• US government representatives say at least eight US telcos were compromised by the Chinese
• The hackers have probably not yet been completely removed
• China is currently not responding to the claims

Salt Typhoon’s reach is a lot wider than initially thought, compromising numerous telecommunications companies and other organizations in both the private and public sector, around the world.

This is according to the representatives of the White House, the FBI, and CISA, who recently held press briefings to update the public on their findings regarding Salt Typhoon’s apparent mass-surveillance campaign.

The officials said that Salt Typhoon’s victims are located in dozens of countries around the world.

Evicting the squatters

While the full scope of the attack is yet to be determined, we do know that the attackers targeted telecommunications organizations in the States. In fact, it was said during the briefing that eight US telcos were compromised, up from four that were previously known.

So far, T-Mobile, Verizon, AT&T, and Lumen Technologies have all confirmed having been targeted by Salt Typhoon.

The campaign lasted for years, it was added. However, there is currently no evidence that the hackers managed to grab any classified communications.

As new information emerges, this attack seems to be turning into a major escalation. Salt Typhoon is a Chinese, state-sponsored threat actor focused on cyber-espionage against western targets. For months now, cybersecurity experts, government agents, and the media have been reporting on Salt Typhoon’s attacks on internet service providers, telecommunications firms, and similar companies. The targets have been working hard on cleaning up their IT systems, but according to CISA, there’s still work to be done.

"We cannot say with certainty that the adversary has been evicted, because we still don't know the scope of what they're doing. We're still trying to understand that, along with those partners," a senior CISA official said in a Tuesday press call, BleepingComputer reports.

China did not yet issue an official statement or comment regarding these allegations. In the past, the country’s representatives have vehemently denied any wrongdoing, instead accusing the United States of being the world’s cyber-bully.

Via BleepingComputer

You might also like

• Cisco warns a decade-old vulnerability is back and targeting users
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• Dragon Age: The Veilguard's character creator now has a free standalone application
• BioWare also celebrated Dragon Age Day with a new Veilguard patch
• Players can claim free cosmetics based on Dragon Age 2's protagonist, Hawke

BioWare has released a standalone version of Dragon Age: The Veilguard's character creator alongside the game's latest patch.

In celebration of Dragon Age Day, the developer has announced that a free version of The Veilguard's impressive character creator is now available to download as a separate application on PS5, Xbox Series X, Xbox Series S, and PC.

"For the folks who have yet to jump into Dragon Age: The Veilguard, you can now create a Rook before buying the full game and transfer your character over, as long as you’re on the same platform," a post explained.

Alongside the character creator, The Veilguard has also received its latest software update, as well as free Dragon Age Day goodies.

With Patch 4, players will be able to boot up their game and claim the iconic armor, body paint, and nose blood smear of Dragon Age 2's protagonist, Hawke. These cosmetics will be permanently available in the in-game wardrobe and can be found in the Lighthouse's courtyard.

As for the specifics of Patch 4, BioWare has also added two new complexions of the Qunari in the character creation and introduced a bunch of new quality-of-life improvements.

A new option to take screenshots on the pause menu during conversations and cinematics has also been added on PC, while a "Hide/Show UI" button on the pause screen has been added for console users. You can check out the full patch notes below.

Dragon Age: The Veilguard - Patch 4

New Content

• Dragon Age 2 Hawke’s Iconic Outfit
  • Armor
  • Body Paint
  • Face Paint
• Qunari Complexions - Two new complexions for the Qunari lineage

Quality of Life Changes

• In Patch 3, we introduced a line on screen showing where a Photo Mode screenshot was saved. In Patch 4, we are reverting that change due to a safety concern brought to us by some content creators. PC players can find their Photo Mode screenshots in Documents/BioWare/Dragon Age: The Veilguard/screenshots
• Added an in-game Setting to turn off Bloom. 
• Added a “Hide/Show UI” button on the pause screen to better take screenshots on Console. 
• Added a “Take Photo” button on the pause screen to take screenshots during conversations and cinematics on PC.

