More stories

  • in

    How to generate random passwords from the Linux command line

    ZDNETI often need random passwords. Mostly, those passwords are used for the creation of user accounts on apps and services, at which point I’ll use my password manager that includes a very good random password generator.But other times, I might need a temporary password that doesn’t require saving in a password manager. Or maybe it’s a permanent password, but I’m logged into my desktop from a remote machine, and the command line is the only tool I have. Also: 5 Linux commands I use to keep my device running smoothlyRegardless of why, there’s a simple Linux command that makes it very easy to generate random passwords. That tool is called pwgen, and here’s how you install and use it. How to install pwgen What you’ll need: The only things you’ll need for this are a Linux distribution and a user with sudo privileges. More

  • in

    Aqara’s first outdoor camera is this smart home enthusiast’s dream device

    <!–> ZDNET’s key takeaways The Aqara Camera Hub G5 Pro is available for $180 for the Wi-Fi version and $200 for the PoE version This indoor/outdoor security camera doubles as a smart home hub, features 1520p resolution for crystal-clear images, RTSP support, and has a built-in NPU to process video with AI for visual recognition […] More

  • in

    Want to avoid a drone disaster? Don’t skip your pre-flight and post-flight checklists

    Adrian Kingsley-Hughes/ZDNETI’ve been flying drones, both recreationally and commercially, for over a decade — and hold a handful of drone licenses and certifications. Over those hundreds of hours of flying, I’ve yet to lose a drone. Yet, almost daily, I come across stories on social media of people losing their drones. Some drones crash on their first flight, some after months or years of problem-free service. Also: I tested DJI’s new foldable drone, and would recommend it to both beginners and professionalsI attribute my success, luck, and good fortune in part to experience, but mostly to the fact that I carry out regular safety checks on my drone. A drone is an aircraft, and just as you wouldn’t put a plane in the sky that hadn’t had safety checks carried out on it, I wouldn’t put a drone in the sky without doing the same. So, what tests should you do, and when?I have three sets of checks that I do: pre-flight checks, post-flight checks, and checks carried out every two weeks to a month (depending on how often I’m flying… the more I fly, the more often I check). Why pre-flight and post-flight checks? One set is to catch damage that might have occurred while storing or transporting the drone (and anything I might have missed after the last post-flight check). The post-flight checks are there to catch anything that might have happened during the flight. Also: The DJI Mini 2 SE drone is a great starter droneThe biweekly/monthly checks are there to again take a fresh look at the drone, as well as a deeper look at things like the batteries. And it’s not just looking at the drone. Pre-flight checks take into consideration other things that can affect your drone. Pre-flight checks Drone checksCarefully check the drone for any visible damage to the frame, propellers, or landing gear. You’re looking for anything from cracks and chips to bending and seams popping open.Ensure propellers are securely attached and free of cracks or chips. Propellers are cheap, your drone isn’t. Replace them if they show any signs of damage. I always recommend using genuine propellers rather than third-party accessories.Ensure that all the propeller motors rotate freely.Check that the battery is fully charged and securely fitted. The last thing you want to happen is for the battery to fall out mid-flight (yes, that does happen).Also: I tested DJI’s palm-sized drone, and it captured things I had never seen before More

  • in

    Vishing attacks surged 442% last year – how to protect yourself

    ZDNETCybercriminals and hackers employ a variety of methods to access and steal sensitive information from individuals and organizations. One increasingly popular approach is vishing, or voice phishing. Here, the attacker tricks someone into sharing account credentials or other information through a simple phone call. According to the latest data from security firm CrowdStrike, these types of attacks have been skyrocketing. Also: Hackers stole this engineer’s 1Password database. Could it happen to you?In its 11th annual 2025 CrowdStrike Global Threat Report, the security provider revealed that vishing attacks jumped 442% in the second half of 2024 compared with the first half. Throughout the year, CrowdStrike Intelligence tracked at least six similar but distinct campaigns in which attackers pretending to be IT staffers called employees at different organizations. Help desk social engineering In these particular campaigns, the scammers tried to convince their intended victims to set up remote support sessions, typically using the Microsoft Quick Assist tool built into Windows. In many of these, the attackers used Microsoft Teams to make the phone calls. At least four of the campaigns seen by CrowdStrike used spam bombing to send thousands of junk emails to the targeted users as a pretext for the alleged support call. Also: How to protect yourself from phishing attacks in Chrome and FirefoxThe type of vishing used in these attacks is often known as help desk social engineering. Here, the cybercriminal posing as a help desk or IT professional stresses the urgency of the call as a response to some made-up threat. In some cases, the attacker requests the person’s password or other credentials. In other cases, such as the ones documented in the report, the scammer tries to gain remote access to the victim’s computer. Callback phishing Another tactic seen by CrowdStrike is callback phishing. Here, the criminal sends an email to an individual over some type of urgent but phony matter. This could be a claim for an overdue invoice, a notice that they’ve subscribed to some service, or an alert that their account has been compromised. The email contains a phone number for the recipient to call. But naturally, that number leads them directly to the scammer, who tries to con them into sharing their credit card details, account credentials, or other information. Because these attacks are usually aimed at organizations, ransomware is another key component. By gaining access to network resources, user or customer accounts, and other sensitive data, the attackers can hold the stolen information for ransom. Also: The top 10 brands exploited in phishing attacks – and how to protect yourselfIn its report, CrowdStrike identified a few different cybercrime groups that use vishing and callback phishing in their attacks. One group known as Chatty Spider focuses mostly on the legal and insurance industries and has demanded ransoms as high as $8 million. Another group called Plump Spider targeted Brazil-based businesses throughout 2024 and uses vishing calls to direct employees to remote support sites and tools. “Similar to other social engineering techniques, vishing is effective because it targets human weakness or error rather than a flaw in software or an operating system (OS),” CrowdStrike said in its report. “Malicious activity may not be detected until later in an intrusion, such as during malicious binary execution or hands-on-keyboard activity, which can delay an effective response. This gives the threat actor an advantage and puts the onus on users to recognize potentially malicious behavior.” Other security firms have seen a dramatic rise in vishing attacks. Last October, Zimperium’s zLabs research team uncovered a malware known as FakeCall, notable for its advanced use of vishing. Here, the scammers use phone calls to try to trick potential victims into sharing sensitive information such as credit card numbers and banking credentials. FakeCall itself works by hijacking the call functions on Android phones to install the malware. More

