Proactive Attack Surface Management for AWS Workloads with Amazon Inspector and SentinelOne

For the last decade, digital transformation has been fueled primarily by the adoption of cloud services which provide unmatched agility and reduced time to market when compared with legacy on-premises infrastructure. Most organizations have invested in public and hybrid cloud architectures to stay competitive, with nearly 94% of organizations using at least one cloud service. The COVID-19 pandemic has only accelerated plans to move to the cloud as security, high-priority and IT teams scaled to meet the demand for IT resources for a remote workforce.

Agile development practices that emphasize iteration and speed can overwhelm security teams who are not prepared to secure workloads as fast as they are created. This friction between DevOps and SecOps creates bottlenecks and an incentive for development teams to circumvent security and governance processes. As a result, there are often blind spots for security teams tasked with keeping cloud environments secure.

Cloud Misconfigurations on the Rise

Governance of workloads is often performed once when the workload is deployed, or sometimes not at all. And the specific configuration of workloads is inconsistent, with many instances deployed without critical controls. According to the State of Cloud Security 2021 report, misconfigurations remain the number one cause of cloud breaches.

Over 36% of organizations have suffered a cloud security leak or a breach in the last year, and 80% believe they are vulnerable to a breach related to a misconfigured cloud resource.

Under the AWS Shared Responsibility Model, the customer is responsible for configuring resources so that they are secure. While cloud adoption is rising, legacy security tooling designed for on-premises environments has failed to keep up and is not suited for cloud environments. One such technology is traditional vulnerability scanning and assessment tools, which rely heavily on on-premises appliance deployments and bandwidth-heavy scanning. This approach is insufficient for security teams looking to embrace the cloud with the confidence of knowing that their critical applications and services are configured in a secure manner.

Even organizations that have a vulnerability scanning tool deployed to their cloud environments often struggle in three areas:

  • Observability: Ingesting infrastructure vulnerability data and correlating with EDR telemetry from within the application workload
  • Operationalize: Visualize the most critical vulnerabilities to prioritize remediation
  • Actionability: Performing remediation across the cloud environment at scale

Cloud-Native Approach to Vulnerability Assessment

Vulnerability assessment for AWS workloads hasn’t been straightforward until now, with the launch of Amazon Inspector.

Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. With a few clicks in the AWS management console, you can enable Inspector across all accounts in your organization. Once enabled, Inspector automatically discovers all running Amazon EC2 instances and container images residing in Amazon Elastic Container Registry (ECR) at any scale and immediately starts assessing them for known vulnerabilities.

An Inspector risk score is created for each finding by correlating Common Vulnerabilities and Exposures (CVE) information with factors such as network access and exploitability. This score is used to prioritize the most critical vulnerabilities to help increase remediation response efficiency.

All findings are aggregated in a newly designed Inspector console and pushed to AWS Security Hub and Amazon EventBridge to automate workflows. Vulnerabilities found in container images are sent to Amazon ECR for resource owners to view and remediate. With Inspector, even small security teams and developers can ensure infrastructure workload security and compliance across your AWS workloads.

Inspector creates a list of prioritized findings for security teams to prioritize remediation based on the impact and severity of vulnerabilities. These reports can provide valuable insights into opportunities for security and cloud teams to reduce their overall cloud attack surface.

SentinelOne Integration for Amazon Inspector

Today, we are delighted to introduce the SentinelOne Integration for Amazon Inspector, which provides support for Amazon Inspector findings with the SentinelOne Data Platform. The SentinelOne Data Platform is a massively scalable, cloud-native logging and analytics platform built on AWS that is designed to ingest, normalize, correlate, and action limitless datasets.

SentinelOne integrates with Amazon Inspector to provide unified visibility of vulnerabilities within AWS infrastructure.  SentinelOne ingests Amazon Inspector findings from Amazon EventBridge and correlates against logs from additional security and DevOps data sources. The SentinelOne Data Platform provides powerful querying and threat hunting features to make searching and pivoting within the datasets simple for security and cloud teams.

The SentinelOne Data Platform provides powerful querying and threat hunting features

Within SentinelOne, analysts can use prebuilt dashboards to view high priority vulnerabilities from Amazon Inspector. Data from Inspector is enriched with links to view additional information about CVEs from the MITRE National Vulnerability Database. With this data, analysts can view the most common vulnerabilities within their environment, the most severe, and additional context about a given CVE from a single pane of glass.

Sorting and view vulnerabilities is easy in the Inspector

When a vulnerability needs to be remediated, the SentinelOne Data Platform’s alerting is ready with native support for AWS Lambda, EventBridge, SQS, and SNS — allowing you to not only identify issues quickly but accelerate vulnerability remediation.

By interacting natively with AWS, you can leverage existing remediation patterns and curate them, if needed, to fit your business rules.

Leverage existing remediation patterns to fit your business rules

Bridging Workload Protection and Vulnerability Assessment

Vulnerability management is a crucial activity for maintaining good security hygiene. While prioritizing and remediating vulnerabilities will go a long way towards reducing the total attack surface, legacy custom applications lifted and shifted to the cloud may not be able to be updated fast enough to address open vulnerabilities. Regardless of the application, workloads within cloud environments should have measures to protect, detect and respond to active threats from vulnerabilities that may have been exploited.

Cloud VMs, cloud instances, and containers are just as vulnerable to known vulnerabilities, zero-day attacks, and malware as user endpoints.  Runtime protection, detection, and response are critical to effective cloud workload security.  Singularity Cloud Workload Security includes enterprise-grade protection, EDR, and Application Control to secure your cloud apps wherever they run. Our Linux Sentinel and Windows Server Sentinel deliver runtime security for VMs, and our Kubernetes Sentinel provides runtime security for managed and self-managed Kubernetes clusters.

A single, resource-efficient, Sentinel agent delivers autonomous runtime protection, detection, and response across the hybrid cloud estate. SentinelOne brings runtime security to Amazon EKS, Amazon EKS Anywhere, Amazon ECS, and Amazon ECS Anywhere, with automated kill and quarantine, application control, and complete remote shell forensics.

SentinelOne Singularity uses Behavioral AI to evaluate threats in real-time, delivering high-quality detections without human intervention. Our solution automatically correlates individual events into context-rich Storylines™ to reconstruct the attack and easily integrates threat intelligence to increase detection efficacy. Analysts can remediate all affected endpoints and cloud workloads with a single click, without the need to write any new scripts, simplifying and reducing mean time to respond.

Preserving the immutable state of production cloud workloads is a key control to protecting them against malware like crypto-jacking coin miners and zero-day attacks.  All expected processes are defined within the workload image.  When a change is to be made, instead of updating an image already in production, DevOps decommissions the old and releases a new image.

The SentinelOne Application Control Engine prevents your workload from being hijacked by rogue processes by automatically detecting and killing any executable not found in the image, reducing the possibility of a successful vulnerability exploit.

With SentinelOne Integration, customers can unify cloud workload protection with vulnerability insights from Amazon Inspector. Context-rich EDR telemetry can be queried alongside vulnerability information from Amazon Inspector, giving security analysts a single dataset for identifying open vulnerabilities and detecting successful vulnerability exploits.

Conclusion

Using SentinelOne Integration to connect Amazon Inspector findings with cloud-native protection for AWS workloads, organizations can use best-in-breed solutions to identify vulnerabilities proactively and detect and respond to active exploits of vulnerable applications. Together, security and DevOps teams can innovate rapidly, securely and embrace cloud adoption with confidence.

To learn more about SentinelOne for AWS, visit s1.ai/AWS.