Bug Fixes

• Fixed an issue that prevented some saves from loading properly. (PC Only)
• Fixed an issue that was preventing the Frame Rate Limit setting from being saved. 
• Fixed an issue with Rook’s face and hair changing drastically when a save is loaded.
• Fixed an issue with certain longer hairstyles that floated above Rook’s chest and shoulders. 
• Fixed an issue where two Neve characters could appear in the Fire and Ice quest.  
• Fixed a rare issue where Emmrich did not lead Rook to the next task in his recruitment Where the Dead Must Go quest. 
• Adjusted the spirit guides in The Warden Vault quest.  
• Fixed an issue that caused the Ultimate Ability to swap to the default Ultimate. 
• Fixed an issue where the Ultimate Ability Icon was not displayed after Bellara is recruited. 
• Fixed an issue where the first hit in a Warrior Rook’s shield throw may miss the target unintentionally. 
• Fixed an issue where the Slaughter of Pillars Revenant had no health bar. 
• Fixed an issue that caused Achievement Progress to reset when a new Rook was created. This will not restore Achievement Progress that was overwritten, but your Rooks will no longer compete with each other for who can kill more High Dragons. 
• Fixed an issue with the camera in The Demon’s Bargain quest when playing on an HDD. 
• Fixed an issue with the camera in the Sea of Blood quest if Rook backtracked too far. 
• Fixed two instances where Viago was clearly talking to Rook but was too absorbed by Teia’s beauty and staring at her instead. 
• Fixed an issue with Photo Mode screenshots appearing slightly blurry for some players. 
• Fixed an issue where taking a screenshot with the space bar in Photo Mode also toggled the highlighted setting at the same time. (PC Only) 
• Fixed an audio issue that caused battle music to stop playing while Rook was still fighting darkspawn in A Warden’s Best Friend quest. 
• Fixed an audio issue that prevented music from playing during a conversation with Lucanis in the Lighthouse. 
• Fixed a rare lighting issue in the One Last Breath quest
• Fixed a blocking issue in the Fire and Ice quest when returning to the Lighthouse. 
• Fixed a blocking issue in the Blood of Arlathan quest if Rook backtracked too far.
• Fixed a UI issue that caused the “New Item” highlight to get stuck on an item. 
• Fixed an issue with the In Lost Friendship codex that was mentioning events out of order and possibly with the wrong companion. 
• Fixed an issue that was causing the male British Inquisitor (Harry Hadden-Paton) to be pitched too low. 
• Updated several German voice line instances with corrected translations.

You might also like...

• Best RPGs 2024 - top role-playing games for PC and consoles
• Activision announces a 7-day free trial for Call of Duty: Black Ops 6 with access to multiplayer and Zombies
• PS5 Pro users should find the PS5 data transfer process much easier thanks to the latest system update

• Brass acoustic enclosures with 8mm drivers and USB-C / 3.5mm
• On sale from 5 December
• Priced at $199 / £169 (about AU$330)

Master & Dynamic, the NYC-based luxury audio brand, has updated one of its most popular products: the ME05 wired Earphones.

The original ME05 featured premium materials, and that's true with the 2024 versions too: the acoustic enclosures are made from precision-machined brass. Inside there are custom 8mm high-excursion bio-cellulose drivers, and in addition to the 3.5mm jack on the end, there's also a hi-res USB-C adapter included in the box. The buds also include an improved mic for voice calls, making them a very strong competitor to the best wired earbuds on paper.

Master & Dynamic ME05 Earphones: key specs and pricing

The included USB-C DAC supports up to 32-bit / 384kHz resolution, and that's the only tech spec Master & Dynamic has currently published. But we know what to expect because we reviewed previous ME05s way back in 2017 and found them to be very fine indeed, as good to listen to as they were to look at.

