what you're seeing and Apple will send the image to ChatGPT for help. It's like using the ChatGPT app, but in a native iPhone interface. You'll get a response from ChatGPT, and you can continue to ask follow-up questions, like with Siri.

Finally, there's a feature similar to Google Lens, but in an iPhone wrapper. If you tap the Image Search icon to the right of the shutter button, Apple will show you web results for images similar to what you're looking at. Because the data is coming from Google, I've had a lot of luck finding similar results.

Create Your Own Genmoji And AI Images

As we mentioned above, the Image Playground features have their own waitlist, and Apple is being quite stringent with the approval process. I, myself, haven't gotten in yet. If you install the iOS 18.2 Beta, expect a couple of weeks before you can demo these features.

It all starts with the new Image Playground app. In the new AI image generation app, Apple says you can create images in two styles using built-in themes and tools. It's a standalone app but it's also part of apps like Messages, Pages, Keynote and Freeform. There are a couple of ways to use this. In the app, you can start by describing an image that you want to create, where you'll then choose to use the animated style or a sketched style. Or, if you're in Messages, you can create an image based on context from the Messages thread. Apple is working to put up plenty of guardrails around this feature, so hopefully it will be safe from abusive imagery.

Credit: Apple

Genmoji lets you create emoji-style sticker images using a prompt or photos of your contacts or friends, for more casual use.

Credit: Apple

Image Playground also extends to the Notes app in the form of the Image Wand feature. Here, you can draw a sketch, select it with the Image Wand, and Apple will give you options to zhuzh it up with an animated or cartoon style. It should also work in blank space, where it will generate imagery based on the text of your notes instead.

Updates to Writing Tools

Credit: Apple

There's also a new update to the just-released Writing Tools feature that makes it more dynamic. In iOS 18.1, you're stuck with a couple of pre-baked options for rewriting text, like "Professional" or "Friendly." In the iOS 18.2 beta, you can use the Describe Your Change feature to get specific about the rewrite. You can say "write this in a more excited tone" or "write it like a haiku," and Apple will do it for you.

Set Your Default Messaging and Phone Apps

Credit: Khamosh Pathak

Outside of Apple Intelligence, there's a new menu option in Settings. When you go to the recently added Apps section in Settings, you'll see a brand new Default Apps hub at the top. Here, you can change the default apps for email, messaging, calling, call filtering, and browsing. The Messaging and Calling sections are new, and no, it's not just limited to the EU: users worldwide can see this. As of writing, this feature isn't functional for me, but it should start working once the update reaches the wider public.

from LifeHacker https://ift.tt/9bYzUjM

Criminals Are Blowing up ATMs in Germany

It’s low tech, but effective.

Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them.

from Schneier on Security https://ift.tt/OvTzuGX

Fraudsters revive old tactics mixed with modern technology

Threat actors continue to probe the payments ecosystem for vulnerabilities and were successful in conducting fraud schemes affecting multiple financial institutions, technologies, and processes, according to Visa.

The resurgence of physical theft

Scammers are going back to basics with an increase of physical theft over the past six months, capitalizing on the window between the theft and the victim’s awareness. After a theft, the most common ways the criminals are capitalizing on their theft by purchasing gift cards or physical goods to resell, or even using the card number online for money transfers.

Similarly, in March of 2023, Visa identified an emerging threat dubbed “digital pickpocketing,” where cybercriminals use a mobile point-of-sale device to tap against unsuspecting consumers’ wallets and initiate a payment, often in crowded areas.

Consumers are falling victim to scams where fraudsters pose as representatives from the government, including agencies like the USPS, the FBI and the IRS. In the first three months of 2024, the average government impersonation scam victim in the US lost $14,000 in cash, totaling more than $20 million.

Additionally, between 2022 and 2023, there was 90% increase in losses from cash payments due to government impersonation scams. As government impersonation scams move towards cash, Visa predicts that banks will see an increase in large cash withdrawals by customers at ATMs.

Looking for a way to get around two-factor authentication, fraudsters are doubling down on one-time-password phishing scams, which allow criminals access to full account funds and information via increasingly convincing texts, emails or phone calls. These scams have grown more convincing in part due to the prevalence of GenAI.

