Fileless Malware: Why You Should Care

It's a truism that just like organizations adapt, so too do criminals. For example, anyone who has ever seen a Wells Fargo commercial knows that there was a time when stagecoaches were a normative method for transporting cash and valuables. But what modern criminals in their right mind would attempt robbing a Brink's truck on horseback? While that strategy might have worked well in the days of the Pony Express, attempting it in now would be out of touch and inefficient.

This is an intentionally extreme example to make a point: Criminals adapt to keep pace in the same way that organizations adapt. With a veritable renaissance in technology use under way, criminals have been advancing their methods of attack just like organizations have been advancing their methods for conducting business.

One of the more recent developments in attacker tradecraft is so-called "fileless malware." This trend -- which emerged a few years ago but gained significant prominence in late 2016 and throughout 2017 -- refers to malware that is designed specifically and architected to not require -- or in fact interact with at all -- the filesystem of the host on which it runs.

It is important for technology pros to be alert to this, because it impacts them in several different ways.

First, it alters what they should watch for when analyzing attacker activity. Because fileless malware has different characteristics from traditional malware, it requires looking for different indicators.

Second, it impacts how practitioners plan and execute their response to a malware situation. One of the reasons attackers employ this method is that it circumvents many of the techniques that typically are employed to mitigate attacks.

However, there are some things practitioners can and should do to keep their organizations protected.

What Is It?

Also sometimes referred to as "non-malware," fileless malware leverages on-system tools such as PowerShell, macros (e.g. in Word), Windows Management Instrumentation (i.e., the apparatus in Windows designed for telemetry gathering and operations management), or other on-system scripting functionality to propagate, execute and perform whatever tasks it was developed to perform.

Because these tools are so powerful and flexible on a modern operating system, malware that employs them can do most of what traditional malware can do -- from snooping on user behavior to data collection and exfiltration, to cryptocurrency mining, or pretty much anything else that an attacker might want to do to forward an infiltration campaign.

By design, an attacker employing this technique will refrain from writing information to the filesystem. Why? Because the primary defense strategy for detecting malicious code is file scanning.

Think about how a typical malware detection tool works: It will look through all files on the host -- or a subset of important files -- searching out malware signatures against a known list. By keeping clear of the filesystem, fileless malware leaves nothing to detect. That gives an attacker a potentially much longer "dwell time" in an environment before detection. It's an effective strategy.

Now, fileless malware is by no means entirely new. Folks might remember specific malware (e.g., the Melissa virus in 1999) that caused plenty of disruption while interacting only minimally, if at all, with the filesystem.

What is different now is that attackers specifically and deliberately employ these techniques as an evasion strategy. As one might expect, given its efficacy, use of fileless malware is on the rise.

Fileless attacks are more likely to be successful than file-based attacks by an order of magnitude (literally 10 times more likely), according to the 2017 "State of Endpoint Security Risk" report from Ponemon. The ratio of fileless to file-based attacks grew in 2017 and is forecasted to continue to do grow this year.

Prevention Strategies

There are a few direct impacts that organizations should account for as a result of this trend.

First, there is the impact on the methods used to detect malware. There is also, by extension, an impact on how organizations might collect and preserve evidence in an investigation context. Specifically, since there are no files to collect and preserve, it complicates the usual technique of capturing the contents of the filesystem and preserving them in "digital amber" for courtroom or law enforcement purposes.

Despite these complexities, organizations can take steps to insulate themselves from many fileless attacks.

First is patching and maintaining a hardened endpoint. Yes, this is frequently offered advice, but it is valuable not only to combat fileless malware attacks, but also for a host of other reasons -- my point being, it's important.

Another piece of commonly offered advice is to get the most from the malware detection and prevention software that already is in place. For example, many endpoint protection products have a behavior-based detection capability that can be enabled optionally. Turning it on is a useful starting point if you have not already done so.

Thinking more strategically, another useful item to put in the hopper is to take a systematic approach to locking down the mechanisms used by this malware and increasing visibility into its operation. For example, PowerShell 5 includes expanded and enhanced logging capabilities that can give the security team greater visibility into how it's being used.

In fact, "script block logging" keeps a record of what code is executed (i.e., executed commands), which can be used both to support detective capability and to maintain a record for use in subsequent analysis and investigation.

Of course, there are other avenues that an attacker might leverage beyond PowerShell -- but thinking it through ahead of time -- investing the time to know what you're up against and to plan accordingly -- is a good starting point.
Source : www.technewsworld.com

How to Back Up iPhone Data to an External Drive

A recent incident reminded me of the importance of backing up one's phone regularly. Soon after carrying my recycling out to the curbside, I realized I had misplaced my 6-month-old iPhone. Cue brief panic, followed by deep concern that I'd somehow tossed my device into that transparent bag I'd left outside for the world to see.

