Kids’ Metal Chairs: Most Frequent Questions Answered

/0 Comments/in /by

Every parent with little children knows that they will want to use metal chairs for their kids at some point. There are several reasons why they do that.

First of all, they look nice and can match any metal table or desk their child has. Second of all, these chairs are very sturdy and safe to use, so when your kid starts walking on its own, you don’t have to worry about it falling with the chair.

And last but not least, these chairs look cool and will make your child feel special. However, there are still some questions you might have about them.

1. Do I Really Need To Get A Kids’ Metal Chair?

With all the child’s chairs available for purchase, parents must think carefully before buying one or more such items. Children need sturdy chairs that can support their weight, but they also have to be safe.

For example, if you buy a wooden chair, it is not sharp and thus will not harm your child in any way; however, the problem is with the wood itself: some kids like to bite on everything, which will damage it. On the other hand, there are high chairs made of plastic that are very sharp and can even cause injuries. So if you want your child to have a new chair, then get them one that is safe for their safety and health.

2. Are Metal Chairs Safe For Kids?

Absolutely! There is no doubt that you will not regret buying your kid a metal chair for their desk, table, or just to use at school and learn the proper sitting position. They are very safe and made of quality materials that can hold up to 100lbs (45kg), which means that even if your child goes wild, the chair will remain safe for them. And if this is not enough for parents out there, metal chairs are made so that they absorb impact well when your kid falls off or jumps around.

3. Aren’t These Chairs Too Small?

For older kids, it might be accurate, but for toddlers, it’s not like that at all. Just like with any other chair, if your kid is not old enough, then the seat will be small for them. However, this does not mean that they will have their legs stick out – it’s just a matter of sitting correctly. The bottom line here is to teach your child to sit well on their chair not to become uncomfortable.

4. Are They Easy To Assemble?

There is nothing that can be easier than assembling a metal chair for kids. You do not need any tools or anything like that, you just put the pre-assembled parts together, and your child will have their cool-looking chair ready in no time!

5. Are Kids’ Metal Chairs Safe For Wooden Floors?

If you have wooden floors at home, then get your child a plastic chair to sit on because metal chairs will make deep scratches in them.

6. How Do I Pick The Best Metal Kids’ Chair?

When it comes to picking the best metal kids’ chair, you need to give some time and think about why exactly it will make your kid more comfortable.

If you have a child who likes sitting on the floor and doing any other activity there, then metal chairs will not be a great choice. In such a case, get your kid a foam chair that they can sink into. Also, carefully read reviews from other parents who have been using these chairs for their kids longer than you.

This way, you will find out what they like and dislike about their kids’ metal chairs, which might help you pick the best one for your kid as well!

7. Will I Be Able To Use This Chair?

This depends on how heavy you are and how sturdy the chair is, but in general, any metal kids’ chair can support up to 100lbs (45kg) without any problems.

8. How Do I Know That The Chair Is Stable?

One of the most important things you want from your child’s metal chair is stability and safety; however, these two requirements are very different in many ways. If you pick a flimsy-looking chair, it might not be safe, but it will definitely be very unstable.

On the other hand, you can have a heavy-duty looking one that is stable but will not give you any safety.

So what should you do? Look for reviews from parents who have been using their chairs for months or even years! This will allow to find out how stable they are and whether they are safe at the same time.

9. Are Kids’ Metal Chairs Comfortable?

Yes, metal kids’ chairs are very comfortable and durable as well. They will adequately support your child’s back and help them sit in a proper position that is good for their spine health at the same time. So they can be used both at school or home!

10. What Are The Pros Of Metal Chairs For Kids?

  • They are made of high-quality materials that can hold up to 100lbs (45kg).
  • These chairs look cool and modern, while at the same time very simple and easy to use.
  • Being so lightweight, they are also easy to store even in small spaces.
  • They do not break easily and are very durable.
  • They are easy to clean and maintain, which is excellent for kids with allergies or asthma.
  • Chairs now come in many different colors and shapes, from upcycled tires to colorful painted designs.

11. What Are The Cons Of Metal Chairs For Kids?

  • They might be too tall or too short for some kids, depending on their age and size.
  • They cannot be used outdoors due to weather conditions and rust.
  • Generally speaking, toddlers and babies do not like sitting on them because they feel insecure when sitting back with their small backs pushing against the backrest.

What Are The Best Metal Chairs For Kids?

Based on the previously mentioned criteria, as well as the customer reviews from those who have been using them for a long time, we can say that the following metal chairs are currently some of the best you can get:

ACEssentials, Kids Industrial Metal Activity Chairs

Durable and sturdy, these metal chairs are made of high-quality steel that can safely support up to 100lbs (45kg).

There are no sharp corners or edges, which means that even the smallest kids will not get hurt.

The legs are wide and stable, which means that the chair will not be easily knocked over by your child or any other person who might come and visit you.

At the same time, they are very lightweight and therefore easy to move around depending on where you want to use them.

Available in various color combinations, the chair might be a perfect fit for your kid!

Delta Children Bistro 2-Piece Chair Set

Perfect for toddlers and preschool kids, these chairs can support up to 50lbs (23kg).

The soft padded seat is very comfortable and can be used at school, in the playroom, and when reading books on the floor or watching TV with parents.

Both chairs feature a sturdy curved back for the better spine health of your child.

Rubber feet on the chair legs protect floor surfaces from scratches and sliding for better child safety.

Norwood Commercial Furniture – Assorted Color Stacking Stools

These stacking stools are perfect for use in schools, libraries, or at home. They can be stacked together when not in use, so they are easy to store.

The surface is very smooth, which means that kids can easily slide on them, but wipe clean when needed with just a single wipe! They are lightweight and made of durable materials for long-term use. They can hold up to 250 lbs (115kg) safely.

Harper & Hudson Kids Metal Stool

They are made of high-quality, firmer, impact, and warp-resistant materials, making them very durable and safe for your child.

The stool legs feature rubber pads to protect floor surfaces from scratches and sliding. The compact size of the stool means that it is easy to handle and move around, which makes it a perfect choice for small spaces.

Is Steel Kids’ Chair What You Have Been Looking For?

There are many different metal chairs on the market. However, if you want to ensure that your kid is safe when sitting in one of these chairs for hours, choosing a durable and sturdy piece is essential.

When shopping for the right chair for your child, it is crucial to consider things like their weight, height, and age so that they fit them perfectly.

Also, you need to check if there are any sharp corners or edges on the chair that could potentially hurt your child.

All in all, metal chairs can be a perfect choice for kids who need special seating at school, home or the playground.

The post Kids’ Metal Chairs: Most Frequent Questions Answered appeared first on Comfy Bummy.

Wiggle Away With The Best Kids’ Wiggle Chairs

/0 Comments/in /by

Kids’ wiggle chairs are the latest sensation in the trend of active sitting furniture. These chairs can be beneficial for children with ADHD, ADD, or anxiety disorders who may have trouble concentrating when sitting at their desks.

For many kids, sitting still in class is difficult. But there are some ways you can help your child at home or school. If your child has trouble concentrating when seated, consider getting them an active chair. Wiggle chairs encourage kids to stay active and focused by stimulating the inner ear, leading to better grades and behavior.

