Three popular ecommerce plugins for WordPress (WP) installations, open to SQL injection attacks since December 2022, have been patched, protecting businesses from threat actors modifying or deleting their websites.
SQL injections are security flaws that allow attackers to input data into website forms or URLs to modify databases. Attackers can use vulnerabilities that allow SQL injections to inject scripts designed to modify websites, or gain unauthorized access to their backends.
WordPress SQL injections
While all websites can be vulnerable to SQL injection during development, WordPress installations, hosted on a popular, centralized platform stocked with many common plugins, are a popular target for threat actors looking for exploits.
In January 2023 alone, TechRadar Pro has reported on other WP plugins offering live chat functionality being leveraged, over the course of three years, to execute JavaScript code that redirects users to malicious websites, as well as another similar exploit targeting a plug-in adding gift card functionality to online stores.
Thankfully, after disclosure of the flaws and the release of proof-of-concept exploits (PoCs) by Martinelle to WordPress on 19 December 2022, the developers of the plugins moved fast to address the flaws, with fixes being released in a matter of weeks, or even days.
A fix for ‘Survey Maker’, as part of version 3.1.2 of the plugin, was released as soon as the 21st of December. ‘Paid Memberships Pro’ followed on the 27th, with a fix rolled into version 2.9.8, and ‘Easy Digital Downloads’ followed on 5 January 2023 as part of version 3.1.0.4.
If they haven’t already, affected users are advised to update these plugins to the latest versions to protect themselves from SQL injection attacks for the foreseeable future.
CES – one of the world’s biggest annual tech conferences – has been home to numerous silly gadgets over the years. We’ve seen finger-nibbling robots, ovens that can live stream your cooking, and even an RGB face mask.
But today I want to call your attention to a daft device from CES 2023, an appliance you might not have realized is even that ridiculous: the Asus ROG Swift Pro PG248QP; it’s a gaming monitor that boasts an absurdly high max refresh rate of 540Hz.
On the surface, Asus’ new monitor doesn’t seem silly. Having a high refresh rate is a fantastic feature – if a brand wants its display to be ranked on our best gaming monitor list it’s one of the main factors we’ll judge its tech on.
That’s because boosting your gaming setup’s refresh rate can give you the edge, especially in multiplayer matches. Thanks to your smoother gameplay and lower input lag you’re able to more easily follow your opponents’ actions and react to the onscreen information better than if you were using a lower-specced system.
But you don’t just need a fast-paced monitor, you also need a gaming setup that can take advantage of your screen’s high refresh rates by running games at a high end. And unless you want your graphics to look like ugly unrecognizable blobs of pixels, you almost certainly don’t have a rig that can achieve 540 frames per second (fps) in your favorite games.
Who needs a monitor this good?
If you’re exclusively a console gamer, you shouldn’t even be looking in this monitor’s general direction, let alone thinking about buying it. The PS5 and Xbox series X top out at 120Hz, a very long way off the 540Hz maximum offered by the Asus ROG Swift Pro PG248QP.
Instead, this display is aimed at PC gamers, but for a lot of you, Asus’ latest screen is still not a good fit.
Let’s look at the number one pick in our best gaming laptop guide, the Asus ROG Zephyrus G15. It packs an AMD Ryzen 9 5900HS CPU, an Nvidia RTX 3070 GPU, and 16GB RAM which is an above-average setup (based on Steam user data (opens in new tab)). In our tests for Total War: Three Kingdoms and Metro: Exodus – both running with HD resolution and low-quality graphics – the laptop was only able to achieve 164 fps and 125 fps respectively.
As for our pick for the best gaming PC that we’ve tested, the Maingear Turbo, the situation is better but still not good enough. The model we were sent used an AMD Ryzen 7 5800X3D, an Nvidia RTX 3080 Ti, and 32GB of DDR4 RAM to achieve a max of 320 fps in Total War: Warhammer III and 221 fps in Cyberpunk 2077 (both at HD with low-quality graphics settings). Only 60% of what the Swift Pro PG248QP monitor can achieve.
So what if we were to swap in an Nvidia RTX 4090? In our tests, we found that Nvidia’s best (and most expensive) graphics card boasted frame rates around 55% higher than an RTX 3080Ti. Factoring this into the Maingear Turbo’s performance you’d be looking at grand total of 498 fps for Total War: Warhammer III and 344 fps in Cyberpunk 2077 – still shy of the 540 target.