  • in

    NordLayer set to release a new security-focused browser for the enterprise

    fotograzia/Getty Images NordLayer (the company behind NordVPN) is set to release a new web browser geared specifically for enterprise businesses. The key focus of NordLayer’s new browser will be: Enhanced security measures and more control A combination of Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) for a unified solution Data loss prevention […] More

  • in

    Microsoft battles more bugs in Windows 11 24H2 with new round of patches

    ZDNETMicrosoft continues its quest to vanquish bugs from Windows 11 24H2, and the latest update seems to fix a number of them. Released this past Tuesday, KB5052093 is an optional update, which means you may have to wait for it to appear or manually download and install it if you’re in a hurry.Also: Windows 11’s bug-fixing update is making things worseSome of the new features and fixes are rolling out gradually, so you might not see them right away. But if you do forge ahead with the update, here’s what you’ll find sooner or later. Squashed bugsLet’s start with the squashed bugs. As one glaring example, File Explorer has been plagued by several glitches in Windows 11 24H2, many of which should now be fixed. The KB5052093 update improves performance in File Explorer when loading files that contain a large number of media files. The context menu that appears when you right-click on a file stored in the cloud should appear quicker. Entering a URL in the address bar will now take you to the right location. The address bar will no longer overlap files when you switch to full-screen mode. And thumbnails for cloud files will now appear more consistently in search results. Also: Don’t ignore Microsoft’s February Patch Tuesday – it’s a big one for all Windows 11 usersPreviously, the colors in the Start menu might go awry if you opened the flyout menu for account manager. Certain apps wouldn’t recognize a connected scanner. Task Manager would sometimes identify an HDD (hard disk drive) as an SSD (solid-state drive). Using a Guest account to sign in to a PC in Shared PC mode might not work. And when setting a non-default color for the mouse pointer, it might revert to white after the User Account Control (UAC) dialog appeared. These should all now be fixed. On the audio front, the volume would sometimes jump to 100% when your PC woke up from sleep. You might hear a mute and unmute sound several times in a row. A USB audio device could stop working after your PC had been idle for a short amount of time. These bugs should also now be resolved. Glitch repairsThe update further repairs the following glitches: Remote Desktop would stop responding or incorrectly render the display when connecting to certain PCs. Using drag and drop to move emails and other files in certain applications would sometimes fail if your PC had a display with high DPI (dots per inch). Opening the Settings screen might trigger an error message stating that the memory could not be read. Also: Microsoft removes guide for installing Windows 11 on unsupported PCs – but this hack still works More

  • in

    Hackers stole this engineer’s 1Password database. Could it happen to you?

    rob dobi/Getty Images Here’s the very definition of a nightmare scenario. In February 2024, Matthew Van Andel downloaded a free AI tool on the computer in his home office. Five months later, the Southern California-based engineer learned that the app included an unwelcome extra component — an infostealing tool that gave outside attackers full access […] More

  • in

    Google now lets you delete personal info directly from Search – here’s how

    Google/ZDNETIf you find your personal information online, like your phone number, address, or email, Google is making it easier to make sure it doesn’t show up again.Also: Google Lens adds a cool search trick to iPhones – how to try itSeveral years ago, Google introduced a “Results about you” tool that lets you track your personal information online and remove it from search results. It wasn’t exactly easy to find this tool, though, because you had to dig deep into the settings menu to see it. Also: The best secure browsers for privacyNow, you can request removal straight from Google Search. Here’s how to do it.How to remove your information from Google SearchWhen you see a result with your personal information, click the three dots next to it, and you’ll see a menu with information about the link, including a “Remove result” button. Choose that, and you’ll see different options for why you want it removed. At the top is “It shows my personal information and I don’t want it here.” Choosing that option sends the page to Google for review. If Google decides it violates policy, it will be removed from search. The original site will still be there, but most online directory sites have options to request the removal of your information. That’s something you’ll want to take advantage of, as information like this is increasingly being used in scams.Also: 9 ways to delete yourself from the internet (and hide your identity online)The three-dot menu also has options to remove illegal content like phishing, violence, or explicit content and to refresh outdated search results (that’s for when you’ve requested information removal and Google is still indexing an old page). More