Wiggle chairs encourage movement, which is healthy both physically and mentally. They also help to develop cognitive skills like balance, coordination, and attention span. Wiggle chairs are suitable for the whole family!

What is a wiggle chair?

A wiggle chair is an office chair for kids. But not just any office chair, it’s specifically designed so that children can sit in the wiggly position. Wiggle chairs are also called active sitting chairs or wobble chairs.

The kids’ wiggle chair is an active seating tool that provides deep pressure on the lower back and buttocks, encouraging proprioceptive feedback to the brain. This calming sensory tool will improve balance and stability and assist with attention and focus.

What is the history of wiggle chairs?

The modern wiggle chair was first designed in Australia. This country is the largest user of sit-stand desks, and occupational therapists have been promoting active sitting across the world for a while now.

In 2010, the Australian company Active Sitting released its version of an active sitting chair, known as a wobble or wiggle chair. These chairs were introduced to the US in 2011.

Today, other companies sell wiggle chairs, but Active Sitting is still one of the best and most reputable manufacturers.

Why should kids use a wiggle chair?

Wiggle chairs help children to sit up straight and avoid bad habits like slouching. Wiggle chairs also increase movement, which helps build strength and coordination, so it’s great for kids with disabilities or ADHD.

Why are they better than regular office chairs?

A regular office chair holds your body in one position. If you slouch, the chair pushes your back forward to keep you from slouching further. Wiggle chairs are different because they don’t stop moving when you start to wiggle or lean side to side. This makes it more comfortable and ergonomic. It’s good for your back and overall posture.

The movement of a wiggle chair can stimulate your child’s vestibular system and increase blood flow to the brain. These factors help kids stay focused and pay attention better.

Research has also shown that active sitting helps children reduce short naps, leading to less frequent mood swings and more energy throughout the day.

Who are wiggle chairs recommended for?

Wiggle chairs are suitable for most kids ages 3-12. However, children under the age of 3 may not have the strength to sit correctly in a wiggle chair. We recommend starting as soon as your child shows an interest in sitting up straight.

The best part is, wiggle chairs are fun for the whole family! Parents can also use these chairs to help prevent back pain and carpal tunnel.

Is a wiggle chair expensive?

While wiggle chairs are more expensive than regular office chairs, they are still pretty affordable. Prices range from $99 to $299, depending on the brand and style. While wiggle chairs cost more than standard chairs, they are surely more affordable than doctor or chiropractor visits!

Luckily, you can find a bit more affordable wiggle chairs on Amazon. Here are some of our favorite options:

Learniture Adjustable-Height Active Learning Stool

The Learniture stool is the best wiggle chair for school-aged children. It’s height-adjustable so that it can grow with your child, has a pneumatic lift, and fits under most desk heights so you can use it at home or in the classroom!

The wiggle chair’s non-slip, curved base allows for a natural rocking motion, so you can strengthen your core while sitting. The backless design also helps to maintain good posture. A vinyl/polypropylene design is easy to clean, and a lightweight design makes mobility and storage simple.

Studico Active Kids Chair – Adjustable Wobble Chair

The Studico wiggle chair is perfect for your kids. Not only does it come in fun colors like blue and green, but the chair is lightweight so that you can move it around with ease!

It’s made of environmentally-friendly material that makes it easy to clean any messes that are made. The base has non-slip, curved feet to keep the chair in place while your child wiggles.

The Studico chair can help improve strength and coordination in children who have special needs. The active sitting motion also helps create an ideal environment for correct posture, so your child will sit up straight while using this chair.

SNOVIAY Adjustable Wobble Chair Toddlers & Kids

The SNOVIAY wiggle chair is perfect for young children too small to use the Learniture or Studico chairs. This chair is lightweight and adjustable, so you can raise or lower the height as your child grows.

The broad base is made of high-quality materials to prevent tipping or slipping. The chair’s swivel base is centered so that the chair won’t tip over.

Storex Wiggle Stool

The Storex Wiggle Stool has a thick and soft cushion on top that makes for a delightful seat for your child to sit on all day. Without fear of tipping over, children can wiggle, wobble, move side-to-side, back and forth on our stool.

The legs also protect the floor tiles, wood, carpets, or any other surface. These wiggling chairs have an adjustable seat height of 12-18″ in 2-inch increments, making them ideal for children aged 6 years and up.

The Storex Wiggle Stool, which weighs about 6lbs and is exceptionally light and portable for a youngster to move around, is ideal for playrooms or any space that needs plenty of movement.

Kore Kids Pre-Teen Wobble Chair

The Kore Kids wiggle chair, also known as the kids wobble chair, is designed for the “tween” years. Perfect for children from age 7 to 12 or up to 100 lbs.

The Kore Kids Wobble Chair’s durable plastic seat is lightweight, making it easy for children to carry from room to room, while its non-tip-heavy base allows kids to move around safely.

This wiggle chair for kids is designed to help improve balance and coordination while allowing children to have fun! The Kore Kids’ Wobble Chair also helps create an ideal environment for correct posture so your child will sit up straight.

Are wiggle chairs safe?

Wiggle chairs are probably safer than allowing kids to balance on one leg while texting at the dinner table. But, just like any piece of furniture, you should beware of falls and other accidents.

How much time should my child spend sitting in a wiggle chair?

On average, doctors recommend that children sit for no more than 2 hours at a time. You can have your child stand up or move around every 20 minutes to give their body a rest. Even better, encourage them to play outside or do some jumping jacks.

What are some alternatives to wiggle chairs?

If you’re on a budget, consider buying your kids a yoga ball chair. They can sit on it at their desk just like they would in a wiggle chair. If you really want to go all out, invest in an active sitting desk. These are desks that move with your kid’s wiggles and shakes.

Are wiggle chairs appropriate for kids with ADHD?

Wiggle chairs can be helpful for children with ADHD, but wiggling is not the only thing necessary to help kids sit still and focus. Wiggle chairs may be helpful as a part of a comprehensive treatment program. Talk to your doctor about ways to help children with ADHD build positive, healthy habits.

Can wiggle chairs help kids with autism?

It’s unclear whether or not active sitting can help children with autism, but there are some benefits to consider:

Therapists have observed that children with autism are more comfortable and focused when they’re moving.

A study conducted in 2013 concluded that children with autism spectrum disorders (ASDs) showed increased body sway after only 12 minutes of sitting on an active chair. These results indicate that active seating can increase movement for kids with ASDs, improving their attention spans.

However, more research is needed before we can draw strong conclusions. If you have a child with ASD, talk to your doctor about the possibility of using a wiggle chair at school or home.

Conclusion

Active sitting is a great way to help your kids stay focused and alert in front of the TV, computer, or at their desk. You should also encourage children to stand up and do some exercises while they watch TV. Not only will this help their attention span, but it will also allow them to get some much-needed exercise.

If you’re shopping for a wiggle chair for your child, be sure to look for one that’s lightweight and easy to move around. You can find wiggle chairs for kids in a variety of styles and colors, so you’re sure to find one that fits your child’s personality.

