The Good, the Bad and the Ugly in Cybersecurity – Week 11

The Good

This week was full of cybersecurity news related to the war in Ukraine and Russian threat activity. While the ongoing conflict remains quite horrific, and at times difficult to find any “good” in, we can thank the Security Service of Ukraine (SBU) for their work.

On Tuesday the 15th, SBU publicly announced the arrest of an individual supporting the Russian mobile communications network while in Ukraine, and the targeting of Ukraine Officers in an attempt to persuade them to surrender.

According to the Telegram post from the SBU, the individual has made up to a thousand calls facilitating the Russians’ communication. Russian leadership and fighters alike continue to communicate with unencrypted channels, such as VHF radios and mobile phones.

A review of the images released by SBU have been analyzed by various professionals, who highlighted the fact that this equipment should not have been used in a military environment being vulnerable to detection and tracking. In some cases, the reliance of Russian troops on the Ukrainian mobile network may have been caused by them destroying 3G towers, then forcing them to begin using unencrypted radios.

Taking all of this into account, it acts as a simple example of the importance of communication planning during coordinated engagements. The same could be said for defenders as well, including even those of network defenders and incident responders.

The Bad

There continues to be a large flow of bad news in the cyber domain this week, again particularly on the topic of the Ukraine conflict. As noted in our recent webinar, the amount of new intrusions, attacks, and the confusion of many of the actors behind them, can make it easy to miss the little events occurring which can impact businesses globally.

This week, SentinelOne published the identification of new UAC-0056 activity targeting Ukraine with fake translation software. The research attributed the activity to a cluster of UAC-0056 threat actor activity reported by UA-CERT in the days prior.

This malicious activity originated through a large program masquerading as Ukrainian language translation software, leading to the infection of GrimPlant and GraphSteel malware families. Interestingly, the research also identified that the threat actor began building the infrastructure around this campaign in at least December 2021 – earlier than previously known, and showcasing some pre-invasion preparation from the threat actor.

UAC-0056 is the threat actor title assigned by the Ukrainian CERT, while others in the industry have titled them UNC2589, TA47, and SaintBear to name a few. Current working knowledge is that this actor is either responsible for, or closely related, to the WhisperGate activity in early January 2022 impacting government agencies in Ukraine. As with all events occurring around the conflict, new details are expected to emerge and shift the understanding of many known events.

The Ugly

On a more ugly note this week, we have the identification of the Cyclops Blink malware impacting Asus routers and operating as a larger-than-known botnet for one of the most notorious destruction-fueled threat actors known – Sandworm. Additionally, the researchers observed evidence of at least two hundred victims in the US, Russia, Canada, and Italy.

As we reported previously, Cyclops Blink was found targeting WatchGuard Firebox network devices last month, but now researchers have discovered the malware targeting Asus and likely other home and small-business networking equipment manufacturers, too. The researchers note that the same code was used in attacks on Asus and WatchGuard boxes, and simply recompiled for the brand of interest.

Cyclops Blink can read and write from the router’s flash memory, which is used to store the operating system and configuration, among other files. It reads 80 bytes from the flash memory, writes that to the main pipe, and enters a loop to wait for a command to replace the partition content. The replacement is achieved by erasing the NAND eraseblocks and then writing the new content to them. Crucially, since the content of the flash memory is permanent, Cyclops Blink can use this method to establish persistence and survive factory resets.

Currently, the intent of Cyclops Blink remains unclear. However, IoT devices are increasingly a major target for attackers interested in all manner of cyber objectives, from DDoS to espionage. Cyclops Blink’s focus on home and small-office networks devices is particularly concerning as it suggests the operators are interested in casting a wide net and gaining victims at scale.

Bringing Identity to the Era of XDR

Today, protecting “the who” is just as important as “the what”. Cybersecurity is getting personal.

For the past 20 years, I’ve dedicated my professional career to the field of cybersecurity. It lives at the center of technology, digitizing society, government, commerce, individual rights, creativity, and the future. For most of this time, I’ve worked with the world’s largest enterprises to help secure “the what.” Let me explain.

The fundamental technology shift that impacted my life was the Internet. I vividly remember a world pre-Internet: everything was human-powered. You called a travel agent to book a flight. You went to the library or a bookstore to locate a book. You learned in a classroom with a live teacher (or you missed school altogether). You read the newspaper to learn about what was happening in the world. You called someone and spoke to them to find out what job they were in and if they were looking for a new career. And you used a map to go from point a to b. The Internet changed everything. What we did stayed the same, but how we accomplished life’s tasks changed massively. The Internet era fueled the cybersecurity market, creating urgent need for securing “the what”.

Let me share my personal journey. My first step in cybersecurity was protecting the “what” – the Internet and how organizations wanted it used. I joined a web filtering firm and grew my career there. As a sales rep, I helped organizations make this new Internet a safe and managed medium for their employees. My teams and I sold this technology to companies and public organizations alike for a decade, yet the Internet was changing rapidly.

The Internet in this period became the ultimate playground for attackers. A new breed of criminals was born into the world. Instead of breaking into your house through the window or gaining access to a bank vault, this new generation of criminals used the web and its connectivity capabilities for access, theft, destruction, and misinformation. Cybercriminals learned how to weaponize webpages, files, email, and more, taking the digital connectivity that created so much good – and used it for evil. The first two decades of the new millennium transformed the very definition of security: it now included the digital dimension. Devastating, headline-grabbing hacks, one after the other, taught me that securing the Internet wasn’t enough. It was time to secure the device.

Securing every device that could connect to the Internet was the next chapter in my career. Securing devices was the new “what” for me. How we access the web fundamentally changed during this time: from clunky, slow, and complicated desktops to lightweight, portable, powerful devices. As a tech enthusiast, I’ve bought, tried, and used nearly every kind of computing device along the way. My journey in securing these things took me to several exciting places.

Advanced Network Security: A Short-Lived Cure

As I became more involved in the emerging threat landscape of the modern Internet, I moved to one of the largest cybersecurity companies in the world. They had made a series of acquisitions, including one that was highly interesting. It was a stealth startup that had taken appliance-based sandboxing technology and fused it with a novel way of static file analysis. This was a way of eliminating antiquated and ineffective antivirus signatures, detecting never-seen-before malicious executables – without any human intervention. Unfortunately, this was an on-premise, on-network only approach. The problem was computing devices were becoming mobile; they were off the protected corporate network as often as they were on it. Realizing that the idea was great but the architecture was already obsolete, I left the large vendor for a startup that was solving this very problem. It was the world’s first signatureless antivirus software, one that could run directly on a laptop or desktop – and work on or off the network.

Next-Generation Antivirus: Unfinished Business

At this iconoclastic company, we were on a mission to prove that not only was legacy antivirus ineffective – it was dead. From the ground up, I built a global go-to-market organization with the sole focus of replacing legacy AV with a new kind of technology which we coined “next-generation AV.” AI replaced signatures making this new “next-gen AV” predictive and incredibly effective. It was fulfilling and fun to succeed in securing the “what” – at least for a time. We secured devices: the technology worked, the team was terrific, and we won – not only against our competitors, but more importantly, against the adversaries. But the threat landscape shifted. A new class of malware called fileless attacks changed the threat landscape once again proving the age old adage that “nothing is 100% effective”. Radically improving protection efficacy was progress, however, these new types of attacks evaded the system. The market increasingly turned its attention to what NGAV was missing. Again, we hadn’t fully succeeded in protecting “the what.”