In fact, they were so good that there were only two real criticisms: the cable was a bit noisy, and there weren't enough eartips to suit all sizes. That latter issue has definitely been addressed: the new versions come with two sets of foam tips and five sets of silicone tips.

The new ME05 Wired Earphones will be available for purchase in Gold/Black and preorder in Gunmetal/Black, Palladium/Black or Palladium/White for $199 / £169 from 5 December at MasterDynamic.com. They'll be available from Amazon too, but later.

You might also like

• The best wired headphones chosen by our reviewers
• Our guide to the best headphones of all kinds
• Prefer in-ears? These are the best earbuds for all budgets.

• The Cybernews team found a huge database belonging to Safelinking
• It cointained 30 million links, as well as customer data
• A malicious bot scraped, and destroyed it

A company that provides safe links services kept a major database with sensitive information unlocked and available to anyone who knew where to look.

As a result, sensitive information on millions of people got leaked on the dark web, and the database ended up destroyed.

This is according to cybersecurity researchers Cybernews. In early August, the team discovered a “poorly configured” and passwordless MongoDB database belonging to a company called Safelinking.net, a firm that provides password-protected links services.

Ransom demanded

When someone wants to send sensitive data across the internet, they can lock the link behind a PIN, or password, using companies like Safelinking. Thus, it is safe to assume that the data behind the link is highly sensitive in nature.

Still, Safelinking made the all-too-common error and failed to properly secure the database, Cybernews argues. It contained 30 million private links, as well as account data on more than 150,000 users. This data includes people’s usernames, emails, encrypted passwords with salt and API hashes, notification settings, security settings associated with the links, social media account IDs, and protected links.

Oftentimes, the researchers are first ones to find these databases, averting a bigger catastrophe. Not this time, though. Cybernews discovered that a malicious bot beat them to the punch, pulling all the data to an attacker-controlled server, and leaving a message that the archives would be destroyed if roughly $600 in bitcoin isn't paid.

Since Safelinking didn’t pay the ransom demand, the bot destroyed the database, and it’s no longer publicly available.

"It's a good reminder of why it's so important to have solid security measures in place for platforms handling this type of data,” said the Cybernews research team. “Even if the platforms sometimes fail to secure users' privacy, it's good to know basic security hygiene, like using multi-factor authentication.”

Via Cybernews

You might also like

• Mystery database containing sensitive info on 762,000 car-owners discovered by researchers
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• The Browser Company is developing Dia, a new AI-integrated browser designed to streamline web tasks and workflows
• Dia will offer personalized AI tools, such as smart suggestions, automatic browsing, and task automation, tailored to each individual user
• The Browser Company aims to make Dia a customizable, efficient computing environment, with early access expected in 2025

The Browser Company, the team behind Arc Browser, has announced a new web browser named Dia which will focus on heavily integrating AI into its design to make everyday web tasks easier and more efficient.

A new promotional video put out by The Browser Company for Dia describes it as not just a browser but a whole new computing environment built on top of a web browser with AI fundamentally integrated into its tools and workflows, and it’s expected to debut in the early months of 2025.

The video is actually a recruiting video for potential employees to consider working for The Browser Company, including roles in developing Dia “at the browser layer,” and it includes a few demonstrations of early Dia prototypes. It paints an ambitious vision to offer its own version of AI assistance while echoing a message we’ve seen before from other AI and tech companies claiming that their product can do your work for you.

A few glimpses of what's in the pipeline for Dia

In one demonstration, we see the functionality of Dia’s ‘insertion cursor’ (the blinking vertical bar you often see while typing in a text field). In this prototype, when The Browser Company CEO Josh Miller clicks the insertion cursor, a menu pops up with possible next steps and suggestions such as possible ways to complete a sentence as shown in the video. It seems that The Browser Company wants to develop Dia so that features like this are capable of being shaped and personalized to each user.