Wiggle chairs can help your child wiggle away from their wiggles! If your child struggles to sit still in class, at home, or during homework time, consider getting them an active chair. Wiggle chairs never go out of style; they are fun for kids and adults alike.

The post Wiggle Away With The Best Kids’ Wiggle Chairs appeared first on Comfy Bummy.

Arrest in ‘Ransom Your Employer’ Email Scheme

/0 Comments/in /by

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.

Image: Abnormal Security.

The brazen approach targeting disgruntled employees was first spotted by threat intelligence firm Abnormal Security, which described what happened after they adopted a fake persona and responded to the proposal in the screenshot above.

“According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Abnormal’s Crane Hassold wrote.

Abnormal Security documented how it tied the email back to a Nigerian man who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram. In June 2021, the Nigerian government officially placed an indefinite ban on Twitter, restricting it from operating in Nigeria after the social media platform deleted tweets by the Nigerian president.

Reached via LinkedIn, Sociogram founder Oluwaseun Medayedupin asked to have his startup’s name removed from the story, although he did not respond to questions about whether there were any inaccuracies in Hassold’s report.

“Please don’t harm Sociogram’s reputation,” Medayedupin pleaded. “I beg you as a promising young man.”

After he deleted his LinkedIn profile, I received the following message through the “contact this domain holder” link at KrebsOnSecurity’s domain registrar [curiously, the date of that missive reads “Dec. 31, 1969.”]. Apparently, Mr. Krebson is a clout-chasing monger.

A love letter from the founder of the ill-fated Sociogram.

Mr. Krebson also heard from an investigator representing the Nigeria Finance CERT on behalf of the Central Bank Of Nigeria. While the Sociogram founder’s approach might seem amateurish to some, the financial community in Nigeria did not consider it a laughing matter.

On Friday, Nigerian police arrested Medayedupin. The investigator says formal charges will be levied against the defendant sometime this week.



KrebsOnSecurity spoke with a fraud investigator who is performing the forensic analysis of the devices seized from Medayedupin’s home. The investigator spoke on condition of anonymity out of concern for his physical safety.

The investigator — we’ll call him “George” — said the 23-year-old Medayedupin lives with his extended family in an extremely impoverished home, and that the young man told investigators he’d just graduated from college but turned to cybercrime at first with ambitions of merely scamming the scammers.

George’s team confirmed that Medayedupin had around USD $2,000 to his name, which he’d recently stolen from a group of Nigerian fraudsters who were scamming people for gift cards. Apparently, he admitted to creating a phishing website that tricked a member of this group into providing access to the money they’d made from their scams.

Medayedupin reportedly told investigators that for almost a week after he started emailing his ransom-your-employer scheme, nobody took him up on the offer. But after his name appeared in the news media, he received thousands of inquiries from people interested in his idea.

George described Medayedupin as smart, a quick learner, and fairly dedicated to his work.

“He seems like he could be a fantastic [employee] for a company,” George said. “But there is no employment here, so he chose to do this.”

What’s interesting about this case — and indeed likely why anyone thought this guy worthy of arrest — is that the Nigerian authorities were fairly swift to take action when a domestic cybercriminal raised the specter of causing financial losses for its own banks.

After all, the majority of the cybercrime that originates from Africa — think romance scams, Business Email Compromise (BEC) fraud, and unemployment/pandemic loan fraud — does not target Nigerian citizens, nor does it harm African banks. On the contrary: This activity pumps a great deal of Western money into Nigeria.

How much money are we talking about? The financial losses from these scams dwarf other fraud categories — such as identity theft or credit card fraud. According to the FBI’s Internet Crime Complaint Center (IC3), consumers and businesses reported more than $4.2 billion in losses tied to cybercrime in 2020, and BEC fraud and romance scams alone accounted for nearly 60 percent of those losses.

Source: FBI/IC3 2020 Internet Crime Report.

If the influx of a few billion US dollars into the Nigerian economy each year from cybercrime seems somehow insignificant, consider that (according to George) the average police officer in the country makes the equivalent of less than USD $100 a month.

Ronnie Tokazowski is a threat researcher at Agari, a security firm that has closely tracked many of the groups behind BEC scams. Tokazowski maintains he has been one of the more vocal proponents of the idea that trying to fight these problems by arresting those involved is something of a Sisyphean task, and that it makes way more sense to focus on changing the economic realities in places like Nigeria.

Nigeria has the world’s second-highest unemployment rate — rising from 27.1 percent in 2019 to 33 percent in 2020, according to the National Bureau of Statistics. The nation also is among the world’s most corrupt, according to 2020 findings from Transparency International.

“Education is definitely one piece, as raising awareness is hands down the best way to get ahead of this,” Tokazowski said, in a June 2021 interview. “But we also need to think about ways to create more business opportunities there so that people who are doing this to put food on the table have more legitimate opportunities. Unfortunately, thanks to the level of corruption of government officials, there are a lot of cultural reasons that fighting this type of crime at the source is going to be difficult.”

The Good, the Bad and the Ugly in Cybersecurity – Week 47

/0 Comments/in /by

The Good

This week, the UK’s NCSC (National Cyber Security Centre) released its 2021 Annual Review, which covers the agency’s cyber-related insights and facts from September 2020 to August 2021. Some of the highlights include the agency taking down 2.3 million cyber-enabled commodity campaigns, including over 400 phishing campaigns, and the removal of more than 50,000 scam emails and over 90,000 malicious URLs.

On the downside, the agency reported that 39% of all UK businesses (around 2.3 million) reported a cyber breach or attack in 2020/2021. The agency also reports that one of the core threats faced this year came from zero-day vulnerabilities in Microsoft Exchange Servers, which are estimated to have led to at least 30,000 organizations being compromised in the U.S. alone.

Ransomware, predictably, was named the top threat facing businesses, with the agency declaring that in the first four months of 2021, it dealt with the same number of ransomware incidents as in the whole of 2020, a figure that itself was three times greater than in 2019. Top vectors for ransomware infections seen by the NCSC were insecure RDP (remote desktop protocol), vulnerabilities in VPNs (Virtual Private Networks) and a variety of known but unpatched software vulnerabilities.

Nonetheless, the NCSC report contains a lot of practical advice for organizations looking to improve cyber resilience in the face of these increasing threats, and security teams are encouraged to review the NCSC’s report and guidelines.

The Bad

Like a bad penny, Emotet keeps on popping up just when you thought you had seen the last of it. In recent weeks, rival malspam loader SquirrelWaffle has been receiving a lot of attention in the 10-month absence of any Emotet activity. Perhaps not to be outdone by this “new kid on the block”, fresh Emotet malspam laced with poisoned Word and Excel document attachments were spotted this week.

The malicious documents make use of macros to launch a PowerShell command that retrieves the Emotet loader DLL from a remote URL and saves it to the ProgramData folder on the C: drive. Rundll32.exe is then used to copy the DLL to a randomly named folder in %LocalAppData% and then relaunch it from that location. After setting a Registry key for persistence, the malware runs in the background awaiting commands from a C2.

