Yoga Ball Chair For Kids – Is It A Good Idea?

Ball chairs are a very popular alternative to a regular office chair. They give you the opportunity of working on your core muscles and balance. But what about kids? Are they able to work on a yoga ball chair? Let’s find out!

Yoga Ball vs. Simple Exercise Ball: Why Choose One Over The Other?

The Yoga ball is, on one level, an exercise ball, but on the other hand, it’s a little bit more. Most fitness balls have a diameter of 44 or 55 centimeters, almost the same as a regular yoga ball.

The big difference between them is that some Yoga Balls can be inflated to 80 centimeters in diameter while some exercise balls only reach a maximum of 65 centimeters in diameter. The bigger a ball is, the harder it is to balance on it, and the more likely you will roll over while sitting on it.

It’s really a matter of personal preference if you want to choose an exercise ball or a Yoga Ball because the main goal that they have in common is improving your core strength and balance.

What Is A Ball Chair?

According to Wikipedia, the first ball chairs were designed by Tom Kennell in 1998. In contrast to a traditional office chair or stool, you sit on a ball instead of a seat on top of it. This way, you are forced to sit correctly with your back straight, which is no real surprise because who would want to topple over?

The ball chair trend has been rising ever since. It’s even considered the best alternative for an office chair. Many say that sitting on a ball can reduce or eliminate lower back pain because you are forced into the correct position.

What Benefits Does A Ball Chair Offer?

The big ball forces you into an upright position and improves your posture, leading to increased concentration and productivity. Some even claim that their concentration had improved dramatically compared to when they were sitting on a traditional office chair.

Ball chairs also strengthen the leg muscles, improving blood circulation and ensuring enough oxygen for your legs and feet. It is very important for people who spend a lot of time sitting on their chairs that their circulation gets stimulated regularly because otherwise, your blood vessels can easily get clogged up, which may lead to varicose veins.

The ball chair is also great for pregnant women, as it can provide some relief for the back, making it more comfortable to sit on.

Scientific proof on the benefits of the ball chair

A new study suggests that children have a higher attention span while sitting on an exercise ball instead of traditional school chairs. Researchers from the University of British Columbia found that six to eight-year-olds had more strength and endurance when regularly using an exercise ball instead of a regular seat. The findings suggest that spending time on the Swiss balls could help children at school and other kids who may have trouble concentrating or focusing.

Sports medicine specialist Dr. Lawrence Ronald, an author of the study, said that “Swiss balls are good for developing balance, coordination, core muscle strength and endurance in young children.” The study was published in the American Journal of Public Health.

The researchers explained that over a period of eight weeks, one hundred and twenty-six children between the ages of six and eight years old were given Swiss balls as their chairs for forty-five minutes during each school class. The same group was asked to sit on regular school chairs for 45 minutes. After the time was over, the researchers found that the children who used Swiss balls could keep their balance significantly longer than those who sat on regular chairs.

The study also showed that the young participants increased endurance and coordination while doing such balancing acts. Dr. Ronald said that “We recommend that children replace traditional chairs with exercise balls as a classroom chair.”

The study is part of the Physical Activity and Nutrition in Children Study (PANIC) that explores the effect of different types of exercise on young participants. The researchers stressed out that “These results suggest that sitting on an exercise ball may be helpful to children with poor concentration or focus, as well as those who have difficulty sitting still.”

Dr. Ronald said that “Based on this, we believe children who are struggling with their behavior or focus at school may benefit from using exercise balls as chairs.” The researchers also found that six weeks after the experiment was over, the benefits gained by the participants were mostly lost.

The Cons Of Working On A Ball Chair

As with every other table, there are some downsides to using a ball chair too. The biggest issue is that you often have to re-adjust your position because you could quickly lose balance and topple over. You might get back or neck pain if you slouch or slouch while sitting on a ball chair. You also risk rolling off if you aren’t paying attention to your posture, especially when using an exercise ball. Another issue is that it can be challenging for most people to properly use their hands and feet without pushing the ball away. Working on a yoga ball chair, yoga ball chairs are usually marketed toward adults, but that doesn’t mean children can’t use them. It’s essential that kids get the proper education on sitting correctly on a chair because otherwise, they may be at risk for a back injury.

You might think that having the proper posture is only necessary when sitting for a long time, but if your child slouches all the time at school or home, he may also have back pain. That’s why children must sit properly on a ball chair – not just adults!

If you let your kid work on a ball chair, make sure that you supervise them. The potential dangers of kids falling over are pretty obvious, so it’s best to keep an eye on them while they’re sitting on the ball.

Remember that you should only allow older kids to work on a ball chair, not toddlers!

The Best Of Both Worlds?

Yoga ball chairs are also marketed as the perfect alternative for office workers. We all know how hard it is to focus while sitting on an office chair, which is why this might be your optimal solution. Especially if you experience back pain when sitting for too long, a ball chair may be the right solution.

Do you want to experience it yourself? If you’re considering buying a Yoga ball chair, I suggest that you look at Amazon.com.

Find the best yoga ball chair for kids!

It’s not easy to find the right balance between health and fun, but it can be done! Look at the yoga ball chairs below and see if one might be the right choice for your kid.

  1. Mantra Sports Yoga Ball Chair – The Mantra Sports yoga ball chair is probably the best choice if you’re looking for a yoga ball chair that will last your kid the longest time possible. This one has an impressive 660-pound weight limit, so unless your child weighs more than that, then he should be OK with this one. And as you can see from the picture, it’s a simple but very stylish design that will look great in any room of your house.
  2. Gaiam Kids Balance Ball – Exercise Stability Yoga Ball Chair, Ages 3+ – If you want your kid to have a fun workout with the Yoga ball chair, this one might be perfect for him. It comes with an exercise ball pump so that you won’t have to struggle too much when inflating the ball. It’s also a great way to introduce your kid to Yoga or gym exercises from an early age.
  3. LakiKid Yoga Ball Chair – The LakiKid yoga ball chair is a high-quality choice if you’re looking for a fun way to get your kid to learn how to sit correctly. It’s very sturdy and durable, so you’re guaranteed that it will last you for years. Because the ball is made out of puncture-resistant material, it’s safe to assume that your kid can’t do any harm to this one by simply rolling around on the chair.
  4. Trideer Ball Chair – The Trideer ball chair is another fun option if you want to get more active with your kid. It’s not necessarily aimed directly at kids, but there are no problems with getting your child to play on this thing either! It is Amazon’s number 1 bestseller for ball chairs, so that says something about its quality.
  5. GalSports Yoga Ball Chair – This Yoga ball chair is an excellent choice if you’re looking for the lowest price possible. As you can see, it’s pretty basic, but there are no problems with quality either. The pump included is a solid one, and it can be used to inflate the ball to its proper size.