Threat actors utilize widely available tools and technology

Threat actors continue to innovate in their use of technology to perpetrate fraud. With the expansion, evolution, and availability of GenAI tools, and the associated increase in underground forum discussions of how to use AI tools to facilitate crime, threat actors have an ever-increasing array of tools and technologies at their disposal.

The threat actor toolbox has evolved to include an expanding collection of cybercrime-as-a-service offerings, such as proxy networks, ransomware-as-a-service variants, and fraud tutorials, enabling them to scale their campaigns more effectively.

It takes only three seconds of audio to clone a voice using AI voice cloning technology, which can be obtained by threat actors from victim’s videos on social media or voicemailbox message. The use of cloned voices enhances imposter scams by creating a façade of legitimacy as victims believe they are speaking to the actual person, rather than an AI-generated voice or video.

While many of the scams highlighted in the report target consumers, the research contains key takeaways for financial institutions and merchants as well.

Gas station fraud: After a successful small authorization, fraudsters are making large fuel purchases at gas stations using accounts that do not have enough money to cover the total. In the past six months, activity has significantly shifted from targeting issuers in the US, Latin America and Caribbean to issuers in Central Europe, Middle East and Africa, showing how these scams spread globally.

Enumeration: Merchants continue to be targeted by cybercriminals who test payment data with scale and speed, leading them to access consumer account information. Enumeration, or automatic testing of common payment data to guess account numbers, remains a top threat to the payment ecosystem, with significant fraud occurring in the year after a successful enumeration attack. Industries most impacted over the past year include restaurants, government services, and charitable and social service organizations.

Token provisioning fraud: Tokenization remains one of the safest ways to pay, but as the technology gains momentum, scammers have taken to obtaining tokens illegitimately—and cashing out under the radar of financial institutions. Recently, Visa has noted a marked delay in when cybercriminals choose to cashout compromised accounts, hoping to evade detection after initial provisioning fraud.

Ransomware: More sophisticated ransomware attacks are affecting more companies and individuals. Although there was an overall decrease of 12.3% in attempted ransomware attacks seen during the period of this report, there was a 24% increase in targeting of third-party providers like cloud or web hosting services, creating the opportunity for more fraud per attack. Just one attack to a third-party provider affected an estimated 2,620 organizations along with 77.2 million individuals, making these third-party providers a prime target for criminals.

With this increase in sophistication, threat groups are aiming at cardholders directly, using advanced social engineering techniques and AI technology to make scams even more believable for victims and to circumvent financial network security and fraud prevention protocols.

“As payments become safer, fraudsters are reverting to tried-and-true tactics that target the weakest link in the ecosystem: consumers,” said Paul Fabara, Chief Risk and Client Services Officer at Visa.

from Help Net Security https://ift.tt/1Ci3cOu

Top 10 strategic technology trends shaping the future of business

The ethical and responsible use of technology is fast becoming part of the mandate for CIOs, as organizations balance the need for progress with the protection of stakeholders’ trust and well-being, according to Gartner.

“This year’s top strategic technology trends span AI imperatives and risks, new frontiers of computing and human-machine synergy,” said Gene Alvarez, Distinguished VP Analyst at Gartner. “Tracking these trends will help IT leaders shape the future of their organizations with responsible and ethical innovation.”

Gartner selected these 10 trends based on their potential to disrupt traditional business models, enable new forms of innovation and address the most pressing challenges facing enterprises today. They represent strategic imperatives that require thoughtful consideration and decisive action.

The top strategic technology trends for 2025 are:

Agentic AI

Agentic AI systems autonomously plan and take actions to meet user-defined goals. Agentic AI offers the promise of a virtual workforce that can offload and augment human work. Gartner predicts that by 2028, at least 15% of day-to-day work decisions will be made autonomously through agentic AI, up from 0% in 2024. The goal-driven capabilities of this technology will deliver more adaptable software systems, capable of completing a wide variety of tasks.

Agentic AI has the potential to realize CIOs’ desire to increase productivity across the organization. This motivation is driving both enterprises and vendors to explore, innovate and establish the technology and practices needed to deliver this agency in a robust, secure and trustworthy way.

