The Good, the Bad and the Ugly in Cybersecurity – Week 42

The Good

This week saw the launch of a series of meetings tied to the recently-launched “US National Security Council Counter-Ransomware Initiative”. The overarching goal is to garner support from other countries and then band together to address the ongoing threat of ransomware.

During the “Virtual Counter-Ransomware Initiative Meetings”, US President Joe Biden and leaders from other countries agreed to focus not only on the enormous threat that ransomware poses to national infrastructures, but also to hold accountable those that participate in the “ransomware economy”. It was agreed that it should be considered unacceptable to harbor ransomware operators within the participating countries’ borders.

The list of participating countries included Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States. Notably absent, of course, were Russia, China, Iran and North Korea.

Not all of the meetings were open to the press, which makes sense given the sensitivity of some of the targets involved, like critical infrastructure. All in all, the meeting is a welcome rally call to all the participating allies and partners. Ransomware is a global problem, and requires a unified, global effort to truly counter it.

And on that note…

The Bad

This week, unfortunately, we saw no breaks in the occurrence of highly-impactful cyberattacks. Ecuador’s largest private bank, Banco Pichincha, was hit with a cyberattack over the weekend. According to a memo sent to employees, systems including email, self-service banking, and back-end banking applications were affected by the attack.


Source

Externally, the bank’s websites were affected along with ATMs and other kiosk-based services being rendered out of service. At the time of writing, it has not been confirmed whether or not this was a ransomware attack although some malware components like Cobalt Strike have already been identified in the impacted environment by investigators.

A similar scenario played out at the University of Sunderland, UK on Thursday. The university said its IT systems were likely suffering from a cyber attack and that there would be no access to email, Office 365, and all other University business systems, from home or on campus. In addition, no University networks, including Wi-Fi, would be available until further notice. As all the university’s IT systems were either overwhelmed or down, students were told to rely on updates from the school’s social media accounts for further details.

The Ugly

As if to underscore the relevance of the news stories above, this week saw the release of two ransomware reports by Google and Google-owned malware repository service VirusTotal that bleakly outline the scale of the threats facing businesses, and indeed, all of society, today.

VirusTotal’s ransomware report identified 130 different ransomware families active over the last 18 months after analyzing a staggering 80 million ransomware-related samples uploaded to the service. The report found GandCrab to be by far the most common threat out there.

  • GandCrab 78.5%
  • Babuk 7.61%
  • Cerber 3.11%
  • Matsnu 2.63%
  • Wannacry 2.41%
  • Congur 1.52%
  • Locky 1.29%,
  • Teslacrypt 1.12%
  • Rkor 1.11%
  • Reveon 0.70%

Attacks against Isreali targets were by far the most prevalent, the report stated, a statistic no sooner published than added to on Wednesday when hospital facility Hillel Yaffe Medical Center in Israel’s Northwest was forced to cancel and redirect all non-urgent procedures as a result of a ransomware attack.

Meanwhile, VirusTotal’s parent company Google said this week that on any given day, they are tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. In 2021 to date, the company said they’d seen a 33% increase in attacks compared to last year.

What does all this mean for the average business? It means, cybersecurity-wise, we live in a dangerous world in which every organization is a potential target. If you’re not taking effective precautions to prevent and contain the possibility of a ransomware or other kind of cyber attack, you are gambling in a game where the odds of escaping a serious security incident are increasingly stacked against you.

Customer Centricity, a Key to Success

A Humble Beginning

7.5 years ago when I met Tomer Weingarten, our CEO and co-founder, for the first time, he was as clear then as he is today about the mission. “I’m looking for a VP of customers” he said, and back then, we had none. But it was clear that in order to make a difference, we wouldn’t just need great technology and fortuitous execution, we’d also need happy customers, and lots of them.

Fast forward to today, over 5,400 customers, and in our first ever earnings call since becoming public, Tomer mentioned our phenomenal NPS score of over 70, which is a place the best SaaS companies in the world aspire to be in. So how did we get here? And what are we doing to make it even better? I’ll try to cover some of that in this blog, and with enough likes and shares maybe we’ll even make it a series :).

The Hierarchy of Customer Success

Before SentinelOne, I spent over a decade at the network security giant Check Point, so together with nearly 20 years of experience, I’ve created this simple visualization that showcases what it’s all about. I call this the hierarchy of CS, taken from the notion of Maslow’s pyramid of needs, the basic CS needs are at the bottom, and as you go up the hierarchy, you get to where all companies want their customers to be – delighted!

Customer Focus Across the Company

Remember it’s not enough to have customer focus in your post-sales functions alone to reach the top of the pyramid, you really have to create an understanding and adoption of that notion in all parts of the business.

From product management (building what customers actually need), to engineering (focusing on their use cases), Sales (Listening, caring), and even G&A (like comfortable payment terms). It’s both a bottom-up and a top-down approach, where executives are not just pointing fingers, but getting in front of customers to listen and be a partner.

It’s All About the People

My brother once told me not to be cheap on my car’s tires, “it’s the only thing connecting you to the road” he said.

Well, if the company is the car, and the customer is the road, then your post-sales teams are the tires–they are the only thing connecting you to your customers. Further squeezing that analogy, it’s also the best way you can get the customer journey to go to where you want it to.