Magical Christmas for your kids? Here’s what you need!

Hey, Moms and Dads! Good news for you: Santa’s on his way! He’ll be here any minute now, and you don’t need to worry about your children waiting patiently for him. And while we wait, why not get ready and implement the Christmas spirit in your home already now?

Christmas time is magical, indeed! It’s the most wonderful time of the year when everyone has that warm-fuzzy feeling inside them. It’s also a time for sharing and caring, as well as spending some family time together. Everything can become magical when you put the right effort into it! Here are some tips to help you make this Christmas truly remarkable for your kids!

1. Let there always be light!

With cold weather outside, it’s essential that you make the atmosphere inside as cozy and warm as possible to give your kids a good start to the day. Start with some colorful lights to brighten up the house!

Cozy lights are easily accessible, and they don’t have to break your bank either. You can find them in all shapes and sizes, so there’s definitely something for everyone!

Our personal favorite are LANFU LED Icicle Lights; they make your house look like it’s decorated with sparkly icicles! These outdoor Christmas lights have eight different modes – with just one button, you may alter them. The ambiance of the lights in various situations changes to suit your moods, making you feel warm and cheerful.

2. Create a cozy atmosphere for your kids

The fireplace is a perfect centerpiece for creating a warm and welcoming environment in your home. With some help from today’s technology, you don’t need to worry about fire being dangerous for children – you can now get electric fireplaces!

An electric fireplace gives you warmth and coziness while increasing the overall aesthetics of your home. It creates a Christmas feeling without any smoke or fuss that comes with real fireplaces. Flames look super realistic too!

What else? Add some Christmas-themed decorations to make it even cozier. You could also spoon up some hot chocolate or other winter-themed drinks with your kids while you enjoy some nice music in the background. If you’re looking for an excellent way to start this day, then nothing can go wrong with listening to Christmas carols or singing together!

3. Involve the whole family in decorating

Let’s be honest here: who doesn’t like getting dressed up on Christmas? But don’t forget that the fun must not only be for the kids! Let them help you out in decorating, too!

Having them be involved in making the house look nice will also give them self-confidence and pride for their home. They’ll always have the memories of getting home Christmas-ready.

Christmas-themed chair covers are a great way to give your kids the ability to help you out. They are effortless to put on but give a strong effect!

You can choose from many different styles of chair covers for your home so that the kids will love the process even more! They’re inexpensive, unlike other decorations, but they surely add a lot of flavor to any interior. Here are some excellent examples!

Jhua Christmas Back Chair Covers (Set of 3)

The Christmas tree, snowflake, gnome elf pattern on the linen dining chair covers to match the holiday season. This Christmas-themed red, white, and green color will brighten up your day.

Linen and plaid cloth are used to make those chair back covers, which are long-lasting, wear-resistant, and pleasant to the touch.

CCINEE Christmas Chair Covers Santa Claus Hat (Set of 6)

Your kids will love these chair covers! They are made of the highest quality of fabric, making them super soft and comfortable to use. The Christmas chair back coverings are designed with a red Santa Claus hat and a white plush pom-pom on the top. It’s a lovely touch to your dining area. Cute and fun!

WYSRJ Christmas Chair Back Cover for Dining Room (Set of 6)

Three different styles of Christmas chair covers in one pack: Santa, Reindeer, and a Snowman. The set of 6 covers is a fantastic value for this purchase price. Cute and functional! These chair covers can make your interior look very stylish and festive. It’s a great addition to the holiday table!

4. Let’s bake some cookies!

There’s nothing more welcoming in a home than the smell of freshly baked cookies! But your kids will have even more fun if they get to help you out in making them, too! Also, this way, you can be sure that the ingredients are healthy and natural.

If you’re planning on baking some gingerbread cookies, then your house will smell like Christmas for sure. Your kids will also remember this day as a special family moment, and the time they got to spend with you making those tasty treats!

5. Climb into the Christmas spirit with some special activities

It’s important to take your kids out of the house for a while so they can get back all their energy. Down at the park, you could organize some snowman contests or have them build a snow fort!

Taking a walk is a great way to connect with nature and let your kids enjoy the outdoors. They will love walking across a snowy field, especially if there’s some freshly fallen snow from last night! You can even take a hiking trip if you need some outdoor adventure. Don’t forget to take an outdoor chair if your kids need some rest!

Kids’ outdoor chairs are specially designed to stand the test of time. They are comfortable, lightweight, and waterproof, making them perfect for use outside in any weather conditions.

Coleman Kids Quad Chair is a staple in this category. It comes at a low price, but it will definitely make your kids’ time outside extra comfy! It is so great that we wrote an entire article about it – Coleman Kids Quad Chair review!

6. Don’t forget to have a heart-to-heart talk with your kids

What’s the best way to understand what your kid is thinking? By asking them questions! This can be especially helpful in case one of them is feeling lonely since it’s Christmas. You could also ask about their wishes for this year so you can try to make them come true! Also, remind them that they are exceptional and that you love them very much.

7. Relax and enjoy the holiday spirit!

Christmas is a festive time of year, so it’s not wrong to relax and have some fun together with your family! For example, watching Christmas movies on TV could be a great way to finish this special day together. You can also try playing some board games together, like Jenga for instance. The important thing is to make sure that your kids are happy and safe! After all, this time should be all about your family!

The post Magical Christmas for your kids? Here’s what you need! appeared first on Comfy Bummy.

The Good, the Bad and the Ugly in Cybersecurity – Week 48

The Good

Thankfully, law enforcement is giving cybercriminals plenty to reflect on again this week with more arrests in the Ukraine. Five members of the so-called “Phoenix” hacking group, living in Kharkiv and Kyiv, were arrested by the SSU (Security Service of Ukraine), which continues to do great work harvesting bad guys.

The Phoenix operation specialized in acquiring remote access to accounts of mobile device users and stealing credentials for their e-payment or bank accounts. The criminals would then sell obtained data and account details to interested buyers. The group employed tried-and-tested phishing templates to lure device users into giving up their credentials. Fake Apple and Samsung login portals are a common example of said lure. In addition, the arrested individuals also reportedly contracted out their hacking services to other parties for as little as $100 to $200 a time.

The five individuals will be subject to charges under Article 361 of the Criminal Code of Ukraine.

These arrests are just the latest in a series of law enforcement actions against cybercriminals in the Ukraine. The country has been cracking down on ransomware, money laundering and DDoS attacks recently, and long may it continue!

The Bad

Earlier this week, users of Microsoft Defender for Endpoint got an unfortunate surprise. Following the installation of recently released security updates from Microsoft (KB5007206 and KB5007205), some systems were left with a non-functional install of Microsoft Defender on Windows Server Core, finding that after the patch was installed, Microsoft Defender services failed to startup, potentially leaving machines at risk.

At the time of writing, there is no official fix or workaround for this issue, should you encounter it. That said, Microsoft has been quoted as stating “We are working on a resolution and will provide an update in an upcoming release”.

Meanwhile, a novel malware has been discovered that embeds its payload in crontabs, thus earning itself the moniker “CronRAT”. The RAT (Remote Access Trojan) is specific to Linux and is engineered to detect and skim credit card data from relevant payment servers.

According to researchers, this RAT makes use of crontabs with dates that will never execute to hide and obfuscate malicious code. The payloads are further obfuscated via base64. Once reconstructed, the payload is able to execute the code generated from the specially-crafted task names, then contacts the C2 and runs additional commands.