AI governance platforms

AI governance platforms are a part of Gartner’s evolving AI Trust, Risk and Security Management (TRiSM) framework that enables organizations to manage the legal, ethical and operational performance of their AI systems. These technology solutions have the capability to create, manage and enforce policies for responsible AI use, explain how AI systems work and provide transparency to build trust and accountability.

Gartner predicts that by 2028, organizations that implement comprehensive AI governance platforms will experience 40% fewer AI-related ethical incidents compared to those without such systems.

Disinformation security

Disinformation security is an emerging category of technology that systematically discerns trust and aims to provide methodological systems for ensuring integrity, assessing authenticity, preventing impersonation and tracking the spread of harmful information. By 2028, Gartner predicts that 50% of enterprises will begin adopting products, services or features designed specifically to address disinformation security use cases, up from less than 5% today.

The wide availability and advanced state of AI and machine learning tools being leveraged for nefarious purposes is expected to increase the number of disinformation incidents targeting enterprises. If this is left unchecked, disinformation can cause significant and lasting damage to any organization.

Postquantum cryptography

Postquantum cryptography provides data protection that is resistant to quantum computing decryption risks. As quantum computing developments have progressed over the last several years, it is expected there will be an end to several types of conventional cryptography that is widely used. It is not easy to switch cryptography methods so organizations must have a longer lead time to ready themselves for robust protection of anything sensitive or confidential.

Gartner predicts that by 2029, advances in quantum computing will make most conventional asymmetric cryptography unsafe to use.

Ambient invisible intelligence

Ambient invisible intelligence is enabled by ultra-low cost, small smart tags and sensors which will deliver large-scale affordable tracking and sensing. In the long term, ambient invisible intelligence will enable a deeper integration of sensing and intelligence into everyday life.

Through 2027, early examples of ambient invisible intelligence will focus on solving immediate problems, such as retail stock checking or perishable goods logistics, by enabling low-cost, real-time tracking and sensing of items to improve visibility and efficiency.

Energy-efficient computing

IT impacts sustainability in many ways and in 2024 the leading consideration for most IT organizations is their carbon footprint. Compute-intensive applications such as AI training, simulation, optimization and media rendering, are likely to be the biggest contributors to organizations’ carbon footprint as they consume the most energy.

It is expected that starting in the late 2020s, several new compute technologies, such as optical, neuromorphic and novel accelerators, will emerge for special purpose tasks, such as AI and optimization, which will use significantly less energy.

Hybrid computing

New computing paradigms keep popping up including central processing units, graphic processing units, edge, application-specific integrated circuits, neuromorphic, and classical quantum, optical computing paradigms. Hybrid computing combines different compute, storage and network mechanisms to solve computational problems. This form of computing helps organizations explore and solve problems which helps technologies, such as AI, perform beyond current technological limits. Hybrid computing will be used to create highly efficient transformative innovation environments that perform more effectively than conventional environments.

Spatial computing

Spatial computing digitally enhances the physical world with technologies such as augmented reality and virtual reality. This is the next level of interaction between physical and virtual experiences. The use of spatial computing will increase organizations’ effectiveness in the next five to seven years through streamlined workflows and enhanced collaboration.

By 2033, Gartner predicts spatial computing will grow to $1.7 trillion, up from $110 billion in 2023.

Polyfunctional robots

Polyfunctional machines have the capability to do more than one task and are replacing task-specific robots that are custom designed to repeatedly perform a single task. The functionality of these new robots improve efficiency and provide a faster ROI. Polyfunctional robots are designed to operate in a world with humans which will make for fast deployment and easy scalability.

Gartner predicts that by 2030, 80% of humans will engage with smart robots on a daily basis, up from less than 10% today.

Neurological enhancement

Neurological enhancement improves human cognitive abilities using technologies that read and decode brain activity. This technology reads a person’s brain by using unidirectional brain-machine interfaces or bidirectional brain-machine interfaces (BBMIs). This has huge potential in three main areas: human upskilling, next-generation marketing and performance. Neurological enhancement will enhance cognitive abilities, enable brands to know what consumers are thinking and feeling, and enhance human neural capabilities to optimize outcomes.