EDR to XDR: “The What” We Needed

It was time for EDR – endpoint detection and response – something that would fully secure “the what” – the device. I wanted to empower customers to protect against fileless attacks. In SentinelOne, I found an innovative company with the right technical foundation to solve this problem. I joined SentinelOne in 2017 because the technology was capable of prevention, detection, and response across all attack types – both file-based and fileless. It had the differentiation of being automated, shrinking the time between detection and response. It was time for a new kind of security, one that was instant, machine-powered, and autonomous. We took EDR beyond the Windows endpoint to a new world of “whats” – we took our platform to Mac and Linux, servers, the cloud, Kubernetes containers, mobile, IoT devices, and to data. We pioneered XDR – extended detection and response – with a platform that prevents, detects, and responds enterprise-wide. Securing “the what” is critical and a never-ending pursuit, but the era of XDR proves it’s finally possible.

Securing “The Who:” Why Attivo Networks?

More profoundly, over the past few years, “the what” coexists with a new reality: how and where we use technology is vastly different from before. And cybercriminals took note: with devices becoming much more protected, compromising “the who” became a focal point of getting to the device. And with more and more of our lives, access, and privileges accessible by password, I saw this need become a critical part of the XDR era: securing “the who”.

Identity is the new attack surface forming today’s organizational perimeter. We and our devices are constantly on the move. They must be kept malware-free and kept accessible by the right users at the right time. Securing the “who” and “what” have now become of equal importance in today’s digital era.

Today, the enterprise’s crown jewels are users. People use devices to access applications, cloud services, databases, websites, and more. Unsanctioned or compromised access has serious ramifications. Devices, networks, and data assets are just a click away with credential and Active Directory access.

Identity protection is now necessary. The new way we work and access data demands securing users and devices. We’ve witnessed supply chain attacks such as Kasaya and other breaches that involve Active Directory succeed in gaining unauthorized access. Every cybersecurity practitioner remembers the Zerologon vulnerability, leaving most organizations exposed. In addition, directory and identity system misconfigurations are too common, creating even more significant security gaps than code vulnerabilities themselves.

Our acquisition of Attivo Networks unifies identity security, identity infrastructure assessment, and cyber identity deception into our pursuit of securing “the what” and “the who.” Today, a comprehensive security program needs to do both. I couldn’t be more excited to welcome the Attivo team and their customers to the SentinelOne family.

On a personal note, I’m excited to combine securing “the what” and “the who.” I started this post by saying cybersecurity moves fast. From the invention of the Internet to today, we’ve made a lot of individual and societal progress: it’s time for cybersecurity to become personal. It’s time to protect “the who” and “the what” simultaneously. Why? Cybercriminals have brought the fight to identity. It’s now personal. And we’re here to help you and your people win.

Attivo’s Identity Suite
Ready to experience Attivo Networks, the market’s leading identity security suite?

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Researchers are tracking a number of open-source “protestware” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.

The upstart tracking effort is being crowdsourced via Telegram, but the output of the Russian research group is centralized in a Google Spreadsheet that is open to the public. Most of the GitHub code repositories tracked by this group include relatively harmless components that will either display a simple message in support of Ukraine, or show statistics about the war in Ukraine — such as casualty numbers — and links to more information on the Deep Web.

For example, the popular library ES5-ext hadn’t updated its code in nearly two years. But on March 7, the code project added a component “postinstall.js,” which checks to see if the user’s computer is tied to a Russian Internet address. If so, the code broadcasts a “Call for peace:”

A message that appears for Russian users of the popular es5-ext code library on GitHub. The message has been Google-Translated from Russian to English.

A more concerning example can be found at the GitHub page for “vue-cli,” a popular Javascript framework for building web-based user interfaces. On March 15, users discovered a new component had been added that was designed to wipe all files from any systems visiting from a Russian or Belarusian Internet address (the malicious code has since been removed):

Readers complaining that an update to the popular Vue-Cli package sought to wipe files if the user was coming from a Russian IP address.

“Man, I love politics in my APIs,” GitHub user “MSchleckser” commented wryly on Mar. 15.

The crowdsourced effort also blacklisted a code library called “PeaceNotWar” maintained by GitHub user RIAEvangelist.

“This code serves as a non-destructive example of why controlling your node modules is important,” RIAEvangelist wrote. “It also serves as a non-violent protest against Russia’s aggression that threatens the world right now. This module will add a message of peace on your users’ desktops, and it will only do it if it does not already exist just to be polite. To include this module in your code, just run npm i peacenotwar in your code’s directory or module root.”

Alex Holden is a native Ukrainian who runs the Milwaukee-based cyber intelligence firm Hold Security. Holden said the real trouble starts when protestware is included in code packages that get automatically fetched by a myriad of third-party software products. Holden said some of the code projects tracked by the Russian research group are maintained by Ukrainian software developers.

“Ukrainian and non-Ukrainian developers are modifying their public software to trigger malware or pro-Ukraine ads when deployed on Russian computers,” Holden said. “And we see this effort, which is the Russians trying to defend against that.”

Commenting on the malicious code added to the “Vue-cli” application, GitHub user “nm17” said a continued expansion of protestware would erode public trust in open-source software.

“The Pandora’s box is now opened, and from this point on, people who use opensource will experience xenophobia more than ever before, EVERYONE included,” NM17 wrote. “The trust factor of open source, which was based on good will of the developers is now practically gone, and now, more and more people are realizing that one day, their library/application can possibly be exploited to do/say whatever some random dev on the internet thought ‘was the right thing they to do.’ Not a single good came out of this ‘protest.’”

Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software

Overview

SentinelOne has identified new malicious activity we assess to be closely associated with the UAC-0056 (SaintBear, UNC2589, TA471) alert, in which the threat actor was observed targeting Ukraine with Cobalt Strike, GrimPlant, and GraphSteel. This previously undiscovered set of activity centers around a Python-compiled binary that masquerades as Ukrainian language translation software, leading to the infection of GrimPlant, and GraphSteel.

SentinelOne assesses UAC-0056’s GrimPlant and GraphSteel activity began in early February 2022, while preparation for its use began at least as early as December 2021.

Dictionary Translator

SentinelOne has identified two files with names and paths correlating to the GraphSteel and GrimPlant malware referred to in the report by CERT-UA.

C:Usersuser.java-sdkmicrosoft-cortana.exe d77421caae67f4955529f91f229b31317dff0a95
C:Usersuser.java-sdkoracle-java.exe ef5400f6dbf32bae79edb16c8f73a59999e605c7

The two files identified are Go binaries dropped by the executable 2a60b4e1eb806f02031fe5f143c7e3b7 (dictionary-translator.exe). Dictionary-translator is a Python compiled binary that functions as a 45 MB translation application. Notably, this file was first uploaded to VirusTotal on February 11th 2022.

Translation Application

The Dictionary-translator binary is downloaded from the potentially actor-controlled domain: hxxps://dictionary-translator[.]eu/program/dictionary-translator.exe.

On launch, the translator application drops and executes four malicious files. These correlate to those described in the report by the Ukrainian CERT, three by name and path and one by functionality and path.