Once active, the RAT essentially allows full control of the host. The SentinelOne platform is capable of detecting and preventing malicious behaviors associated with CronRAT.

The Ugly

High-value bio-manufacturing targets are at the heart of this week’s ugly story. Reports of a new malware dubbed “Tardigrade” have emerged, which appears to be part of active campaigns hitting bioeconomy facilities.


Source

According to reports from BIO-ISAC, one incident involving Tardigrade occurred in the Spring of 2021 and another in October 2021. The targeted facilities were not named. Attributed to an unknown APT actor, these attacks are just the latest targeting the bioecomomy. The researchers say that attacks are ongoing and that they disclosed details of the campaign to help the industry protect itself.

The Tardigrade malware loader (similar in some ways to Smoke Loader) was used to distribute and launch ransomware within the target environment. The Tardigrade loader allowed the attackers to establish access and move laterally as needed. The malware communicates with its C2 via encrypted channels and can automatically spread to adjacent network resources. When environments are targeted with Tardigrade, any destructive payload can be employed very rapidly. Phishing is the main vector for attack, with some indication that USB devices may be employed for physical penetration of air gapped systems.

BIO-ISAC has released recommendations which include phishing awareness training, reviewing network segmentation, testing of offline backups, and using behavioral detection. The researchers point out that “While many malware systems are polymorphic, this system seems to be able to recompile the loader from memory without leaving a consistent signature”.

The SentinelOne platform detects and prevents behaviors and artifacts associated with the Tardigrade malware.

The Internet is Held Together With Spit & Baling Wire

A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org.

Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones.

Based in Monroe, La., Lumen Technologies Inc. [NYSE: LUMN] (formerly CenturyLink) is one of more than two dozen entities that operate what’s known as an Internet Routing Registry (IRR). These IRRs maintain routing databases used by network operators to register their assigned network resources — i.e., the Internet addresses that have been allocated to their organization.

The data maintained by the IRRs help keep track of which organizations have the right to access what Internet address space in the global routing system. Collectively, the information voluntarily submitted to the IRRs forms a distributed database of Internet routing instructions that helps connect a vast array of individual networks.

There are about 70,000 distinct networks on the Internet today, ranging from huge broadband providers like AT&T, Comcast and Verizon to many thousands of enterprises that connect to the edge of the Internet for access. Each of these so-called “Autonomous Systems” (ASes) make their own decisions about how and with whom they will connect to the larger Internet.

Regardless of how they get online, each AS uses the same language to specify which Internet IP address ranges they control: It’s called the Border Gateway Protocol, or BGP. Using BGP, an AS tells its directly connected neighbor AS(es) the addresses that it can reach. That neighbor in turn passes the information on to its neighbors, and so on, until the information has propagated everywhere [1].

A key function of the BGP data maintained by IRRs is preventing rogue network operators from claiming another network’s addresses and hijacking their traffic. In essence, an organization can use IRRs to declare to the rest of the Internet, “These specific Internet address ranges are ours, should only originate from our network, and you should ignore any other networks trying to lay claim to these address ranges.”

In the early days of the Internet, when organizations wanted to update their records with an IRR, the changes usually involved some amount of human interaction — often someone manually editing the new coordinates into an Internet backbone router. But over the years the various IRRs made it easier to automate this process via email.

For a long time, any changes to an organization’s routing information with an IRR could be processed via email as long as one of the following authentication methods was successfully used:

-CRYPT-PW: A password is added to the text of an email to the IRR containing the record they wish to add, change or delete (the IRR then compares that password to a hash of the password);

-PGPKEY: The requestor signs the email containing the update with an encryption key the IRR recognizes;

-MAIL-FROM: The requestor sends the record changes in an email to the IRR, and the authentication is based solely on the “From:” header of the email.

Of these, MAIL-FROM has long been considered insecure, for the simple reason that it’s not difficult to spoof the return address of an email. And virtually all IRRs have disallowed its use since at least 2012, said Adam Korab, a network engineer and security researcher based in Houston.

All except Level 3 Communications, a major Internet backbone provider acquired by Lumen/CenturyLink.

“LEVEL 3 is the last IRR operator which allows the use of this method, although they have discouraged its use since at least 2012,” Korab told KrebsOnSecurity. “Other IRR operators have fully deprecated MAIL-FROM.”

Importantly, the name and email address of each Autonomous System’s official contact for making updates with the IRRs is public information.

Korab filed a vulnerability report with Lumen demonstrating how a simple spoofed email could be used to disrupt Internet service for banks, telecommunications firms and even government entities.

“If such an attack were successful, it would result in customer IP address blocks being filtered and dropped, making them unreachable from some or all of the global Internet,” Korab said, noting that he found more than 2,000 Lumen customers were potentially affected. “This would effectively cut off Internet access for the impacted IP address blocks.”

The recent outage that took Facebook, Instagram and WhatsApp offline for the better part of a day was caused by an erroneous BGP update submitted by Facebook. That update took away the map telling the world’s computers how to find its various online properties.

Now consider the mayhem that would ensue if someone spoofed IRR updates to remove or alter routing entries for multiple e-commerce providers, banks and telecommunications companies at the same time.

“Depending on the scope of an attack, this could impact individual customers, geographic market areas, or potentially the [Lumen] backbone,” Korab continued. “This attack is trivial to exploit, and has a difficult recovery. Our conjecture is that any impacted Lumen or customer IP address blocks would be offline for 24-48 hours. In the worst-case scenario, this could extend much longer.”

Lumen told KrebsOnSecurity that it continued offering MAIL-FROM: authentication because many of its customers still relied on it due to legacy systems. Nevertheless, after receiving Korab’s report the company decided the wisest course of action was to disable MAIL-FROM: authentication altogether.

“We recently received notice of a known insecure configuration with our Route Registry,” reads a statement Lumen shared with KrebsOnSecurity. “We already had mitigating controls in place and to date we have not identified any additional issues. As part of our normal cybersecurity protocol, we carefully considered this notice and took steps to further mitigate any potential risks the vulnerability may have created for our customers or systems.”

Level3, now part of Lumen, has long urged customers to avoid using “Mail From” for authentication, but until very recently they still allowed it.

KC Claffy is the founder and director of the Center for Applied Internet Data Analysis (CAIDA), and a resident research scientist of the San Diego Supercomputer Center at the University of California, San Diego. Claffy said there is scant public evidence of a threat actor using the weakness now fixed by Lumen to hijack Internet routes.

“People often don’t notice, and a malicious actor certainly works to achieve this,” Claffy said in an email to KrebsOnSecurity. “But also, if a victim does notice, they generally aren’t going to release details that they’ve been hijacked. This is why we need mandatory reporting of such breaches, as Dan Geer has been saying for years.”

But there are plenty of examples of cybercriminals hijacking IP address blocks after a domain name associated with an email address in an IRR record has expired. In those cases, the thieves simply register the expired domain and then send email from it to an IRR specifying any route changes.

While it’s nice that Lumen is no longer the weakest link in the IRR chain, the remaining authentication mechanisms aren’t great. Claffy said after years of debate over approaches to improving routing security, the operator community deployed an alternative known as the Resource Public Key Infrastructure (RPKI).

“The RPKI includes cryptographic attestation of records, including expiration dates, with each Regional Internet Registry (RIR) operating as a ‘root’ of trust,” wrote Claffy and two other UC San Diego researchers in a paper that is still undergoing peer review. “Similar to the IRR, operators can use the RPKI to discard routing messages that do not pass origin validation checks.”

However, the additional integrity RPKI brings also comes with a fair amount of added complexity and cost, the researchers found.