Our methodology was always to hire the best possible talent, hand-picked, and make sure they reside in the location where customers need them the most. We also use a “follow-the-sun” model for most of our services, allowing us to hire the best engineers in their business hours, and maintain better work-life balance across the board. Happier engineers translate into happier customers.

The Rocket Ship is Leaving the Atmosphere

So by now you know how successful SentinelOne’s journey has been so far, but our IPO is only the beginning. We’re continuing to grow, innovate, and take bigger bites of our market.

This is your opportunity to join, and make a difference. If you want to work in an innovative and growth environment, and love customers – your place is with us. We’re hiring for dozens of roles across all parts of the business.

Interested in Learning More About Life at SentinelOne?

Learn more about SentinelOne’s values here. Explore global career opportunities with SentinelOne here.

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication in its “attempt to embarrass the state and sell headlines for their news outlet.”

Missouri Gov. Mike Parson (R), vowing to prosecute the St. Louis Post-Dispatch for reporting a security vulnerability that exposed teacher SSNs.

The Post-Dispatch says it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials, and that more than 100,000 SSNs were available. The Missouri state Department of Elementary and Secondary Education (DESE) reportedly removed the affected pages from its website Tuesday after being notified of the problem by the publication (before the story on the flaw was published).

The newspaper said it found that teachers’ Social Security numbers were contained in the HTML source code of the pages involved. In other words, the information was available to anyone with a web browser who happened to also examine the site’s public code using Developer Tools or simply right-clicking on the page and viewing the source code.

The Post-Dispatch reported that it wasn’t immediately clear how long the Social Security numbers and other sensitive information had been vulnerable on the DESE website, nor was it known if anyone had exploited the flaw.

But in a press conference Thursday morning, Gov. Parson said he would seek to prosecute and investigate the reporter and the region’s largest newspaper for “unlawfully” accessing teacher data.

“This administration is standing up against any and all perpetrators who attempt to steal personal information and harm Missourians,” Parson said. “It is unlawful to access encoded data and systems in order to examine other peoples’ personal information. We are coordinating state resources to respond and utilize all legal methods available. My administration has notified the Cole County prosecutor of this matter, the Missouri State Highway Patrol’s Digital Forensics Unit will also be conducting an investigation of all of those involved. This incident alone may cost Missouri taxpayers as much as $50 million.”

While threatening to prosecute the reporters to the fullest extent of the law, Parson sought to downplay the severity of the security weakness, saying the reporter only unmasked three Social Security numbers, and that “there was no option to decode Social Security numbers for all educators in the system all at once.”

“The state is committed to bringing to justice anyone who hacked our systems or anyone who aided them to do so,” Parson continued. “A hacker is someone who gains unauthorized access to information or content. This individual did not have permission to do what they did. They had no authorization to convert or decode, so this was clearly a hack.”

Parson said the person who reported the weakness was “acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet.”

“We will not let this crime against Missouri teachers go unpunished, and refuse to let them be a pawn in the news outlet’s political vendetta,” Parson said. “Not only are we going to hold this individual accountable, but we will also be holding accountable all those who aided this individual and the media corporation that employs them.”

In a statement shared with KrebsOnSecurity, an attorney for the St. Louis Post-Dispatch said the reporter did the responsible thing by reporting his findings to the DESE so that the state could act to prevent disclosure and misuse.

“A hacker is someone who subverts computer security with malicious or criminal intent,” the attorney Joe Martineau said. “Here, there was no breach of any firewall or security and certainly no malicious intent. For DESE to deflect its failures by referring to this as ‘hacking’ is unfounded. Thankfully, these failures were discovered.”

Aaron Mackey is a senior staff attorney at the Electronic Frontier Foundation (EFF), a non-profit digital rights group based in San Francisco. Mackey called the governor’s response “vindictive, retaliatory, and incredibly short-sighted.”

Mackey noted that Post-Dispatch did everything right, even holding its story until the state had fixed the vulnerability. He said the governor also is attacking the media — which serves a crucial role in helping give voice (and often anonymity) to security researchers who might otherwise remain silent under the threat of potential criminal prosecution for reporting their findings directly to the vulnerable organization.

“It’s dangerous and wrong to go after someone who behaved ethically and responsibly in the disclosure sense, but also in the journalistic sense,” he said. “The public had a right to know about their government’s own negligence in building secure systems and addressing well-known vulnerabilities.”

Mackey said Gov. Parson’s response to this incident also is unfortunate because it will almost certainly give pause to anyone who might otherwise find and report security vulnerabilities in state websites that unnecessarily expose sensitive information or access. Which also means such weaknesses are more likely to be eventually found and exploited by actual criminals.

“To characterize this as a hack is just wrong on the technical side, when it was the state agency’s own system pulling that SSN data and making it publicly available on their site,” Mackey said. “And then to react in this way where you don’t say ‘thank you’ but actually turn on the reporter and researchers and go after them…it’s just weird.”

Windows 11 Arrives | With Day One Support From SentinelOne

In June, Microsoft announced Windows 11, the next version of its Windows operating system. As of October 5th, the new OS began rolling out to excited Windows users the world over. Here at SentinelOne, we made sure that our users would be supported on Windows 11 from day one, benefiting from all the trusted security features they’ve come to expect from the SentinelOne platform.