Matched File Path UA-CERT Report Link (MD5)
UsersuserAppDataLocalTemptmpj43i5czq.exe 15c525b74b7251cfa1f7c471975f3f95
Usersuser.java-sdkjava-sdk.exe c8bf238641621212901517570e96fae7
Usersuser.java-sdkmicrosoft-cortana.exe 9ea3aaaeb15a074cd617ee1dfdda2c26
Usersuser.java-sdkoracle-java.exe 4f11abdb96be36e3806bada5b8b2b8f8

Post-Compromise Activity

Upon execution, the GraphSteel variant of the malware will run a set of reconnaissance and credential harvesting commands, again similar to those described in the report.

netsh wlan show profiles

[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime];$vault = New-Object Windows.Security.Credentials.PasswordVault;$vault.RetrieveAll() | % { $_.RetrievePassword();$_} | Select UserName, Resource, Password | Format-Table -HideTableHeaders

reg query HKCUSoftwareSimonTathamPuttySessions

Additionally, the malware achieves persistence by setting the current user’s registry CurrentVersionRun value to execute the Go downloader at logon:

Key: HKU%SID%SoftwareMicrosoftWindowsCurrentVersionRunJava-SDK
Value: Usersuser.java-sdkjava-sdk.exe -a FIAjtW4f+IgCUrs3hfj9Lg==

The variant discovered by SentinelOne attempts to connect to a different server using a similar pattern, attempting to establish a HTTP connection over port 443 to a single character letter URI: hxxp://91.242.229.35:443/i.

Clarification on Threat Actor UAC-0056

UAC-0056 has a history of public reporting but is most commonly known as UNC2589 (Mandiant) and TA471 (Proofpoint), among others. This actor is believed to be behind the WhisperGate activity in early January 2022 impacting government agencies in Ukraine. Based on our analysis, the actor was potentially building the infrastructure for the GrimPlant and GraphSteel campaign beginning in December 2021.

Timeline Demonstrating Known UAC-0056 Activity

Indicators of Compromise

IOC / SHA1 Description
dictionary-translator[.]eu Dictionary-translator.exe Download Server
91.242.229[.]35:443/i Go Downloader C2
3eec65c8ac25682d9e7d293ca9033c8a841f4958 Go Downloader
d77421caae67f4955529f91f229b31317dff0a95 GraphSteel Linked
ef5400f6dbf32bae79edb16c8f73a59999e605c7 GrimPlant Linked
3847ca79b3fd52b105c5e43b7fc080aac7c5d909 Dictionary-translator Program

Kids Teepee – The Gift You Have Been Looking For!

Do you have a little one who loves to play pretend? Or are you looking for the perfect gift for a unique child in your life? If so, then kids teepee is an excellent choice!

Kids teepees have gained popularity in recent years as a fun and unique way for kids to play. On top of being a blast to play in, the teepee can be a stylish addition to any child’s bedroom or playroom. Boho chic or rustic country, your child can have the decor to match their style.

We have searched high and low to bring you the best selection of kids’ teepees on the market. We have something for every taste and budget. Whether you are looking for a traditional white teepee or something more colorful, we have the perfect option for you!

Take a look at our top picks and find the perfect kids teepee for your little one today!

Best Kids Teepee – Our Top Picks

Kids Teepees make the perfect gift for any occasion. They are fun, unique, and sure to please any child. Order yours today and see the joy it brings!

Razee Teepee for Kids and Adults

The Razee Teepee is the perfect option for both kids and adults. It is big enough to accommodate up to 3 children or an adult. Measurements: 60” x 50” x 85”

It is made of sturdy cotton canvas – 100% natural and unpainted. The poles are made of natural pine wood and are also unpainted. The materials used to make this kids’ teepee are durable, comfortable, and free of chemical odors and harmful substances.

This teepee can be used both indoors and outdoors. It is easy to set up and take down, making it perfect for use at home or on the go. The Razee Teepee comes with a carrying case for easy transport.

LGMOONYE Foldable Teepee Tent for Kids Lace and Pompom Ball Design

This kid’s teepee melted our hearts! The lace and pompom ball design is so pretty and cute. The teepee is made of 100% cotton canvas with a wooden frame.

This children’s tent is made of 100% natural cotton canvas and sturdy pine wood. This Kids Teepee Tent is environmentally friendly, safe, and harmless to the human body, making it ideal for kids.

The teepee comes with a set of accessories that will surely help you make it cozier: floor mat and colored flag. A carry bag goes along with the teepee so that it can be easily transported. However, due to the adorable design and light color of the fabric, we recommend using this kids teepee only inside.

Measurements: 67.8″ x 47.3″ x 61″

Tiny Land Kids Teepee Tent

The Tiny Land Kids Teepee Tent is the perfect choice for any child. It can be used indoors and outdoors, and you can be sure that it will withstand the test of time.

The canvas of this kids teepee is heavier-duty, making it resistant to fading and tearing. The poles are made of natural pine wood. The look follows the high-quality: the gray stripes on the white teepee look great and make it easy to match any room decor.

Tiny Land Kids Teepee Tent comes with accessories: star string lights and a soft mat. That makes it more comfortable for kids and a very good deal.

Dimensions: 47″ x 47″x 63″

FURNIFE Kids Teepee Tent for Kids

FURNIFE Kids Teepee Tent is one of the best-rated kids teepees on Amazon. This teepee is made with top-quality and non-toxic polyester fabric (effortless to clean!) and safe wooden poles.

The teepee is lightweight and easy to assemble, yet very sturdy. The bright colors and fun designs will keep your child entertained for hours on end.

Razee Teepee Tent for Kids with Artificial Vines

This Razee Teepee Tent for Kids is a great choice for those looking for something special. The artificial vines make it look like a real teepee in the wilderness.

The materials used are the same as the previous model from the same brand: 100% natural and unpainted cotton canvas and pinewood poles. This one, however, is smaller in size: 70.9″ x 47.2″ x 47.2″.

This teepee can be used both indoors and outdoors. It comes with a carrying case for easy transport.

JoyNote Teepee Tent for Kids

JoyNote Kids Teepee is made of 100% pure natural breathable cotton canvas. The wood poles are pine and have been sanded to a smooth finish, making them safe for your child.

There are many lovely and one-of-a-kind accessories in this teepee:

  • Silicone sleeves on the bottom of the wood protect the floor and improve stability.
  • Cute pompom ball design.
  • The window parents can use to peep in on their kiddos.
  • The inner pocket to store small toys.

This teepee is easy to set up and take down, and it comes with a carrying case for easy transport.

Dimensions: 48.03″ x 48.03″ x 60″

RONG FA Teepee Tent for Children

This RONG FA Teepee Tent is made of high-quality and safe materials. The poles are made of natural pine wood, and the fabric is 100% cotton canvas.

Setting up and taking down this teepee is a breeze. It comes with a carrying case for easy transport. The RONG FA Teepee Tent is available in two colors: white and blue.

Dimensions: 47″ x 47″ x 60″

PLAYVIBE Kids Teepee Tent for Kids

The PLAYVIBE Kids Teepee Tent is perfect for kids who love to play pretend. It is made of high-quality materials and is safe for kids.

This teepee can be used indoors or outdoors. It is easy to set up and take down: all you need to do is attach canvas to the poles. This teepee comes with its carrying bag, making it easy to transport. Since the poles are made of plastic, the teepee is lightweight.

Dimensions: 48” x 48” x 71”

MountRhino Teepee Tent for Kids

Time for a color explosion! The MountRhino Teepee Tent is perfect for kids who love bright colors.

This teepee can be used indoors or outdoors. It is easy to set up and take down. It will take you just minutes! The flexible tent poles and in-ground stakes keep it in place for extra safety.

The material of this kids teepee is a two side mesh. The mesh allows for good ventilation and keeps the bugs out. It also gives parents a full view of what’s going on inside. The teepee also has a waterproof bottom.

The MountRhino Teepee Tent comes with a carrying case, making it easy to transport. It is also lightweight, making it perfect for taking on the go.

Dimensions: 44” x 44” x 61”

The MountRhino Teepee Tent for Kids is perfect for ages 2 and up and comes in two designs:

Why do kids love teepee?

Kids love teepees because they are a fun and unique place to play. Teepees provide a safe and private space for kids to explore their imaginations. They are also great for indoor or outdoor use, making them perfect for any weather. Kids can use them as a fort, playhouse, or even a bed on those rainy days.