By 2030, Gartner predicts 30% of knowledge workers will be enhanced by, and dependent on, technologies such as BBMIs (both employer-and-self-funded) to stay relevant with the rise of AI in the workplace, up from less than 1% in 2024.

This year’s top strategic technology trends highlight those trends that will drive significant disruption and opportunity for CIOs and other IT leaders within the next 10 years.

from Help Net Security https://ift.tt/zkixmYD

Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability
In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors.

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution.

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered.

The Internet Archive breach continues
Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT assets remain compromised.

Exploited: Cisco, SharePoint, Chrome vulnerabilities
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947).

The future of cyber insurance: Meeting the demand for non-attack coverage
In this Help Net Security interview, Michael Daum, Head of Global Cyber Claims for Allianz Commercial, discusses the significant rise in cyber claims in 2024, driven by an increase in data breaches and ransomware attacks.

Enhancing national security: The four pillars of the National Framework for Action
In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat the exploitation of technology and social media by threat actors.

Effective strategies for measuring and testing cyber resilience
In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience.

Myths holding women back from cybersecurity careers
In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity.

Building secure AI with MLSecOps
In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.”

Aranya: Open-source toolkit to accelerate secure by design concepts
SpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the company’s platform, which is already in use by the Department of Defense.

Argus: Open-source information gathering toolkit
Argus is an open-source toolkit that simplifies information gathering and reconnaissance.

Achieving peak cyber resilience
Countering cyberthreats like ransomware is an inescapable aspect of today’s business operating environment. No organization is immune.

How to fend off a quantum computer attack
In this Help Net Security video, IEEE member Marc Lijour explains quantum computing and offers insight into how to fend off a quantum computer attack.

Should the CISOs role be split into two functions?
84% of CISOs believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience, according to Trellix.

What’s more important when hiring for cybersecurity roles?
When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?”

Hackers are finding new ways to leverage AI
AI adoption and integration has continued its rapid momentum within the hacking community, according to Bugcrowd.

Evolving cloud threats: Insights and recommendations
In this Help Net Security video, Austin Zeizel, Threat Intelligence Consultant at IBM X-Force, discusses the cloud threat landscape.

IT security and government services: Balancing transparency and security
Whether residents are accessing public records or leveraging self-service features, it is essential that local and state governments provide technology that enables agency and transparency. But this is only successful if that technology provides ease of access.

Phishing scams and malicious domains take center stage as the US election approaches
Phishing scams aimed at voters, malicious domain registrations impersonating candidates, and other threat activity designed to exploit unassuming victims take center stage as the US election approaches, according to Fortinet.

Evolving cybercriminal tactics targeting SMBs
In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats.

Cybersecurity jobs available right now: October 23, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

How to enable Safe Browsing in Google Chrome on Android
To safeguard your data, Google Chrome uses Safe Browsing to protect you from: harmful websites and extensions, malicious or intrusive advertisements, malware, phishing attacks, and social engineering threats.

Whitepaper: Securing GenAI
The ultimate guide to AI security: key AI security risks, vulnerabilities and strategies for protection. 61% of companies use AI, but few secure it. This whitepaper covers the key AI risks being overlooked from LLMs to RAG.

New infosec products of the week: October 25, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Fastly, IBM, Ivanti, Kusari, and Nucleus Security.

from Help Net Security https://ift.tt/NEMTB6a

15 of the Scariest Classic Horror Movies

There's been a bit of discourse lately on X/Twitter around the idea that very old movies can't possibly compete with modern movies. Old movies lack color and often appear grainy and generally... not of this era. But what about horror, specifically? Comedy doesn't always age well, even when we can recognize the skill involved, and thrillers can go the same way: The things that scared us collectively back in the day don't necessarily continue to resonate, and sometimes the sheer repetition of themes, visuals, and tropes dulls their impact over years and decades. Nevertheless, there are plenty of old-timey (I'm placing the cutoff at 1980 here) horror movies that work at least as well today as they ever did.