“Operational and legal implications of potential malfunctions have limited registration in and use of the RPKI,” the study observed (link added). “In response, some networks have redoubled their efforts to improve the accuracy of IRR registration data. These two technologies are now operating in parallel, along with the option of doing nothing at all to validate routes.”

[1]: I borrowed some descriptive text in the 5th and 6th paragraphs from a CAIDA/UCSD draft paper — IRR Hygiene in the RPKI Era (PDF).

Further reading:

Trust Zones: A Path to a More Secure Internet Infrastructure (PDF).

Reviewing a historical Internet vulnerability: Why isn’t BGP more secure and what can we do about it? (PDF)

The Best Animal Chairs for Kids

Children of all ages can benefit from adding a chair to their bedroom, playroom, or dorm. There are many factors parents should consider when choosing an appropriate seating option for kids, including safety and comfort levels. Animal chairs are not only adorable – but they also add color and character to any space. Whether your child is just starting on their own or growing up into a teenager, You can purchase animal chairs in various styles to suit any size and decor.

1. Animal Adventure | Sweet Seats | Teal Unicorn Children’s Plush Chair

If your child loves unicorns, this teal plush chair is the perfect addition to their bedroom. The soft beige head of the unicorn features a mane and wings that truly stand out against its vibrant color scheme.

Your little one will fall in love with this eye-catching piece from Sweet Seats. Featuring a comfortable and plush cushion seat, this chair is sure to become one of your child’s favorites. This piece, along with other Sweet Seats animal chairs, can be purchased from Amazon.

2. DEMDACO Polly Pink Puppy Large Children’s Plush Stuffed Animal Chair

If your child loves puppies, then this piece from DEMDACO should be added to their collection. The plush, upholstered puppy features a pink and brown color scheme and a sturdy base that can withstand significant weight.

Like other animal chairs from DEMDACO, this chair is an outstanding option for kids of all ages. This piece can be purchased from Amazon.

3. Soft Landing | Sweet Seats | Premium Monkey Children’s Plush Chair

If your child loves monkeys, they’ll fall in love with this plush piece from Sweet Seats. The adorable design features a monkey face and eyes on one side of the chair and a comfy back cushion. Your little one will love curling up in this cute seat to read or relax after a long day of play.

4. Delta Children Cozy Children’s Chair – Fun Animal Character, Panda

This fun, white, black and pink chair will fit perfectly with your little girl’s princess room. The rectangular design is attractive and straightforward yet still includes a cute panda smile. Your daughter will love curling up in this adorable piece for storytime or simply to relax after a long day of play.

5. Fantasy Fields – Happy Farm Animals Hand Crafted Kids Wooden Chair – Piggy

Although this piece is not plush, it is just as adorable for your child’s bedroom. The smiling pig design makes the perfect addition to a farm-themed room or any place where your little one needs a comfortable seat.

What to Look for in a Good Animal Chair

While there are many animal chairs out on the market today, it can be challenging to find one that is both safe and comfortable for your child. Here are a few things you should look for when shopping around:

Safety first

Your child’s safety comes first! The most important thing to look for in an animal chair is its safety rating. While most chairs on the market today come with a safety rating, you should always check to make sure that it matches your child’s age and weight. If you are concerned about your child using the chair unsupervised, look for pieces that have safety restraints included.

Design

Another essential thing to look for in an animal chair is a comfortable design. Children can get bored and frustrated if the seating options they have available are uncomfortable or impossibly small. Look for animal chair designs that include larger dimensions and a soft cushion seat to keep your child comfortable and happy throughout their playtime.

Practicality

The best animal chairs are those that you can use for more than just a play piece. Some of the most popular styles on the market today include storage options, extra seating, and even reading stands to make these pieces practical additions to any child’s room or play area.

Additional Features

More and more animal chairs are equipped with additional features to make them even more exciting for children. Some of the most popular add ons include sounds, lights, and music players that allow your child to become part of a fun adventure while sitting in their new chair. If your child loves these types of activities, look for an animal chair equipped with these features.

How to Keep Your Child’s Animal Chairs and Children’s Chair Covers Clean

Just like any other piece of furniture or toy, your child’s animal chairs and children’s chair covers will need regular cleaning to keep them looking great for years to come. Fortunately, most products on the market today are made from low-maintenance materials and can be easily wiped clean with a damp cloth. If your child’s chair cover is machine washable, always check the manufacturer’s care instructions before washing to ensure that you are using the best cleaning methods possible.

Where to Buy Animal Chairs for Kids

There are dozens of different places to purchase animal chairs for kids online and in stores near you. When looking for a retailer, keep in mind that not all of them will offer the same quality or customer service level. Here at Comfy Bummy, we chose to partner with Amazon.com because we feel they offer the best ratio between price and quality.

Final Thoughts on Animal Chairs for Kids

If your child loves bright and colorful furniture, animal chairs are sure to be some of their favorite pieces in the home. These fun pieces come in different colors and styles, so you should have little trouble finding something that meets your needs. Animal chairs can also help keep kids entertained throughout their playtime. Look for new animal chair covers to help make your little one’s bedroom more exciting.

The post The Best Animal Chairs for Kids appeared first on Comfy Bummy.

EDR vs Enterprise Antivirus: What’s the Difference?

EDR, or Endpoint Detection and Response, is a modern replacement for Antivirus security suites. For decades, organizations and businesses have invested in Antivirus suites in the hope of solving the challenges of enterprise security. But as the sophistication and prevalence of malware threats has grown over the last ten years, so the shortcomings of what is now referred to as “legacy” Antivirus have become all too apparent.

In response, some vendors re-thought the challenges of enterprise security and came up with new solutions to the failures of Antivirus. How does EDR differ from Antivirus? How and why is EDR more effective than AV? And what is involved in replacing your AV with an advanced EDR? You’ll find the answers to all these questions and more in this post.

What Makes EDR Different from Antivirus?

In order to adequately protect your business or organization against threats, it is important to understand the difference between EDR and traditional or “legacy” Antivirus. These two approaches to security are fundamentally different, and only one is appropriate for dealing with modern threats.

Features of Antivirus

Back in the days when the number of new malware threats per day could comfortably be counted in a spreadsheet document, Antivirus offered enterprises a means of blocking known malware by examining – or scanning – files as they were written to disk on a computer device. If the file was ‘known’ to the AV scanner’s database of malicious files, the software would prevent the malware file from executing.

The traditional Antivirus database consists of a set of signatures. These signatures may contain hashes of a malware file and/or rules that contain a set of characteristics the file must match. Such characteristics typically include things like human-readable strings or sequences of bytes found inside the malware executable, file type, file size and other kinds of file metadata.

Some antivirus engines can also perform primitive heuristic analysis on running processes and check the integrity of important system files. These “after-the-fact” or post-infection checks were added to many AV products after the flood of new malware samples on a daily basis began to outstrip AV vendors’ ability to keep their databases up-to-date.

In light of growing threats and the declining efficacy of the Antivirus approach, some legacy vendors have tried to supplement Antivirus with other services such as firewall control, data encryption, process allow and block lists and other AV “suite” tools. Generically known as “EPP” or Endpoint Protection Platforms, such solutions remain based at-heart on a signature approach.

Features of EDR

While the focus of all AV solutions is on the (potentially malicious) files that are being introduced to the system, an EDR, in contrast, focuses on collecting data from the endpoint and examining that data for malicious or anomalous patterns in real time. As the name implies, the idea of an EDR system is to detect an infection and initiate a response. The faster an EDR can do this without human intervention, the more effective it will be.