Conclusion

If you’re wondering what kind of Yoga ball to pick for your child, then you can’t go wrong with any of the above choices. According to customer reviews, they’re all very high-quality, so you won’t have a problem getting your child to use these chairs.

The post Yoga Ball Chair For Kids – Is It A Good Idea? appeared first on Comfy Bummy.

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

Last week’s story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text. Here’s what one of those scam messages looks like:

Anyone who responds “yes,” “no” or at all will very soon after receive a phone call from a scammer pretending to be from the financial institution’s fraud department. The caller’s number will be spoofed so that it appears to be coming from the victim’s bank.

To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the authentication passcode delivered to the member.

Ken Otsuka is a senior risk consultant at CUNA Mutual Group, an insurance company that provides financial services to credit unions. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. What’s your username?”

“In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.’”

The fraudster then uses the code to complete the password reset process, and then changes the victim’s online banking password. The fraudster then uses Zelle to transfer the victim’s funds to others.

An important aspect of this scam is that the fraudsters never even need to know or phish the victim’s password. By sharing their username and reading back the one-time code sent to them via email, the victim is allowing the fraudster to reset their online banking password.

Otsuka said in far too many account takeover cases, the victim has never even heard of Zelle, nor did they realize they could move money that way.

“The thing is, many credit unions offer it by default as part of online banking,” Otsuka said. “Members don’t have to request to use Zelle. It’s just there, and with a lot of members targeted in these scams, although they’d legitimately enrolled in online banking, they’d never used Zelle before.” [Curious if your financial institution uses Zelle? Check out their partner list here].

Otsuka said credit unions offering other peer-to-peer banking products have also been targeted, but that fraudsters prefer to target Zelle due to the speed of the payments.

“The fraud losses can escalate quickly due to the sheer number of members that can be targeted on a single day over the course of consecutive days,” Otsuka said.

To combat this scam Zelle introduced out-of-band authentication with transaction details. This involves sending the member a text containing the details of a Zelle transfer – payee and dollar amount – that is initiated by the member. The member must authorize the transfer by replying to the text.

Unfortunately, Otsuka said, the scammers are defeating this layered security control as well.

“The fraudsters follow the same tactics except they may keep the members on the phone after getting their username and 2-step authentication passcode to login to the accounts,” he said. “The fraudster tells the member they will receive a text containing details of a Zelle transfer and the member must authorize the transaction under the guise that it is for reversing the fraudulent debit card transaction(s).”

In this scenario, the fraudster actually enters a Zelle transfer that triggers the following text to the member, which the member is asked to authorize: For example:

“Send $200 Zelle payment to Boris Badenov? Reply YES to send, NO to cancel. ABC Credit Union . STOP to end all messages.”

“My team has consulted with several credit unions that rolled Zelle out or our planning to introduce Zelle,” Otsuka said. “We found that several credit unions were hit with the scam the same month they rolled it out.”

The upshot of all this is that many financial institutions will claim they’re not required to reimburse the customer for financial losses related to these voice phishing schemes. Bob Sullivan, a veteran journalist who writes about fraud and consumer issues, says in many cases banks are giving customers incorrect and self-serving opinions after the thefts.

“Consumers — many who never ever realized they had a Zelle account – then call their banks, expecting they’ll be covered by credit-card-like protections, only to face disappointment and in some cases, financial ruin,” Sullivan wrote in a recent Substack post. “Consumers who suffer unauthorized transactions are entitled to Regulation E protection, and banks are required to refund the stolen money. This isn’t a controversial opinion, and it was recently affirmed by the CFPB here. If you are reading this story and fighting with your bank, start by providing that link to the financial institution.”

“If a criminal initiates a Zelle transfer — even if the criminal manipulates a victim into sharing login credentials — that fraud is covered by Regulation E, and banks should restore the stolen funds,” Sullivan said. “If a consumer initiates the transfer under false pretenses, the case for redress is more weak.”

Sullivan notes that the Consumer Financial Protection Bureau (CFPB) recently announced it was conducting a probe into companies operating payments systems in the United States, with a special focus on platforms that offer fast, person-to-person payments.

“Consumers expect certain assurances when dealing with companies that move their money,” the CFPB said in its Oct. 21 notice. “They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law. The orders seek to understand the robustness with which payment platforms prioritize consumer protection under law.”

Anyone interested in letting the CFPB know about a fraud scam that abused a P2P payment platform like Zelle, Cashapp, or Venmo, for example, should send an email describing the incident to BigTechPaymentsInquiry@cfpb.gov. Be sure to include Docket No. CFPB-2021-0017 in the subject line of the message.

In the meantime, remember the mantra: Hang up, Look Up, and Call Back. If you receive a call from someone warning about fraud, hang up. If you believe the call might be legitimate, look up the number of the organization supposedly calling you, and call them back.

Air Gapped Networks: A False Sense of Security?

Air Gapped Networks: How Secure Are They?

Hackers and attackers like nothing better than sitting in the comfort of their own armchairs to conduct remote attacks on vulnerable networks around the world. But some critical systems aren’t exposed to the public internet and sit, apparently safely, in an isolated environment, air gapped from the rest of the world by a lack of internet connectivity.

There is no doubt that keeping a system off the public internet increases its security posture, but it can also introduce vulnerabilities when operators need to ingest data or transfer data outside the network. Despite the increased security that an air gapped system can offer in certain situations, they have proven to be vulnerable to attack, both in the wild and in research situations. So, just how secure are air gapped networks?

What is an “Air Gap” in Network Security?