Nosferatu (1922)

Let’s do Dracula, thought silent-film director F. W. Murnau, but let’s avoid royalties by calling him "Nosferatu" instead. It wasn’t the greatest idea, in that it was nearly lost forever in court battles that followed, but the movie survives, and it’s a triumph. Nosferatu introduced much of what we think we know about vampires, including plenty that was never in the source material (including the idea that vamps are killed by sunlight) but, even as there’s much here that’s familiar, the performance of Max Schreck as Count Orlok remains striking (and problematic, given his resemblance to Jewish stereotypes, intentional or not). This isn’t suave Count Dracula, but instead a feral, ugly monster, played with such conviction that it’s often hard to believe that there’s a human being beneath all of the makeup—the 2000 movie Shadow of the Vampire re-imagines the making of Nosferatu with the idea that Shreck was an actual vampire. There are elements here that are unlikely to really frighten modern audiences, but that performance will absolutely live with you.

Where to stream: Prime Video, Tubi, Shudder, Crackle

---

Freaks (1932)

From the wildly successful Dracula in 1931 to what was almost certainly the biggest box-office disappointment of his career, director Tod Browning took on Freaks as something of a passion project that irreparably damaged his reputation. Freaks finds a scheming trapeze artist joining up with a carnival sideshow and then plotting to seduce and murder one of the show’s little person performers in order to gain his inheritance. Browning’s desire for verisimilitude leads him to hire disabled actors to play the parts of the carnival “freaks,” an innovation then and for many decades after, even if the movie feels frequently exploitative. The disabled characters have been wronged, but their revenge (however well-deserved) is gruesome—a castration scene, among other bits, saw people walking out of test screenings. The memorable climax, with its refrain “one of us!” is one of the most disturbing climaxes in horror movie history.

Where to stream: Tubi, digital rental

---

The Black Cat (1934 film)

Béla Lugosi and Boris Karloff, who shepherded in an age of horror-movie blockbusters (with Dracula and Frankenstein, respectively), memorably teamed up here in this sometimes-forgotten chiller that was also one of the top hits of its year. Lugosi plays Dr. Vitus Werdegast, who picks up a couple of stranded honeymooners in Hungary on his way to the home of old “friend” Hjalmar Poelzig, who lives nearby in a stunningly stylish expressionist mansion. Poelzig, it turns out, betrayed Dr. Werdegast’s unit to the Russians during World War I, and took his wife and daughter: This isn’t a social call, it’s about revenge. The rest involves demonology, preserved corpses, attempted cat murder, and some of pre-Code cinema’s most disturbing imagery. The skinning, while alive, of one character might not be done as explicitly as it would be today, but it’s every bit as stomach-churning.

Where to stream: digital rental

---

Dead of Night (1945)

This British anthology movie includes four chilling tales, framed around a traveller arriving as a guest in a country cottage. He immediacy feels a vague unease, but, no matter, each guest has a tale to tell. The stories are all more than sufficiently chilling, but the standout is almost certainly the final vignette involving ventriloquist Maxwell Frere and his dummy, Hugo. It’s the template for every creepy doll story that followed, and does it better than a great many of them. Once the stories conclude, the film includes a memorable final twist that pushes it, very nearly, into the realm of science fiction.

Where to stream: Kanopy, Plex

---

Isle of the Dead (1945)

Another with Boris Karloff, Isle of the Dead is a creepy but incredibly timely story of disease and death on a remote island. Karloff is General Nikolas Pherides, taking leave from the Balkan War to visit the grave of his wife on the small Greek island with an American reporter, only to find himself trapped when plague breaks out. The brutal, efficient (but very correct) general charges himself with maintaining the quarantine, but comes up against locals who either want to escape for their own benefit, or whose superstitious fears lead them to persecute those who don't quite fit in. Is the nurse who oversaw the deaths of the locals actually an undead vorvolaka? That's what a charismatic housekeeper comes to believe, and she becomes more convincing as the bodies pile up.

Where to stream: digital rental

---

The Spiral Staircase (1946)

One of the progenitors of the slasher genre, this one finds a serial killer hunting women with disabilities in a small town in Vermont in the early 20th century. Dorothy McGuire is great in the lead as Helen, a mute woman stalked by the mysterious killer over the course of a single night. With its contained environment and timespan, it is tense and effective; it's also easy to see how a genre (slowly) grew out of it: The female-lead cast, camerawork that places us in the perspective of the killer, and even some jump scares make it feel, in some ways, rather modern.