The return of Emotet after its very high-profile takedown back in January, when traffic across all tiers of the Emotet infrastructure had been seized and redirected to systems controlled by law enforcement, will be of concern to all IT and security teams. First observed being dropped last Sunday by TrickBot infections, researchers say that Emotet malware is rebuilding its botnet and already has over 200 infected devices acting as C2s.

Good endpoint security measures are vital to detecting and protecting against Emotet. Admins are also advised to keep up to date with the latest Emotet URLs here.

The Ugly

Despite the ramping up of ransomware interventions by the U.S. government in recent weeks, there are good reasons why ransomware isn’t going away anytime soon, chief among those being the exploitation of vulnerabilities in certain enterprise products. Exploitable bugs in Microsoft and Fortinet software are in focus once again this week as a joint advisory warns Iranian hackers are using these to target critical infrastructure with ransomware.

The advisory notes that Iranian government-sponsored APT actors are targeting a wide range of critical infrastructure sectors, including Transportation and Healthcare. CISA and the FBI have observed these actors exploit the Microsoft Exchange ProxyShell vulnerability as well as Fortinet vulnerabilities in an effort to gain initial access for follow-on operations including the deployment of ransomware.

Specifically, CISA warn that these actors have been leveraging CVE-2021-34473 (aka ProxyShell) against both U.S. and Australian organizations. Once access was gained, the APT actors used BitLocker activation to encrypt data on host networks and drop ransom notes with the following contact addresses:

  • sar_addr@protonmail[.]com
  • WeAreHere@secmail[.]pro
  • nosterrmann@mail[.]com
  • nosterrmann@protonmail[.]com

Other indicators of compromise include the following IP addresses:

  • 91.214.124[.]143
  • 162.55.137[.]20
  • 154.16.192[.]70

Further IoCs including file hashes and MITRE TTPs are available on the CISA advisory page.

This activity is a timely reminder to organizations that if you don’t patch vulnerabilities, threat actors will find you out. Similarly, if you use enterprise software without proven behavioral AI security controls, don’t be surprised if threat actors go unnoticed while punching a whole through that firewall or operating system software.

Yoga Ball Chair For Kids – Is It A Good Idea?

/0 Comments/in /by

Ball chairs are a very popular alternative to a regular office chair. They give you the opportunity of working on your core muscles and balance. But what about kids? Are they able to work on a yoga ball chair? Let’s find out!

Yoga Ball vs. Simple Exercise Ball: Why Choose One Over The Other?

The Yoga ball is, on one level, an exercise ball, but on the other hand, it’s a little bit more. Most fitness balls have a diameter of 44 or 55 centimeters, almost the same as a regular yoga ball.

The big difference between them is that some Yoga Balls can be inflated to 80 centimeters in diameter while some exercise balls only reach a maximum of 65 centimeters in diameter. The bigger a ball is, the harder it is to balance on it, and the more likely you will roll over while sitting on it.

It’s really a matter of personal preference if you want to choose an exercise ball or a Yoga Ball because the main goal that they have in common is improving your core strength and balance.

What Is A Ball Chair?

According to Wikipedia, the first ball chairs were designed by Tom Kennell in 1998. In contrast to a traditional office chair or stool, you sit on a ball instead of a seat on top of it. This way, you are forced to sit correctly with your back straight, which is no real surprise because who would want to topple over?

The ball chair trend has been rising ever since. It’s even considered the best alternative for an office chair. Many say that sitting on a ball can reduce or eliminate lower back pain because you are forced into the correct position.

What Benefits Does A Ball Chair Offer?

The big ball forces you into an upright position and improves your posture, leading to increased concentration and productivity. Some even claim that their concentration had improved dramatically compared to when they were sitting on a traditional office chair.

Ball chairs also strengthen the leg muscles, improving blood circulation and ensuring enough oxygen for your legs and feet. It is very important for people who spend a lot of time sitting on their chairs that their circulation gets stimulated regularly because otherwise, your blood vessels can easily get clogged up, which may lead to varicose veins.

The ball chair is also great for pregnant women, as it can provide some relief for the back, making it more comfortable to sit on.

Scientific proof on the benefits of the ball chair

A new study suggests that children have a higher attention span while sitting on an exercise ball instead of traditional school chairs. Researchers from the University of British Columbia found that six to eight-year-olds had more strength and endurance when regularly using an exercise ball instead of a regular seat. The findings suggest that spending time on the Swiss balls could help children at school and other kids who may have trouble concentrating or focusing.

Sports medicine specialist Dr. Lawrence Ronald, an author of the study, said that “Swiss balls are good for developing balance, coordination, core muscle strength and endurance in young children.” The study was published in the American Journal of Public Health.

The researchers explained that over a period of eight weeks, one hundred and twenty-six children between the ages of six and eight years old were given Swiss balls as their chairs for forty-five minutes during each school class. The same group was asked to sit on regular school chairs for 45 minutes. After the time was over, the researchers found that the children who used Swiss balls could keep their balance significantly longer than those who sat on regular chairs.

The study also showed that the young participants increased endurance and coordination while doing such balancing acts. Dr. Ronald said that “We recommend that children replace traditional chairs with exercise balls as a classroom chair.”

The study is part of the Physical Activity and Nutrition in Children Study (PANIC) that explores the effect of different types of exercise on young participants. The researchers stressed out that “These results suggest that sitting on an exercise ball may be helpful to children with poor concentration or focus, as well as those who have difficulty sitting still.”

Dr. Ronald said that “Based on this, we believe children who are struggling with their behavior or focus at school may benefit from using exercise balls as chairs.” The researchers also found that six weeks after the experiment was over, the benefits gained by the participants were mostly lost.

The Cons Of Working On A Ball Chair

As with every other table, there are some downsides to using a ball chair too. The biggest issue is that you often have to re-adjust your position because you could quickly lose balance and topple over. You might get back or neck pain if you slouch or slouch while sitting on a ball chair. You also risk rolling off if you aren’t paying attention to your posture, especially when using an exercise ball. Another issue is that it can be challenging for most people to properly use their hands and feet without pushing the ball away. Working on a yoga ball chair, yoga ball chairs are usually marketed toward adults, but that doesn’t mean children can’t use them. It’s essential that kids get the proper education on sitting correctly on a chair because otherwise, they may be at risk for a back injury.

You might think that having the proper posture is only necessary when sitting for a long time, but if your child slouches all the time at school or home, he may also have back pain. That’s why children must sit properly on a ball chair – not just adults!

If you let your kid work on a ball chair, make sure that you supervise them. The potential dangers of kids falling over are pretty obvious, so it’s best to keep an eye on them while they’re sitting on the ball.

Remember that you should only allow older kids to work on a ball chair, not toddlers!

The Best Of Both Worlds?

Yoga ball chairs are also marketed as the perfect alternative for office workers. We all know how hard it is to focus while sitting on an office chair, which is why this might be your optimal solution. Especially if you experience back pain when sitting for too long, a ball chair may be the right solution.

Do you want to experience it yourself? If you’re considering buying a Yoga ball chair, I suggest that you look at Amazon.com.

Find the best yoga ball chair for kids!

It’s not easy to find the right balance between health and fun, but it can be done! Look at the yoga ball chairs below and see if one might be the right choice for your kid.