What is Windows 11 and How Do I Get It?

According to Microsoft, Windows 11 is a free upgrade for Windows 10 users that began a staggered roll out on October 5th to select devices. Windows 11 changes the design aesthetic of the Windows platform and offers a number of new features. The most important change between Windows 11 and Windows 10, however, lies under the hood.

Minimum specs for the new version of this OS include Windows 10 and at least 4GB of RAM and 64GB of storage. Even then, the primary consideration is the processor. In general, machines older than three or four years may not support Windows 11, so be sure to check Microsoft’s exact technical requirements or download the PC Health Check app before upgrading your devices.

Windows 11 Device Compatibility

If your device is compatible with Windows 11, a Microsoft update will be made available to you at some point from October 5th, with the full roll out expected to extend into 2022.

Is Windows 11 More Secure Than Windows 10?

As with any operating system update or upgrade, you should always expect security updates that improve the overall security posture of your device. The hardware requirements for Windows 11 will also ensure that, by design, devices capable of running this and later Windows OSs will not be susceptible to some known classes of vulnerabilities like Spectre and Meltdown.

However, like Windows 10 and previous versions of Microsoft’s operating systems, Windows 11 is not a complete rewrite of the Windows OS from the ground up. For compatibility reasons, much of the underlying codebase remains the same as Windows 10, and threat actors will continue to find and exploit software vulnerabilities as well as manipulate users through well known social engineering techniques like phishing and business email compromise, and deploy malware and ransomware.

Does SentinelOne Support Windows 11?

Yes, we do. If your device can run Windows 11, then you will find it is supported by the SentinelOne agent out of the box. The SentinelOne Windows agent, version 21.5 and above, fully supports the release of Windows 11.

SentinelOne supports Windows 11

Even better, there is no action required prior to upgrading to Windows 11 so long as your current agent version is 21.5 or later. The Sentinelone Windows agent provides the same security and performance coverage on Windows 11 as on Windows 10.

What About Older Versions?

For machines with a Sentinelone agent version prior to 21.5, the option to upgrade to Windows 11 will be blocked to avoid leaving the device unprotected. Ensure the SentinelOne agent is upgraded to version 21.5 or higher in order to upgrade to Windows 11.

For more information, please refer to Sentinelone support documentation or contact us.

Want To Try SentinelOne?

Want to see how SentinelOne can protect your Windows, Mac, Linux, Cloud Container, IoT and other devices? Contact us for more information or get a free demo.

The Best Delta Children Kids’ Chairs

Delta Children is a United States-based company that specializes in children’s furniture. The company was founded in 1968 and has since expanded into a wide array of products.

Delta Children’s Products produces furniture for children and toddlers. The company offers a wide range of styles, including contemporary, modern, traditional, transitional, and cottage kids’ chairs.

Their goal is to provide parents with safe, high-quality products for their children. Delta pieces are known for being sturdy, attractive additions to your child’s room or play area.

The best thing is: you can find them online on Amazon! Here are some of our favorite chairs.

Delta Children Upholstered Chair

Delta Children Upholstered Chair

First up, we have the Delta Children Upholstered Chair – a fan favorite on Amazon! The fun character design of this chair makes it an excellent choice for boys and girls. It’s upholstered in microfiber fabric with a sturdy wood frame and metal legs. The chair can hold children weighing as much as 100 pounds.

Many reviewers love this colorful chair for their kids’ bedrooms and play areas. Others have purchased several chairs to create a fun reading nook in their child’s room. It can be hard to find a comfortable place for children to read, but the Delta Children Upholstered Chair makes a perfect spot.

It’s also a great choice for kids who are too big for their high chairs but not ready to sit at the table. Children can use this chair at playtime or as extra seating when they need it. Since this Delta piece is so affordable, you might even consider buying more than one!

Overall, this chair is an excellent value for the price. It’s an affordable piece that can be used in several situations!

Regardless of what cartoon is your child’s favorite, it’s likely that you will find Delta Children Upholstered Kids Chair with its beloved character:

Delta Children High Back Upholstered Chair

Delta Children High Back Upholstered Chair

Another good choice for kids is the Delta Children High Back Upholstered Chair. This budget-friendly chair features a thickly padded seat and backrest. It’s upholstered in polyester with a sturdy wood frame. The frame is built to hold up to 100 pounds of weight.

Many of these chairs feature characters that children love, whether from favorite TV shows or comic books.

It also makes a good spare chair for when you have company over! Children can place it in their rooms or at the dining table for added seating.

Delta Children Chair Desk with Storage Bin

Delta Children Chair Desk with Storage Bin

Some kids need a little extra help with their homework. A chair desk with a storage bin is a great solution for children who have difficulty staying organized.

The Delta Children Chair Desk is helpful in any room of the house, from the bedroom to the playroom. The wide surface adds ample space for your child’s books, calculators, pens, and paper. Plus, the storage bin is a great place to keep crayons, books, and other supplies.

This piece is a great way to give your child their own little work area. For years, this chair desk has been a top choice on Amazon. It’s super functional, and the attractive design makes it a great addition to any child’s room.