With the right expertise (and game choice) you can likely push this setup and other similarly powerful PCs over the line. But most of us aren’t sporting an RTX 4090 – heck, a lot of us don’t even have a 3090 (or a 3080 for that matter).
Asus’ latest monitor is certainly impressive, but based on the rest of the PC space it’s an absurd item that practically no one has a use for. If you want to pick it up when it goes on sale so you can say you have the world’s fastest gaming monitor then power to you, but I’m telling you now: it’s probably a waste of your money.
Those of your that are looking for a more sensible place to start might want to check out our best gaming monitor buying guide and should keep an eye out for monitors that better match the performance that your PC can realistically achieve.
Users of the Brave browser can now do their part in the fight against online censorship following the latest update.
The Brave 1.47 version allows users everywhere to turn their devices into a proxy service to grant people worldwide access to the Tor browser.
This isn’t the first move the secure browser has taken in an effort to elude internet restrictions, having previously introduced support for Tor Bridges in Private Windows with Tor in its 1.44 version. But the company its new feature is a step forward to empower the Brave community in promoting an open and free internet for all – just from right behind their screens.
Brave and Tor Snowflake
Brave’s latest upgrade adds the Tor Snowflake feature directly to its browser system. This is a peer-to-peer technology developed by the Tor Project to allow people around the world to access censored sites and applications.
Like many of the best VPN services, Snowflake helps those living under strict internet restrictions to bypass online censorship.
However, as Tor explains in a blog post (opens in new tab): “Unlike VPNs, you do not need to install a separate application to connect to a Snowflake proxy and bypass censorship. It is usually a circumvention feature embedded within existing apps.”
Powered by a mixture of proxy technology and WebRTC protocol, Snowflake masks users’ internet activities making them appear as if they’re using the web for a regular video or voice call. It then automatically assigns ephemeral Tor Bridges to grant access to blocked sites to whoever needs it.
At the same time, it secures users’ privacy and anonymity so that authorities won’t be able to know if and when someone manages to elude their online restrictions.
Tor Bridges, already available on the Brave browser since last September, are volunteer-run relay software aiming to help people access Tor in case of blockage.
Essentially, they give users an alternative point of access to the Onion routing.
To enable the feature on the Brave Browser, you should head on the Settings menu and tap on the Privacy and Security tab. Click on the Tor Windows to select or manually add an active built-in Bridge.
Snowflake represents the natural evolution to this. In fact, anyone willing to help others to access Tor can now enable the browser extension on a selected Tor Bridge by simply switching on the option.
This means that users’ devices aren’t just acting as the middleman between an external computer and the Tor site. They also allow the flow of encrypted messages between Snowflake-running and the other computers inside the Tor network.
While everyone can do their part to help people worldwide accessing Tor at ease, it is worth noting that the Snowflake’s feature doesn’t work for users living in countries where Tor is censored and/or accessing the internet via their school or workplace firewall.
Microsoft’s DirectStorage 1.1, a feature which uses the GPU to speed loading times, has just been tested with comparisons drawn between AMD, Intel and Nvidia graphics cards – with some very interesting results. In short, the feature looks set to seriously supercharge loading times with NVMe SSDs.
As Tom’s Hardware (opens in new tab) reports, Compusemble (opens in new tab) developed a benchmark test that German tech site PC Games Hardware (opens in new tab) (PCGH) used to produce results for AMD’s RX 7900 XT pitted against Intel’s Arc A770 and also Nvidia’s RTX 4080.
All GPUs were tested in a PC with Intel’s Core i9-12900K (Alder Lake flagship CPU) under Windows 11.
First off, a quick reminder on the tech to refresh your memory if needed: DirectStorage 1.1 comes with GPU decompression tech, so the GPU can handle decompression (of compressed game assets), and do so with far greater speed and efficiency than the CPU.
This ushers in faster loading times, and quicker loading of assets on-the-fly in big open world games, meaning a smoother experience when wandering about those kinds of large environments.