  1. Mantra Sports Yoga Ball Chair – The Mantra Sports yoga ball chair is probably the best choice if you’re looking for a yoga ball chair that will last your kid the longest time possible. This one has an impressive 660-pound weight limit, so unless your child weighs more than that, then he should be OK with this one. And as you can see from the picture, it’s a simple but very stylish design that will look great in any room of your house.
  2. Gaiam Kids Balance Ball – Exercise Stability Yoga Ball Chair, Ages 3+ – If you want your kid to have a fun workout with the Yoga ball chair, this one might be perfect for him. It comes with an exercise ball pump so that you won’t have to struggle too much when inflating the ball. It’s also a great way to introduce your kid to Yoga or gym exercises from an early age.
  3. LakiKid Yoga Ball Chair – The LakiKid yoga ball chair is a high-quality choice if you’re looking for a fun way to get your kid to learn how to sit correctly. It’s very sturdy and durable, so you’re guaranteed that it will last you for years. Because the ball is made out of puncture-resistant material, it’s safe to assume that your kid can’t do any harm to this one by simply rolling around on the chair.
  4. Trideer Ball Chair – The Trideer ball chair is another fun option if you want to get more active with your kid. It’s not necessarily aimed directly at kids, but there are no problems with getting your child to play on this thing either! It is Amazon’s number 1 bestseller for ball chairs, so that says something about its quality.
  5. GalSports Yoga Ball Chair – This Yoga ball chair is an excellent choice if you’re looking for the lowest price possible. As you can see, it’s pretty basic, but there are no problems with quality either. The pump included is a solid one, and it can be used to inflate the ball to its proper size.

Conclusion

If you’re wondering what kind of Yoga ball to pick for your child, then you can’t go wrong with any of the above choices. According to customer reviews, they’re all very high-quality, so you won’t have a problem getting your child to use these chairs.

The post Yoga Ball Chair For Kids – Is It A Good Idea? appeared first on Comfy Bummy.

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

/0 Comments/in /by

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

Last week’s story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text. Here’s what one of those scam messages looks like:

Anyone who responds “yes,” “no” or at all will very soon after receive a phone call from a scammer pretending to be from the financial institution’s fraud department. The caller’s number will be spoofed so that it appears to be coming from the victim’s bank.

To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the authentication passcode delivered to the member.

Ken Otsuka is a senior risk consultant at CUNA Mutual Group, an insurance company that provides financial services to credit unions. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. What’s your username?”

“In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.’”

The fraudster then uses the code to complete the password reset process, and then changes the victim’s online banking password. The fraudster then uses Zelle to transfer the victim’s funds to others.

An important aspect of this scam is that the fraudsters never even need to know or phish the victim’s password. By sharing their username and reading back the one-time code sent to them via email, the victim is allowing the fraudster to reset their online banking password.

Otsuka said in far too many account takeover cases, the victim has never even heard of Zelle, nor did they realize they could move money that way.

“The thing is, many credit unions offer it by default as part of online banking,” Otsuka said. “Members don’t have to request to use Zelle. It’s just there, and with a lot of members targeted in these scams, although they’d legitimately enrolled in online banking, they’d never used Zelle before.” [Curious if your financial institution uses Zelle? Check out their partner list here].

Otsuka said credit unions offering other peer-to-peer banking products have also been targeted, but that fraudsters prefer to target Zelle due to the speed of the payments.

“The fraud losses can escalate quickly due to the sheer number of members that can be targeted on a single day over the course of consecutive days,” Otsuka said.

To combat this scam Zelle introduced out-of-band authentication with transaction details. This involves sending the member a text containing the details of a Zelle transfer – payee and dollar amount – that is initiated by the member. The member must authorize the transfer by replying to the text.

Unfortunately, Otsuka said, the scammers are defeating this layered security control as well.

“The fraudsters follow the same tactics except they may keep the members on the phone after getting their username and 2-step authentication passcode to login to the accounts,” he said. “The fraudster tells the member they will receive a text containing details of a Zelle transfer and the member must authorize the transaction under the guise that it is for reversing the fraudulent debit card transaction(s).”

In this scenario, the fraudster actually enters a Zelle transfer that triggers the following text to the member, which the member is asked to authorize: For example:

“Send $200 Zelle payment to Boris Badenov? Reply YES to send, NO to cancel. ABC Credit Union . STOP to end all messages.”

“My team has consulted with several credit unions that rolled Zelle out or our planning to introduce Zelle,” Otsuka said. “We found that several credit unions were hit with the scam the same month they rolled it out.”

The upshot of all this is that many financial institutions will claim they’re not required to reimburse the customer for financial losses related to these voice phishing schemes. Bob Sullivan, a veteran journalist who writes about fraud and consumer issues, says in many cases banks are giving customers incorrect and self-serving opinions after the thefts.

“Consumers — many who never ever realized they had a Zelle account – then call their banks, expecting they’ll be covered by credit-card-like protections, only to face disappointment and in some cases, financial ruin,” Sullivan wrote in a recent Substack post. “Consumers who suffer unauthorized transactions are entitled to Regulation E protection, and banks are required to refund the stolen money. This isn’t a controversial opinion, and it was recently affirmed by the CFPB here. If you are reading this story and fighting with your bank, start by providing that link to the financial institution.”

“If a criminal initiates a Zelle transfer — even if the criminal manipulates a victim into sharing login credentials — that fraud is covered by Regulation E, and banks should restore the stolen funds,” Sullivan said. “If a consumer initiates the transfer under false pretenses, the case for redress is more weak.”

Sullivan notes that the Consumer Financial Protection Bureau (CFPB) recently announced it was conducting a probe into companies operating payments systems in the United States, with a special focus on platforms that offer fast, person-to-person payments.

“Consumers expect certain assurances when dealing with companies that move their money,” the CFPB said in its Oct. 21 notice. “They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law. The orders seek to understand the robustness with which payment platforms prioritize consumer protection under law.”

Anyone interested in letting the CFPB know about a fraud scam that abused a P2P payment platform like Zelle, Cashapp, or Venmo, for example, should send an email describing the incident to BigTechPaymentsInquiry@cfpb.gov. Be sure to include Docket No. CFPB-2021-0017 in the subject line of the message.

In the meantime, remember the mantra: Hang up, Look Up, and Call Back. If you receive a call from someone warning about fraud, hang up. If you believe the call might be legitimate, look up the number of the organization supposedly calling you, and call them back.

Air Gapped Networks: A False Sense of Security?

/0 Comments/in /by

Air Gapped Networks: How Secure Are They?

Hackers and attackers like nothing better than sitting in the comfort of their own armchairs to conduct remote attacks on vulnerable networks around the world. But some critical systems aren’t exposed to the public internet and sit, apparently safely, in an isolated environment, air gapped from the rest of the world by a lack of internet connectivity.

There is no doubt that keeping a system off the public internet increases its security posture, but it can also introduce vulnerabilities when operators need to ingest data or transfer data outside the network. Despite the increased security that an air gapped system can offer in certain situations, they have proven to be vulnerable to attack, both in the wild and in research situations. So, just how secure are air gapped networks?