In network security, an air gapped network is one that has no physical connection to the public internet or to any other local area network which is not itself air gapped. In an air gapped environment, all the usual communication software like email clients, browsers, SSH and FTP clients are disconnected from the outside world.

A properly air gapped network means that devices within the network are invisible to, and effectively isolated from, remote threat actors, who often scan the public internet for vulnerable machines through services like Shodan. Similarly, remote code execution (RCE) software bugs cannot be directly exploited by an attacker outside of the air gapped network itself.

An air gapped system can, of course, communicate with other physically separated devices, but any means of data transfer outside of the network must take place through external hardware, temporarily attached to the network. Such hardware can include USB flash drives and other removable media as well as specially-authorized laptops. Importantly, these external devices require a person to physically connect and disconnect them to the air gapped network.

Conversely, devices which are only partitioned from other network devices by means of a software firewall are not considered to be truly air gapped, since such software can easily contain vulnerabilities that might allow entry to remote attackers.

An air gapped computer can be thought of as just a special, very limited, kind of air gapped network: a ‘network’ with only one device, in which all external network connections are disabled, and – again – data transfer in or out of the system requires physically plugging in some other device to a port on the air gapped machine. To effectively air gap such a device, WiFi and Bluetooth must be turned off and any ethernet cable unplugged. There must also be no wired connections to other computers or devices unless they are also similarly air gapped.

Advantages & Challenges of an Air Gapped Network

On the face of it, being invisible to attackers searching the public internet for devices vulnerable to remote attacks seems like a huge security advantage. It certainly increases the risk and effort for threat actors wishing to attack such devices because, without internet connectivity, air gapped systems cannot be compromised without physical access, either directly with the device itself or indirectly via compromising another device that may temporarily have physical access.

This makes air gapping attractive in certain situations such as critical infrastructure operations like nuclear power plants, water plants and other industrial systems. Sensitive business and financial data, such as payment and control systems, can also benefit from air gapped environments if they do not need an internet connection. Military networks carrying classified information and healthcare organizations operating certain kinds of medical equipment are other obvious candidates for air gapping.

In some cases, businesses may need to operate legacy software that will only run on old, vulnerable devices. Such software can be used with less risk if the computer is disconnected from all internet services and other external network connections.

However, there are challenges with using air gapped systems safely. Working in an air gapped environment can be inconvenient for computer operators. Complete separation from all external data severely limits what can usefully be accomplished in an air gapped environment, particularly for tasks that require live or frequent data updates.

For the vast majority of computer tasks, data will need to be ingested at certain times, and similarly data processed on an air gapped computer or device may need to be transferred elsewhere to make it useful or available to others who need it.

It is this transfer of data that presents the greatest risk. That risk is increased when those using air gapped systems have a false sense of security that the network is inherently safe because of its lack of internet connectivity.

The integrity of the air gap is only maintained when the means of data transport in and out of the environment are equally subject to the highest levels of security. In practice, the integrity of air gapped networks has proven to be extremely difficult to maintain without the help of added security controls.

How Secure Are Air Gapped Networks?

Because of the difficulty of maintaining an effective air gap, it is not surprising that threat actors have found ways to attack air gapped computers. Perhaps the most notorious example was the Stuxnet attack. which was designed to target Iran’s nuclear program. Although it was discovered in 2010, it is thought to have been in development since 2005.

At the time of discovery, the Stuxnet worm was a 500Kb program that infected the software of over 14 industrial sites in Iran. It targeted Microsoft Windows machines and spread on its own through USB drives plugged into the air gapped machines on the network. The result was Iran losing almost one-fifth of its nuclear centrifuges.

In 2016, researchers discovered the Project Sauron malware, which attacked air gapped and other networks via a poisoned USB installer. Project Sauron was reportedly discovered on networks belonging to more than 30 organizations in the government, scientific, military, telecoms and financial sectors.

In 2019, researchers discovered the Ramsay framework, a cyber-espionage toolkit that was tailored to target air gapped networks. The malware used a number of infection techniques, from exploiting remote code executions in software like MS Word to trojan installers of popular software like 7zip. Ramsay collected data and stored targeted data in special archives that contained a marker for “control” software: presumably, attacker-controlled programs intended to be introduced to the target network separately by either a human operator or an infected USB device and retrieved at a later date.

Both nation-state actors and researchers have developed more esoteric means of attacking air gapped networks. Cottonmouth-1 is a USB hardware implant that can provide a wireless bridge into an air gapped computer if physically connected by an intruder or malicious insider. Researchers have also repeatedly shown how air gapped networks can be breached through various electromagnetic signals, from FM and cellular radio waves to thermal and NFC signals that can carry up to 100 metres. These include:

  • LED-it-Go – using an HDD’s activity LED
  • USBee – emitting signals from a USB’s data bus
  • AirHopper – using the GPU card to emit signals to a nearby mobile phone
  • Fansmitter – using sounds emanated by a computer’s GPU fan
  • BitWhisper – exfiltrating data via using thermal emissions
  • GSMem – using GSM cellular frequencies
  • aIR-Jumper – hijacking a security camera’s infrared capabilities
  • PowerHammer – stealing data using power lines
  • AiR-ViBeR – stealing data using a computer’s fan vibrations

The Solution

When looking at how to protect air gapped computers, the obvious question is: what kind of security software can keep up with novel threats without itself needing to break the air gap? Legacy AV solutions typically need to retrieve signatures for newly-discovered malware on a regular basis. Some so-called next-gen solutions rely heavily on their ability to send telemetry to the cloud and analyze it off-device. Neither is going to work when your primary security posture requires no internet connectivity.

The answer to these problems is an on-device behavioral AI that can detect, protect and remediate malware, ransomware and device-based attacks from peripherals like USB drives autonomously. A solution such as SentinelOne can operate independently of internet connectivity to detect both known and novel malware based on behavior rather than file identity.

If you would like to learn more about SentinelOne and advanced network security, contact us for more information or request a free demo.

KEET Roundy Kid’s Chair – A Safe Choice For Your Little One!

Parents wanting the best for their children cannot be blamed. Therefore it is no wonder that they prefer buying extra toys and furniture for their kids instead of spending on themselves. From cribs to high wooden chairs, parents can go beyond limits searching for top-quality goods for their little ones. This article will focus on trusted children chairs by KEET.