That led me to yelling "Hey, Siri" a few times around my apartment until the familiar chime sounded, revealing my trusty phone was hiding on a stepladder underneath a coat. Phew.

I have no idea how or why I managed to leave my phone there, but had I not found it, the situation could have been much worse: It had been months since I'd backed up my data. I was lucky to escape what could have been a potential disaster caused by my absent-minded tendencies.

Save Main Drive Space

I bought my current laptop a little over a year ago and actually had some trouble managing backups at first. My partner and I use the same computer for backing up our phones, but with ever-increasing device storage capacities and solid-state hard drives still somewhat expensive, despite featuring in more and more systems, space is at a premium.

Apple demands a lot of storage for its backups, especially since it often stores multiple versions. A 256-GB hard drive to run one's system and keep data safe is just not enough anymore.

The thing is, Apple does not make it easy to sync backups to an external drive automatically. Typically, iPhone owners will plug in their devices, and Apple will create a directory on the main hard drive and stuff the backup there. That's easy, and it's probably enough for most people. Forcing iTunes to store the backup elsewhere requires a redirect trick.

Using Windows 10

Here's how I solved the problem on my Windows 10 machine. First, since I had the capacity on my current drive (but only just), I created an iPhone backup using the regular iTunes sync method to the default location, just in case any mishaps should occur. I went to the folder Apple uses to store backups, typically this one:

C:\Users\[Username]\AppData\Roaming\Apple Computer\MobileSync\Backup

You should replace [Username] with your own actual username, naturally.

You'll want to copy that folder to your desired new backup location, and then either delete the original Backup folder or rename it as "BackupOld." Then hold the shift key and click the right mouse button to open a command window. There, enter the following:

mklink /J "%APPDATA%\Apple Computer\MobileSync\Backup" "[External Drive]:\iTunes Backup"

Of course, you'll replace [External Drive] with your actual drive letter.

You can add subfolders here too if you like to keep your storage as organized as possible. So, something like this would work just fine:

E:\MyBackups\iTunes Backup

Then you can close the command prompt window, and try an iPhone backup to see if it works.

Using macOS

The steps are similar for Mac systems. You should find the standard backup folder here:

~/Library/Application Support/MobileSync/

Copy, then remove or rename the Backup folder. Then open a terminal and type this:

ln -s /Volumes/[External Drive]/MobileSync/Backup ~/Library/Application\ Support/MobileSync/Backup

Close the terminal and then try an iPhone backup to see if it works.

Better Safe Than Sorry

Even if you have a main hard drive large enough to handle your backups without any concern, shuttling your data to an external drive has its advantages. It can act as an off-system failsafe in case your computer's drive collapses beyond repair. It also frees up the main drive, which hopefully will keep your computer working snappily for a little longer.

In either case, please remember to back up your phone regularly. And maybe don't put yourself in a situation where you wonder for 15 minutes if you tossed it out with the recycling.
Source : www.technewsworld.com

_PIMAX 4K HMD VR Headset

#TODAY_PIMAX 4K HMD VR Headset

The PIMAX headset is the first VR headset providing a 4K UHD image at a stunning resolution of 3840 x 2160 and 8.29 million pixels as the name suggests, Oculus Rift, HTC Vive and SONY PSVR are 2160 x 1200 resolution only.

Here you can see a nice look pictures from the outside:

PIMAX parameters (available on Gearbest)

Screen: higer resolution than Oculus, HTC VIVE and PS VR. PIMAX used a high performance custom-made screen, response time reach to 2.3ms, and AMOLED screen is 2.0ms.

FOV: 110°, the dual 53mm lenses enable 110 degrees field-of-view (FOV) with adjustment between 58-71mm from the eyes. This should enable good amount of space for users wearing prescription glasses.

Dizziness: 1000Hz dual gyroscope, there is an improved "anti-vertigo" double gyroscope controlled within 18ms.

Glasses: two 53mm Aspherical Lens, plus the built-in anti blue laser lens with auto light adjustment and auto demisting systems will protect your eyes.

Myopia self adaptive: its support under 500 degrees myopia naked eye watching and 58-71mm IPD, and has a headspace for those people ware glasses use VR.

Weight: 220g for the bare machine, 449g selling by Gearbest, and a comfortable medical grade sponge. So no head pressure when wearing it.

Music experience: supports Virtual 5.1 Sound Stage for immersive sound experience, and built-in microphone for communicate with others in the game.