What do you put in a kids teepee?

A kids’ teepee can be filled with all sorts of fun things. Some parents put in a small mattress and pillows for their kids to sleep in, while others fill it with toys and games. You can also put in a small table and chairs for your kids to use as a play area. This is a great way to keep them occupied and out of trouble. You can also personalize your teepee by adding family photos or special mementos.

Kids teepee checklist

How to make kids’ teepee cozy? Here is what you need:

  • small mattress
  • blankets
  • pillows
  • toys
  • games
  • fairy lights
  • decorations

There you have it! Your essential checklist to get you started on creating the perfect teepee for your kids. With a little bit of creativity and imagination, you can turn a simple teepee into a magical space that your kids will love.

What to play in the teepee? Teepee fun ideas

What you put in the kids’ teepee depends, of course, on the age of your kids. You might want to include some building blocks, stuffed animals, and books for younger children. Older kids might enjoy playing games like checkers or chess. You can also use the teepee as a place to read stories or watch movies together.

There are endless possibilities when it comes to playing inside a teepee. Here are some ideas to get you started:

  • Pirate Adventures: Arrr mateys! Shiver me timbers! Transform your teepee into a pirate ship and let your little ones sail the seven seas in search of buried treasure.
  • Princess Castle: Let your little princesses live out their dreams of being a fairy tale princess in their very own teepee castle.
  • Secret Agent Headquarters: With a few sheets and some streamers, you can turn your teepee into the ultimate secret agent headquarters. Give your kids spy gadgets and missions to complete inside.
  • Indoor Camping: Set up a mini camping trip right in your living room. Pitch a small tent inside the teepee and tell stories around the pretend campfire.
  • Reading Nook: Create a cozy space for your kids to curl up with their favorite books. Add some pillows, blankets, and plush toys for extra comfort.

These are just a few ideas to get you started. With a little bit of creativity, you can come up with all sorts of fun things to do in your kids’ teepee. Let their imaginations run wild!

What age are kids teepees for?

Kids teepees are for kids of all ages. Whether your child is two or twelve, they will love having their very own special space to play in. Teepees are a great way to encourage creative play and imagination. They also provide a safe place for kids to explore new ideas and roles.

There is so much you can do with kids teepee that it is sure to be a hit with your kids, no matter their age.

Are teepees safe for toddlers?

Yes, teepees are safe for toddlers. They are made with sturdy materials and have no sharp edges. Teepees are also large enough for adults to enter, so you can always be nearby if your child needs you.

However, you need to remember a few things when using a teepee with toddlers.

  • Be sure to remove all small objects that could be choking hazards.
  • Ensure the teepee is set up in a safe location, away from open flames and other potential hazards.
  • Do not leave your child unattended in the teepee.

Also, it is a much better idea for toddlers to use a teepee indoors only.
Kids teepees are a great way for toddlers to explore their imaginations and have some fun. With a few simple precautions, your toddler will love being in their new teepee.

Still looking for a gift for kids?

Teepees make the perfect gift for any occasion. Birthdays, Christmas, Hanukkah, or just because, a teepee is sure to please any child. They are also a great addition to any playroom or bedroom. Kids will love having their special place to play, and you will love the extra storage they provide.

If you are still looking for the perfect gift for kids, you will find many great ideas on ComfyBummy! We specialize in everything that can make your child’s life more comfy and enjoyable, from kids’ furniture to toys and accessories. Visit our website today to find the perfect gift for your little one!

The post Kids Teepee – The Gift You Have Been Looking For! appeared first on Comfy Bummy.

Lawmakers Probe Early Release of Top RU Cybercrook

Aleksei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Image: Andrei Shirokov / Tass via Getty Images.

Aleksei Burkov, a cybercriminal who long operated two of Russia’s most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian government fought Burkov’s extradition to the U.S. for four years — even arresting and jailing an Israeli woman to force a prisoner swap. That effort failed: Burkov was sent to America, pleaded guilty, and was sentenced to nine years in prison. But a little more than a year later, he was quietly released and deported back to Russia. Now some Republican lawmakers are asking why a Russian hacker once described as “an asset of supreme importance” was allowed to shorten his stay.

A native of St. Petersburg, Russia, Burkov admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded online community that attracted some of the world’s most-wanted Russian hackers.

But Burkov’s cybercriminal activities spanned far beyond mere credit card fraud. A 2019 deep dive into Burkov’s hacker alias “K0pa” revealed he also was co-administrator of the secretive Russian cybercrime forum “Mazafaka.” Like DirectConnection, Mazafaka’s member roster was a veritable “Who’s Who?” of the Russian hacker underground, and K0pa played a key role in vetting new members and settling disputes for both communities.

K0pa’s elevated status in the Russian cybercrime community made him one of the most connected malicious hackers ever apprehended by U.S. authorities. As I wrote at the time of Burkov’s extradition, the Kremlin was probably concerned that he simply knew too much about Russia’s propensity to outsource certain activities to its criminal hacker community.

“To my knowledge, no one has accused Burkov of being some kind of cybercrime fixer or virtual badguy Rolodex for the Russian government,” KrebsOnSecurity wrote in 2019. “On the other hand, from his onetime lofty perch atop some of the most exclusive Russian cybercrime forums, K0pa certainly would have fit that role nicely.”

Burkov was arrested in December 2015 on an international warrant while visiting Israel, and over the ensuing four years the Russian government aggressively sought to keep him from being extradited to the United States.

When Israeli authorities turned down requests to send him back to Russia — supposedly to face separate hacking charges there — the Russians imprisoned Israeli citizen Naama Issachar on trumped-up drug charges in a bid to trade prisoners. Nevertheless, Burkov was extradited to the United States in November 2019.

And if there were any doubts Issachar was jailed for use as a political pawn, Russian President Vladimir Putin erased those by pardoning her in January 2020, just hours after Burkov pleaded guilty in the United States.

In June 2020, Burkov was sentenced to nine years in prison. But a little more than a year later — Aug. 25, 2021 — Burkov was released and deported back to Russia. According to a letter (PDF) sent Monday by four Republican House lawmakers to White House National Security Advisor Jake Sullivan, U.S. Immigration and Customs Enforcement (ICE) officials escorted Burkov onto a plane destined for Moscow shortly after his release.

“An ICE spokesperson stated that Burkov is wanted by Russian authorities, and a DOJ spokesperson denied that a prisoner exchange took place,” the letter reads. “The decision to prematurely release Burkov is curious given the lengths to which the U.S. government went to secure Burkov’s arrest.”

The letter, signed by the ranking members of the House Judiciary, Homeland Security, Intelligence and Foreign Affairs committees, demanded to know why Burkov was released prematurely, and whether the U.S. received anything in return. The lawmakers also asked for a list of all Russian nationals convicted of crimes in the U.S. who were released early since President Biden took office.

Records show Burkov was in the custody of either Israeli or U.S. authorities for almost five years prior to his sentencing in 2020. At the time of his release, Burkov had already been incarcerated for nearly six years. So where did the other years of his sentence go?

That remains unclear, but it is possible he cut some sort of deal to lessen his sentence. On June 16, 2021, a “sealed pleading” was added to Burkov’s court record, followed by a sealed document entered on Aug. 18 — a week before Burkov’s deportation.

The motion to seal these and other documents related to the pleading was made by U.S. federal prosecutors, and those documents remain hidden from public viewing.