Take a look at these cute and fun chairs for your child. They are made of the finest quality, safe materials, and they make perfect furniture for children.

KEET Roundy Kid’s Chair

A very safe and stable chair for your child to eat or draw or paint. It is a must-buy for parents with toddlers. A simple yet sturdy design, the KEET Roundy Kid’s Chair will withstand your little one’s constant need to get up and down from the seat. The chair has a simple structure – easy to clean and maintain. The seat is quite strong, so your child will enjoy sitting in it, but at the same time very gentle on the legs of a newborn baby.

KEET Roundy Kid’s Chair is a classic design that can be used from babyhood all the way to toddlerhood. It has been designed for children from 0-3 years old, and it can support up to 34 lbs weight. The armrests are perfect in size, and they come with extra padding for your child’s comfort.

KEET Roundy Chair is recommended by pediatricians! It was designed according to ergonomics and safety standards and has won several awards. Some of them include: “The Best Toy Award” in Japan, “Best of NeoCon,” and many others. KEET Roundy Chair is designed by the famous designer Karim Rashid, a parent himself, so he understands parents’ concerns when they pick out toys and furniture for their little ones.

KEET Roundy Kid’s Chair is the perfect chair for your child! It is simple, fun, and safe! You can also get one of those as a Christmas present for an expecting mom.

Why Is KEET Roundy Kid’s Chair So Popular?

KEET Roundy Kid’s Chair is so popular among parents because:

  • it comes in vibrant, fun colors.
  • The chair has a very simple design.
  • Its ergonomics are also beneficial to the child’s health.
  • KEET Roundy Kid’s Chair is designed according to safety requirements and standards set by organizations like CPSC and JPMA.
  • KEET Roundy Kid’s Chair is comfortable and safe
  • The chair has armrests that are the perfect size for toddlers.
  • Your child can feel secure when sitting on this chair – it’s sturdy!
  • Soft padding protects your child’s arms, legs, and back from any possible discomfort.
  • KEET Roundy Kid’s Chair is also easy to clean. The round seat is removable.

Choose The Best KEET Roundy For Your Child

KEET Roundy Kid’s Chair is available in multiple versions. The most classic of them all is the single Keet Roundy Children’s Chair in Microsuede. It comes in a wide range of colors, so you can choose whichever fits your home or your taste best. If you want to be truly original and creative when decorating your kid’s room – get two different chairs! Kids love bright objects that have their unique touch.

The same chair is also available in different materials:

  • The KEET Roundy Faux Fur version features a stylish cowhide print.
  • The KEET Roundy Gingham version is pretty and stylish. It’s a great addition to any decor, and it will look adorable in your child’s room.
  • KEET Roundy is also available in denim fabric.

The KEET Roundy kids chair family has a lot more to offer! For extra comfort, pick Roundy with a matching Ottoman. KEET Roundy with Ottoman is perfect for your daily needs or for watching TV with your kid. It has the same bright colors as Roundy Chair, and it can make a perfect addition to any room’s decor. This ottoman is also made of top-quality materials, so you don’t have to worry about its durability.

If you need to scale up your child’s room – get a KEET Roundy children’s sofa! This sofa is perfect for lounging, playing video games, or watching TV. It has all the great features of the Roundy Chair – it’s comfortable, safe, sturdy, and colorful!

Most comfortable kids’ chairs

On ComfyBummy.com, you can find more kids’ chairs and other recommendations.
We know what it’s like to be a parent. That’s why we put together this website so that you can find everything you need in one place. Whether looking for trendy bean bag chairs, comfortable rocking chairs, or fun play tables – look no further because Comfy Bummy has everything you need.

The post KEET Roundy Kid’s Chair – A Safe Choice For Your Little One! appeared first on Comfy Bummy.

Backdoor macOS.Macma Spies On Activists But Can’t Hide From Behavioral Detection

As we reported in our Deeper Dive into macOS.Macma on Monday, a suspected Chinese-backed APT has been discovered spying on Mac-using activists and journalists with a custom-built Backdoor. The malware appears to have been crafted primarily to target Mac users running macOS 15 Catalina and visiting certain websites related to the ongoing pro-democracy activism in Hong Kong. In one version of the attack, the threat actors leveraged vulnerabilities in macOS itself to drop the Macma payload. In another, the threat actors relied on social engineering and a trojan installer to infect devices. In this post, we explain more about how macOS.Macma works, how to detect it, and how to protect against it.

Overview of Backdoor macOS.Macma

The Backdoor macOS.Macma is a malicious payload discovered by Google TAG in August, 2021 and disclosed in November, 2021. It appears to have been developed over a number of years and comes in two versions. In the more recent version, the threat actors leveraged what was at the time a remote code execution (RCE) 0-day in WebKit and a local privilege escalation (LPE) in the XNU kernel in order to drop the Macma payload with root privileges on unsuspecting Mac users in a watering hole campaign. In the earlier version, the threat actors rely on social engineering to trick users into running a trojan app that drops a similar payload.

The trojan, which appears to date from at least 2019, contains several malicious binaries and a shell script in its Resources folder. The shell script is responsible for installing and running the “client” binary (also in the Resources folder). A similar executable is also called by the persistence agent dropped in the User’s ~/Library/LaunchAgents folder, and which executes in the background every time the user logs in to their account.

Macma kills any earlier instance of itself before “reloading”

In the later 2021 version, the installation details are handled by a malicious payload executed in-memory thanks to the watering hole attack described by Google TAG.

In both versions, the LaunchAgent and the payload use the same persistence label and executable file paths:

~/Library/LaunchAgents/com.UserAgent.va.plist
~/Library/Preferences/UserAgent/lib/UserAgent

Both versions also drop further components–including the keylogger module, kAgent–at another location:

~/Library/Preferences/Tools/

In the 2021 version, we can see that the same routines used in the 2019 version’s shell script are now encoded in the installer binary; this includes the aforementioned unloading and loading of the persistence agent.

Macma uses launchctl to load its persistence agent

The installer then goes on to set up various UDP and TCP sockets for connectivity through a DDS framework.