Delta Children Cozee Fluffy Chair with Memory Foam

Delta Children Cozee Fluffy Chair with Memory Foam

The next item on our list is the Delta Children Cozee Fluffy Chair with Memory Foam. This chair is excellent for lounging or watching TV.

The memory foam provides your child with an extra boost of comfort for those cozy movie nights. It’s also perfect for video game marathons.

The sturdy wood frame and foam filling will keep your child sitting comfortably for hours. Side pockets are designed to hold your child’s game console or snacks.

This piece is both comfortable and practical. It’s available in several colors and patterns, including:

Delta Children Chelsea Kids Upholstered Chair with Cup Holder

If you’re looking for a stylish and practical kids’ chair, then take a look at this next option: Delta Children Chelsea Kids Upholstered Chair with Cup Holder.

This piece is ideal for smaller children who may need additional support when sitting. It features an upholstered seat and backrest in polyester fabric. The seat and backrest are both padded for your child’s comfort.

The armrests on this chair will help keep younger kids from falling forward as they slouch down in their seats. Plus, the cup holder is a great place to store drinks or snacks.

This chair can also be considered a kids accent chair, as it comes in stylish colors: navy, soft pink, or grey.

Delta Children Cozee Cube Chair with Memory Foam

Delta Children Cozee Cube Chair with Memory Foam

Delta Children Cozee Cube Chair with Memory Foam is another great option on our list of the best chairs for kids.

The memory foam filling inside the chair offers extra comfort to your child as they sit down after a long day at school. It combines the comfort of a bean bag chair with the stability and support of traditional kids’ chairs.

This chair is available in three colors: navy, grey, and pink. It’s not designed for big kids, so it’s perfect for preschoolers or smaller children. If you’re looking for a gift idea that your child will love, then you have to check out this next chair.

Delta Children Saucer Chair

The final item on our list features a Delta Children Saucer Chair.

This comfy piece is made from the foam-filled cushion in durable polyester fabric. It’s designed to give your child extra comfort when lounging around or watching TV.

The durable metal frame is built to last. This piece is suitable for children ages three and up.

This stylish chair comes in designs tribute to the popular franchises:

Summary

delta-children-logo

Delta Children Chairs are great gift ideas for your kids. They are available in several attractive designs and colors.

These chairs are particularly useful if you’re looking for something to make your child feel more comfortable while watching TV or playing video games.

They are comfortable and practical while also giving every kid their own special place to sit.

More interesting reads

The post The Best Delta Children Kids’ Chairs appeared first on Comfy Bummy.

How Coinbase Phishers Steal One-Time Passwords

A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

A Google-translated version of the now-defunct Coinbase phishing site, coinbase.com.password-reset[.]com

Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com — was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.

Holden’s team managed to peer inside some poorly hidden file directories associated with that phishing site, including its administration page. That panel, pictured in the redacted screenshot below, indicated the phishing attacks netted at least 870 sets of credentials before the site was taken offline.

The Coinbase phishing panel.

Holden said each time a new victim submitted credentials at the Coinbase phishing site, the administrative panel would make a loud “ding” — presumably to alert whoever was at the keyboard on the other end of this phishing scam that they had a live one on the hook.

In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app.

“These guys have real-time capabilities of soliciting any input from the victim they need to get into their Coinbase account,” Holden said.

Pressing the “Send Info” button prompted visitors to supply additional personal information, including their name, date of birth, and street address. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.

SIFTING COINBASE FOR ACTIVE USERS

Holden said the phishing group appears to have identified Italian Coinbase users by attempting to sign up new accounts under the email addresses of more than 2.5 million Italians. His team also managed to recover the username and password data that victims submitted to the site, and virtually all of the submitted email addresses ended in “.it”.

But the phishers in this case likely weren’t interested in registering any accounts. Rather, the bad guys understood that any attempts to sign up using an email address tied to an existing Coinbase account would fail. After doing that several million times, the phishers would then take the email addresses that failed new account signups and target them with Coinbase-themed phishing emails.

Holden’s data shows this phishing gang conducted hundreds of thousands of halfhearted account signup attempts daily. For example, on Oct. 10 the scammers checked more than 216,000 email addresses against Coinbase’s systems. The following day, they attempted to register 174,000 new Coinbase accounts.

In an emailed statement shared with KrebsOnSecurity, Coinbase said it takes “extensive security measures to ensure our platform and customer accounts remain as safe as possible.” Here’s the rest of their statement:

“Like all major online platforms, Coinbase sees attempted automated attacks performed on a regular basis. Coinbase is able to automatically neutralize the overwhelming majority of these attacks, using a mixture of in-house machine learning models and partnerships with industry-leading bot detection and abuse prevention vendors. We continuously tune these models to block new techniques as we discover them. Coinbase’s Threat Intelligence and Trust & Safety teams also work to monitor new automated abuse techniques, develop and apply mitigations, and aggressively pursue takedowns against malicious infrastructure. We recognize that attackers (and attack techniques) will continue to evolve, which is why we take a multi-layered approach to combating automated abuse.”

Last month, Coinbase disclosed that malicious hackers stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature.