The Good, the Bad and the Ugly in Cybersecurity – Week 10

The Good

Eight months ago, Kaseya’s remote network management product (VSA) was abused in order to push REvil ransomware. The attacker(s) pushed a malicious update, effectively encrypting thousands of machines at hundreds of organizations. This week, the Justice Department announced the arrest of one of the alleged perpetrators. Yaroslav Vasinskyi, a 22 year old Ukranian national, was arrested in Poland and extradited to the United States. Charged with conspiracy to commit fraud, damage to protected computers, and conspiracy to commit money laundering, Vasinskyi faces a total 115 years in prison if convicted.

Additional unexpected gains are being made in the fight against ransomware as schisms in some of the biggest ransomware cartels have resulted in extensive leaks. The result is an unprecedented level of visibility into the inner workings of infamous groups like Conti and Trickbot. Soon after Conti announced its support for the Russian government’s invasion of Ukraine, a disgruntled insider released years worth of the group’s internal Jabber chat logs. The logs include a wealth of clues pointing to the identities of Conti operators previously known only by their online handles.

Researchers continue to dig into these chat logs, uncovering all sorts of details about the organization’s structure, leadership, and day-to-day operations. The mundane inner workings include office politics, management issues, and requests for paid leave. More notably, the leak also establishes explicit levels of coordination between Conti’s leadership and the Russian government in attempts to collect information on Alexey Navalny, a Russian opposition leader and anti-corruption activist.

While the Conti leaks are still being analyzed by researchers and journalists, the Trickbot leaks are being dropped in a more organized and purposeful fashion. A series of twitter accounts have been steadily disseminating dossiers of different Trickbot operators alongside their respective chat logs. In some cases, the PDFs associate an online handle with personally identifiable information including real names, dates of birth, passport numbers, addresses, and residential history.

Work has gone into these profiles, which makes us naturally suspicious of their provenance and reliability. In the case of both leaks, there’s the possibility of data being altered to misdirect investigators. Nonetheless, the leaks paint some explicit targets for law enforcement agencies to follow up on.

The Bad

There’s an onslaught of attacks attempting to disconnect Ukranians from the internet. This week has seen at least two instances of attacks on satellite internet operators servicing Ukraine. In an apparent attempt to disable critical communication channels, attackers have been bricking or jamming satellite modems. The first reports of satellite internet outages originated from Germany where early reports suggested that wind turbines were rendered inoperable due to a loss of internet service, apparent fallout from attacks aimed at Ukrainian customers. Viasat later confirmed that their KA-SAT service was down due to a ‘cyber event’. While technical details are sparse, it appears that the attackers may have pushed a malicious update to all KA-SAT modems, effectively bricking them. Similarly,  Starlink terminals were subjected to signal jamming.

Interfering with satellite internet connections isn’t the only attempt to isolate Ukrainian citizens and organizations. Reports indicate that Urktelecom, Ukraine’s main telco and internet service provider, was down nationwide for 40 minutes. This was followed by an announcement by Triolan, a Ukrainian internet service provider, of an extensive outage due to a ‘cyber attack’. The company addressed concerns via Telegram, referring to the attack as a ‘dastardly enemy strategy that is trying to […] disrupt the operation of information networks and leave people without communication’. There are sparse technical details at this time.

The Ugly

Firmware underlies all of our devices. It’s the layer of software that provides the low-level controls for the specific hardware we use. Unfortunately, the more security researchers pay attention to this software layer, the more it becomes clear that most firmware is riddled with serious vulnerabilities. This week, researchers at Binarly announced the discovery of 16 high-impact vulns in HP firmware, affecting laptops, desktops, point-of-sale systems, and edge computing nodes. If that’s not enough, this is the same team of researchers that announced the discovery of 23 vulnerabilities in a firmware software development kit (SDK) affecting 25 different vendors.

Firmware vulnerabilities are particularly troubling because components like the System Management Mode (SMM) have privileges greater than the operating system’s kernel. That concern is compounded by a lack of visibility into these components and the fact that attackers have not failed to exploit this porous layer. Multiple firmware rootkits have been discovered recently in-the-wild, including MoonBounce and ESPecter.

If you’re interested in learning more about firmware vulnerabilities, SentinelLabs researcher Assaf Carlsbad has published a six-part series introducing UEFI and SMM bug hunting. The series walks aspiring firmware security researchers through the process of dumping firmware, analyzing it statically and dynamically, fuzzing it, and identifying vulnerabilities. This week’s installment introduces a new plugin called ‘Brick’ that automates the discovery of SMM vulnerabilities with surprising results.

Report: Recent 10x Increase in Cyberattacks on Ukraine

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

John Todd is general manager of Quad9, a free “anycast” DNS platform. DNS stands for Domain Name System, which is like a globally distributed phone book for the Internet that maps human-friendly website names (example.com) to numeric Internet addresses (8.8.4.4.) that are easier for computers to manage. Your computer or mobile device generates DNS lookups each time you send or receive an email, or browse to a webpage.

With anycast, one Internet address can apply to many servers, meaning that any one of a number of DNS servers can respond to DNS queries, and usually the one that is geographically closest to the customer making the request will provide the response.

Quad9 insulates its users from a range of cyberattacks by blocking DNS requests for known-bad domain names, i.e., those confirmed to be hosting malicious software, phishing websites, stalkerware and other threats. And normally, the ratio of DNS queries coming from Ukraine that are allowed versus blocked by Quad9 is fairly constant.

But Todd says that on March 9, Quad9’s systems blocked 10 times the normal number of DNS requests coming from Ukraine, and to a lesser extent Poland.

Todd said Quad9 saw a significant drop in traffic reaching its Kyiv POP [point of presence] during the hostilities, presumably due to fiber cuts or power outages. Some of that traffic then shifted to Warsaw, which for much of Ukraine’s networking is the next closest significant interconnect site.

Quad9’s view of a spike in malicious traffic targeting Ukrainian users this week. Click to enlarge.

“While our overall traffic dropped in Kyiv — and slightly increased in Warsaw due to infrastructure outages inside of .ua — the ratio of (good queries):(blocked queries) has spiked in both cities,” he continued. “The spike in that blocking ratio [Wednesday] afternoon in Kyiv was around 10x the normal level when comparing against other cities in Europe (Amsterdam, Frankfurt.) While Ukraine always is slightly higher (20%-ish) than Western Europe, this order-of-magnitude jump is unprecedented.”

Quad9 declined to further quantify the data that informed the Y axis in the chart above, but said there are some numbers the company is prepared to share as absolutes.

“Looking three weeks ago on the same day of the week as yesterday, we had 118 million total block events, and of that 1.4 million were in Ukraine and Poland,” Todd said. “Our entire network saw yesterday on March 9th 121 million blocking events, worldwide. Of those 121 million events, 4.6 million were in Ukraine and Poland.”

Bill Woodcock is executive director at Packet Clearing House, a nonprofit based in San Francisco that is one of several sponsors of Quad9. Woodcock said the spike in blocked DNS queries coming out of Ukraine clearly shows an increase in phishing and malware attacks against Ukrainians.

“They’re being targeted by a huge amount of phishing, and a lot of malware that is getting onto machines is trying to contact malicious command-and-control infrastructure,” Woodcock said.

Both Todd and Woodcock said the smaller spike in blocked DNS requests originating from Poland is likely the result of so many Ukrainians fleeing their country: Of the two million people who have fled Ukraine since the beginning of the Russian invasion, more than 1.4 million have made their way to Poland, according to the latest figures from the United Nations.

The increase in malicious activity detected by Quad9 is the latest chapter in an ongoing series of cyberattacks against Ukrainian government and civilian systems since the outset of the war in the last week of February.