Strings extracted from the 2021 version of macOS.Macma

With regards to the keylogger and other spyware components, note that in 10.14 Mojave, Apple introduced extended TCC protections to macOS such that any code attempting to access the user’s camera or microphone causes a user consent prompt. This mechanism was extended in macOS 10.15 Catalina to include keyboard input monitoring, such as a keylogger like kAgent might use.

macOS.Macma does indeed cause prompts to duly occur for Accessibility and the microphone (in our tests, only after logout and login), giving users at least some chance to recognize that these permissions are being sought.

TCC prompts occur after the user logs in again, post-infection
Access to the microphone and Accessibility can be revoked in System Preferences

Analysis of the code used by macOS.Macma reveals other indications of the spyware’s capabilities, which as well as keylogging and audio recording include device fingerprinting, screen capture, and file download.

Code disassembly shows some of the methods used by the Macma spyware

In our tests, only the keylogger component was called into action by the UserAgent binary. As we reported previously, the keylogger captures the user’s keystrokes and stores these in text files with Unix timestamps for names at ~/Library/Preferences/UserAgent/lib/Data/.

The keylogger is run automatically by the UserAgent binary

Two other binaries are deposited in the ~/Library/Preferences/Tools/ folder but do not appear to be initiated by the UserAgent. These are the “at” binary and the “arch” binary.

Spyware modules are dropped in a separate location from the main executable

The ‘at’ binary profiles the user’s system and gathers environmental data, including the CPU info and model, Mac address, hardware UUID, disk free space and available memory.

A summary of the ‘at’ binary’s main functionality

Meanwhile, the ‘arch’ binary serves primarily to take captures of all the user’s currently open windows and save these to disk, presumably for later exfiltration.

Disassembly of the captureScreen method in the arch binary

Aside from these files, the UserAgent also executes a remote .php script in-memory in order to gather the user’s IP address.

http://cgi1.apnic.net/cgi-bin/my-ip.php

How To Detect macOS.Macma Backdoor

While the XNU and WebKit vulnerabilities that allowed this spyware to be installed on unsuspecting users’ devices via a poisoned website have now been patched, it’s important to note that the malware could still be installed in other ways such as by social engineering, just as the earlier version was and most macOS malware in the wild typically is. The macOS.Macma payload, with the caveat of a few user prompts, will still work if the user can be manipulated into installing it even on a fully patched macOS install.

We also note that Apple’s built in XProtect scanner has not been updated to detect this malware as of the time of writing.

XProtect’s yara rules did not detect the macOS.Macma malware in our test

Apple’s built-in remediation software, MRT.app (Malware Removal Tool app), which runs at user login (among other times), also did not remove this infection on our test device after we logged out and logged back in again.

SentinelOne customers, however, are protected against macOS.Macma. The SentinelOne behavioral engine detects all the component binaries on execution.

The SentinelOne Management console alerts on macOS.Macma activity

In the demonstration video below, the agent policy is set to “Detect-only” in order to observe the malware’s execution.

For threat hunters and those without SentinelOne protection who wish to check for macOS.Macma infection, the following behavioral and file path indicators of compromise should help (where is replaced by the actual username of the account being investigated):

/Users//Library/Preferences/UserAgent/lib/UserAgent -runMode ifneeded
chmod 644 /Users//Library/LaunchAgents/com.UserAgent.va.plist
chmod 755 /Users//Library/Preferences/Tools/arch
chmod 755 /Users//Library/Preferences/Tools/kAgent
chmod u+s /Users//Library/Preferences/Tools/arch
chmod u+s /Users//Library/Preferences/Tools/kAgent
chown :staff /Users//Library/LaunchAgents/com.UserAgent.va.plist
chown :staff /Users//Library/Preferences/Tools
chown :staff /Users//Library/Preferences/UserAgent
chown :staff /Users//Library/Preferences/UserAgent/lib
launchctl load -w /Users//Library/LaunchAgents/com.UserAgent.va.plist
launchctl unload -w /Users//Library/LaunchAgents/com.UserAgent.va.plist
mkdir /Users//Library/Preferences/Tools
mkdir /Users//Library/Preferences/UserAgent
mkdir /Users//Library/Preferences/UserAgent/lib
rm -f /Users//start.sh
sh -c chown :staff "/Users//Library/Preferences/Tools"
sh -c chown :staff "/Users//Library/Preferences/UserAgent"
sh -c mkdir "/Users//Library/Preferences/Tools"
sh -c mkdir "/Users//Library/Preferences/UserAgent"

The appearance of the UserAgent binary in System Preferences’ Privacy pane, under both the Microphone and Accessibility panels, can also be used to check for infection. In addition, review the SentinelLabs macOS.Macma post for further information and IoCs.

How To Protect Against macOS.Macma

As we noted in our earlier post, some OS-specific vulnerabilities which allowed the threat actors to infect Mac users have been patched by Apple some months ago, and all users are highly encouraged to ensure they are on the latest patched version of Catalina 10.15 or higher.

In order to prevent infections like macOS.Macma, be sure to install a good behavioral AI engine that can recognize novel threats based on what they do. Legacy AV scanners that rely on known signatures or cloud reputation services alone will not be able to stop threats that have not previously been detected in the wild.

If you would like to learn more about how SentinelOne can protect your macOS, Linux, Windows and Cloud Workload installations, contact us for more information or request a free demo.

All About Cowhide: Best Kids Chairs To Lift Your Moo-d

We love a bit of cow furniture, but this time we’re going to take a look at some of the most fun kids’ stuff out there. Here are the kids’ chairs you never knew you needed, but once you find them, you just know there’s no other way! Let’s find out what your child will absolutely adore!

Cowhide Kids Chairs – As Good As It Gets

There is nothing that can compare with your typical cowhide chair. Great for home decoration and kids’ play, this little cutie will look fantastic in any children’s room! Kids simply love it because of its fun design, but their parents love it too – because cowhide is soft to touch and easy to maintain.

Cowhide is one of those rare pieces you will want to decorate your whole place with, as it goes really well with almost any style and color scheme. And the best part: kids can use their imagination and build a little cowhide town together! What’s not to like about this?