Computer configuration requirement

System: Windows 7, 8, 10 (64-bit only)

CPU: Intel i5 equal or better processor performance

Graphics card: DirectX 3 d10 recommended NVIDIA GTX960 / AMD R9 290 equal performance or above

Memory: 4GB + RAM

Port: compatible with HDMI 1.4B video output, 2.0 / 3.0 USB interface

Finally here are photos of the complete PIMAX 4K VR:

Competition advantages

• The PIMAX 4K VR headset is a HMD which currently has the highest resolution out of all the main competitors (Vive , Oculus, OSVR), the resolution is a big jump so everything just feels better to do, games like Elite dangerous and it makes using this to watch movies a very good experience.

• The PIMAX is a very light headsets. It's very comfortable to use when wearing it.

• PIMAX supplied a high quality headphone include in the box.

Competition weakness

PIMAX is currently has no positional tracking, it's not going to support anything that requires Vive controllers or Oculus' pointer thing, but there are in terms of games, if it's on Steam and doesn't require Vive wands, it'll work with this right out of the box. That means the likes of Elite Dangerous, American / European Truck Simulator and DCS World.

SOURCE : http://www.gearbest.com/blog/products/review-pimax-4k-hmd-vr-headset-875/reviews/

Nvidia announces new ‘Nvidia’ Titan X: $1,200, 12GB of GDDR5X, shipping August 2

#new nividia

Nvidia has been launching GPUs at a rapid-fire pace this summer. The GTX 1080 and1070 debuted in late May and early June, the 1060 dropped earlier this week, and now the full-fledged Titan X is shipping by August 2. The new GPU was announced by Jen-Hsun Huang last night and sets a speed record for fast turnarounds between the launch of a new architecture and the debut of its top-end GPU. The first GTX Titan launched nearly a year after the first Kepler GPU, while the Titan X launched roughly six months after Maxwell.

Branding on the new GPU is a bit confusing. Previous Titan-class GPUs have used a secondary label, like Titan Black or Titan X. In this case, Nvidia is removing the “GeForce” branding on the GPU and calling it the Nvidia Titan X. This could prove confusing for customers, but it may also signal that this card is meant to straddle the line between Nvidia’s gaming and workstation divisions.

The new card is based on the GP102 GPU and will offer 3,584 CUDA cores at a base clock of 1417MHz and a boost clock of 1531MHz. While this is somewhat slower than Nvidia’s GTX 1080, which ships at 1607MHz / 1733MHz, the 40% increase in cores (the 1080 has just 2560) will more than offset the 12% decrease in clock. A new 384-bit memory bus gives the GPU 480GB/s of bandwidth — almost as much as what AMD debuted with its Fury X last year, but coupled to a far more powerful GPU.

Performance is said to be up to 60% faster than the Maxwell-based Titan X, but given that the 1080 is already capable of winning past that card, the performance improvement over 1080 is probably in the 25-35% range based on core counts and the other speeds and feeds. TDP on the new GPU is 250W, which is still quite svelte compared to other high-end GPUs from past generations. Unlike past Titan’s, there won’t be any third-party availability on Titan X. Nvidia will only sell the card directly through its own website without partner participation, though OEMs will still be able to order and include the card.

This is obviously as much a luxury play as anything, given that Nvidia’s GTX 1080 is meant to retail for $599 and 2x GTX 1080’s would easily outperform a single Nvidia Titan X. Many gamers prefer not to use multi-GPU configurations, however, since a single high-end GPU typically delivers better frame times and smoother performance. Low-overhead APIs have the potential to change that thanks to new methods of sharing workloads between cards, but we’ve only seen very limited support for multi-GPU in DX12 titles to date. At the same time, Nvidia may have some difficulty justifying this GPU’s price tag. Even if we assume this card is a flat 40% faster than the GTX 1080, you’d be paying 2x the cash for 1.4x the performance. Then again, people with money to burn who want the best often don’t care — and nobody who doesn’t have cash to burn buys $1,200 video cards in the first place.

There’s not much to say about competition for the Nvidia Titan X that doesn’t revolve around previous-generation Nvidia products. With AMD holding its fire at the high-end until late this year or early next, there’s nothing in the old Fury product line that can match the firepower Nvidia is bringing to the table. Async compute and better performance in DX12 has helped Fury and Nano products already on the market, but if you want top-end performance in both APIs, Nvidia’s GTX 1070 and 1080 have already cleared the tables.

support: www.extremetech.com
<meta name="google-site-verification" content="NXg0thvcn297ISV_z1GUah69IDZFZAtT4yQwSe99z7w" />