As Russian military tanks and personnel began crossing the border into Ukraine last month, security experts tracked a series of destructive data “wiper” attacks aimed at Ukrainian government agencies and contractor networks. Security firms also attributed to Russia’s intelligence services a volley of distributed denial-of-service (DDoS) attacks against Ukrainian banks just prior to the invasion.

Thus far, the much-feared large scale cyberattacks and retaliation from Russia haven’t materialized (for a counterpoint here, see this piece from The Guardian). But the data collected by Quad9 suggest that a great deal of low-level cyberattacks targeting Ukrainians remain ongoing.

It is unclear to what extent — if any — Russia’s vaunted cyber prowess may be stymied by mounting economic sanctions enacted by both private companies and governments. In the past week, two major backbone Internet providers said they would stop routing traffic for Russia.

Earlier today, the London Internet Exchange (LINX), one of the largest peering points where networks around the world exchange traffic, said it would stop routing for Russian Internet service providers Rostelecom and MegaFon. Rostelecom is Russia’s largest ISP, while MegaFon is Russia’s second-largest mobile phone operator and third largest ISP.

Doug Madory, director of research for Internet infrastructure monitoring firm Kentik, said LINX’s actions will further erode the connectivity of these large Russia providers to the larger Internet.

“If the other major European exchanges followed suit, it could be really problematic for Russian connectivity,” Madory said.

Microsoft Patch Tuesday, March 2022 Edition

Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users, and relatively few “critical” fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here’s a look at the security weaknesses Microsoft says are most likely to be targeted first.

Greg Wiseman, product manager at Rapid7, notes that three vulnerabilities fixed this month have been previously disclosed, potentially giving attackers a head start in working out how to exploit them. Those include remote code execution bugs CVE-2022-24512, affecting .NET and Visual Studio, and CVE-2022-21990, affecting Remote Desktop Client. CVE-2022-24459 is a vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated “Important” by Microsoft.

Just three of the fixes this month earned Microsoft’s most-dire “Critical” rating, which Redmond assigns to bugs that can be exploited to remotely compromise a Windows PC with little to no help from users. Two of those critical flaws involve Windows video codecs. Perhaps the most concerning critical bug quashed this month is CVE-2022-23277, a  remote code execution flaw affecting Microsoft Exchange Server.

“Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it,” Wiseman said. “Although passwords can be obtained via phishing and other means, this one shouldn’t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible.”

CVE-2022-24508 is a remote code execution bug affecting Windows SMBv3, the technology that handles file sharing in Windows environments.

“This has potential for widespread exploitation, assuming an attacker can put together a suitable exploit,” Wiseman said. “Luckily, like this month’s Exchange vulnerabilities, this, too, requires authentication.”

Kevin Breen, director of cyber threat research at Immersive Labs, called attention to a trio of bugs fixed this month in the Windows Remote Desktop Protocol (RDP), which is a favorite target of ransomware groups.

CVE-2022-23285, CVE-2022-21990 and CVE-2022-24503 are a potential concern especially as this infection vector is commonly used by ransomware actors,” Breen said. “While exploitation is not trivial, requiring an attacker to set up bespoke infrastructure, it still presents enough of a risk to be a priority.”

March’s Patch Tuesday also brings an unusual update (CVE-2022-21967) that might just be the first security patch involving Microsoft’s Xbox device.

“This appears to be the first security patch impacting Xbox specifically,” said Dustin Childs from Trend Micro’s Zero Day Initiative. “There was an advisory for an inadvertently disclosed Xbox Live certificate back in 2015, but this seems to be the first security-specific update for the device itself.”

Also on Tuesday, Adobe released updates addressing six vulnerabilities in Adobe Photoshop, Illustrator and After Effects.

For a complete rundown of all patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.

Bassinet vs. Crib For Newborn – Which One To Choose?

There are many different types of cribs and baby beds available on the market, and each has its own set of pros and cons. Two of the most popular types are bassinets and cribs. So, which one should you choose for your newborn?

There is no right or wrong answer – it all depends on your individual needs and preferences. In this article, we will compare the two options – a bassinet and a crib – then, we will have a closer look at the best products on the market for each option

What is a bassinet?

A bassinet is a small, portable crib typically used for newborns. It is often shaped like an oval or rectangle, with sloped sides and a firm base. Bassinets are designed to be placed close to the parents’ bed so that the baby can be easily monitored and comforted. They are lightweight and easy to move around.

The main advantage of a bassinet is that it is small and portable – perfect for newborns who need close monitoring. It is also easy to use and clean, which is important for new parents who are already overwhelmed with new responsibilities.

The downside of a bassinet is that it can only be used for a limited time – usually until the baby reaches around four or five months old. After this age, the baby may start to outgrow the bassinet and will need to move to a larger crib.

Bassinets are not as common as cribs, so they may be harder to find in stores. However, there are online retailers that sell bassinets, and many of them offer free shipping.

Find the best bassinet for newborns

If you are looking for a bassinet for your newborn, we highly recommend the following products:

Chicco Close to You 3-in-1 Bedside Bassinet

The Chicco Close to You 3-in-1 Bedside Bassinet is a great option for new parents. It is a small and lightweight bassinet that can be easily moved around the house, and it can be used as both a standalone bassinet or attached to the side of the parents’ bed. The mattress is covered in soft, breathable fabric, and the bassinet has a built-in nightlight and music player. All of that creates a peaceful environment for your little one.

Is it time for a diaper change? Simply turn the mattress over to reveal a waterproof changing pad and lower the bassinet walls for simple access while in use as a changing station. That is what we call convenience! The zip-off fabric of the bassinet and mattress is simple to remove and machine washable. That makes it very easy to use and clean – an excellent option for busy new parents.

Delta Children Sweet Dreams Bassinet

The Delta Children Sweet Dreams Bassinet is also a great option for newborns. It is made of sturdy wood and features a gentle slope for added comfort. The bassinet has a soft, quilted fabric liner and comes with a matching canopy and bedding set. It also has a built-in music player that plays different lullabies to soothe your baby to sleep. The breathable mesh sides for airflow and visibility and an electronic pod with vibration and nightlight help a baby (and parents) sleep better.

The bassinet is created with long-lasting materials to ensure that your baby is safe. In addition, it is thoroughly tested to guarantee that they comply with or exceeds all industry safety regulations.

The Sweet Dreams Bassinet is easy to assemble and use, and it is a great option for parents who want a stylish and comfortable bassinet for their newborn.

This bassinet is designed to accommodate babies weighing less than 30 pounds (approximately 0-5 months old).

Maxi-Cosi Iora Bedside Bassinet

With the Maxi-Cosi Iora bassinet, your child may rest comfortably at home or on the road – within your arms’ reach at all times. This bassinet has multiple features that make it great for short and long naps:

  • supportive mattress
  • Side panels, made of breathable mesh fabric, allow air to flow through while also providing a quick peek at your baby.
  • Adjustable height – perfect for all bed types.

For those times when your baby starts crying in the middle of the night, you may simply move the bassinet closer to the bed to offer comfort and care.

The Iora bassinet is lightweight and easy to move around your home, making it perfect for travel. The big storage basket underneath lets you take everything you need with you on your journey. The bassinet folds up easily for compact storage and comes with a convenient shoulder bag for transport.

This bassinet is designed to accommodate babies weighing up to 20 pounds (approximately 0-6 months old).

Fisher-Price Soothing Motions Bassinet

The Fisher-Price Soothing Motions Bassinet is one of the most popular bassinets on the market. It has several features that make it perfect for newborns, including:

  • multi-directional soothing motions
  • a built-in mobile with three soft toys
  • two levels of calming vibrations
  • plays ten different melodies

The Soothing Motions Bassinet has everything a parent could want to help their infant relax and drift off to sleep! The gentle motions and vibrations, along with the soft music and colorful mobile, create a soothing environment for your little one.