You can find either chairs with cowhide pattern or kids’ chairs that look like friendly cows themselves.

Linon Home Décor Linon Draper Linen Cow Print Office Chair

Sometimes, all you need to do is add a small detail in your child’s room to bring the whole room together. And that little detail can be this black and white cowhide chair! We love it because of its vintage look, but we know that kids simply adore sitting on it!

This office chair is sturdy, easy to clean, and can be simply moved around the house. It’s a perfect chair that will elevate your child to a proper level – not too high and not too low.

Pacific Play Tents Milky The Cow Chair

Are you looking for something that can be used both indoors and outdoors? If so, then this little cutie is just what you need! Milky The Cow Chair is a bright addition to any playroom or backyard. Your kids will love sitting on it all day long, having fun, and enjoying their time playing with their friends!

It’s easy to clean and very comfortable – an ideal pick for kids over 3 years old.

Fantasy Fields – Happy Farm Animals Thematic Kids Wooden Cow Chair

This cowhide chair is an excellent gift for any child who takes an interest in animals. It’s a perfect addition to your kid’s farm or zoo.

Kids will simply adore this wooden cow chair, as its design was created with children’s needs in mind – meaning that it’s both safe and comfortable. You can also use it as a decoration piece in your child’s room – after all, this cow’s design is very appealing and simply beautiful!

This wooden chair is neutral yet fun and bright enough to look amazing in any children’s room. Kids will love it because of its fun design, but parents will too – knowing that their children are sitting on a safe and reliable chair.

This kid’s wooden cow chair is weather-resistant, which means you can use it both indoors and outdoors!

Trend Lab Children’s Plush Cow Character Chair for Kids and Toddlers’

What could be better than a cow plushie? An actual cow plushie chair! This life-sized cuddly toy is not only very comfy but also a great addition to your kid’s room. They’ll love snuggling up on it, having fun, and playing all day long with their friends.

It’s not only safe for kids but also made of 100% polyester, which is very soft to touch. You can tell that your children will feel comfortable sitting on it!

iPlay, iLearn Cow Furniture Stool for Toddlers and Kids

iPlay, iLearn cow furniture stool is an excellent addition to your kids’ playroom, bedroom, or even kitchen! It adds a fun vibe to the whole house and makes everything look so much better!

It’s safe for kids, easy to clean, and very comfortable. Your children will love it because of its simple design and vivid color scheme.

Cowhide Kids Chair

We hope that we have managed to help you choose the perfect cowhide chair for your kids. No matter which chair you choose, it’s always better to know that your children are sitting on a safe and reliable chair rather than something cheap. We wish you tons of joy and a-moo-sement with your purchases!

The post All About Cowhide: Best Kids Chairs To Lift Your Moo-d appeared first on Comfy Bummy.

Tech CEO Pleads to Wire Fraud in IP Address Scheme

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.

In 2018, the American Registry for Internet Numbers (ARIN), which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean, notified Charleston, S.C. based Micfo LLC that it intended to revoke 735,000 addresses.

ARIN said they wanted the addresses back because the company and its owner — 38-year-old Amir Golestan — had obtained them under false pretenses. A global shortage of IPv4 addresses has massively driven up the price of these resources over the years: At the time of this dispute, a single IP address could fetch between $15 and $25 on the open market.

Micfo responded by suing ARIN to try to stop the IP address seizure. Ultimately, ARIN and Micfo settled the dispute in arbitration, with Micfo returning most of the addresses that it hadn’t already sold.

But the legal tussle caught the attention of South Carolina U.S. Attorney Sherri Lydon, who in May 2019 filed criminal wire fraud charges against Golestan, alleging he’d orchestrated a network of shell companies and fake identities to prevent ARIN from knowing the addresses were all going to the same buyer.

Each of those shell companies involved the production of notarized affidavits in the names of people who didn’t exist. As a result, Lydon was able to charge Golestan with 20 counts of wire fraud — one for each payment made by the phony companies that bought the IP addresses from ARIN.

Amir Golestan, CEO of Micfo.

On Nov. 16, just two days into his trial, Golestan changed his “not guilty” plea, agreeing to plead guilty to all 20 wire fraud charges. KrebsOnSecurity interviewed Golestan about his case at length last year, but he has not responded to requests for comment on his plea change.

By 2013, a number of Micfo’s customers had landed on the radar of Spamhaus, a group that many network operators rely upon to help block junk email. But shortly after Spamhaus began blocking Micfo’s IP address ranges, Micfo shifted gears and began reselling IP addresses mainly to companies marketing “virtual private networking” or VPN services that help customers hide their real IP addresses online.

But in a 2020 interview, Golestan told KrebsOnSecurity that Micfo was at one point responsible for brokering roughly 40 percent of the IP addresses used by the world’s largest VPN providers. Throughout that conversation, Golestan maintained his innocence, even as he explained that the creation of the phony companies was necessary to prevent entities like Spamhaus from interfering with his business going forward.

Stephen Ryan, an attorney representing ARIN, said Golestan changed his plea after the court heard from a former Micfo employee and public notary who described being instructed by Golestan to knowingly certify false documents.

“Her testimony made him appear bullying and unsavory,” Ryan said. “Because it turned out he had also sued her to try to prevent her from disclosing the actions he’d directed.”

Golestan’s rather sparse plea agreement (first reported by The Wall Street Journal) does not specify any sort of leniency he might gain from prosecutors for agreeing to end the trial prematurely. But it’s worth noting that a conviction on a single act of wire fraud can result in fines and up to 20 years in prison.

The courtroom drama comes as ARIN’s counterpart in Africa is embroiled in a similar, albeit much larger dispute over millions of wayward African IP addresses. In July 2021, the African Network Information Centre (AFRINIC) confiscated more than six million IP addresses from Cloud Innovation, a company incorporated in the African offshore entity haven of Seychelles (pronounced, quite aptly — “say shells”).

AFRINIC revoked the addresses — valued at around USD $120 million — after an internal review found that most of them were being used outside of Africa by various entities in China and Hong Kong. Like ARIN, AFRINIC’s policies require those who are leasing IP addresses to demonstrate that the addresses are being used by entities within their geographic region.

