More stories

  • in

    I always turn off this default TV setting when watching movies – here’s why you should, too

    Kerry Wan/ZDNETI love March Madness, at least when my team is invited to the Big Dance. I even enjoy watching other teams play their hearts out like everything is on the line — because it is. While NCAA basketball continues to be broadcast in standard HD, the games can look clear, bright, and beautiful on most modern TVs. Part of that appeal, though, is owed to your TV’s motion-smoothing capabilities. Also: How to watch March Madness 2025: The best streaming optionsFor many people, motion smoothing is only appropriate for gaming and watching live sports; enthusiasts typically prefer turning off the feature to watch anything else because it can detract from the filmmaker’s original intent, making on-screen images seem artificial or hyper-realistic. This is what’s called the “soap opera effect.” It’s a perfectly descriptive metaphor that probably requires no explanation. You can see it all too well: the cinematic film should not look like a daytime soap; you shouldn’t feel like you’re on the set with the actors. But it is appealing to feel like you’re in the stadium watching your team with thousands of fans. The soap opera effect makes sense for live sporting event broadcasts. More

  • in

    The 10+ best early Amazon Spring Sale phone deals

    When is Amazon’s Big Spring Sale 2025? The e-commerce giant’s latest sales event will run from Tuesday, March 25, to Monday, March 31. However, several deals will go live before and after that time frame.Are deals really better during Amazon sales?While there are no guarantees that the prices you see are the lowest ever, Amazon — and the various retailers and sellers it works with — tends to keep promotions as competitive as possible. That’s why you can expect discounts that match all-time-lows — or at least somewhere near them.How did we choose these Spring Sale deals?While it’s always helpful when products are discounted significantly (we usually cover ones that are at least 20% off), ZDNET experts also prioritize promotions on products we’ve personally tested and can vouch for. Since the products you purchase are considerable investments, we ensure that our recommendations are grounded by thorough research, testing, and value.We also source reviews from actual customers, whether through Best Buy and Amazon testimonials (with hands-on images) or online forums like Reddit.Looking for the next best product? Get expert reviews and editor favorites with ZDNET Recommends. More

  • in

    You have 4 days to update Firefox before everything breaks

    ZDNETOn March 14, 2025, a root certificate used to verify signed content and add-ons for Firefox, Thunderbird, and other Mozilla projects expired. The expiration of this certificate will cause problems for Firefox users unless they update to version 128 (or ESR 115.13+). This includes versions for Linux, MacOS, Windows, Android, and iOS — in other words, all platforms.Also: The Firefox I loved is gone – how to protect your privacy on it nowWithout updating, all features that rely on remote updates will cease to function, all add-ons will be automatically disabled, and DRM-protected content will stop playing. In addition, all systems dependent on content verification could stop functioning as expected. The web browser itself will continue to work, but much of what you do with the browser will be broken. Also: How to protect yourself from phishing attacks in Chrome and FirefoxThis means every Firefox user around the world must update to the latest version; otherwise, they’ll find out the hard way that this upgrade isn’t optional. What is a root certificate? A root certificate is used to verify the authenticity of websites, add-ons, and software updates. Without a root certificate in place, your browser cannot verify these items, and you could wind up with malicious software on your hands. Also: The best secure browsers for privacyRoot certificates are crucial for the following reasons: Top-level validation: When a website or application requests a digital certificate from an intermediate certificate authority, it can be validated by checking the signature against the root certificate.Trusted certificates: When you visit a website, your browser checks that each certificate in the chain is signed by a trusted root certificate.Security chain: Every certificate has an issuer that points to a certificate higher in the hierarchy, which forms a chain of trust from the website back to the root certificate. More