“To conduct the attack, Coinbase says the attackers needed to know the customer’s email address, password, and phone number associated with their Coinbase account and have access to the victim’s email account,” Bleeping Computer’s Lawrence Abrams wrote. “While it is unknown how the threat actors gained access to this information, Coinbase believes it was through phishing campaigns targeting Coinbase customers to steal account credentials, which have become common.”

This phishing scheme is another example of how crooks are coming up with increasingly ingenious methods for circumventing popular multi-factor authentication options, such as one-time passwords. Last month, KrebsOnSecurity highlighted research into several new services based on Telegram-based bots that make it relatively easy for crooks to phish OTPs from targets using automated phone calls and text messages.These OTP phishing services all assume the customer already has the target’s login credentials through some means — such as through a phishing site like the one examined in this story.

Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name.

In the phishing domain at issue here — coinbase.com.password-reset[.]com — password-reset[.]com is the destination domain, and the “coinbase.com” is just an arbitrary subdomain of password-reset[.]com. However, when viewed in a mobile device, many visitors to such a domain may only see the subdomain portion of the URL in their mobile browser’s address bar.

The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages or other media. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites.

Also, never provide any information in response to an unsolicited phone call. It doesn’t matter who claims to be calling: If you didn’t initiate the contact, hang up. Don’t put them on hold while you call your bank; the scammers can get around that, too. Just hang up. Then you can call your bank or wherever else you need.

By the way, when was the last time you reviewed your multi-factor settings and options at the various websites entrusted with your most precious personal and financial information? It might be worth paying a visit to 2fa.directory (formerly twofactorauth[.]org) for a checkup.

The Ultimate Guide To Moon Chairs For Kids

Moon chairs for kids have been popular for a long time, and there are plenty of reasons why. If you have found this article, we assume that you might be interested in buying one as well.

If you are keen to learn more about moon chairs, we suggest you keep reading. You will know what a kids’ moon chair is, the benefits of owning one, how to clean it, and where you can purchase them. We have also tested their safety, so stay tuned.

What is a Kids’ Moon Chair?

A kids’ moon chair is a small foldable chair for toddlers and small kids. It resembles the kids’ egg chair, but the size is smaller, and the weight is lower.

Moon chairs can be used indoors and outdoors because they’re made from sturdy material that’s easy to clean with a damp rag. That being said, they have been known to fade in the sun, so it’s best to give them some protection from the elements when possible.

The Moon Chair, also known as “Kinder Egg Chair” or “Moon Seats,” is a trendy piece of furniture for toddlers because they fit so well with their tiny bodies. In addition to being fun and stylish, these chairs provide a healthy and comfortable way for your toddler to sit.

What Are The Benefits Of Owning A Moon Chair?

Now that you know what a moon chair for kids is, we will look at the benefits of owning a moon chair. As you can imagine, there are many, but we have limited this article to the most common features people love about the moon chair.

Foldable

Most toddler chairs are small and can easily be folded for storage when not in use. This makes moon chairs perfect for anyone with limited space or looking to save money by minimizing their purchases.

Easy To Carry

The chair’s smaller size makes it easy to carry around your house, outside on the porch, or from room to room.

In addition, the moon chair’s low weight makes it easy for toddlers to pick up and carry themselves. It also means you won’t have difficulty loading the chair in and out of a car trunk when going on a family road trip.

Comfortable

Moon chairs for kids provide a comfortable place to lean back and relax. With a thick cushion, you can be sure that your young child will sit comfortably for as long as they like.

In addition, the thick cushion makes it easier to clean because you can remove most spills with a damp rag. In other words, you won’t have to drag out the vacuum when your child spills their juice on the chair!

Note that not all moon chairs are plushy. Some versions may be made for a lean-back feel like the ones adults would use, but most kids prefer something soft and cozy. It’s really up to your toddler which one they prefer.

Fun Designs

The great thing about kids’ moon chairs is that you can find them in practically any color, shape, and design. The sky’s the limit when it comes to choosing your child’s favorite style because there are so many varieties available.

Parents typically buy their children one or two styles based on their favorite color or how well they like them. For example, your child may like the green one with racing stripes because that is the color of their favorite sports team.

You can also choose styles based on how many kids will be sharing the chair. If you’re buying two chairs for your children, it’s a good idea to purchase similar moon chairs. If you’re buying only one chair, then it’s OK to get any style you like.

Cheap

You can typically find kids’ moon chairs for under $30, which is a steal considering how well-made and durable they are. Most kids’ moon chairs will last until their child has outgrown them or becomes too big for the chair.

Despite their lower price, you won’t have to sacrifice quality to save money. Keep in mind that price is just one small factor when deciding which chair is right for you and your child.

How Safe Are Moon Chairs?

With so many benefits, you may wonder if moon chairs are safe. The answer is yes! Moon chairs for kids are entirely safe when used correctly and under normal circumstances.

That being said, there are safety precautions you should take to ensure your child’s safety when using their chair, just like with any other piece of furniture or toy they’ll play with.

The first thing you should do is check the weight limit for your moon chair. Most chairs are suitable for children that weigh between 100-125 pounds but may vary depending on how sturdy or well-made your specific model is.