This bassinet is designed to accommodate babies weighing up to 20 pounds (approximately 0-6 months old). It folds up easily for compact storage.

The Fisher-Price Soothing Motions Bassinet is perfect for parents who want a bassinet with all the bells and whistles.

Ingenuity Ity Snuggity Snug Bedside Baby Bassinet

Cradle your baby with the Ity by Ingenuity Snuggity Snug bassinet. The Snuggity Snug bassinet is designed to give your baby the utmost comfort. The soft, plush fabric and gentle vibrations help to soothe and relax your child. The easy-to-remove canopy provides shelter from bright lights, and the deep cradle keeps your baby comfortable and secure.

The Snuggity Snug bassinet also has a built-in nightlight for late-night feedings and diaper changes. The bassinet can easily be moved from room to room, thanks to the wheels.

This bassinet is designed to accommodate babies weighing up to 20 pounds (approximately 0-6 months old).

Graco My View 4 in 1 Bassinet

The Graco® My View™ 4-in-1 Bedside Bassinet offers four different ways to use:

  • The raised bedside bassinet perfectly positions the baby at eye level
  • The bassinet lowers to crib-level for infants and is removable for use anywhere!
  • A portable bassinet, perfect for traveling
  • Spacious toddler bassinet

You can safely say that the Graco® My View™ 4-in-1 Bedside Bassinet grows with your child and will be your companion for years to come. It has a sturdy frame and wheels that make it easy to move around your home. The bassinet also has storage pockets on either side to keep your baby’s essentials close by.

This bassinet is designed to accommodate babies weighing up to 30 pounds (approximately 0-5 months old). It folds up easily for compact storage.

The Graco® My View™ 4-in-1 Bedside Bassinet is perfect for parents who want a bassinet that can be used throughout infancy and toddlerhood.

HALO BassiNest Flex

The HALO BassiNest Flex is the perfect solution for parents who want a bassinet that can be used anywhere. It’s lightweight and portable, making it ideal for when you’re on the move, whether it’s a vacation or visiting family.

The greatest feature of the HALO BassiNests Flex is its lowering bedside wall, which is especially useful for nursing mothers or recovering from a C-section. The wall can be easily lowered and raised with one hand, making it easy to access your baby.

JMPA-certified and compliant with all current safety standards, the HALO BassiNest Flex is a safe and comfortable place for your little one to sleep.

This bassinet is designed to accommodate babies weighing up to 20 pounds (approximately 0-6 months old).

Delta Children Deluxe Sweet Beginnings Bedside Bassinet

With Delta Children’s classically designed Deluxe Sweet Beginnings Bassinet, you can give your infant a safe and comfortable place to sleep or rest. The bassinet features a sturdy frame, wheels for easy mobility, and a soft and comfy mattress.

This bassinet is equipped with a nightlight and a music module that plays soothing lullabies. It has a large dual storage basket underneath, making it ideal for storing linens, diapers, and necessary newborn supplies.

The Delta Children Deluxe Sweet Beginnings Bedside Bassinet is JPMA certified and compliant with all applicable safety standards. This bassinet is recommended for babies 0-5 months.

Baby Delight Beside Me Dreamer Bassinet & Bedside Sleeper

The Baby Delight Beside Me Dreamer Bassinet & Bedside Sleeper is perfect for keeping your little one close by during the night. The Beside Me Dreamer Bassinet can be used as both a bassinet and a bedside sleeper, making it a versatile addition to any nursery.

In Bassinet mode, your baby is enveloped in breathable mesh walls that keep air flowing while also providing the baby with its own space. Simply unzip the side panel closest to your bed to discover the Bedside Sleeper mode. Now you can easily reach over and comfort or nurse your baby without having to get out of bed.

The Baby Delight Beside Me Dreamer Bassinet & Bedside Sleeper is entirely safe. The 6-position height adjustment can be used to adapt the sleeper height to most adult beds, and the attached straps safely secure the Bedside Sleeper to your adult bed, ensuring it stays snug and in place.

The sleeper features a soft and comfortable mattress, as well as a canopy to provide your child with privacy and shelter from bright lights. The Baby Delight Beside Me Dreamer Bassinet & Bedside Sleeper also has a vibration feature that can be used to soothe and relax your child.

Wheels on the base make it easy to move the sleeper from one room to the next, and a locking mechanism keeps it in place when you’re not using it.

This sleeper is designed for babies weighing up to 20 pounds (approximately 0-6 months old).

What is a baby crib?

A crib is a larger, more permanent baby bed typically used for infants until about two years old. It is rectangular or square, with high sides and a sturdy base. Cribs are designed to be placed in a child’s bedroom and can be used for both sleeping and playing.

The main advantage is that it can be used for a more extended time than a bassinet. It is also larger, which means the baby has more space to move around and sleep comfortably.

The downside of a crib is that it is bulky and takes up more space in a child’s room. It can also be challenging to move from one room to another, which is a problem if you need to relocate.

The best baby cribs

If you prefer to invest in a baby crib, here are the best ones. You should definitely have a look at those:

Delta Children Sloane 4-in-1 Acrylic Convertible Crib

This crib is an excellent option for parents who want a versatile piece of furniture. It can be converted into a toddler bed, daybed, and full-size bed, making it a great long-term investment.

The Delta Children Sloane 4-in-1 Acrylic Convertible Crib is the ideal modern nursery choice for your little one! The clear acrylic spindles provide an open, airy atmosphere, while the splayed bronze feet add a touch of class to the clean lines.

The adjustable mattress height on this crib also allows you to use it for many years – as your child grows, you can simply lower the mattress to keep them in the crib longer. This crib is also JPMA certified and meets all safety standards.

The Delta Children Sloane 4-in-1 Acrylic Convertible Crib is available from Amazon.

Graco Stella 4-in-1 Convertible Mini Crib

The Graco Stella 4-in-1 Convertible Mini Crib is ideal for parents who don’t have a lot of space but still desire something extra. This crib is small and compact but can be converted into a toddler bed, daybed, and full-size bed.

The Graco Stella 4-in-1 Convertible Mini Crib also comes with a mattress, which is a plus. A JPMA Certified, premium 2.75-inch thick foam mattress with a water-resistant cover and breathable core is a quality addition to the purchase.

The Graco Stella crib is made of pine wood straight from New Zealand and is finished with non-toxic, lead, and phthalate-safe paint. A beautiful finish makes it a stylish addition to any room.

The Graco Stella 4-in-1 Convertible Mini Crib is designed to fit your kid from infancy through childhood, with an adjustable mattress foundation with three height settings. If desired, the Stella transforms from a tiny crib to a daybed and twin bed with a headboard and footboard.

The Graco Stella 4-in-1 Convertible Mini Crib is available from Amazon.

Storkcraft Princess 4-in-1 Fixed Side Convertible Crib

The Storkcraft Princess 4-in-1 Fixed Side Convertible Crib is a stylish and affordable option for parents looking for a convertible crib. This crib can be converted into a toddler bed, daybed, and full-size bed.

The Storkcraft Princess 4-in-1 Fixed Side Convertible Crib is made of wood and is finished with a non-toxic, lead, and phthalate-safe paint. It also meets all safety standards.

The crib comes with an adjustable mattress height, making it a great option for newborns and toddlers.

The design of this crib is also very stylish and will complement any child’s room. Definitely worth a princess!