In testing, PCGH found that Intel’s A770 GPU was actually the top performer in terms of achieving speedy decompression of game assets, hitting 16.8GB/s compared to 15.3GB/s for the RTX 4080, and 14.6GB/s for AMD’s 7900 XT (for PCIe 4.0 testing – though Intel also led for PCI 3.0, albeit by a slightly narrower margin).
While that was a somewhat eye-opening victory for Intel Arc, it’s important to note that it didn’t translate to any real difference in loading times between the GPUs, with all of them ensuring blazing-fast speeds.
PCGH witnessed 5 second load times being reduced to 0.5 seconds – essentially the blink of an eye – in all cases for these AMD, Intel and Nvidia graphics cards, so all were fully up to scratch in terms of the actual end results.
Analysis: Seriously impressive results – but where are the games?
This is an exciting first glimpse at independent benchmarks indicating just how fast DirectStorage will be for PC gamers, no matter what flavor of (contemporary) GPU they’re using. Note that gamers need to have an NVMe SSD, and equally, be running Windows 11 for the best results.
While DirectStorage will work with Windows 10 PCs, there are a whole bunch of optimizations for Windows 11 on the storage front which mean that it’ll provide much more of a boost. So it’s easy to see why, given how much of an impact DirectStorage looks to be making going by this testing, it’ll be a compelling argument for PC gamers to upgrade to Windows 11.
Mind you, it may not be an argument that applies in the real world for some time to come, simply because there aren’t any games that utilize DirectStorage yet (not on PC, anyway). The one game we know is incoming and bristles with DS support is Forspoken, and frustratingly, this has been the victim of multiple delays now.
Forspoken was expected in May 2022, then was delayed until October 2022, before being pushed to January 24, 2023, which is only just over a week away now. So, hopefully – barring any further last-minute delays – we should be able to see DirectStorage in action on the PC very soon.
Even so, one PC game is just a drop in the ocean, and it’s not clear when further titles that use this speedy SSD boosting tech will actually arrive. That means it’ll still be quite a while before PC gamers sticking with Windows 10 feel the real pull to upgrade to Windows 11, but judging from early testing so far, it looks like that pull will be a substantial one when it does come into play.
The website for law enforcement software provider ODIN Intelligence has been hacked, defaced, and subsequently brought offline, reports have claimed, with sensitive company data also allegedly stolen.
The identity of the attackers is unknown, but some reports have claimed it might have something to do with news reports of one of ODIN’s programs leaking sensitive data.
Some of ODIN’s products include SweepWizard, an app that helps the police coordinate raids, and SONAR, short for Sex Offender Notification and Registration.
Unable to reproduce the flaw
Reacting to the news, ODIN Intelligence Chief Executive Officer (CEO), Erik McCauley, mostly dismissed the findings. When defacing the website, the attackers also left one McCauley quote on the homepage.
“ODIN Intelligence Inc. takes security very seriously. We have and are thoroughly investigating these claims,” McCauley told Wired at the time. “Thus far, we have been unable to reproduce the alleged security compromise to any ODIN system. In the event that any evidence of a compromise of ODIN or SweepWizard security has occurred, we will take appropriate action.”
“And so, we decided to hack them,” the attackers concluded.
The hackers also said “all data and backups have been shredded”, but the media believe the attackers may have actually stolen sensitive files from the company.
Speaking to TechCrunch, co-founder of non-profit transparency collective DDoSecrets (opens in new tab), Emma Best, said her organization obtained data pulled from ODIN’s servers.“We received the data the other day and are processing it,” she said. Apparently, the hackers shared three large archive files, totaling 16GB. The attackers also left hashes – signatures for each file.
What’s more, hackers also allegedly shared Amazon Web Services keys corresponding with an instance on AWS GovCloud, but at the time, their authenticity could not be confirmed. The ODIN Intelligence website is still offline at press time.
The LG G3 OLED TV is here, bringing another dose of brightness-boosting excellence to the OLED TV market.
We got our first look at the new G Series OLED on the showroom floor at CES 2023, alongside the rest of LG’s 2023 OLED range, which includes the LG C3, LG B3, LG Z3, and the new wireless M3.
The G Series model is known for being the brightest of LG’s 4K OLED range, and this year is no different. New Light Control Architecture hardware combined with LG’s existing Brightness Booster Max technology purportedly makes it even brighter than last year’s OLED Evo panels, with 70% more brightness over more the more basic OLED screen in the LG B3, meaning the G3 is likely the best home theater screen in LG’s new range.