As long as you don’t purchase a chair that’s too small for your child’s size and weight, you won’t have to worry about it breaking.

You should also ensure that your child doesn’t climb on top of their chair or use it as a step ladder. Be sure to keep an eye on them as they play and keep the chairs out of rooms where children aren’t allowed, such as bathrooms, kitchens, or laundry rooms.

Can I Buy Moon Chairs for Kids on Amazon?

Of course, you can buy children’s moon chairs on Amazon! The great thing about shopping online is that it makes finding the chair of your child’s dreams a cinch.

You’ll be able to shop for moon chairs by searching through different categories such as most popular, top-rated, and best selling. You may also see some suggested items or other products that may interest you.

In addition, Amazon has a helpful customer review section where parents leave feedback about the moon chair. The reviews are precious because they provide real-world insight from other customers who have already purchased and used that product.

If you want to read more about the product before buying it, then be sure to check out the customer reviews.

You can browse for children’s moon chairs here.

How To Clean a Moon Chair

Moon chairs can get dirty quickly with a child playing in them constantly. Luckily, it’s easy to clean when you have the right tools.

To effectively remove any dirt from your children’s moon chair, you will need:

A vacuum cleaner
Rubber gloves
Spray bottle filled with soap and water solution
To start, use your vacuum cleaner to remove any large chunks of dirt. Then, put on rubber gloves and spray the moon chair with a mixture of water and soap.

You can also add in some vinegar or bleach, depending on how dirty the chair is. The solution will help break down any grime so that it’s easier to clean up.

Next, go over the chair with a damp sponge. Be sure to rub off any tough dirt spots and stains that remain on your children’s toy. You may need to repeat this step several times, depending on how dirty the toy is.

When you’re done cleaning it, be sure to let the moon chair air dry before allowing your child to play with it again.

More Interesting Reads

The post The Ultimate Guide To Moon Chairs For Kids appeared first on Comfy Bummy.

Patch Tuesday, October 2021 Edition

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has released updates for iOS and iPadOS to address a flaw that is being actively attacked.

Firstly, Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability (CVE-2021-30883) that is being leveraged in active attacks targeting iPhone and iPad users. Lawrence Abrams of Bleeping Computer writes that the flaw could be used to steal data or install malware, and that soon after Apple patched the bug security researcher Saar Amar published a technical writeup and proof-of-concept exploit derived from reverse engineering Apple’s patch.

Abrams said the list of impacted Apple devices is quite extensive, affecting older and newer models. If you own an iPad or iPhone — or any other Apple device — please make sure it’s up to date with the latest security patches.

Three of the weaknesses Microsoft addressed today tackle vulnerabilities rated “critical,” meaning that malware or miscreants could exploit them to gain complete, remote control over vulnerable systems — with little or no help from targets.

One of the critical bugs concerns Microsoft Word, and two others are remote code execution flaws in Windows Hyper-V, the virtualization component built into Windows. CVE-2021-38672 affects Windows 11 and Windows Server 2022; CVE-2021-40461 impacts both Windows 11 and Windows 10 systems, as well as Server versions.

But as usual, some of the more concerning security weaknesses addressed this month earned Microsoft’s slightly less dire “important” designation, which applies to a vulnerability “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”

The flaw that’s under active assault — CVE-2021-40449 — is an important “elevation of privilege” vulnerability, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system.

CVE-2021-36970 is an important spoofing vulnerability in Microsoft’s Windows Print Spooler. The flaw was discovered by the same researchers credited with the discovery of one of two vulnerabilities that became known as PrintNightmare — the widespread exploitation of a critical Print Spooler flaw that forced Microsoft to issue an emergency security update back in July. Microsoft assesses CVE-2021-36970 as “exploitation more likely.”

“While no details have been shared publicly about the flaw, this is definitely one to watch for, as we saw a constant stream of Print Spooler-related vulnerabilities patched over the summer while ransomware groups began incorporating PrintNightmare into their affiliate playbook,” said Satnam Narang, staff research engineer at Tenable. “We strongly encourage organizations to apply these patches as soon as possible.”

CVE-2021-26427 is another important bug in Microsoft Exchange Server, which has been under siege lately from attackers. In March, threat actors pounced on four separate zero-day flaws in Exchange that allowed them to siphon email from and install backdoors at hundreds of thousands of organizations.

This month’s Exchange bug earned a CVSS score of 9.0 (10 is the most dangerous). Kevin Breen of Immersive Labs points out that Microsoft has marked this flaw as less likely to be exploited, probably because an attacker would already need access to your network before using the vulnerability.

“Email servers will always be prime targets, simply due to the amount of data contained in emails and the range of possible ways attackers could use them for malicious purposes. While it’s not right at the top of my list of priorities to patch, it’s certainly one to be wary of.”

Also today, Adobe issued security updates for a range of products, including Adobe Reader and Acrobat, Adobe Commerce, and Adobe Connect.

For a complete rundown of all patches released today and indexed by severity, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center, and the Patch Tuesday data put together by Morphus Labs. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com frequently has the lowdown on any patches that are causing problems for Windows users.