What is an “Air Gap” in Network Security?

In network security, an air gapped network is one that has no physical connection to the public internet or to any other local area network which is not itself air gapped. In an air gapped environment, all the usual communication software like email clients, browsers, SSH and FTP clients are disconnected from the outside world.

A properly air gapped network means that devices within the network are invisible to, and effectively isolated from, remote threat actors, who often scan the public internet for vulnerable machines through services like Shodan. Similarly, remote code execution (RCE) software bugs cannot be directly exploited by an attacker outside of the air gapped network itself.

An air gapped system can, of course, communicate with other physically separated devices, but any means of data transfer outside of the network must take place through external hardware, temporarily attached to the network. Such hardware can include USB flash drives and other removable media as well as specially-authorized laptops. Importantly, these external devices require a person to physically connect and disconnect them to the air gapped network.

Conversely, devices which are only partitioned from other network devices by means of a software firewall are not considered to be truly air gapped, since such software can easily contain vulnerabilities that might allow entry to remote attackers.

An air gapped computer can be thought of as just a special, very limited, kind of air gapped network: a ‘network’ with only one device, in which all external network connections are disabled, and – again – data transfer in or out of the system requires physically plugging in some other device to a port on the air gapped machine. To effectively air gap such a device, WiFi and Bluetooth must be turned off and any ethernet cable unplugged. There must also be no wired connections to other computers or devices unless they are also similarly air gapped.

Advantages & Challenges of an Air Gapped Network

On the face of it, being invisible to attackers searching the public internet for devices vulnerable to remote attacks seems like a huge security advantage. It certainly increases the risk and effort for threat actors wishing to attack such devices because, without internet connectivity, air gapped systems cannot be compromised without physical access, either directly with the device itself or indirectly via compromising another device that may temporarily have physical access.

This makes air gapping attractive in certain situations such as critical infrastructure operations like nuclear power plants, water plants and other industrial systems. Sensitive business and financial data, such as payment and control systems, can also benefit from air gapped environments if they do not need an internet connection. Military networks carrying classified information and healthcare organizations operating certain kinds of medical equipment are other obvious candidates for air gapping.

In some cases, businesses may need to operate legacy software that will only run on old, vulnerable devices. Such software can be used with less risk if the computer is disconnected from all internet services and other external network connections.

However, there are challenges with using air gapped systems safely. Working in an air gapped environment can be inconvenient for computer operators. Complete separation from all external data severely limits what can usefully be accomplished in an air gapped environment, particularly for tasks that require live or frequent data updates.

For the vast majority of computer tasks, data will need to be ingested at certain times, and similarly data processed on an air gapped computer or device may need to be transferred elsewhere to make it useful or available to others who need it.

It is this transfer of data that presents the greatest risk. That risk is increased when those using air gapped systems have a false sense of security that the network is inherently safe because of its lack of internet connectivity.

The integrity of the air gap is only maintained when the means of data transport in and out of the environment are equally subject to the highest levels of security. In practice, the integrity of air gapped networks has proven to be extremely difficult to maintain without the help of added security controls.

How Secure Are Air Gapped Networks?

Because of the difficulty of maintaining an effective air gap, it is not surprising that threat actors have found ways to attack air gapped computers. Perhaps the most notorious example was the Stuxnet attack. which was designed to target Iran’s nuclear program. Although it was discovered in 2010, it is thought to have been in development since 2005.

At the time of discovery, the Stuxnet worm was a 500Kb program that infected the software of over 14 industrial sites in Iran. It targeted Microsoft Windows machines and spread on its own through USB drives plugged into the air gapped machines on the network. The result was Iran losing almost one-fifth of its nuclear centrifuges.

In 2016, researchers discovered the Project Sauron malware, which attacked air gapped and other networks via a poisoned USB installer. Project Sauron was reportedly discovered on networks belonging to more than 30 organizations in the government, scientific, military, telecoms and financial sectors.

In 2019, researchers discovered the Ramsay framework, a cyber-espionage toolkit that was tailored to target air gapped networks. The malware used a number of infection techniques, from exploiting remote code executions in software like MS Word to trojan installers of popular software like 7zip. Ramsay collected data and stored targeted data in special archives that contained a marker for “control” software: presumably, attacker-controlled programs intended to be introduced to the target network separately by either a human operator or an infected USB device and retrieved at a later date.

Both nation-state actors and researchers have developed more esoteric means of attacking air gapped networks. Cottonmouth-1 is a USB hardware implant that can provide a wireless bridge into an air gapped computer if physically connected by an intruder or malicious insider. Researchers have also repeatedly shown how air gapped networks can be breached through various electromagnetic signals, from FM and cellular radio waves to thermal and NFC signals that can carry up to 100 metres. These include:

  • LED-it-Go – using an HDD’s activity LED
  • USBee – emitting signals from a USB’s data bus
  • AirHopper – using the GPU card to emit signals to a nearby mobile phone
  • Fansmitter – using sounds emanated by a computer’s GPU fan
  • BitWhisper – exfiltrating data via using thermal emissions
  • GSMem – using GSM cellular frequencies
  • aIR-Jumper – hijacking a security camera’s infrared capabilities
  • PowerHammer – stealing data using power lines
  • AiR-ViBeR – stealing data using a computer’s fan vibrations

The Solution

When looking at how to protect air gapped computers, the obvious question is: what kind of security software can keep up with novel threats without itself needing to break the air gap? Legacy AV solutions typically need to retrieve signatures for newly-discovered malware on a regular basis. Some so-called next-gen solutions rely heavily on their ability to send telemetry to the cloud and analyze it off-device. Neither is going to work when your primary security posture requires no internet connectivity.

The answer to these problems is an on-device behavioral AI that can detect, protect and remediate malware, ransomware and device-based attacks from peripherals like USB drives autonomously. A solution such as SentinelOne can operate independently of internet connectivity to detect both known and novel malware based on behavior rather than file identity.

If you would like to learn more about SentinelOne and advanced network security, contact us for more information or request a free demo.

KEET Roundy Kid’s Chair – A Safe Choice For Your Little One!

/0 Comments/in /by

Parents wanting the best for their children cannot be blamed. Therefore it is no wonder that they prefer buying extra toys and furniture for their kids instead of spending on themselves. From cribs to high wooden chairs, parents can go beyond limits searching for top-quality goods for their little ones. This article will focus on trusted children chairs by KEET.

Take a look at these cute and fun chairs for your child. They are made of the finest quality, safe materials, and they make perfect furniture for children.

KEET Roundy Kid’s Chair

A very safe and stable chair for your child to eat or draw or paint. It is a must-buy for parents with toddlers. A simple yet sturdy design, the KEET Roundy Kid’s Chair will withstand your little one’s constant need to get up and down from the seat. The chair has a simple structure – easy to clean and maintain. The seat is quite strong, so your child will enjoy sitting in it, but at the same time very gentle on the legs of a newborn baby.

KEET Roundy Kid’s Chair is a classic design that can be used from babyhood all the way to toddlerhood. It has been designed for children from 0-3 years old, and it can support up to 34 lbs weight. The armrests are perfect in size, and they come with extra padding for your child’s comfort.