A good EDR will also include capabilities to block malicious files, but importantly EDRs recognize that not all modern attacks are file-based. Moreover, proactive EDRs offer security teams critical features not found in Antivirus, including automated response and deep visibility into what file modifications, process creations and network connections have occurred on the endpoint: vital for threat hunting, incident response and digital forensics.

Pitfalls of Antivirus

There are many reasons why Antivirus solutions cannot keep up with the threats facing enterprises today. First, as indicated above, the number of new malware samples seen on a daily basis is greater than the number any human team of signature writers can keep up with.

Given that AV solutions must necessarily fail to detect many of these samples, enterprises must assume that they will face a threat that the Antivirus cannot detect.

Secondly, detection via Antivirus signatures can often be easily bypassed by threat actors even without rewriting their malware. Since signatures only focus on a few file characteristics, malware authors have learned how to create malware that has changing characteristics, also known as polymorphic malware. File hashes, for example, are among the easiest of a file’s characteristics to change, but internal strings can also be randomized, obfuscated and encrypted differently with each build of the malware.

Thirdly, financially-motivated threat actors such as ransomware operators have moved beyond simple file-based malware attacks. In-memory or fileless attacks have become common, and human-operated ransomware attacks like Hive–along with “double-extortion” attacks such as Maze, Ryuk and others–that may begin with compromised or brute forced credentials, or exploitation of RCE (remote code execution) vulnerabilities, can lead to a compromise and loss of intellectual property through data exfiltration without ever triggering an Antivirus signature-based detection.

Benefits of EDR

With its focus on providing visibility to enterprise security teams, along with automated detection responses, EDR is much better equipped to cope with today’s threat actors and the security challenges that they present.

By focusing on the detection of unusual activity and providing a response, EDR is not limited to only detecting known, file-based threats. On the contrary, the primary value of the EDR proposition is that the threat does not need to be precisely defined in the way that it does for Antivirus solutions. An EDR solution can look for patterns of activity that are unexpected, unusual, and unwanted and issue an alert for a security analyst to investigate.

Moreover, because EDRs work by collecting a vast range of data from all protected endpoints, they offer security teams the opportunity to visualize that data in one convenient, centralized interface. IT teams can take that data and integrate it with other tools for deeper analysis, helping to inform the organization’s overall security posture as it moves to define the nature of potential future attacks. The comprehensive data from an EDR can also enable retrospective threat-hunting and analysis.

Perhaps one of the greatest benefits of an advanced EDR is the ability to take this data, contextualize it on the device, and mitigate the threat without human intervention. Not all EDRs are capable of this, however, as many rely on transmitting EDR data to the cloud for remote (and, therefore, delayed) analysis.

How EDR Compliments Antivirus

Despite their limitations when deployed alone or as part of an EPP solution, Antivirus engines can be useful compliments to EDR solutions, and most EDRs will contain some element of signature and hash-based blocking as part of a “defense-in-depth” strategy.

By incorporating Antivirus engines within a more effective EDR solution, enterprise security teams can reap the benefits of simple blocking of known malware and combine it with the advanced features that EDRs have to offer.

Avoiding Alert Fatigue with Active EDR

As we noted earlier, EDRs offer enterprise security and IT teams deep visibility into all the endpoints across the organization’s network, and this in turn allows for a number of advantages. However, despite these advantages, many EDR solutions are failing to have the impact enterprise security teams had hoped for because they demand a great deal of human resources to manage: resources that are often unavailable due to staffing or budget restrictions or unobtainable due to the cybersecurity skills shortage.

Instead of enjoying greater security and less work for their IT and security teams, many organizations that have invested in EDR have simply found themselves reallocating resources from one security task to another: away from triaging infected devices to triaging a mountain of EDR alerts.

And yet it doesn’t need to be like that. Perhaps the most valuable potential of EDR is its ability to autonomously mitigate threats without the need for human intervention at all. By harnessing the power of machine learning and Artificial Intelligence, Active EDR takes the burden off the SOC team and is able to autonomously mitigate events on the endpoint without relying on cloud resources.

This means threats are mitigated at machine speed – faster than any remote cloud analysis – and without human effort.

What Active EDR Means For Your Team

Consider this typical scenario: A user opens a tab in Google Chrome, downloads a file they believe to be safe and executes it. The program leverages PowerShell to delete the local backups and then starts encrypting all data on the disk.

The work of a security analyst using passive EDR solutions can be hard. Swamped with alerts, the analyst needs to assemble the data into a meaningful story. With Active EDR, this work is instead done by the agent on the endpoint. Active EDR knows the full story, so it will mitigate this threat at run time, before encryption begins.

When the story is mitigated, all the elements in that story will be taken care of, all the way to the Chrome tab the user opened in the browser. It works by giving each of the elements in the story the same TrueContext ID. These stories are then sent to the management console, allowing visibility and easy threat hunting for security analysts and IT administrators.

Upgrading Your Security with EDR

Once we see the clear advantages of an EDR system over Antivirus, what is the next step? Choosing the right EDR requires understanding the needs of your organization and the capabilities of the product being offered.

It’s also important to conduct tests, but to make sure those tests have real-world application. How will this product be used by your team in day-to-day operations? How easy is it to learn? Will it still protect your company when any cloud-services it relies on are offline or unreachable?

It’s important to consider deployment and rollout, also. Can you automate deployment across your fleet? What about platform compatibility? Does your chosen vendor give equal importance to Windows, Linux and macOS? Every endpoint needs to be protected; the ones that get left behind can provide a backdoor into your network.

Next, think about integration. Most organizations have a complex software stack. Does your vendor offer powerful but simple integration for other services you rely on?

For a more comprehensive guide on how to choose the right EDR, see the free ebook The Secrets of Evaluating Security Products.

Beyond EDR | XDR For Maximum Visibility & Integration

While Active EDR is the next step for organizations that have yet to move past Antivirus, enterprises that need maximum visibility and integration across their entire estate should be thinking about Extended Detection and Response, or XDR.

XDR takes EDR to the next level by integrating all visibility and security controls into a full holistic view of what happens in your environment. With a single pool of raw data comprising information from across the entire ecosystem, XDR allows faster, deeper and more effective threat detection and response than EDR, collecting and collating data from a wider range of sources.

SentinelOne Singularity XDR
See how SentinelOne XDR provides end-to-end enterprise visibility, powerful analytics, and automated response across your complete technology stack.

Conclusion

Threat actors have long moved beyond Antivirus and EPP and organizations need to consider that such products are no match for the threats that are active today. Even a cursory look at the headlines shows how large, unprepared organizations are being caught out by modern attacks like ransomware even though they have invested in security controls. The onus is on us, as defenders, to ensure that our security software is not only fit for yesterday’s attacks, but today’s and tomorrow’s.

If you would like to learn more about how SentinelOne can provide advanced protection for your organization, contact us or request a free demo.

Kids’ Metal Chairs: Most Frequent Questions Answered

Every parent with little children knows that they will want to use metal chairs for their kids at some point. There are several reasons why they do that.

First of all, they look nice and can match any metal table or desk their child has. Second of all, these chairs are very sturdy and safe to use, so when your kid starts walking on its own, you don’t have to worry about it falling with the chair.

And last but not least, these chairs look cool and will make your child feel special. However, there are still some questions you might have about them.

1. Do I Really Need To Get A Kids’ Metal Chair?

With all the child’s chairs available for purchase, parents must think carefully before buying one or more such items. Children need sturdy chairs that can support their weight, but they also have to be safe.