Delta Children Abby Convertible Crib and Changer

Do you want your baby to feel comfortable but still save space? Delta Children Abby Convertible Crib and Changer is a great choice! It is a convertible crib that adapts to your child’s stage and growth, as well as a handy changing table and even a storage piece. The Abby Convertible Crib ‘N’ Changer by Delta Children has so many applications you will be hard-pressed to find a better all-in-one crib solution.

The crib is designed with beautiful curves and a glossy white finish to complement any nursery décor. The changer top has generous space for all of your baby’s changing supplies, plus roomy drawers for storage.

To adapt to changing demands, the crib may be converted to a toddler bed, daybed, and full-size bed. It includes three adjustable mattress heights, as well as a conversion option for when your child outgrows it.

The Delta Children Abby Convertible Crib N Changer is a long-lasting bed that will provide your kid with a secure and adaptable sleeping environment.

Dream On Me Chelsea 5-in-1 Convertible Crib

The Dream On Me Chelsea 5-in-1 Convertible Crib is a versatile and stylish crib that can be converted into a toddler bed, daybed, and full-size bed. It is also JPMA certified and meets all safety standards.

The Chelsea 5-in-1 Convertible Crib has a beautiful sleigh design that will complement any room. It is made of wood and comes with a mattress. Every component of this baby crib is of the highest quality: the wood is sturdy, and the finish is non-toxic, lead, and phthalate-safe. The mattress is also JPMA certified and has a water-resistant cover and breathable core.

The crib can be converted into different beds at three different adjustable mattress heights. This makes it perfect for both newborns and toddlers.

The Dream On Me Chelsea 5-in-1 Convertible Crib is available from Amazon.

Graco Hadley 4-in-1 Convertible Crib with Drawer

A classic, modern, and yet innovative solution for the nursery – does that sound good? It’s not a mirage; it’s the Graco Hadley 4-in-1 Convertible Crib with Drawer. This crib can be converted into a toddler bed, daybed, and full-size bed. It also features a beautiful sleigh design in various wood finishes to fit any nursery style.

The Graco Hadley crib is made of New Zealand pine wood and non-toxic coatings, making it sturdy enough to last through babyhood, toddlerhood, and childhood.

The crib features a drawer beneath the crib that is perfect for storing diapers, wipes, and other supplies. It also has three different adjustable mattress heights to accommodate your growing child.

Babyletto Hudson 3-in-1 Convertible Crib with Toddler Bed Conversion Kit

The best-selling Babyletto Hudson 3-in-1 Convertible Crib with Toddler Bed Conversion Kit is stunningly designed and expertly crafted. This convertible crib can be used from infancy through childhood, as it converts into a toddler bed, daybed, and full-size bed.

The Babyletto Hudson 3-in-1 Convertible Crib with Toddler Bed Conversion Kit is made of New Zealand pine wood and finished with a non-toxic, lead, and phthalate-safe paint. It also meets all safety standards.

The crib has an adjustable mattress height that can be used for both newborns and toddlers. The crib’s design is simple and elegant, with clean lines that will complement any nursery décor.

The crib also includes a toddler bed conversion kit, making it perfect for toddlers ready to move on from the crib.

Delta Children Emery 4-in-1 Convertible Baby Crib

Sometimes simple is just what you need. The Delta Children Emery 4-in-1 Convertible Baby Crib is a beautiful and classic crib that can be converted into a toddler bed, daybed, and full-size bed. But don’t let its simple design fool you – this crib is packed with features that make it perfect for your child.

The Delta Children Emery 4-in-1 Convertible Baby Crib is made of wood and finished with a non-toxic, lead, and phthalate-safe paint. It meets all safety standards and is JPMA certified.

The crib has three different adjustable mattress heights that can be used for both newborns and toddlers.

The design of the crib is simple and elegant, with clean lines that will complement any nursery décor.

The Delta Children Emery 4-in-1 Convertible Baby Crib is available from Amazon.

Delta Children Simmons Kids Asher 6-in-1 Convertible Crib with Toddler Rail

Look at the stylish and beautiful curves and shiplap-inspired headboard of the Asher 6-in-1 Convertible Baby Crib by Simmons Kids! This crib not only looks great, but it is also functional and will grow with your child.

The crib features three adjustable height settings that enable the bed to be lowered as your child grows. You can quickly transform it from a crib to a toddler bed, sofa, daybed, full-size bed with headboard, or full-size bed with headboard and footboard. This multifunctional crib will take you from the nursery to high school and beyond. It’s the only bed your child will ever need.

The baby crib is made of high-quality materials and construction durable and safe for your baby.

The Asher 6-in-1 Convertible Baby Crib is available on Amazon.

Dream On Me Jayden 4-in-1 Mini Convertible Crib And Changer

That baby crib is not only practical but also stylish! Dream On Me Jayden combines all the features a modern parent would love. It is a crib, a changer and a drawer in one! If you are looking for a convertible crib with a lot of storage space, then this is the one you need!

Dream On Me Jayden Crib will be a great addition to your interior:

  • The crib features a beautiful vintage design
  • It is made of solid wood and composites for strength and durability

We highly recommend this crib for parents who are looking for a beautiful and durable piece of furniture that will last for many years. The crib can be converted to a toddler twin-size bed afterward.

If you are looking for a crib that will grow with your child, the Dream On Me Jayden is the perfect option! It is a great value for your money.

Bassinet Vs. Crib: What’s The Difference?

You should be aware of a few key differences between bassinets and cribs before deciding. Here are some of the most important ones:

  • Bassinets are smaller and more compact than cribs, ideal for smaller spaces.
  • Cribs are larger and provide more space for a baby to sleep.
  • Bassinets typically come with a canopy and other accessories that can make them more comfortable for newborns.
  • Cribs often come with features like teething rails and changing tables that can be useful for parents.
  • Bassinets are typically used for newborns until they are about four or five months old.
  • Cribs can be used for children up to two years old.
  • Bassinets can be more difficult to find in stores than cribs.

What should you look for before buying a bassinet or crib?

When choosing a bassinet or crib, you should keep a few things in mind. Here are some of the most important ones:

  • Both bassinets and cribs should be certified by the Juvenile Products Manufacturers Association (JPMA). This means that they have been tested and meet all safety standards.
  • Make sure that the bassinet or crib you choose is approved by the Consumer Product Safety Commission (CPSC).
  • Bassinets and cribs should be made of sturdy materials that can withstand wear and tear.
  • Make sure that the bassinet or crib has a firm, flat surface to sleep on.
  • Bassinets should be lightweight and easy to move around.
  • Cribs should be stable and difficult for a baby to climb out of.
  • Bassinets and cribs should come with instructions on how to use them properly.
  • Bassinets and cribs should be easy to clean.

Is a Bassinet or a Crib Better for My Baby?

The debate between bassinet vs. crib for newborns often comes down to personal preference, as both have their benefits.

One of the main benefits of a bassinet is that it is smaller and more compact than a crib, making it ideal for smaller spaces. This also means it is easier to move around than a crib, which can be a plus if you plan to take your baby on trips. Additionally, bassinets typically come with a canopy and other accessories that can make them more comfortable for newborns.

On the other hand, cribs are larger and provide more space for a baby to sleep. This can be important for newborns who are still adjusting to life outside the womb. Additionally, cribs often come with features like teething rails and changing tables that can be useful for parents.

Ultimately, the decision between bassinet vs. crib for newborns depends on personal preference. A bassinet may be the better option if you have a smaller space. If you have more room or want your baby to have more freedom to sleep, a crib may be better. Whichever you choose, make sure that it is certified by the Juvenile Products Manufacturers Association (JPMA) and complies with all safety standards.

The post Bassinet vs. Crib For Newborn – Which One To Choose? appeared first on Comfy Bummy.