KEET Roundy Chair is recommended by pediatricians! It was designed according to ergonomics and safety standards and has won several awards. Some of them include: “The Best Toy Award” in Japan, “Best of NeoCon,” and many others. KEET Roundy Chair is designed by the famous designer Karim Rashid, a parent himself, so he understands parents’ concerns when they pick out toys and furniture for their little ones.

KEET Roundy Kid’s Chair is the perfect chair for your child! It is simple, fun, and safe! You can also get one of those as a Christmas present for an expecting mom.

Why Is KEET Roundy Kid’s Chair So Popular?

KEET Roundy Kid’s Chair is so popular among parents because:

  • it comes in vibrant, fun colors.
  • The chair has a very simple design.
  • Its ergonomics are also beneficial to the child’s health.
  • KEET Roundy Kid’s Chair is designed according to safety requirements and standards set by organizations like CPSC and JPMA.
  • KEET Roundy Kid’s Chair is comfortable and safe
  • The chair has armrests that are the perfect size for toddlers.
  • Your child can feel secure when sitting on this chair – it’s sturdy!
  • Soft padding protects your child’s arms, legs, and back from any possible discomfort.
  • KEET Roundy Kid’s Chair is also easy to clean. The round seat is removable.

Choose The Best KEET Roundy For Your Child

KEET Roundy Kid’s Chair is available in multiple versions. The most classic of them all is the single Keet Roundy Children’s Chair in Microsuede. It comes in a wide range of colors, so you can choose whichever fits your home or your taste best. If you want to be truly original and creative when decorating your kid’s room – get two different chairs! Kids love bright objects that have their unique touch.

The same chair is also available in different materials:

  • The KEET Roundy Faux Fur version features a stylish cowhide print.
  • The KEET Roundy Gingham version is pretty and stylish. It’s a great addition to any decor, and it will look adorable in your child’s room.
  • KEET Roundy is also available in denim fabric.

The KEET Roundy kids chair family has a lot more to offer! For extra comfort, pick Roundy with a matching Ottoman. KEET Roundy with Ottoman is perfect for your daily needs or for watching TV with your kid. It has the same bright colors as Roundy Chair, and it can make a perfect addition to any room’s decor. This ottoman is also made of top-quality materials, so you don’t have to worry about its durability.

If you need to scale up your child’s room – get a KEET Roundy children’s sofa! This sofa is perfect for lounging, playing video games, or watching TV. It has all the great features of the Roundy Chair – it’s comfortable, safe, sturdy, and colorful!

Most comfortable kids’ chairs

On ComfyBummy.com, you can find more kids’ chairs and other recommendations.
We know what it’s like to be a parent. That’s why we put together this website so that you can find everything you need in one place. Whether looking for trendy bean bag chairs, comfortable rocking chairs, or fun play tables – look no further because Comfy Bummy has everything you need.

The post KEET Roundy Kid’s Chair – A Safe Choice For Your Little One! appeared first on Comfy Bummy.

Backdoor macOS.Macma Spies On Activists But Can’t Hide From Behavioral Detection

/0 Comments/in /by

As we reported in our Deeper Dive into macOS.Macma on Monday, a suspected Chinese-backed APT has been discovered spying on Mac-using activists and journalists with a custom-built Backdoor. The malware appears to have been crafted primarily to target Mac users running macOS 15 Catalina and visiting certain websites related to the ongoing pro-democracy activism in Hong Kong. In one version of the attack, the threat actors leveraged vulnerabilities in macOS itself to drop the Macma payload. In another, the threat actors relied on social engineering and a trojan installer to infect devices. In this post, we explain more about how macOS.Macma works, how to detect it, and how to protect against it.

Overview of Backdoor macOS.Macma

The Backdoor macOS.Macma is a malicious payload discovered by Google TAG in August, 2021 and disclosed in November, 2021. It appears to have been developed over a number of years and comes in two versions. In the more recent version, the threat actors leveraged what was at the time a remote code execution (RCE) 0-day in WebKit and a local privilege escalation (LPE) in the XNU kernel in order to drop the Macma payload with root privileges on unsuspecting Mac users in a watering hole campaign. In the earlier version, the threat actors rely on social engineering to trick users into running a trojan app that drops a similar payload.

The trojan, which appears to date from at least 2019, contains several malicious binaries and a shell script in its Resources folder. The shell script is responsible for installing and running the “client” binary (also in the Resources folder). A similar executable is also called by the persistence agent dropped in the User’s ~/Library/LaunchAgents folder, and which executes in the background every time the user logs in to their account.

Macma kills any earlier instance of itself before “reloading”

In the later 2021 version, the installation details are handled by a malicious payload executed in-memory thanks to the watering hole attack described by Google TAG.

In both versions, the LaunchAgent and the payload use the same persistence label and executable file paths:

~/Library/LaunchAgents/com.UserAgent.va.plist
~/Library/Preferences/UserAgent/lib/UserAgent

Both versions also drop further components–including the keylogger module, kAgent–at another location:

~/Library/Preferences/Tools/

In the 2021 version, we can see that the same routines used in the 2019 version’s shell script are now encoded in the installer binary; this includes the aforementioned unloading and loading of the persistence agent.

Macma uses launchctl to load its persistence agent

The installer then goes on to set up various UDP and TCP sockets for connectivity through a DDS framework.

Strings extracted from the 2021 version of macOS.Macma

With regards to the keylogger and other spyware components, note that in 10.14 Mojave, Apple introduced extended TCC protections to macOS such that any code attempting to access the user’s camera or microphone causes a user consent prompt. This mechanism was extended in macOS 10.15 Catalina to include keyboard input monitoring, such as a keylogger like kAgent might use.

macOS.Macma does indeed cause prompts to duly occur for Accessibility and the microphone (in our tests, only after logout and login), giving users at least some chance to recognize that these permissions are being sought.

TCC prompts occur after the user logs in again, post-infection
Access to the microphone and Accessibility can be revoked in System Preferences

Analysis of the code used by macOS.Macma reveals other indications of the spyware’s capabilities, which as well as keylogging and audio recording include device fingerprinting, screen capture, and file download.

Code disassembly shows some of the methods used by the Macma spyware

In our tests, only the keylogger component was called into action by the UserAgent binary. As we reported previously, the keylogger captures the user’s keystrokes and stores these in text files with Unix timestamps for names at ~/Library/Preferences/UserAgent/lib/Data/.

The keylogger is run automatically by the UserAgent binary

Two other binaries are deposited in the ~/Library/Preferences/Tools/ folder but do not appear to be initiated by the UserAgent. These are the “at” binary and the “arch” binary.

Spyware modules are dropped in a separate location from the main executable

The ‘at’ binary profiles the user’s system and gathers environmental data, including the CPU info and model, Mac address, hardware UUID, disk free space and available memory.

A summary of the ‘at’ binary’s main functionality

Meanwhile, the ‘arch’ binary serves primarily to take captures of all the user’s currently open windows and save these to disk, presumably for later exfiltration.