For example, if you buy a wooden chair, it is not sharp and thus will not harm your child in any way; however, the problem is with the wood itself: some kids like to bite on everything, which will damage it. On the other hand, there are high chairs made of plastic that are very sharp and can even cause injuries. So if you want your child to have a new chair, then get them one that is safe for their safety and health.

2. Are Metal Chairs Safe For Kids?

Absolutely! There is no doubt that you will not regret buying your kid a metal chair for their desk, table, or just to use at school and learn the proper sitting position. They are very safe and made of quality materials that can hold up to 100lbs (45kg), which means that even if your child goes wild, the chair will remain safe for them. And if this is not enough for parents out there, metal chairs are made so that they absorb impact well when your kid falls off or jumps around.

3. Aren’t These Chairs Too Small?

For older kids, it might be accurate, but for toddlers, it’s not like that at all. Just like with any other chair, if your kid is not old enough, then the seat will be small for them. However, this does not mean that they will have their legs stick out – it’s just a matter of sitting correctly. The bottom line here is to teach your child to sit well on their chair not to become uncomfortable.

4. Are They Easy To Assemble?

There is nothing that can be easier than assembling a metal chair for kids. You do not need any tools or anything like that, you just put the pre-assembled parts together, and your child will have their cool-looking chair ready in no time!

5. Are Kids’ Metal Chairs Safe For Wooden Floors?

If you have wooden floors at home, then get your child a plastic chair to sit on because metal chairs will make deep scratches in them.

6. How Do I Pick The Best Metal Kids’ Chair?

When it comes to picking the best metal kids’ chair, you need to give some time and think about why exactly it will make your kid more comfortable.

If you have a child who likes sitting on the floor and doing any other activity there, then metal chairs will not be a great choice. In such a case, get your kid a foam chair that they can sink into. Also, carefully read reviews from other parents who have been using these chairs for their kids longer than you.

This way, you will find out what they like and dislike about their kids’ metal chairs, which might help you pick the best one for your kid as well!

7. Will I Be Able To Use This Chair?

This depends on how heavy you are and how sturdy the chair is, but in general, any metal kids’ chair can support up to 100lbs (45kg) without any problems.

8. How Do I Know That The Chair Is Stable?

One of the most important things you want from your child’s metal chair is stability and safety; however, these two requirements are very different in many ways. If you pick a flimsy-looking chair, it might not be safe, but it will definitely be very unstable.

On the other hand, you can have a heavy-duty looking one that is stable but will not give you any safety.

So what should you do? Look for reviews from parents who have been using their chairs for months or even years! This will allow to find out how stable they are and whether they are safe at the same time.

9. Are Kids’ Metal Chairs Comfortable?

Yes, metal kids’ chairs are very comfortable and durable as well. They will adequately support your child’s back and help them sit in a proper position that is good for their spine health at the same time. So they can be used both at school or home!

10. What Are The Pros Of Metal Chairs For Kids?

  • They are made of high-quality materials that can hold up to 100lbs (45kg).
  • These chairs look cool and modern, while at the same time very simple and easy to use.
  • Being so lightweight, they are also easy to store even in small spaces.
  • They do not break easily and are very durable.
  • They are easy to clean and maintain, which is excellent for kids with allergies or asthma.
  • Chairs now come in many different colors and shapes, from upcycled tires to colorful painted designs.

11. What Are The Cons Of Metal Chairs For Kids?

  • They might be too tall or too short for some kids, depending on their age and size.
  • They cannot be used outdoors due to weather conditions and rust.
  • Generally speaking, toddlers and babies do not like sitting on them because they feel insecure when sitting back with their small backs pushing against the backrest.

What Are The Best Metal Chairs For Kids?

Based on the previously mentioned criteria, as well as the customer reviews from those who have been using them for a long time, we can say that the following metal chairs are currently some of the best you can get:

ACEssentials, Kids Industrial Metal Activity Chairs

Durable and sturdy, these metal chairs are made of high-quality steel that can safely support up to 100lbs (45kg).

There are no sharp corners or edges, which means that even the smallest kids will not get hurt.

The legs are wide and stable, which means that the chair will not be easily knocked over by your child or any other person who might come and visit you.

At the same time, they are very lightweight and therefore easy to move around depending on where you want to use them.

Available in various color combinations, the chair might be a perfect fit for your kid!

Delta Children Bistro 2-Piece Chair Set

Perfect for toddlers and preschool kids, these chairs can support up to 50lbs (23kg).

The soft padded seat is very comfortable and can be used at school, in the playroom, and when reading books on the floor or watching TV with parents.

Both chairs feature a sturdy curved back for the better spine health of your child.

Rubber feet on the chair legs protect floor surfaces from scratches and sliding for better child safety.

Norwood Commercial Furniture – Assorted Color Stacking Stools

These stacking stools are perfect for use in schools, libraries, or at home. They can be stacked together when not in use, so they are easy to store.

The surface is very smooth, which means that kids can easily slide on them, but wipe clean when needed with just a single wipe! They are lightweight and made of durable materials for long-term use. They can hold up to 250 lbs (115kg) safely.

Harper & Hudson Kids Metal Stool

They are made of high-quality, firmer, impact, and warp-resistant materials, making them very durable and safe for your child.

The stool legs feature rubber pads to protect floor surfaces from scratches and sliding. The compact size of the stool means that it is easy to handle and move around, which makes it a perfect choice for small spaces.

Is Steel Kids’ Chair What You Have Been Looking For?

There are many different metal chairs on the market. However, if you want to ensure that your kid is safe when sitting in one of these chairs for hours, choosing a durable and sturdy piece is essential.

When shopping for the right chair for your child, it is crucial to consider things like their weight, height, and age so that they fit them perfectly.

Also, you need to check if there are any sharp corners or edges on the chair that could potentially hurt your child.

All in all, metal chairs can be a perfect choice for kids who need special seating at school, home or the playground.

The post Kids’ Metal Chairs: Most Frequent Questions Answered appeared first on Comfy Bummy.

Wiggle Away With The Best Kids’ Wiggle Chairs

Kids’ wiggle chairs are the latest sensation in the trend of active sitting furniture. These chairs can be beneficial for children with ADHD, ADD, or anxiety disorders who may have trouble concentrating when sitting at their desks.

For many kids, sitting still in class is difficult. But there are some ways you can help your child at home or school. If your child has trouble concentrating when seated, consider getting them an active chair. Wiggle chairs encourage kids to stay active and focused by stimulating the inner ear, leading to better grades and behavior.

Wiggle chairs encourage movement, which is healthy both physically and mentally. They also help to develop cognitive skills like balance, coordination, and attention span. Wiggle chairs are suitable for the whole family!

What is a wiggle chair?

A wiggle chair is an office chair for kids. But not just any office chair, it’s specifically designed so that children can sit in the wiggly position. Wiggle chairs are also called active sitting chairs or wobble chairs.

The kids’ wiggle chair is an active seating tool that provides deep pressure on the lower back and buttocks, encouraging proprioceptive feedback to the brain. This calming sensory tool will improve balance and stability and assist with attention and focus.

What is the history of wiggle chairs?

The modern wiggle chair was first designed in Australia. This country is the largest user of sit-stand desks, and occupational therapists have been promoting active sitting across the world for a while now.

In 2010, the Australian company Active Sitting released its version of an active sitting chair, known as a wobble or wiggle chair. These chairs were introduced to the US in 2011.

Today, other companies sell wiggle chairs, but Active Sitting is still one of the best and most reputable manufacturers.