But just weeks later, Cloud Innovation convinced a judge in AFRINIC’s home country of Mauritius to freeze $50 million in AFRINIC bank accounts, arguing that AFRINIC had “acted in bad faith and upon frivolous grounds to tarnish the reputation of Cloud Innovation,” and that it was obligated to protect its customers from disruption of service.

That financial freeze has since been partially lifted, but the legal wrangling between AFRINIC and Cloud Innovation continues. The company’s CEO is also suing the CEO and board chair of AFRINIC in an $80 million defamation case.

Ron Guilmette is a security researcher who spent several years tracing how tens of millions of dollars worth of AFRINIC IP addresses were privately sold to address brokers by a former AFRINIC executive. Guilmette said Golestan’s guilty plea is a positive sign for AFRINIC, ARIN and the three other Regional Internet Registries (RIRs).

“It’s good news for the rule of law,” Guilmette said. “It has implications for the AFRINIC case because it reaffirms the authority of all RIRs, including AFRINIC and ARIN.”

Pedicure Chair For Kids: Is It Worth The Splurge?

Pedicures are very common worldwide. Although professional pedicures are not recommended for people under 18, that doesn’t mean that parents can’t get their children a little bit of pampering as well. Is it worth splurging on a pedicure chair for your kids? Or can you choose a cheaper option, and will it do the trick?

What Are Pedicure Chairs Used For?

Pedicure chairs are generally made to be comfortable and to make the pedicure process easier. When thinking of comfort, you can get it all – accessories to get your feet cleaned, massagers for your back, and even music systems.

Pedicure chairs are commonly used in the salon or spa setting. They are perfect for getting a foot massage while giving yourself some UV light treatment for your nails. Most of them also come with extra tools that can be used for many beauty treatments.

Why Should I Get A Pedicure Chair For Kids?

It doesn’t take a lot to convince parents that they should get their children everything that makes them comfortable. A pedicure chair is a perfect gift for kids, especially when your son or daughter starts getting anxious over shaving and cutting nails. It can be challenging to keep them in one place for too long, so why not give them something comfortable to sit on?

What Is The Downside Of Buying Kids’ Pedicure Chairs?

While it is an excellent investment, there are a few considerations you have to keep in mind. First of all these chairs might look nice and comfortable but they also cost a lot more than your regular chairs. It’s not just a matter of buying a high-quality chair; it also has to be the proper size for your children.

Why Go For A Pedicure Chair For Kids?

We must never neglect our own needs and comfort just to serve others no matter what we do. When it comes to treatments and pampering sessions, you can get them all without leaving your home. There are some great deals for spa equipment for your own use. You can also get beautiful pedicure chairs that come with all the bells and whistles.

The parents who have already bought their kids these chairs are satisfied with how it turned out to be a perfect gift. Not only do they give themselves great treatments, but there are no more tears and screams while others try to cut their nails. Pedicure chairs for kids are comfortable, safe, and stylish too.

All in all, it is a good investment for your child’s future. It not only makes the pedicure easier but will help you bond with your children as well. There are so many kid-friendly designs available nowadays that you have plenty of options to choose from.

An economically friendly buy would be a pedicure chair which can be adjusted for both kids and adults. That way, everyone in the family can take advantage of it!

See what the best pedicure chairs for kids on the market are:

  • Happybuy Hydraulic Lift Adjustable Spa Pedicure Chair – There are many reasons to love this chair! First of all, the price is just right. For what you pay, it comes with so much more than you can expect – adjustable height, durable design, and waterproof cushions for easy cleaning. It has a tremendous hydraulic lift, making it perfect even for tall individuals or those who simply want to stretch out. The chair rocks and reclines, making it more comfortable than you can imagine.
  • Lorvain Pedicure Chair Stool with Footrest – This model is an excellent choice because not only it looks really elegant, but the design allows for maximum convenience. The footrest is adjustable and can be easily removed. It also has wheels which makes it easy to move around the house.
  • Kids Pedicure Chair PINK SLEEPING BEAUTY – Everyone loves fairy tales, so why not give your daughter her own salon experience? This model looks like a piece from a storybook and provides everything you need for the perfect kid spa session. It has comfortable seating, temperature control, and safety locks to ensure that it doesn’t move around when in use.

Whether you like one of these for yourself or your child is up for personal preference. All of these are great quality products that offer the same services as salon chairs. They are just more convenient, have the latest technology, and easily move around when needed. With these in your home salon, you can provide treatment for everyone in the family, no matter if they are young or old.

The post Pedicure Chair For Kids: Is It Worth The Splurge? appeared first on Comfy Bummy.

Hoax Email Blast Abused Poor Coding in FBI Website

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

The phony message sent late Thursday evening via the FBI’s email system. Image: Spamhaus.org

Late in the evening on Nov. 12 ET, tens of thousands of emails began flooding out from the FBI address eims@ic.fbi.gov, warning about fake cyberattacks. Around that time, KrebsOnSecurity received a message from the same email address.

“Hi its pompompurin,” read the missive. “Check headers of this email it’s actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks.”

A review of the email’s message headers indicated it had indeed been sent by the FBI, and from the agency’s own Internet address. The domain in the “from:” portion of the email I received — eims@ic.fbi.gov — corresponds to the FBI’s Criminal Justice Information Services division (CJIS).

According to the Department of Justice, “CJIS manages and operates several national crime information systems used by the public safety community for both criminal and civil purposes. CJIS systems are available to the criminal justice community, including law enforcement, jails, prosecutors, courts, as well as probation and pretrial services.”

In response to a request for comment, the FBI confirmed the unauthorized messages, but declined to offer further information.

“The FBI and CISA [the Cybersecurity and Infrastructure Security Agency] are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,” reads the FBI statement. “This is an ongoing situation and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.”

In an interview with KrebsOnSecurity, Pompompurin said the hack was done to point out a glaring vulnerability in the FBI’s system.

“I could’ve 1000% used this to send more legit looking emails, trick companies into handing over data etc.,” Pompompurin said. “And this would’ve never been found by anyone who would responsibly disclose, due to the notice the feds have on their website.”