Disassembly of the captureScreen method in the arch binary

Aside from these files, the UserAgent also executes a remote .php script in-memory in order to gather the user’s IP address.

http://cgi1.apnic.net/cgi-bin/my-ip.php

How To Detect macOS.Macma Backdoor

While the XNU and WebKit vulnerabilities that allowed this spyware to be installed on unsuspecting users’ devices via a poisoned website have now been patched, it’s important to note that the malware could still be installed in other ways such as by social engineering, just as the earlier version was and most macOS malware in the wild typically is. The macOS.Macma payload, with the caveat of a few user prompts, will still work if the user can be manipulated into installing it even on a fully patched macOS install.

We also note that Apple’s built in XProtect scanner has not been updated to detect this malware as of the time of writing.

XProtect’s yara rules did not detect the macOS.Macma malware in our test

Apple’s built-in remediation software, MRT.app (Malware Removal Tool app), which runs at user login (among other times), also did not remove this infection on our test device after we logged out and logged back in again.

SentinelOne customers, however, are protected against macOS.Macma. The SentinelOne behavioral engine detects all the component binaries on execution.

The SentinelOne Management console alerts on macOS.Macma activity

In the demonstration video below, the agent policy is set to “Detect-only” in order to observe the malware’s execution.

For threat hunters and those without SentinelOne protection who wish to check for macOS.Macma infection, the following behavioral and file path indicators of compromise should help (where is replaced by the actual username of the account being investigated):

/Users//Library/Preferences/UserAgent/lib/UserAgent -runMode ifneeded
chmod 644 /Users//Library/LaunchAgents/com.UserAgent.va.plist
chmod 755 /Users//Library/Preferences/Tools/arch
chmod 755 /Users//Library/Preferences/Tools/kAgent
chmod u+s /Users//Library/Preferences/Tools/arch
chmod u+s /Users//Library/Preferences/Tools/kAgent
chown :staff /Users//Library/LaunchAgents/com.UserAgent.va.plist
chown :staff /Users//Library/Preferences/Tools
chown :staff /Users//Library/Preferences/UserAgent
chown :staff /Users//Library/Preferences/UserAgent/lib
launchctl load -w /Users//Library/LaunchAgents/com.UserAgent.va.plist
launchctl unload -w /Users//Library/LaunchAgents/com.UserAgent.va.plist
mkdir /Users//Library/Preferences/Tools
mkdir /Users//Library/Preferences/UserAgent
mkdir /Users//Library/Preferences/UserAgent/lib
rm -f /Users//start.sh
sh -c chown :staff "/Users//Library/Preferences/Tools"
sh -c chown :staff "/Users//Library/Preferences/UserAgent"
sh -c mkdir "/Users//Library/Preferences/Tools"
sh -c mkdir "/Users//Library/Preferences/UserAgent"

The appearance of the UserAgent binary in System Preferences’ Privacy pane, under both the Microphone and Accessibility panels, can also be used to check for infection. In addition, review the SentinelLabs macOS.Macma post for further information and IoCs.

How To Protect Against macOS.Macma

As we noted in our earlier post, some OS-specific vulnerabilities which allowed the threat actors to infect Mac users have been patched by Apple some months ago, and all users are highly encouraged to ensure they are on the latest patched version of Catalina 10.15 or higher.

In order to prevent infections like macOS.Macma, be sure to install a good behavioral AI engine that can recognize novel threats based on what they do. Legacy AV scanners that rely on known signatures or cloud reputation services alone will not be able to stop threats that have not previously been detected in the wild.

If you would like to learn more about how SentinelOne can protect your macOS, Linux, Windows and Cloud Workload installations, contact us for more information or request a free demo.

All About Cowhide: Best Kids Chairs To Lift Your Moo-d

/0 Comments/in /by

We love a bit of cow furniture, but this time we’re going to take a look at some of the most fun kids’ stuff out there. Here are the kids’ chairs you never knew you needed, but once you find them, you just know there’s no other way! Let’s find out what your child will absolutely adore!

Cowhide Kids Chairs – As Good As It Gets

There is nothing that can compare with your typical cowhide chair. Great for home decoration and kids’ play, this little cutie will look fantastic in any children’s room! Kids simply love it because of its fun design, but their parents love it too – because cowhide is soft to touch and easy to maintain.

Cowhide is one of those rare pieces you will want to decorate your whole place with, as it goes really well with almost any style and color scheme. And the best part: kids can use their imagination and build a little cowhide town together! What’s not to like about this?

You can find either chairs with cowhide pattern or kids’ chairs that look like friendly cows themselves.

Linon Home Décor Linon Draper Linen Cow Print Office Chair

Sometimes, all you need to do is add a small detail in your child’s room to bring the whole room together. And that little detail can be this black and white cowhide chair! We love it because of its vintage look, but we know that kids simply adore sitting on it!

This office chair is sturdy, easy to clean, and can be simply moved around the house. It’s a perfect chair that will elevate your child to a proper level – not too high and not too low.

Pacific Play Tents Milky The Cow Chair

Are you looking for something that can be used both indoors and outdoors? If so, then this little cutie is just what you need! Milky The Cow Chair is a bright addition to any playroom or backyard. Your kids will love sitting on it all day long, having fun, and enjoying their time playing with their friends!

It’s easy to clean and very comfortable – an ideal pick for kids over 3 years old.

Fantasy Fields – Happy Farm Animals Thematic Kids Wooden Cow Chair

This cowhide chair is an excellent gift for any child who takes an interest in animals. It’s a perfect addition to your kid’s farm or zoo.

Kids will simply adore this wooden cow chair, as its design was created with children’s needs in mind – meaning that it’s both safe and comfortable. You can also use it as a decoration piece in your child’s room – after all, this cow’s design is very appealing and simply beautiful!

This wooden chair is neutral yet fun and bright enough to look amazing in any children’s room. Kids will love it because of its fun design, but parents will too – knowing that their children are sitting on a safe and reliable chair.

This kid’s wooden cow chair is weather-resistant, which means you can use it both indoors and outdoors!

Trend Lab Children’s Plush Cow Character Chair for Kids and Toddlers’

What could be better than a cow plushie? An actual cow plushie chair! This life-sized cuddly toy is not only very comfy but also a great addition to your kid’s room. They’ll love snuggling up on it, having fun, and playing all day long with their friends.

It’s not only safe for kids but also made of 100% polyester, which is very soft to touch. You can tell that your children will feel comfortable sitting on it!

iPlay, iLearn Cow Furniture Stool for Toddlers and Kids

iPlay, iLearn cow furniture stool is an excellent addition to your kids’ playroom, bedroom, or even kitchen! It adds a fun vibe to the whole house and makes everything look so much better!

It’s safe for kids, easy to clean, and very comfortable. Your children will love it because of its simple design and vivid color scheme.

Cowhide Kids Chair

We hope that we have managed to help you choose the perfect cowhide chair for your kids. No matter which chair you choose, it’s always better to know that your children are sitting on a safe and reliable chair rather than something cheap. We wish you tons of joy and a-moo-sement with your purchases!

The post All About Cowhide: Best Kids Chairs To Lift Your Moo-d appeared first on Comfy Bummy.