This tool will offer you options to complete your sentences faster while sourcing information from the internet about the subject you’re writing about, as Miller does about the iPhone’s launch and specifications. Miller also shows how it can become aware of your browser activity, such as an open window with multiple tabs. He shows an opened message where he instructs the browser to paste all of the Amazon links he has opened in a window, which it does along with short descriptions of the contents of each link.

The second demo shows off Dia’s URL address bar and how it might be capable of being personalized to you. Miller asks it to find a specific Notion document that someone else sent to him, which it does, as well as providing a summary of what the document entailed. He instructs Dia to email it to someone and ask for their opinion, which it obliges, and he follows up by asking Dia to create a calendar event instead, all in Dia’s address bar.

One of the later demos shows off Dia’s web cursor, which is capable of sweeping actions in a single click, like adding all of the items on a list into your Amazon cart. The browser’s awareness of your activity and your habits will be used to train this function, allowing you to do more tedious tasks in one step. Dia will go to Amazon and do what you tell it to automatically with this auto-browsing function, although how well it’ll do with it will have to be tested in reality.

Will Dia be the AI browser to beat?

The video explains that these features will be able to help you in a unique way because Dia will be able to become personalized to you. Miller explains that you’ll only need to ‘teach’ Dia once and it’ll be able to replicate your processes and workflows again and again.

All of these demonstrations show Miller using plainly worded descriptions in natural language, like that we use most of the time to one another. The video itself is very cinematic, but we’re some way away from being able to tell how these will be manifested by the Browser Company. You can actually do a lot of the things described in the video with third party tools, so we’ll have to see if Dia can do those better and if they’ll be of use to people.

This isn’t the first ambitious presentation and promise of a flashy AI-driven future and we have yet to see an AI assistant or product with AI assistance built in that lives up to the hype. According to Miller, The Browser Company doesn’t develop products like Arc for everyone, but rather for users who like being able to make all kinds of customizations, and I imagine Dia will be for people who want to work fast and use AI tools to cut down on manual tasks. If you’re interested in Dia, keep an eye out for official announcements from The Browser Company, as these will sometimes let you sign up for a waitlist and get early access.

YOU MIGHT ALSO LIKE...

• Can AI help Arc browser take on Google Chrome or Microsoft Edge?
• Arc browser launches bug bounty program following worrying issues
• Arc browser makes it even more tempting to switch from Chrome with native ad blocker and tracking prevention coming soon

• US Government has announced a new charging framework
• Next year, EV owners will simply be able to plug in and walk away
• Should end frustrating apps, RFID cards and payment processes

Charging electric vehicles in North America is about to get a whole lot easier next year, as the US Government's Joint Office of Energy and Transportation announced a common framework this week that will make ‘plug-and-charge’ commonplace.

Currently, the public charging network is frustratingly fractured, with various payment methods and sign-up processes required to initiate and pay for a charging session.

Lots of work has been done to make the process easier, with contactless payments now becoming more commonplace, but the entire act of plugging in and commencing an EV top-up can still be a rigamarole.

Today, automakers and charging companies are using their own authentication systems, which then have to communicate with the vehicle via a digital “handshake” before charging begins.

This not only primes the car for the charging session, but also typically requires a form of payment as deposit, before the final amount is deducted when the charge is finished.

This can be done through RFID cards if they are accepted, or by tapping a contactless bank card. In the worst-case scenario, it requires signing up to an official app, adding bank details and hoping everything communicates. More often than not, it doesn’t go to plan.

The Society Of Automotive Engineers (SAE), alongside a consortium of carmakers, charging companies and the Biden administration, have established a "Certificate Trust List Requirements” for the aforementioned businesses, as well as charging equipment manufacturers.

This ‘trust list’ builds on the existing international standard (ISO 15118), which spawned an official Plug & Charge protocol, which some manufacturers, such as Mercedes-Benz, Porsche, Audi and other models from the Volkswagen Group, have already adopted, alongside a select number of charging providers.

In this case, payment methods are stored in a vehicle’s infotainment system and this data is then sent to the charging outlet when the user plugs in. Theoretically, all they have to do is plug in and walk away, with all of the fiddly payment stuff handled by software.