On that note, before you update please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

The Good, the Bad and the Ugly in Cybersecurity – Week 41

The Good

In yet another new initiative to tackle the rampant success of cybercrime, the U.S. government this week laid out further measures to punish companies that either fail to keep their products secure or fail to be transparent about security incidents.

The new Civil Cyber-Fraud initiative is aimed at government contractors that fail to keep up with cybersecurity best practices. It will leverage the False Claims Act to levy financial penalties on offenders in the hope that it will encourage all contractors to both put in the appropriate investment in security tools and to report breaches promptly when they occur.

The government also announced further measures in relation to cryptocurrency exchanges, following last week’s OFAC sanction against SUEX, in the form of a new National Cryptocurrency Enforcement Team at the Department of Justice. The team will go after cybercriminals who target cryptocurrency marketplaces and who use exchanges to launder profits from cybercrime like ransomware.

The new measures are aimed at disrupting cybercriminals’ financial operations and ensuring cryptocurrency exchanges are held to the same standards as other financial institutions. Deputy AG Lisa Monaco said “If cryptocurrency exchanges want to be the banks of the future, we need to make sure people can have confidence in these systems”.

The Bad

Streaming platform Twitch suffered a massive leak of data this week that reportedly includes a significant portion of its IP, among which is source code for existing and future products and its own SOC’s internal red teaming tools. Twitch streamers have also been affected and warned by external experts to beware of phishing attacks after leaks of Twitch payouts went viral online.

Source

The breach was revealed on the infamous 4Chan message board by a user who, unsurprisingly in that context, called themselves ‘Anonymous”, along with a torrent of the usual abuse directed at the company. However, the hack was confirmed by a number of independent sources before Twitch themselves made a short announcement. Subsequently, the company said it had also reset all users’ stream keys “out of an abundance of caution”.

The hacker has already released one dump of the information and more are expected. It is thought that among the data stolen is:

  • A significant amount of Twitch’s source code with commit history “going back to its early beginnings”
  • Creator payout reports from 2019
  • Mobile, desktop and console Twitch clients
  • Proprietary SDKs and internal AWS services used by Twitch
  • “Every other property that Twitch owns” including IGDB and CurseForge
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

At the time of writing, Twitch’s official statement says that the data leak is “due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” Expect more details as the story unfolds and the company’s own investigation proceeds.

The Ugly

Perhaps the most unsurprising thing we saw in this week’s cyber news was the statement that “cybercriminals seem to have no moral compass”. And while that really shouldn’t come as a shock to anyone, it is nevertheless the lowest of the low to deliberately target healthcare organizations for ransomware attacks and data theft.

One particular ransomware operator has made healthcare their top target, with an estimated 20% of the gang’s earnings coming from this sector alone. Second highest: education. That’s no accident when you consider that healthcare and education share in common a lack of investment and expertise in cybersecurity.

Lowering the bar yet further, a gang of scammers dubbed Xgroup appear to be profiteering off equally ethically-challenged members of the public by offering a service that claims the gang will – for a fee – insert an unvaccinated COVID-19 person’s medical records into hacked hospital databases to make it appear that the person has been fully vaccinated.

The group appear to have identified a lucrative market among those unwilling to be vaccinated yet desiring the benefits of travel and access afforded to those that have done the responsible thing. The scammers may be after more than just the initial payout from their victims. As part of the service to provide a false vaccination record, the scammers require the victim to provide a huge amount of sensitive personal data to (supposedly) enter into the hospital’s (allegedly) hacked database. That information could, of course, be used against the victim in other hacks on their bank accounts or be used to obtain false identities useful for other crimes, cyber and otherwise.

We’ll leave the moral of the story up to the reader, and merely note that aside from all the other bad consequences a scammed victim could face, in most jurisdictions it’s a criminal offence to pay someone to hack a hospital database, a fact which gives the scammers yet one more hold over anyone foolish enough to get involved with them.

Massive Attack | Why MSPs Are Prime Targets for Cybercriminals and APTs

In parallel to the massive digital transformation that changed the way we work, consume and interact through the digital medium, threat actors also revamped their capabilities. In recent years, supply chain attacks have gone from rare to increasingly common, and the payoff for threat actors of all stripes that successfully compromise a Managed Service Provider (MSP) far outweighs either the investment or risk.

In this post, we will describe how MSPs have become the most lucrative targets for cybercrime and nation-state attacks. We’ll cover the recent history of attacks and what MSPs should do keep themselves – and their clients – safe.

A Brief History Of Recent Attacks On MSPs

Kaseya VSA – In July 2021, attackers targeted Kaseya VSA servers used by MSPs to deliver REvil ransomware to thousands of corporate endpoints in what appears to be the largest mass-scale ransomware incident to date. The attackers exploited a zero-day vulnerability in a VSA component and leveraged that in an exploit chain that bypassed Windows Defender and other native OS security measures. The attackers claimed to have infected “more than a million systems”.

SolarWinds Orion – In December 2020, news broke of a supply chain attack affecting some 18,000 or more public and private organizations. The victims were compromised through a trojanized SolarWinds Orion software update which delivered the SUNBURST backdoor. While SUNBURST is widely believed to have been the work of Russian Intelligence threat actors, a separate attack attributed to a different threat actor and dubbed SUPERNOVA was also discovered within a week of SUNBURST. The SUPERNOVA malware takes the form of a webshell implant that can distribute and execute additional malicious code on victims’ devices.