Where to stream: Flix (you can also find it on YouTube)

---

Night of the Hunter (1955)

Actor Charles Laughton directed exactly one movie, and this classic was it. Robert Mitchum plays the Revered Harry Powell, a genuine religious fanatic who targets and murders women who have the audacity to arouse him—the movie was way, way ahead of its time in its themes. He gets away with everything because his sermonizing is so convincing, his latest target being the widow Willa Harper (Shelley Winters) and her rather skeptical young son. The Rev. Powell is an all-time great movie creep (inspiring decades worth of cinematic devils), and Night of the Hunter is as chilling as it is tense; it also boasts visuals that are among thriller cinema’s most beautiful and disturbing.

Where to stream: MGM+, The Criterion Channel, digital rental

---

The Fly (1958)

As we learned when it was remade in 1986, a silly-sounding premise can generate actual horror. The Fly opens with the wife of a scientist confessing to killing him by smashing his head to pulp in a hydraulic press. We learn in flashback that the scientist was working on a matter transporter, one which he first tests on an ill-fated cat before trying it on himself...something one ought not do unless one is absolutely sure that there isn't a fly caught in the matrix. There are shades of 1950s monster features here, but this is also body horror before that was a thing, full of chilling moments and an absolutely haunting final act.

Where to stream: digital rental

---

Eyes Without a Face (1960)

Wanting to dodge problems with European and local censors, French director Georges Franju was cautioned away from including all the blood and gore that the story might have otherwise called for. It’s just as well. Following his daughter’s disfiguring accident, a plastic surgeon is determined to provide her with a face transplant that will restore her to his idea of beauty. The problem, as you can imagine, is where to get the face (hint: it involves murder). The tone here is sly and suggestive (we might call it elevated in modern horror-movie parlance) with effective flashes of gore, but suggestions of violence that are even more effective.

Where to stream: Max, The Criterion Channel, digital rental

---

Peeping Tom (1960)

A formative film in the slasher/serial killer sub-genres, many now-familiar tropes show up here for the first time. Director Michael Powell, who alongside Emeric Pressburger directed some of the most stunningly intelligent and beautiful films from Britain’s golden age, is hardly known for schlock, so audiences were shocked in 1960 when he nearly threw away his career with this beautiful, but graphic, shocker. The story, about a serial killer who is obsessed with the dying expressions of his victims, and films them with a point-of-view camera, has many of the dark thrills that we’ve come to expect from slasher movies—but it also works as a commentary on our own voyeuristic interest in death and murder. It's that visual perspective, though, that remains effective, creating the feeling, if only for a moment, that you're the one getting killed.

Where to stream: The Criterion Channel, Tubi, digital rental

---

The Haunting (1963)

Based on the Shirley Jackson novel The Haunting of Hill House, the movie starts out with a fairly stock premise: A scientist invites a disparate group of visitors to spend the night in the reputedly haunted Hill House, a beautiful but oddly designed structure mansion (The House on Haunted Hill has a similar setup, but wildly different execution). As in Jackson’s novel, director Robert Wise creates character drama out of a terrifying night, exploring each character in turn but focusing on sheepish and awkward Eleanor, who spent most of her adult life caring for her mother. Now that mom's dead, Eleanor is feeling freedom for the first time in a long time, but has no idea how to get along in the real world. The tone is consistently chilling and melancholy, while throwing in a couple of the most heart-pounding sequences in horror history. It evolves into a movie about two lost souls who unexpectedly find each other, with no plans to ever be parted again.

Where to stream: Tubi, MGM+, digital rental

---

Kuroneko (1968)

A horrific and eerie story sees two women, a mother and her daughter-in-law, sexually assaulted, and then murdered by a troop of samurai, only to rise from the dead (with the help of a black cat, naturally) with the goal of taking brutal revenge on any samurai foolish enough to be taken in by their charms. Catching on, a young warrior is assigned the task of destroying the spirits—a man who, as fate would have it, is the son and husband of the two murdered women. It's, perhaps, the original rape-and-revenge movie—that's one of horror's more distasteful sub-genres, but it's done with appropriately disturbing style here. The vengeance of the two women is genuinely terrifying, and all the more disturbing in being justified.

