News

• Streams 4K video, backs up your phone, and still skips cloud storage entirely
• The TerraMaster F4 SSD promises home privacy, but may offload all maintenance responsibility onto the user
• Up to 32TB of SSD speed sounds impressive, but your router might bottleneck it

As local storage continues to evolve, some brands now offer compact network-attached systems that emphasize privacy, speed, and media versatility.

The TerraMaster F4 SSD provides support for up to 32TB of SSD storage using four 8TB SSDs, and supports file systems such as EXT4, BTRFS, exFAT, and NTFS.

It bypasses the need for cloud-based platforms by incorporating hardware-level encryption and data segregation for over 20 user accounts.

The device is powered by a quad-core ARM-based Rockchip RK3568 processor clocked at up to 2.0GHz, with hardware decoding support for H.264 and H.265 codecs and resolutions up to 4K@60fps.

It also features 8GB of DDR4 RAM, expandable to 32GB using two SODIMM slots.

Network capabilities include a 2.5GbE port and a 10Gbps USB 3.2 Gen 2 Type-C interface, while HDMI 2.0 offers 4K display output.

TerraMaster F4 SSD can also stream to TVs and tablets using standard protocols like uPnP and DLNA, and support for media servers such as Plex, Jellyfin, and Emby suggests it will be compatible with the majority of home setups.

The F4 SSD is built around a 5G Ethernet port, reportedly offering speeds up to five times faster than standard Gigabit connections, supporting high-throughput scenarios.

However, in practical terms, users will likely be limited by the speed of their broader home network, not just the NAS hardware.

Software features include backup tools (including cloud sync and snapshot), AI photo management, VPN server, and remote access via TNAS.online, which enables downloads and uploads through the cloud.

Security features include TRAID, a flexible array system that optimizes space while providing redundancy.

It also supports RAID 0/1/5/6/10, JBOD, and includes tools such as S.M.A.R.T., bad block scan, SSD trim, and hot spare management.

TerraMaster’s SPC control system is another layer that restricts app access based on verified permissions.

The F4 SSD also allows bi-directional syncing with cloud platforms like Google Drive and Dropbox.

This hybrid capability, while useful, may seem counterintuitive in a product designed to replace cloud reliance.

The NAS also features tool-free SSD installation with a drawer-style enclosure, making drive upgrades accessible to beginners.

Cooling is handled by a quiet convection fan system, reportedly keeping standby noise around 19dB, like the TerraMaster D4 SSD. Such silence may be beneficial in noise-sensitive environments like home studios or bedrooms.

The system operates on TOS 6.0 and supports up to 128 user accounts, 128 user groups, and 8 shared folder sync tasks.

This makes it suitable for advanced home users or small studios needing high-speed, private data access.

The TerraMaster F4 SSD is ambitious in scope, but its value will depend on whether users make full use of its features.

Via TechPowerUp

• These are the fastest SSDs you buy right now
• Take a look at some of the best external hard drives
• Acer is giving away $240 worth of Google goodies for free with its Chromebooks

Modern IT systems are awash with a constant flow of data providing information on system performance and security. This data is crucial for IT professionals looking to keep IT infrastructures running smoothly.

The snag is, with so much information available, it’s almost impossible to decipher what’s routine and what potentially could pose a threat. Trying to figure out the digital wheat from the chaff requires more than just visibility. It requires increasingly sophisticated systems that can interpret, prioritize and act—not simply collect information.

Unfortunately, most observability tools today don’t work this way. They generate alerts, log events and surface anomalies. And while technology is improving all the time, they don’t always understand what’s happening or how to respond.

Take a typical global enterprise running a hybrid architecture. It may have critical applications that are spread across multiple cloud providers, while also relying on on-premise legacy systems. Together, these systems are shepherded by dozens of monitoring tools generating thousands of alerts every day.

Some are false positives. Others are minor policy breaches. But lurking somewhere in the noise is a genuine security incident. And by the time it’s spotted… well, it could be too late.