If you want the full lowdown on the LG G3 OLED, including its likely price, expected release date, and all the features packed into this premium screen, you’re in the right place.
LG G3 OLED: Price and release date
The LG G3 OLED will likely come in the same sizes as last year’s LG G2, from a standard 55-inch to a whopping 83-inch. There’s no talk of a replacement for the 97-inch G2, though last year’s model is still available should you need a super-size screen.
We expect the LG G3 to release around March/April and cost roughly the same as the G2’s launch prices, which we’ve listed below:
55-inch: $2,199 / £2,399 (around AU$3,200)
65-inch: $3,199 / £3,299 (around AU$4,700)
77-inch: $4,199 / £4,499 (around AU$6,100)
83-inch: $6,499 / £6,499 (around AU$9,300)
LG G3: Design and features – what’s new?
The LG G3 OLED has all the premium features you’d expect from an LG OLED and then some.
This TV was made to be wall-mounted, to start; while LG has ditched the ‘Gallery Series’ naming convention from last year’s model, this is still a screen designed to be displayed proudly, like a painting in the Louvre.
The G3 features a stunningly slim bezel and a ‘zero gap’ design that helps the TV sit flush against the wall when wall mounted (it comes with a special wall mount). The screen’s casing is made of a lightweight composite fiber to reduce its weight over previous years. The G3 doesn’t ship with a dedicated TV stand, though LG sells feet or a floor stand if want your TV to stand on its own.
The main talking point of the G3 is its brightness. LG traditionally debuts new light-enhancing tech in its pricier G Series models before bringing those features to lesser models, and it’s no different this year.
While the step-down LG C3 uses OLED Evo technology, only the G3 makes use of LG’s Brightness Booster Max technology, which LG says “incorporates brand-new light control architecture and light-boosting algorithms to increase brightness by up to 70 per cent. Brightness is mapped and controlled on a pixel-by-pixel basis, resulting in sharper, more realistic images.”
That 70% figure is compared to traditional OLED as used in the LG B3 – the screens LG was putting in flagship TVs about 3 years ago – so it’s not quite as drastic as it sounds. But given OLED’s notoriously limited brightness, any ground gained on this front is welcomed.
The G3 uses a new sixth-gen Alpha a9 AI processor, which should run largely the same as previous models, with a few upgrades to LG’s AI Picture Pro and AI Sound Pro modes, which tweak audio-visual output depending on the content you’re watching. The former offers “improved upscaling” and object detection, while the latter imitates a “virtual 9.1.2 surround sound” on the TV’s 3.1.2 channel speakers.
You’ll get four HDMI 2.1 ports, with one port supporting eARC for handy two-way communication with a connected soundbar. There’s also the usual sub-10ms input lag, dedicated game modes, VRR support, and premium Dolby Vision / Dolby Atmos modes for the true cinephiles out there – alongside an upgraded webOS platform geared around custom user profiles, and a Quick Media Switching feature that jumps more seamlessly between content sources.
The G3 and Z3 models come with a built-in ATSC 3.0 tuner to meet the latest signal standard in TV broadcasts in the US – and you won’t find this in the cheaper C3 / B3 models.
LG G3 OLED: What we think so far
Like its predecessors before it, the LG G3 OLED is the smart buy for cinephiles who want market-leading picture quality. The G3’s OLED panel uses the latest brightness-boosting technology for startlingly bright highlights and vivid color output, and it’s tailor-made for a flush, wall-mounted position.
The LG G3 OLED isn’t a significant upgrade from TVs that came before it, but even small progress is good. LG’s OLED range is already an exceptional fleet of televisions, with breathlessly good picture quality, plenty of high-tech specifications, and features to flatter gamers, film buffs, and casual watchers alike. Even as LG experiments with wireless screens and transparent TVs, it’s clear that most shoppers are after a TV that does the main job exceptionally well – and the G3 fits the brief, with a dose of luxury design. We fully expect it to be one of the best TVs on the planet this year.
We know that the Samsung Galaxy S23 phones are launching on February 1, but we’re not sure yet how much they’re going to cost. A new leak sheds some light on what the starting prices might be for these handsets in the US.