Wipro, Infosys, Cognizant – In April 2019, a mass phishing campaign was identified that had successfully infiltrated Wipro, a major trusted vendor of IT outsourcing for U.S. companies. It is believed the actor had also targeted Cognizant and Infosys. Once breached, the MSPs’ trusted networks were used to launch cyber attacks against the company’s clients.

CloudHopper (APT10) – In 2017, an investigation into China-backed threat actor APT10 revealed a mass espionage campaign targeting MSPs and their clients dubbed ‘Operation Cloud Hopper’. Researchers found that the threat actor, previously associated with attacks on government and defence organizations, had turned to targeting enterprise service providers and cloud hosting companies as part of a sustained and wide scale series of supply chain attacks. In early 2018, Norwegian MSP Visma was believed to have been targeted by the same threat actor, indicating China’s strategic targeting of MSPs around the globe.

Why MSPs?

With the increasing demand to support business needs, more organizations outsource IT and security to MSPs. According to MarketsAndMarkets research, the global managed IT services market will reach $354.8 billion by 2026, up from $242.9 billion in 2021.

Many small to midsize businesses (SMBs) rely on MSPs to assist them with cost-effective IT infrastructure management, monitoring, and general support. In addition, companies regularly trust MSPs to protect their data, but we have to remember that MSPs are often small businesses themselves. And as attack vectors increase by the minute, there seems to be no end in sight to the growing pressures on MSPs.

MSPs: How to Protect Your Customers and Yourself

Like any other organization, MSPs need to cease considering security as a liability and understand cybersecurity is now part of the cost of doing business. This should translate into employee awareness, budget and mindset. Here are a few steps to start with.

Ebook: Understanding Ransomware in the Enterprise
This guide will help you understand, plan for, respond to and protect against this now-prevalent threat. It offers examples, recommendations and advice to ensure you stay unaffected by the constantly evolving ransomware menace.

Coverage – Don’t Leave Any Endpoint Behind

Looking at historical attack data, you can see that attackers are looking for the easy way in. Sometimes it’s a phishing email; in other cases, it’s just an endpoint facing the internet that is unprotected. Once a foothold is achieved, the attack becomes much more straightforward to implement. Additionally, we’ve seen attacks utilizing vulnerabilities and using Active Directory to access more places.

To be on top of these, MSPs should ensure no endpoint is unprotected. Remember that any internet-connected computer, no matter how insignificant in your workflows, provides an entrypoint to the rest of your network, and therefore should be protected by an endpoint security solution. In addition, be sure to implement tools against phishing, and educate your users on how to identify, avoid and report phishing attempts.

Automate – Let Technology Work For You

We all know that MSPs are working on relatively small margins and need to be efficient. Unfortunately, most MSPs cannot afford to hire a big enough security team to manage and respond to threats as they come. That means you need technology that is autonomous – using the power of the computer itself to make security decisions – and which can be automated and integrated within the rest of your technology stack.

Tools that are simple to use that don’t require certified professionals to operate and which can be programmed with automated tasks through simple click-and-point interfaces are the means to better security with less cost. Can your security solution be automated to identify and deploy itself to unprotected endpoints? Can an endpoint be configured to harden its own security policy if a breach is detected? These and other tasks are simple configurations that can be set up once by a human operator and left to take care of themselves going forward.

Visibility – What You Can’t See, You Can’t Protect

On our corporate networks today, we have our employees’ desktops and laptops, their mobile devices, and a long list of IoT devices, starting from a coffee machine to network routers and other devices. Each of these increases the attack surface of your network, because they can have vulnerabilities, weak (or no) passwords, and introduce other ways entry points for attackers.

How can you keep track of the growing number of devices? It all starts with visibility and understanding what you have. To make it bullet proof, you should also be able to disconnect devices which introduce risk. When you reach the maturity level of knowing what is connected to your network, you’ve gone a long way toward protecting your network.

At The End of The Day, MSPs Are Enterprises

MSPs not only suffer from big and devastating attacks that hit the headlines; they are also targeted by common malware and ransomware attacks like every other organization today.

To effectively defend against ransomware, the first step is to ensure your critical files and data are backed up on a regular basis, including remote backups. The next critical factor is to deploy best-of-breed endpoint protection. That includes both endpoint protection (EPP) and endpoint detection and response (EDR).

The right EDR to detect and prevent ransomware and other malware attacks, which occur at machine speed, is one with automated responses that can react just as fast. Once an attack occurs, you cannot base the heart of your defense on human resources that only react minutes, hours or days after the fact. Ransomware operators pride themselves on delivering products to their customers that encrypt faster than their crimeware rivals. Your EDR needs to be equally as fast: reacting in real time to keep you safe from such attacks.

Conclusion

In this post, we covered why MSPs, perhaps more than other organizations today, need to be safe and consider security as part of their business strategy. MSPs are expected to assist and ease the lives of their customers, and if they become an entry point for malicious activities, the consequences can be catastrophic for both the MSP itself and the many clients who rely on them.

SentinelOne Storyline Active Response (STAR)
Customize EDR to adapt to your environment