What’s missing isn’t just more tools or greater visibility. It requires a new, highly sophisticated level of observability—one that works more like a human brain with the ability to filter out noise, recognize what matters and trigger the right response at the right time. What’s needed is something intelligent that can ’think’ for itself.

Part of the reason why this is needed is because IT teams have tended to invest in separate tools that often have little contextual awareness. That means it’s up to the human members of IT teams to bridge the gaps, deciding whether an alert is serious, identifying the root cause and initiating the right response. In fast-moving environments, these human assessments can take time which, in turn, adds to the risk.

An intelligent observability system, on the other hand, would do more than simply monitor for known issues. It would detect anomalies in real time using context-aware monitoring, then assess the severity and likely impact based on both the technical and business relevance and risk.

Rather than treating every signal the same, it would prioritize based on urgency and risk, helping teams focus on what truly matters.

Crucially, it would also support automation, enabling routine fixes or containment measures to be initiated. And instead of splitting insight across multiple disconnected views, it would bring together data from on-premises and cloud environments in a single, cohesive picture.

This kind of system doesn’t just monitor IT systems and networks. It has total oversight and is ready to act when needed.

The good news is that progress is being made. AI-driven observability is moving from aspiration to implementation. Anomaly detection based on behavioral baselines is becoming more accessible, helping teams distinguish real issues from false alarms. Alert correlation and intelligent escalation paths are improving, reducing alert fatigue and bringing the right signals to the right people at the right time.

Some observability platforms, including those being developed at SolarWinds, are already combining monitoring, analysis and response into more cohesive workflows. Integration across hybrid environments remains a challenge, but the building blocks for intelligent observability are now in place.

What’s still missing, though, is the kind of full-system intelligence that can replicate the nuance of human decision-making. Most observability tools still rely on thresholds, templates, or predefined rules. True context-awareness—the ability to understand why something is happening and what to do next—is still emerging. But the direction of travel is clear.

According to a recent SolarWinds AI and Observability report focused on the public sector, three-quarters of respondents said hybrid environments were hard to manage. Top concerns included data protection, integration complexity and a lack of visibility across systems.

Managing this complexity is made harder by the reality that observability tools are often siloed—one for cloud, another for on-prem, with separate platforms for detection, logging and remediation.

Security only adds to the unpredictability. In the same report, more than half of IT professionals said insider mistakes were contributing to serious threats, while 59% highlighted increasingly sophisticated attacks from external actors. The rise of generative AI means those external threats are becoming more scalable and targeted, increasing the strain on overstretched IT teams.

Which is why the key is not to add even more tools but to reduce complexity, improve visibility and act with intelligence and speed. An observability system that functions more like a brain does exactly that, because IT systems need to do more than observe. They need to understand.

We list the best small and medium business (SMB) firewall software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Even with today’s vast arsenal of cybersecurity tools and AI-enhanced threat detection, attackers continue to succeed – not because the technology is failing, but because the human link in the defensive chain remains exposed. Cybercriminals almost always take the path of least resistance to execute a breach, which often means targeting people rather than a system.

According to McKinsey, a staggering 91% of cyberattacks have less to do with technology, and more to do with manipulating and taking advantage of human behavior. In other words, despite technologies like AI advancing at break-neck speed, cybercriminals are still more likely to hack people than machines.

From a cybercriminal’s perspective, this makes sense. It’s the path of least resistance. Why spend resources hacking your way through a high-tech, AI-secured front door when there’s an open window around the back? This isn’t news to CISOs – according to a 2024 IBM survey, almost three-quarters (74%) now identify human vulnerability as their top security risk. They’re aware of the open window, and now they’re trying to secure it.

That’s easier said than done, however. Whether it’s a well-timed phishing email, a spoofed call, a deepfake video, or a barrage of authentic-seeming push notifications designed to wear down a user’s judgment, attackers are adapting faster than defenses can compensate.

The reality is that while security vendors race to outpace attackers with smarter algorithms and tighter controls, the tactics that most reliably lead to breaches are psychological, not technical. Threat actors are exploiting trust, fatigue, social norms, and behavioral shortcuts – tactics far more subtle and effective than brute-force code.