Where to stream: The Criterion Channel, digital rental

---

Don't Torture a Duckling (1972)

Dario Argento (Suspiria) remains, probably, the top name in Italian giallo, but Lucio Fulci is right up there in a triumvirate that also includes Mario Bava. Where Argento's 1970s films play more like stylish murder mysteries, Fulci was already doing full-on—and very gory—horror. Don't Torture a Duckling is one of his earliest and best, set in a narrow-minded and insular Italian village where a serial killer is murdering children. The very religious villagers begin pointing fingers at anyone who doesn't really fit in, and the result is a morally grey film with a fair bit to say about the Catholic Church, but one that also includes some tense and incredibly brutal scenes of violence.

Where to stream: Tubi, The Criterion Channel, digital rental

---

Black Christmas (1974)

An early slasher triumph, and the best use of the "call is coming from inside the house!" trope—When a Stranger Calls would do it pretty well a few years later, but that's a far more uneven movie. This one finds a bunch of sorority sisters (lead by Olivia Hussey and Margot Kidder) getting some obscene phone calls at the house just as winter break is beginning. The movie's isolated and lonely setting is incredibly effective (campus is nearly deserted), and the killer isn't shy in his methods. Even better, and like Halloween a few years later, the movie (directed by A Christmas Story's Bob Clark) invests in its mostly female cast, even the drunk party girls, so that when the murders begin, there are very real stakes.

Where to stream: Prime Video, Peacock, Tubi, Shudder, Crackle

---

The Texas Chainsaw Massacre (1974)

It's not wildly graphic by today's standards, but it feels visceral, even if you're not seeing nearly as much as you think you're seeing. Even after decades of slasher movies and the full-on advent of torture horror, TCM remains deeply unsettling when it's not genuinely thrilling. For audiences who want to talk about the visual advantages of modern digital filmmaking, here's a great example of a movie whose old-school film stock graininess and budgetary limitations are strengths, not weaknesses; the finished product can feel at times like a snuff film. It's the grandaddy of a certain type of gritty horror, and remains effective even as it's been duplicated over and over again.

Where to stream: Prime Video, Tubi, Peacock

from LifeHacker https://ift.tt/UADOrtZ

11 of the Best Movies Based on Actual Crimes

True crime has been an obsession with viewers long before podcasts and shows about Jeffrey Dahmer and the Menendez Brothers captured our collective attention. In fact, stories of real-life serial killings, kidnappings, and wrongful convictions have inspired many cinematic works. If you're done binging another Ryan Murphy series and are looking for your next fix, here are 11 movies to get you on the case. 

In Cold Blood (1967)

Based on Truman Capote's non-fiction masterpiece, director Richard Brooks wanted the film—which depicts a quadruple murder in the Holcomb, Kansas, home of the Clutter family—to be as realistic as possible, so he filmed nearly everything in the same locations where the homicide occurred in a documentary-like style. The result is a tense, authentic drama that captures the senselessness of Perry Smith and Richard Hickock's crimes as well as their eventual execution. 

Where to stream: Digital rental

Zodiac (2007)

David Fincher's masterpiece isn't really about the series of killings that took place in San Francisco in the late '60s and '70s, though it does depict them in the Seven director's typically stylish fashion. It's a character study about the time-consuming and ultimately futile search for the murderer who dubbed himself the Zodiac and the toll it took on the men who investigated him. Do yourself a favor and seek out the director's cut of the film, which restores an additional five minutes to the nearly three-hour saga, giving the investigation a little more depth.

Where to stream: Paramount+ with Showtime, Digital rental

Bernie (2012)

When the nicest guy in the small East Texas town of Carthage pleads guilty to killing the meanest woman in the city, its residents can't believe he is capable of such a heinous crime. What's even more incredible is that they don't want him to go to jail for the deed. Richard Linklater, the director of Dazed and Confused and School of Rock, may not seem like one to tackle a true crime-story. But he handles the topic deftly—as the story begins to seem outlandish, the indie auteur inserts interviews with those who knew the titular killer and his victim in real life, showing that this dark comedy is (almost) free from embellishment. 