Pompompurin says the illicit access to the FBI’s email system began with an exploration of its Law Enforcement Enterprise Portal (LEEP), which the bureau describes as “a gateway providing law enforcement agencies, intelligence groups, and criminal justice entities access to beneficial resources.”

The FBI’s Law Enforcement Enterprise Portal (LEEP).

“These resources will strengthen case development for investigators, enhance information sharing between agencies, and be accessible in one centralized location!,” the FBI’s site enthuses.

Until sometime this morning, the LEEP portal allowed anyone to apply for an account. Helpfully, step-by-step instructions for registering a new account on the LEEP portal also are available from the DOJ’s website. [It should be noted that “Step 1” in those instructions is to visit the site in Microsoft’s Internet Explorer, an outdated web browser that even Microsoft no longer encourages people to use for security reasons.]

Much of that process involves filling out forms with the applicant’s personal and contact information, and that of their organization. A critical step in that process says applicants will receive an email confirmation from eims@ic.fbi.gov with a one-time passcode — ostensibly to validate that the applicant can receive email at the domain in question.

But according to Pompompurin, the FBI’s own website leaked that one-time passcode in the HTML code of the web page.

A screenshot shared by Pompompurin. Image: KrebOnSecurity.com

Pompompurin said they were able to send themselves an email from eims@ic.fbi.gov by editing the request sent to their browser and changing the text in the message’s “Subject” field and “Text Content” fields.

A test email using the FBI’s communications system that Pompompurin said they sent to a disposable address.

“Basically, when you requested the confirmation code [it] was generated client-side, then sent to you via a POST Request,” Pompompurin said. “This post request includes the parameters for the email subject and body content.”

Pompompurin said a simple script replaced those parameters with his own message subject and body, and automated the sending of the hoax message to thousands of email addresses.

A screenshot shared by Pompompurin, who says it shows how he was able to abuse the FBI’s email system to send a hoax message.

“Needless to say, this is a horrible thing to be seeing on any website,” Pompompurin said. “I’ve seen it a few times before, but never on a government website, let alone one managed by the FBI.”

As we can see from the first screenshot at the top of this story, Pompompurin’s hoax message is an attempt to smear the name of Vinny Troia, the founder of the dark web intelligence companies NightLion and Shadowbyte.

“Members of the RaidForums hacking community have a long standing feud with Troia, and commonly deface websites and perform minor hacks where they blame it on the security researcher,” Ionut Illascu wrote for BleepingComputer. “Tweeting about this spam campaign, Vinny Troia hinted at someone known as ‘pompompurin,’ as the likely author of the attack. Troia says the individual has been associated in the past with incidents aimed at damaging the security researcher’s reputation.”

Troia’s work as a security researcher was the subject of a 2018 article here titled, “When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?” No doubt this hoax was another effort at blurring that distinction.

The Good, the Bad and the Ugly in Cybersecurity – Week 46

The Good

In recent weeks, we’ve had the pleasure to report on some high-profile cybercrime arrests. That trend continues this week as FBI Director Christopher Wray announced another arrest and charges laid against two individuals for deploying REvil ransomware.

Ukrainian Yarolsav Vasinskyi, 22, was arrested in Poland after an international effort spanning law enforcement and private security companies across several countries. Vasinskyi is charged with having been a material participant in multiple REvil-centric attacks, including the devastating attacks on Kaseya. In addition, the Justice Department announced charges against Russian national Yevgeniy Polyanin, 28, and the seizure of $6.1 million in maliciously-obtained funds.

Based on the unsealed court documents, Vasinskyi was directly involved in the attack on Kaseya, which took place in early July 2021. This attack exploited Kaseya’s established infrastructure to distribute REvil ransomware and subsequently cripple a devastating amount of machines.

The attack on Kaseya was a sobering reminder of how relentless these ransomware attackers can be. Many of the affected businesses and individuals will likely still be recovering from the economic damage for years to come. We applaud the continued efforts by law enforcement and the private sector to hunt down and eliminate these criminal threats. Cheers to the good guys, and lets hope this trend continues!

The Bad

A recent Cl0p ransomware campaign struck a sizable blow to the privacy of many. The British company Stor-a-File was the unfortunate target of an attack by Cl0p in September of this year. This is particularly concerning given the business that Stor-a-File is in. They are constantly dealing with sensitive documents and processing them for a variety of customers including those in the medical business. To date, Stor-a-File has refused to pay the attackers, which is an admirable decision. However, as a result, there has been some leakage of data on the Cl0p blog.

An important aspect to note in this attack is the initial access vector. According to current intelligence, first stage access was obtained via well-known weaknesses in the SolarWinds Serv-U FTP software. This particular vulnerability is a favorite of Cl0p operators. According to a statement from Stor-a-File, “the incident is limited to the small number of records we hold electronically”, and since the incident, the company has patched exposed systems.

Ransomware operators will continue to target vulnerabilities that work, and this incident is a timely reminder that just because a vulnerability drops out of the news cycle, it does not mean it has gone away. Unfortunately, we get new vulnerabilities to worry about every day, which compounds the issue. But at the end of the day, we all have to be extra vigilant and make sure we understand our environment, have adequate and required visibility, and protect those systems which we deem the most ‘critical’.

The Ugly

This week saw disclosure of a critical vulnerability in the Palo Alto GlobalProtect firewall. The flaw, identified as CVE-2021-3064, is a memory corruption vulnerability (stack-based buffer overflow) in the GlobalProtect portal and gateway interfaces.

Upon successful exploitation, a remote attacker may potentially gain access to a root shell, and thus unfettered access to the target systems. Exploitation can be achieved remotely, without the need for any authentication.

The issue affects PAN-OS 8.1 prior to 8.1.17 on both virtual and physical firewalls. Gaining this level of access is extremely attractive to attackers. Beacheading in a network appliance (such as a firewall) allows for a very well detailed view of the adjacent network, along with the necessary access to extend beyond that initial host. Estimates vary as to the number of devices affected; there could be anywhere between 10,000 and 70,000 exposed devices on the public internet.

The flaw was discovered by the Randori Attack Team and subsequently disclosed to Palo Alto, which responded with advisories and patches for the affected systems. We encourage all those who may be exposed, or are seeking more information, to review Palo Alto’s advisory.