It’s not a lack of technology leaving organizations vulnerable to these techniques, it’s a lack of alignment between those tools and the way people actually think and operate. In fast-paced, high-pressure environments, employees don’t have the bandwidth to second-guess every request or scrutinize every prompt.

They rely on instincts, familiarity, and patterns they’ve learned to trust. But those very instincts are what attackers hijack, turning help desk tickets into access exploits, or mimicked CFOs into multi-million-dollar heists. As generative AI accelerates the realism and reach of these tactics, organizations face a critical question: not just how to keep the bad actors out, but how to better equip their people within. Because when breaches hinge on human decisions, cybersecurity isn’t just a technology issue – it’s a human one.

Human behavior is a vulnerability, but it’s also a predictable pattern. Our brains are wired for efficiency, not scrutiny, which makes us remarkably easy to manipulate under the right conditions. Attackers know this and design their exploits accordingly. They play on urgency to override caution, impersonate authority figures to disarm skepticism, and drip-feed small requests to trigger consistency bias. These tactics are ruthlessly calculated, and they work not because people are careless, but because they’re human.

In early 2024, a finance worker at a Hong Kong firm was tricked into transferring $25 million after attending a video call with what appeared to be the company’s CFO and other colleagues – each one a convincing AI-generated deepfake. The attackers used publicly available footage to clone faces and voices, creating a seamless illusion that exploited trust and familiarity with devastating effect.

The eye-opening part is that these deepfake tools are now readily available. Modern social engineering doesn’t rely on obvious red flags. The emails aren’t riddled with typos, and the impersonations don’t sound robotic. Thanks to generative AI, deepfake technology, and access to vast training data, attackers can now create incredibly convincing personas that mirror the tone, behavior, and language of trusted colleagues. In this environment, even the most well-trained employee can fall victim without fault.

Heuristics – mental shortcuts – are frequently exploited by attackers who know what to look for. “Authority bias” leads people to follow instructions from perceived leaders, like a spoofed email from a CEO. The “scarcity principle” ramps up pressure by creating false urgency, making employees feel they must act immediately.

And “reciprocity bias” plays on basic social instincts – once someone has received a seemingly benign gesture, they’re more likely to respond positively to a follow-up request, even if it’s malicious. What so often looks like a lapse in judgment is often just an expected outcome of cognitive overload and the common, everyday use of heuristics.

Traditional identity and access management (IAM) strategies tend to assume that users will behave predictably and rationally – that they’ll scrutinize every prompt, question every anomaly, and follow policy to the letter. But the reality inside most organizations is far messier. People work quickly, switch contexts constantly, and are bombarded with notifications, tasks, and requests.

If security controls feel too rigid or burdensome, users will find workarounds. If prompts are too frequent, they’ll be ignored. This is how good policy gets undermined – not out of negligence, but because the design of the system clashes with the psychology of its users. Good security mechanisms shouldn’t add friction; they should seamlessly guide users towards better choices.

Applying principles like Zero Trust, least privilege, and just-in-time access can dramatically reduce exposure, but only if they’re implemented in ways that account for cognitive load and context. Automation can help here: granting and revoking access based on dynamic risk signals, time of day, or role changes without requiring users to constantly make judgment calls.

Done right, identity management becomes an invisible safety net, quietly adapting in the background, rather than demanding constant interaction. Humans shouldn’t be removed from the loop, but they should be freed from the burden to catching what the system should already detect.

Technology may enforce access policies, but culture determines whether people follow them. Building a secure organization has to be about more than simply enforcing compliance. That starts with security training that goes beyond phishing drills and password hygiene to address how people actually think and react under pressure. Employees need to recognize their own cognitive biases, understand how they’re being targeted, and feel empowered – not penalized – for slowing down and asking questions.

Equally important is removing unnecessary friction. When access controls are intuitive, context-aware, and minimally disruptive, users are more likely to engage with them properly. Role-based and attribute-based access models, combined with just-in-time permissions, help reduce overprovisioning without creating frustrating bottlenecks in the form of pop-ups and interruptions. In other words, modern IAM systems need to support and empower employees rather than make them constantly jump through hoops to get from one app or window to another.