Why should kids use a wiggle chair?

Wiggle chairs help children to sit up straight and avoid bad habits like slouching. Wiggle chairs also increase movement, which helps build strength and coordination, so it’s great for kids with disabilities or ADHD.

Why are they better than regular office chairs?

A regular office chair holds your body in one position. If you slouch, the chair pushes your back forward to keep you from slouching further. Wiggle chairs are different because they don’t stop moving when you start to wiggle or lean side to side. This makes it more comfortable and ergonomic. It’s good for your back and overall posture.

The movement of a wiggle chair can stimulate your child’s vestibular system and increase blood flow to the brain. These factors help kids stay focused and pay attention better.

Research has also shown that active sitting helps children reduce short naps, leading to less frequent mood swings and more energy throughout the day.

Who are wiggle chairs recommended for?

Wiggle chairs are suitable for most kids ages 3-12. However, children under the age of 3 may not have the strength to sit correctly in a wiggle chair. We recommend starting as soon as your child shows an interest in sitting up straight.

The best part is, wiggle chairs are fun for the whole family! Parents can also use these chairs to help prevent back pain and carpal tunnel.

Is a wiggle chair expensive?

While wiggle chairs are more expensive than regular office chairs, they are still pretty affordable. Prices range from $99 to $299, depending on the brand and style. While wiggle chairs cost more than standard chairs, they are surely more affordable than doctor or chiropractor visits!

Luckily, you can find a bit more affordable wiggle chairs on Amazon. Here are some of our favorite options:

Learniture Adjustable-Height Active Learning Stool

The Learniture stool is the best wiggle chair for school-aged children. It’s height-adjustable so that it can grow with your child, has a pneumatic lift, and fits under most desk heights so you can use it at home or in the classroom!

The wiggle chair’s non-slip, curved base allows for a natural rocking motion, so you can strengthen your core while sitting. The backless design also helps to maintain good posture. A vinyl/polypropylene design is easy to clean, and a lightweight design makes mobility and storage simple.

Studico Active Kids Chair – Adjustable Wobble Chair

The Studico wiggle chair is perfect for your kids. Not only does it come in fun colors like blue and green, but the chair is lightweight so that you can move it around with ease!

It’s made of environmentally-friendly material that makes it easy to clean any messes that are made. The base has non-slip, curved feet to keep the chair in place while your child wiggles.

The Studico chair can help improve strength and coordination in children who have special needs. The active sitting motion also helps create an ideal environment for correct posture, so your child will sit up straight while using this chair.

SNOVIAY Adjustable Wobble Chair Toddlers & Kids

The SNOVIAY wiggle chair is perfect for young children too small to use the Learniture or Studico chairs. This chair is lightweight and adjustable, so you can raise or lower the height as your child grows.

The broad base is made of high-quality materials to prevent tipping or slipping. The chair’s swivel base is centered so that the chair won’t tip over.

Storex Wiggle Stool

The Storex Wiggle Stool has a thick and soft cushion on top that makes for a delightful seat for your child to sit on all day. Without fear of tipping over, children can wiggle, wobble, move side-to-side, back and forth on our stool.

The legs also protect the floor tiles, wood, carpets, or any other surface. These wiggling chairs have an adjustable seat height of 12-18″ in 2-inch increments, making them ideal for children aged 6 years and up.

The Storex Wiggle Stool, which weighs about 6lbs and is exceptionally light and portable for a youngster to move around, is ideal for playrooms or any space that needs plenty of movement.

Kore Kids Pre-Teen Wobble Chair

The Kore Kids wiggle chair, also known as the kids wobble chair, is designed for the “tween” years. Perfect for children from age 7 to 12 or up to 100 lbs.

The Kore Kids Wobble Chair’s durable plastic seat is lightweight, making it easy for children to carry from room to room, while its non-tip-heavy base allows kids to move around safely.

This wiggle chair for kids is designed to help improve balance and coordination while allowing children to have fun! The Kore Kids’ Wobble Chair also helps create an ideal environment for correct posture so your child will sit up straight.

Are wiggle chairs safe?

Wiggle chairs are probably safer than allowing kids to balance on one leg while texting at the dinner table. But, just like any piece of furniture, you should beware of falls and other accidents.

How much time should my child spend sitting in a wiggle chair?

On average, doctors recommend that children sit for no more than 2 hours at a time. You can have your child stand up or move around every 20 minutes to give their body a rest. Even better, encourage them to play outside or do some jumping jacks.

What are some alternatives to wiggle chairs?

If you’re on a budget, consider buying your kids a yoga ball chair. They can sit on it at their desk just like they would in a wiggle chair. If you really want to go all out, invest in an active sitting desk. These are desks that move with your kid’s wiggles and shakes.

Are wiggle chairs appropriate for kids with ADHD?

Wiggle chairs can be helpful for children with ADHD, but wiggling is not the only thing necessary to help kids sit still and focus. Wiggle chairs may be helpful as a part of a comprehensive treatment program. Talk to your doctor about ways to help children with ADHD build positive, healthy habits.

Can wiggle chairs help kids with autism?

It’s unclear whether or not active sitting can help children with autism, but there are some benefits to consider:

Therapists have observed that children with autism are more comfortable and focused when they’re moving.

A study conducted in 2013 concluded that children with autism spectrum disorders (ASDs) showed increased body sway after only 12 minutes of sitting on an active chair. These results indicate that active seating can increase movement for kids with ASDs, improving their attention spans.

However, more research is needed before we can draw strong conclusions. If you have a child with ASD, talk to your doctor about the possibility of using a wiggle chair at school or home.

Conclusion

Active sitting is a great way to help your kids stay focused and alert in front of the TV, computer, or at their desk. You should also encourage children to stand up and do some exercises while they watch TV. Not only will this help their attention span, but it will also allow them to get some much-needed exercise.

If you’re shopping for a wiggle chair for your child, be sure to look for one that’s lightweight and easy to move around. You can find wiggle chairs for kids in a variety of styles and colors, so you’re sure to find one that fits your child’s personality.

Wiggle chairs can help your child wiggle away from their wiggles! If your child struggles to sit still in class, at home, or during homework time, consider getting them an active chair. Wiggle chairs never go out of style; they are fun for kids and adults alike.

The post Wiggle Away With The Best Kids’ Wiggle Chairs appeared first on Comfy Bummy.

Arrest in ‘Ransom Your Employer’ Email Scheme

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.

Image: Abnormal Security.

The brazen approach targeting disgruntled employees was first spotted by threat intelligence firm Abnormal Security, which described what happened after they adopted a fake persona and responded to the proposal in the screenshot above.

“According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Abnormal’s Crane Hassold wrote.

Abnormal Security documented how it tied the email back to a Nigerian man who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram. In June 2021, the Nigerian government officially placed an indefinite ban on Twitter, restricting it from operating in Nigeria after the social media platform deleted tweets by the Nigerian president.

Reached via LinkedIn, Sociogram founder Oluwaseun Medayedupin asked to have his startup’s name removed from the story, although he did not respond to questions about whether there were any inaccuracies in Hassold’s report.

“Please don’t harm Sociogram’s reputation,” Medayedupin pleaded. “I beg you as a promising young man.”

After he deleted his LinkedIn profile, I received the following message through the “contact this domain holder” link at KrebsOnSecurity’s domain registrar [curiously, the date of that missive reads “Dec. 31, 1969.”]. Apparently, Mr. Krebson is a clout-chasing monger.

A love letter from the founder of the ill-fated Sociogram.