  • in

    How to guard against a vicious Medusa ransomware attack – before it’s too late

    ZDNETFederal authorities are warning individuals and organizations to watch out for a dangerous ransomware campaign that has recently added hundreds of victims to its count. Identifying the ransomware as Medusa, the FBI, CISA, and MS-the ISAC (Multi-State Information Sharing and Analysis Center) have issued a joint advisory with details on how these attacks have played out and how people can defend themselves against them.What is Medusa?First spotted in June 2021, Medusa is a ransomware-as-a-service (RaaS) variant that targets critical infrastructure organizations, such as those in the medical, education, legal, insurance, technology, and manufacturing sectors. Using RaaS, the developers farm out work to affiliates who carry out the actual attacks. Since just last month, developers and affiliates have hit more than 300 victims. Medusa started as a closed ransomware variant, meaning that the same cybercriminals who develop the malware also carry out the attacks. But over time, it has transitioned to an affiliate model, where hired guns launch the attacks while the developers focus on ransom negotiations and other actions. Developers typically recruit affiliates on dark web forums and marketplaces, offering them anywhere from $100 to $1 million for exclusive work. Also: That weird CAPTCHA could be a malware trap – here’s how to protect yourselfThe affiliates compromise a targeted organization using one of two methods. Phishing campaigns are the primary approach, but the attackers also exploit unpatched software vulnerabilities to gain access to a company’s resources. Once that initial access is gained, the criminals use a variety of tools to advance further. Legitimate utilities such as Advanced IP Scanner and SoftPerfect Network Scanner are used to scan for vulnerable users, systems, and open ports to exploit. Tools like PowerShell and the Windows command prompt are used to compile a list of network and file resources. The next goal is to move laterally through the network to find files that can be stolen and encrypted. For that, the attackers use remote access software such as AnyDesk, Atera, and Splashtop in combination with Remote Desktop Protocol and PsExec. When they find a valid username and password, they’ll use PsExec to run certain files and processes with system-level privileges. Also: Why rebooting your phone daily is your best defense against zero-click attacksThroughout the entire attack, the criminals also need to cover their tracks and evade detection. For that, they may exploit vulnerable or signed drivers to kill endpoint detection and response tools. A utility known as Certutil is often used to skirt detection when accessing files for encryption. Additionally, the attackers may delete the PowerShell history to wipe their command lines. Double-extortion modelLike many other strains of ransomware, Medusa employs a double-extortion model. The stolen data is not only encrypted to prevent the victim from accessing it, but the criminals also threaten to release the data publicly unless the ransom is paid. Victims are told to respond to the ransom note within 48 hours, or else the attackers will contact them by phone or email. Also: Got a suspicious E-ZPass text? It’s a trap – how to spot the scamA Medusa data leak site lists the ransom demands with a countdown until the information is released publicly. But even before the countdown ends, Medusa will promote the sale of the stolen data to interested buyers. Victims can pay $10,000 in cryptocurrency to add another day to the timer. The reported culprit behind Medusa is a group called Spearwing, according to a report published by Symantec earlier this month. Since early 2023, the group has listed almost 400 victims on its data leak site, with the actual number likely much higher. Attackers using Medusa have demanded ransoms ranging from as low as $100,000 to as high as $15 million. More

  • in

    The 15 best early Amazon Spring Sale deals under $50

    When is Amazon’s Big Spring Sale 2025? The second-annual Spring Sale runs from Tuesday, March 25, through Monday, March 31. However, you can shop early deals leading up to the event. Are deals really better during Amazon sales?For some big-name brands, Amazon sale events are the only time specific devices go on sale throughout the year. This is especially true for Amazon devices like Kindles, Fire tablets, Fire TVs, Amazon Echo devices, etc. According to one study, the average Amazon Prime Day discount is 16.2%, a fairly good discount for most products–and while this isn’t Prime Day, it’s still an Amazon-exclusive sales event, so we’re expecting the same discount numbers. How did we choose these Spring Sale deals?ZDNET only writes about deals we want to buy — devices and products we desire, need, or would recommend. Our experts looked for deals that were at least 20% off (or are hardly ever on sale), using established price comparison tools and trackers to determine whether the deal is actually on sale and how frequently it drops. We also looked over customer reviews to find out what matters to real people who already own and use the deals we’re recommending. Our recommendations may also be based on our own testing — in addition to extensive research and comparison shopping. The goal is to deliver the most accurate advice to help you shop smarter. Looking for the next best product? Get expert reviews and editor favorites with ZDNET Recommends. More

  • in

    How to turn off motion smoothing on your TV (and why you should do it ASAP)

    Kerry Wan/ZDNETI love March Madness, at least when my team is invited to the Big Dance. I even enjoy watching other teams play their hearts out like everything is on the line — because it is. While NCAA basketball continues to be broadcast in standard HD, the games can look clear, bright, and beautiful on most modern TVs. Part of that appeal, though, is owed to your TV’s motion-smoothing capabilities. Also: How to watch March Madness 2025: The best streaming optionsFor many people, motion smoothing is only appropriate for gaming and watching live sports; enthusiasts typically prefer turning off the feature to watch anything else because it can detract from the filmmaker’s original intent, making on-screen images seem artificial or hyper-realistic. This is what’s called the “soap opera effect.” It’s a perfectly descriptive metaphor that probably requires no explanation. You can see it all too well: the cinematic film should not look like a daytime soap; you shouldn’t feel like you’re on the set with the actors. But it is appealing to feel like you’re in the stadium watching your team with thousands of fans. The soap opera effect makes sense for live sporting event broadcasts. More