Well-known tipster @RGcloudS (opens in new tab) on Twitter (via Notebookcheck (opens in new tab)) has posted pricing for two Galaxy S23 models, two Galaxy S23 Plus models, and three Galaxy S23 Ultra models – that’s pretty much all of them, though one S23 Plus variant does seem to be missing.
It seems Samsung has managed to match last year’s Galaxy S22 and Galaxy S22 Plus prices with the new models, though the Galaxy S23 Ultra looks like it will be more expensive than its predecessor (the cheapest model does come with double the internal storage though).
Those prices in full
According to this source, the Galaxy S23 will start at $799 for the model with 128GB of storage and 8GB of RAM, while the version with 256GB of storage and 8GB of RAM is going to set you back $849.
As for the Plus model, we’re looking at $999 for the version with 128GB of storage and 8GB of RAM, and $1,049 for 256GB of storage and 8GB of RAM. We think there’s going to be a 512GB version too, but it isn’t mentioned here.
Finally the S23 Ultra is supposedly going to cost $1,249 (256GB of storage, 8GB of RAM), $1,349 (512GB of storage, 12 GB of RAM), or $1,499 (1TB of storage, 12GB of RAM). The Galaxy S22 Ultra started at $1,199 with 128GB of storage.
Analysis: pricing pressures
Up to this point, the majority of the rumors swirling around the Samsung Galaxy S23 have suggested that these phones will cost more than their Galaxy S22 equivalents – what with inflationary pressures, the ongoing battle with the coronavirus pandemic and several other factors combining to push prices up.
Now it looks as though Samsung might be able to hit last year’s prices, at least on the standard S23 and the Plus model. It’s possible that the company execs have decided to take a hit on the profit margin to avoid pushing prices any higher.
And that’s understandable – with most parts of the world in a less than healthy economic position at the moment, people are going to be watching their budgets very closely indeed. It’s not easy right now to justify a large outlay on a smartphone upgrade.
We haven’t included the international currency conversions above because it’s unlikely that Samsung would use them. If the pricing stays the same across the board for the two cheaper phones though, then that’s £769 / AU$1,249 for the standard model and £949 / $1,549 for the Plus model.
Like any Formula 1 team, McLaren is fanatical about data. It is a vital cornerstone to success, which is why serious attention is paid to the quantity and quality of what is gathered and how it is used.
Since 2017, McLaren has also taken part in Formula 1 esports, with its own professional team of drivers and engineers receiving the same level of dedication and support from the company as their real-life counterparts, extending to an equal focus on race data.
Speaking to TechRadar Pro, Lindsey Eckhouse, Director of Licensing, Ecommerce & esports at McLaren, told us how its partnership with data firm Splunk plays a pivotal role in both the real and virtual Formula 1 success for the legendary racing team.
Shadow-ing real F1
McLaren Shadow (opens in new tab) is the car maker’s esports and gaming division. The virtual racing team is run very much like the physical team, with professional gamers taking to the cockpits of simulation rigs to compete in digital grands prix.
And just like the real thing, the importance of establishing partnerships with other businesses is crucial to McLaren. Alongside Logitech, Shadow has also partnered with PC maker Alienware to provide the rigs, Tesos for blockchain technology and NFT releases for its esport audience, and OKX for cryptocurrency exchanges.
“It’s really about: how can we work with partners that give us an authentic way to bring their technology to life or achieve whatever their objective is… to leverage their technology and expertise”, said Eckhouse.
From a data perspective, the main partner for both Shadow McLaren and the real-life Formula 1 team is Splunk, a software platform that provides all the analytical capabilities a team requires.
Of particular importance is Splunk Dashboards – a feature that allows for data to be customized in terms of its graphical representation, such as telemetry readings for steering, acceleration and braking inputs, to make it easy for drivers and engineers alike to understand at a glance.
“The Splunk dashboards are a good example of similar technology in terms of exploring a variety of different areas – we can also dig into that from an F1 esports standpoint to really inform our race strategy,” Eckhouse says, adding that the lead engineer for the F1 esports team actually works in the real-life race team, “so again there are shared learnings of strategy development across F1 into the F1 esports arena.”
“I think Splunk is probably the best example of where we see their applications carry over into esports, and fortunately last year we saw that yield some great results.”, she adds, referring to the McLaren Shadow team’s 2022 constructors’ championship win (opens in new tab).