Where to stream: Prime Video, Peacock, The Criterion Channel, Tubi, Kanopy, Hoopla, Pluto TV, Plex, digital rental

Chicago (2002)

This award-winning musical is fictionalized, for sure, but it has its roots in the real-life murder trials of Beulah Annan and Belva Gaertner, which were sensationalized by the Windy City press. They inspired the characters of Roxie Hart and Velma Kelly, who became tabloid celebrities thanks to the fictional lawyer Billy Flynn (Richard Gere), telling reporters that the women were driven to kill by the combination of "jazz and liquor."

Where to stream:  Paramount+ with Showtime, digital rental

Conviction (2010)

Kenneth Waters served nearly two decades in prison for a grisly murder he didn't commit. He was released due in large part to his sister Betty Anne, who spent that time putting herself through law school and working with the Innocence Project, an organization dedicated to using DNA evidence to reverse wrongful convictions, to exonerate him. Hilary Swank and Sam Rockwell put in powerful performances as the siblings, elevating this film above what could be seen as a typical "movie of the week."

Where to stream: Max, digital rental

Boys Don't Cry (1999)

Starring Swank in her breakthrough award-winning role, this film revolves around the murder of Brandon Teena in a small Nebraska town and is shot in a similar documentary-like style to In Cold Blood. Though it deals with several themes that are still relevant today, including issues revolving around sexual identity and transgender rights, at its heart is a tragic star-crossed love story—though several people involved with the case dispute the depiction of the relationship at the heart of the film.

Where to stream: digital purchase

Foxcatcher (2014)

For this Oscar-nominated film, The Office's Steve Carell transforms into the world's worst boss for his portrayal of John du Pont, a multimillionaire who was found responsible for the murder of his employee, Olympian and wrestling coach Dave Schultz. However, the real standout in this film is Channing Tatum, who excels as Schultz's brother Mark, who the film subtly portrays as the object of du Pont's affection, though it should be noted that Mark has disputed this portrayal on several occasions. 

Where to stream:  Paramount+ with Showtime, digital rental

Monster (2003)

Aileen Wuornos has been the subject of numerous books, documentaries, TV movies, and even an opera. However, Charlize Theron's Oscar-winning turn as the infamous serial killer likely brought Wuornos to the attention of true-crime obsessives. The actress plays the mentally unstable Wuornos so convincingly that it seems like she's the victim and not the seven men that she brutally murdered.

Where to stream: Pluto TV, Plex, digital rental

Changeling (2008)

Speaking of great acting performances, Angelina Jolie shines as mother Christine Collins in this period piece directed by Clint Eastwood. The film follows the search for her nine-year-old son and battling the police to find him. However, the case takes a turn when detectives claim to have found her son, but Collins insists it's not him. The authorities then claim she is an unfit mother and institutionalize her. This film is easily one of Eastwood's most suspenseful films, casting a spell on the viewer as soon as the opening credits begin rolling.

Where to stream: digital rental

Badlands (1973)

Though Terence Malick's directorial debut is a work of fiction, its plot is loosely inspired by the series of killings perpetrated by the couple Charles Starkweather and teenager Caril Ann Fugate. If the film bears any resemblance to the true-crime classic Bonnie and Clyde, that's probably not entirely a coincidence, as Malick was a protege of Arthur Penn, who directed the 1967 film. However, Badlands is very much its own beast, with stunning visuals and no easy explanation for the violence the couple left in their wake. 

Where to stream: digital rental

Memories of Murder (2003)

Before he explored the perils of Korean class structure in Parasite, Bong Joon-Ho directed this tense thriller inspired by the first serial murders confirmed in South Korea in the 1980s. While it resembles a '90s American thriller, the film reflects and satirizes the oppressive, conservative culture of the country where the events take place. It's become a cult classic in the 20 years since the movie's initial release.  

Where to stream: Tubi, digital rental

from LifeHacker https://ift.tt/QDEKIN1