The biggest takeaway here is that cybersecurity isn’t just a test of systems, AI-driven or not – it’s a test of people. The human firewall is arguably an organization’s biggest weakness, but with the right tools and policies in place, it can become its greatest strength. Our goal should not be to eliminate human error or change the innate nature of humans, but to design identity systems that make secure behavior the default – easy, intuitive, and frictionless.

We list the best employee recognition software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Unidentified threat actors target Qantas call center
• This allows it to gain access to sensitive customer data
• The attack is most likely the work of Scattered Spider, experts claim

Yet another major airlines has been hit by a major cyberattack after Qantas, the largest flight provider in Australia, confirmed it had been targeted

In a press release published on the company’s website, Qantas said it spotted the intrusion after a threat actor targeted a call center, and accessed a third-party customer servicing platform.

The name of the platform was not disclosed, but Qantas said six million customers have service records there.

Get 55% off Incogni's Data Removal service with code TECHRADAR

Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.View Deal

“We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant,” the press release reads.

“An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.”

However, credit card details, personal financial information, and passport details, were not stolen, since these are not even held in this particular system. Therefore, passwords, PIN numbers, log in details, and frequent flyer accounts, remain uncompromised, the company confirmed.

Qantas also said the system is now contained, and that it notified relevant authorities, as well as affected individuals. The airline’s operations and safety were not endangered at any time.

The company did not say who the threat actors were, or if they tried to deploy any ransomware.

However the incident shares many similarities with other attacks recently made by the group known as Scattered Spider.

This group has not yet claimed responsibility for this attack - but in recent weeks, multiple reports have emerged of airlines being hit by cyberattacks, with Hawaiian Airlines confirmed suffering an attack and both WestJet and GlobalX suffering the same fate recently too.

Via BleepingComputer

• This popular Windows software used by millions has a serious security vulnerability - here's what you need to know
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

• You can now edit texts sent from Android to iOS
• The change is part of the updated RCS standard
• Texts sent from iOS to Android can’t yet be edited, though

Sending text messages between an iPhone and an Android device has long been a pretty poor experience, with features like typing indicators and read receipts missing for years. That’s shifted in recent years thanks to the use of Rich Communication Services (RCS), and it’s bringing another benefit to your cross-platform chats.

In this case, that’s the ability to edit texts sent from an Android phone to an iPhone (via Android Authority). This feature appears to be rolling out gradually to Android users, so it’s not available to everyone just yet. But if it’s working for you, all you’ve got to do is long press on a sent message, then tap the pencil icon, make your adjustments and save your message.

Unfortunately, this doesn’t work the other way around – that is, texts sent from an iPhone to an Android device cannot be edited. Presumably, Apple will need to update its Messages app to add support for this functionality.

You’ve been able to edit texts sent between iPhones for years, and messages going from one Android device to another have been editable when using RCS for about twelve months. But although editable messages are now part of RCS, companies like Apple and Google need to support the feature – which is why it’s not available in iOS right now.

Apple has been reluctant to support RCS for a long time, partly because it previously offered much weaker encryption than Apple’s iMessage platform, which is end-to-end encrypted. However, the change that introduced editable texts to RCS has now also brought forth end-to-end encryption, which might help to smooth things over with Apple.

The rollout of editable messages also hasn’t been entirely pain-free. While edited messages appear as normal on Android (with a small “Edited” timestamp underneath them), they behave differently in iOS. There, iPhone users see a second message preceded by an asterisk, doubling up the number of texts on their screen.

Both Apple and Google gave their support to cross-platform RCS messages earlier this year, so we’re hoping that these bugs and oddities will be ironed out in due course. For now, though, the situation when texting across phone platforms has been improved, even if only in one small way.

• Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
• What is RCS messaging? The iMessage rival and SMS text replacement explained
• Hell freezes over – Apple to support RCS messages from Android phones next year