Expanding on the partnership with Splunk, Eckhouse explained that the relationship goes both ways:
“When you think of the audience in esports, it’s incredibly engaged; it’s also high propensity to be in the IT industry in the future or potentially work at Splunk or within esports, so there’s so many different applications I think that Splunk benefit from through the partnership, and certainly we benefit from from using their technology.”
We would always expect smartphones to get better year on year, but if the latest rumors around the Samsung Galaxy Z Fold 5 are to be believed, the foldable handset is going to come with a key improvement in terms of its design.
According to South Korean outlet Naver (opens in new tab) (via SamMobile (opens in new tab)), Samsung is going to use a waterdrop shape hinge in the Galaxy Z Fold 5, which means the device would be able to fold completely flat, with no gaps between the two halves of the display.
Several handsets from Chinese manufacturers already use this design approach for their foldables, but at the cost of full water resistance. However, Samsung is apparently going to add the new hinge shape while maintaining an IPX8 rating for the phone.
Even more durable
The Samsung Galaxy Z Fold 4 is a great foldable phone, and we wouldn’t say it has any durability problems, but a waterdrop hinge means less stress on the display fold, and that should mean the reliability of the device will go up again.
We’ve seen steady improvements in foldable phone technology as the years have gone by, and these devices are now a long way ahead of where they were in the beginning – and that makes them more appealing to consumers.
The report says that Samsung has actually held a patent for a hinge of this type since 2016. It’s not clear exactly why it hasn’t been implemented before now, but it could be something to do with perfecting the technology or making it cheap enough to implement.
Analysis: improved durability means more competitors
The first Galaxy Fold made its debut in 2019, and since then folding phone technology has improved considerably. We’ll be getting the fifth incarnation of the device later in 2023, alongside (most probably) the successor to the Samsung Galaxy Z Flip 4.
As reliability and manufacturing processes improve, that’s going to encourage more phone makers into the market. Right now it’s basically just Samsung and the Chinese tech companies that are producing foldables for consumers.
The next major foldable phone launch we see could be for the Google Pixel Fold: it could be here as early as May 2023. There’s also rumors of a foldable iPhone, but we might be waiting until 2024 or 2025 for that particular device to show up.
Whatever the other manufacturers do, Samsung is always going to have a head start on them, and it will be hoping that that’s enough to give the Z Fold and the Z Flip series an edge in what will be an increasingly competitive market.
AMD has found, and patched, almost three dozen vulnerabilities in both its consumer and business products.
In an update on its website, the CPU giant detailed a total of 31 patches for security issue, some of which were high-severity.
Three vulnerabilities affect Ryzen processors (opens in new tab), for desktop PC, HEDT, Pro, and Mobile platforms – one of which is listed as high severity, while the other two were medium or low.
EPYC vulnerability
A threat actor could abuse the vulnerabilities through a BIOS hack or an attack on the AMD Secure Processor bootloader. Ryzen 2000-series Pinnacle Ridge desktop chips, 2000- and 5000-series APU product lines, Threadripper 2000- and 3000-series HEDT, and Pro processors, were all said to have been impacted, together with Ryzen 2000-, 3000-, 5000-, 6000-, and Athlon 3000-series mobile chips.
The remaining 28 flaws were found in the AMD EPYC processors, designed to power its x86 servers.
Four flaws were found to have been of high severity, three of which allowed arbitrary code execution, while the remaining one allowed writing data, leading to data integrity and data availability losses. The other 15 flaws were ranked as either medium severity or low severity.
Besides the patches for the flaws, the update also lists ASEGA versions with fixes for affected chips. The ASEGA revisions were issued to Original Equipment Manufacturers (OEM), allowing them to address the flaws in BIOS/UEFI.
As different manufacturers may patch their BIOS at a different speed, it’s impossible to know when each model will be sorted.
AMD gave credit to a number of tech giants helping with the discovery and the remediation of the flaw, including Google, Apple, and Oracle. Speaking to Tom’s Hardware, the company said it usually discloses these flaws twice a year, once in May, and once in November, but given the size of the recent findings, decided to list them as soon as possible.
Here’s our take on the best firewalls (opens in new tab) at the moment