Tesla owners have been able to do this for years, as the company took the decisive step to create its own charging network (Supercharger) in the early days of EV adoption. This means the company has been able to control all elements of the charging process.

But times are changing and a growing list of manufacturers are now able to use the Supercharger network.

The universal ‘trust list’ essentially adds another layer of protection to the existing ISO standard and allows multiple manufacturers to use any charging station that chooses to adopt the new protocol.

"This is a fundamental step in architecture toward enabling bidirectional charging and true vehicle-to-grid integration, the holy grail for energy and transportation,” Gabe Klein, executive director of the Joint Office of Energy and Transportation, said.

According to Inside EVs, testing for this new protocol begins next year, but there is no word on when the public rollout will happen.

Simplified charging, so long as providers get onboard

Although the previously mentioned SAE consortium includes major charging providers, like BP Pulse, ChargePoint, and Electrify America, as well as automakers like Ford, General Motors, Tesla, Rivian, Toyota, and BMW, the rollout of Plug & Charge still requires the buy-in from the growing number of charging service providers.

In the UK, at least, this still feels very disparate, with previously unknown providers popping up all the time, all of which have patchy payment processes. Charging on the highway is largely catered for by the big players, such as BP Pulse, Ionity and Gridserve, but things get confusing when you veer off the major roads and rely on local infrastructure.

Where I live, for example, Mer UK seems to have the monopoly on charging stations, but it also has one of the most confusing processes of them all. To cut a long story short, if you close the app during use, it’s sometimes impossible to end the charging session and disconnect your car.

Mer UK isn't the only provider on the naughty list, as I have lost count of those that don't accept RFID cards or contactless payments, while others use an app that's buggy, prone to crashing and massively confusing to navigate.

While Plug & Charge is undoubtedly a boon for EV owners, it requires the ever-increasing number of charging solution suppliers to buy into the process.

Hopefully, North America’s protocol will make this easier and eventually speed up adoption.

You might also like

• Tesla Supercharger expansion has reportedly slowed significantly – and that’s bad news for all EV owners
• Tired of EV charging hassle? This start-up wants to solve it with its 'Face ID for vehicles'
• These gigantic solar-powered streetlights could be the answer to EV charging in dense urban areas

L'Oreal has launched a new hair dryer designed to blow away the competition. First announced at CES 2024 and now available to buy, the AirLight Pro will apparently deliver "a styling experience like no other", thanks to a combination of ultra-powerful windspeeds, infrared light (delivered via patented new technology), and a companion app.

We're not entirely sure what the infrared light part does – we haven't seen this approach before (and we've tested most of the best hair dryers on the market). The windspeed part is easier to grasp, and certainly sounds impressive. Thanks to a 17-blade, high-speed motor, the AirLight Pro will be able to blast your locks with windspeeds of up to 130mph. That's equivalent to a Category 4 hurricane – which sounds like a very rousing morning styling routine.

The theory is that this dryer will blast water off the hair surface while leaving the moisture inside the strands, for "up to 33% more hydrated hair and up to 59% visually smoother hair".

• Buy the L'Oreal AirLight Pro, $475 at Ulta

The companion app allows you to create custom profiles, although exactly how these work with the dryer remains to be seen. (We've never seen a hair dryer with a companion app before – not even the $499.99 / £399.99 / AU$749 Dyson Supersonic Nural has one.)

L'Oreal says it has modes geared towards straight, curly and coily hair, and offers optimized temperatures, to dry your hair quickly while using less energy. Bundled in are a concentrator and a diffuser, both of which attach using magnets, and the dryer is able to sense which attachment is being used.

The AirLight Pro is now available exclusively at Ulta, priced at $475. Full review to follow.

You might also like...

• Dyson's new hair dryer costs a small fortune and that's fine, actually
• Which hair dryer settings should I use to blow dry my hair?
• Browse the best hair styling tools 2024