Mr. Krebson also heard from an investigator representing the Nigeria Finance CERT on behalf of the Central Bank Of Nigeria. While the Sociogram founder’s approach might seem amateurish to some, the financial community in Nigeria did not consider it a laughing matter.

On Friday, Nigerian police arrested Medayedupin. The investigator says formal charges will be levied against the defendant sometime this week.



KrebsOnSecurity spoke with a fraud investigator who is performing the forensic analysis of the devices seized from Medayedupin’s home. The investigator spoke on condition of anonymity out of concern for his physical safety.

The investigator — we’ll call him “George” — said the 23-year-old Medayedupin lives with his extended family in an extremely impoverished home, and that the young man told investigators he’d just graduated from college but turned to cybercrime at first with ambitions of merely scamming the scammers.

George’s team confirmed that Medayedupin had around USD $2,000 to his name, which he’d recently stolen from a group of Nigerian fraudsters who were scamming people for gift cards. Apparently, he admitted to creating a phishing website that tricked a member of this group into providing access to the money they’d made from their scams.

Medayedupin reportedly told investigators that for almost a week after he started emailing his ransom-your-employer scheme, nobody took him up on the offer. But after his name appeared in the news media, he received thousands of inquiries from people interested in his idea.

George described Medayedupin as smart, a quick learner, and fairly dedicated to his work.

“He seems like he could be a fantastic [employee] for a company,” George said. “But there is no employment here, so he chose to do this.”

What’s interesting about this case — and indeed likely why anyone thought this guy worthy of arrest — is that the Nigerian authorities were fairly swift to take action when a domestic cybercriminal raised the specter of causing financial losses for its own banks.

After all, the majority of the cybercrime that originates from Africa — think romance scams, Business Email Compromise (BEC) fraud, and unemployment/pandemic loan fraud — does not target Nigerian citizens, nor does it harm African banks. On the contrary: This activity pumps a great deal of Western money into Nigeria.

How much money are we talking about? The financial losses from these scams dwarf other fraud categories — such as identity theft or credit card fraud. According to the FBI’s Internet Crime Complaint Center (IC3), consumers and businesses reported more than $4.2 billion in losses tied to cybercrime in 2020, and BEC fraud and romance scams alone accounted for nearly 60 percent of those losses.

Source: FBI/IC3 2020 Internet Crime Report.

If the influx of a few billion US dollars into the Nigerian economy each year from cybercrime seems somehow insignificant, consider that (according to George) the average police officer in the country makes the equivalent of less than USD $100 a month.

Ronnie Tokazowski is a threat researcher at Agari, a security firm that has closely tracked many of the groups behind BEC scams. Tokazowski maintains he has been one of the more vocal proponents of the idea that trying to fight these problems by arresting those involved is something of a Sisyphean task, and that it makes way more sense to focus on changing the economic realities in places like Nigeria.

Nigeria has the world’s second-highest unemployment rate — rising from 27.1 percent in 2019 to 33 percent in 2020, according to the National Bureau of Statistics. The nation also is among the world’s most corrupt, according to 2020 findings from Transparency International.

“Education is definitely one piece, as raising awareness is hands down the best way to get ahead of this,” Tokazowski said, in a June 2021 interview. “But we also need to think about ways to create more business opportunities there so that people who are doing this to put food on the table have more legitimate opportunities. Unfortunately, thanks to the level of corruption of government officials, there are a lot of cultural reasons that fighting this type of crime at the source is going to be difficult.”

The Good, the Bad and the Ugly in Cybersecurity – Week 47

The Good

This week, the UK’s NCSC (National Cyber Security Centre) released its 2021 Annual Review, which covers the agency’s cyber-related insights and facts from September 2020 to August 2021. Some of the highlights include the agency taking down 2.3 million cyber-enabled commodity campaigns, including over 400 phishing campaigns, and the removal of more than 50,000 scam emails and over 90,000 malicious URLs.

On the downside, the agency reported that 39% of all UK businesses (around 2.3 million) reported a cyber breach or attack in 2020/2021. The agency also reports that one of the core threats faced this year came from zero-day vulnerabilities in Microsoft Exchange Servers, which are estimated to have led to at least 30,000 organizations being compromised in the U.S. alone.

Ransomware, predictably, was named the top threat facing businesses, with the agency declaring that in the first four months of 2021, it dealt with the same number of ransomware incidents as in the whole of 2020, a figure that itself was three times greater than in 2019. Top vectors for ransomware infections seen by the NCSC were insecure RDP (remote desktop protocol), vulnerabilities in VPNs (Virtual Private Networks) and a variety of known but unpatched software vulnerabilities.

Nonetheless, the NCSC report contains a lot of practical advice for organizations looking to improve cyber resilience in the face of these increasing threats, and security teams are encouraged to review the NCSC’s report and guidelines.

The Bad

Like a bad penny, Emotet keeps on popping up just when you thought you had seen the last of it. In recent weeks, rival malspam loader SquirrelWaffle has been receiving a lot of attention in the 10-month absence of any Emotet activity. Perhaps not to be outdone by this “new kid on the block”, fresh Emotet malspam laced with poisoned Word and Excel document attachments were spotted this week.

The malicious documents make use of macros to launch a PowerShell command that retrieves the Emotet loader DLL from a remote URL and saves it to the ProgramData folder on the C: drive. Rundll32.exe is then used to copy the DLL to a randomly named folder in %LocalAppData% and then relaunch it from that location. After setting a Registry key for persistence, the malware runs in the background awaiting commands from a C2.

The return of Emotet after its very high-profile takedown back in January, when traffic across all tiers of the Emotet infrastructure had been seized and redirected to systems controlled by law enforcement, will be of concern to all IT and security teams. First observed being dropped last Sunday by TrickBot infections, researchers say that Emotet malware is rebuilding its botnet and already has over 200 infected devices acting as C2s.

Good endpoint security measures are vital to detecting and protecting against Emotet. Admins are also advised to keep up to date with the latest Emotet URLs here.

The Ugly

Despite the ramping up of ransomware interventions by the U.S. government in recent weeks, there are good reasons why ransomware isn’t going away anytime soon, chief among those being the exploitation of vulnerabilities in certain enterprise products. Exploitable bugs in Microsoft and Fortinet software are in focus once again this week as a joint advisory warns Iranian hackers are using these to target critical infrastructure with ransomware.

The advisory notes that Iranian government-sponsored APT actors are targeting a wide range of critical infrastructure sectors, including Transportation and Healthcare. CISA and the FBI have observed these actors exploit the Microsoft Exchange ProxyShell vulnerability as well as Fortinet vulnerabilities in an effort to gain initial access for follow-on operations including the deployment of ransomware.

Specifically, CISA warn that these actors have been leveraging CVE-2021-34473 (aka ProxyShell) against both U.S. and Australian organizations. Once access was gained, the APT actors used BitLocker activation to encrypt data on host networks and drop ransom notes with the following contact addresses:

  • sar_addr@protonmail[.]com
  • WeAreHere@secmail[.]pro
  • nosterrmann@mail[.]com
  • nosterrmann@protonmail[.]com

Other indicators of compromise include the following IP addresses:

  • 91.214.124[.]143
  • 162.55.137[.]20
  • 154.16.192[.]70

Further IoCs including file hashes and MITRE TTPs are available on the CISA advisory page.

This activity is a timely reminder to organizations that if you don’t patch vulnerabilities, threat actors will find you out. Similarly, if you use enterprise software without proven behavioral AI security controls, don’t be surprised if threat actors go unnoticed while punching a whole through that firewall or operating system software.