Why It’s A Bad Idea To Buy A Used Car Seat

/0 Comments/in , /by

Here at ComfyBummy, we fight every day to keep your kids safe and comfortable.

Buying a used car seat is a bad idea for many reasons. Of course, the most obvious reason is that you don’t know how it was treated and if it has been in an accident, there’s no way of knowing. Secondly, the straps may be worn and not in the proper locking mode. Third, the seat itself may be broken in some way.

Lastly, you can’t tell if the seat has been recalled. If you get caught, the fine is up to $500 per item. In fact, it may be illegal in your state to even sell a used car seat!

If you purchase a new car seat, you know that there are no broken parts and that it hasn’t been in an accident before.

It is also worth mentioning that security features in kids’ car seats improve each year as technology progresses. Your child’s life is too valuable to consider buying a used seat. No matter how good the deal might be, buying a used car seat is never worth it.

Do Car Seats Have Expiration Dates?

Car seats have expiration dates. Most car seat manufacturers say their products should be replaced after 6 years.

When it’s time to replace your child’s car seat, remember that you may need to upgrade to a bigger model when moving from rear-facing to forward-facing and then again when moving into a booster seat.

How to check if car seat’s expiration date?

You can find the expiration date on the back of your car seat. Sometimes, the expiration date is printed on the bottom of the car seat. Some car seats have both.

If you can’t kids’ car seat expiration date, check the user manual or call the manufacturer’s customer service line for information about your specific seat model.

You’ll also want to replace a car seat that’s been involved in a moderate to severe crash. You’ll need a new one, period.

If the car seat was even mildly compromised in an accident or other incident, you risk injuring your child because of faulty materials and straps.

What about a minor crash? Even if there’s no apparent damage to your child’s car seat, you should have it checked out by a technician. For example, what looks like minor damage can mean that the internal parts are compromised. If so, this could lead to injury in the event of an accident.

Do car seat bases expire?

Car seat bases do expire as well. The expiration date of your base is printed on the bottom of the base. It’s usually six years from the date of manufacture.

There are a few things to remember about installing a base:

  • First, it has to be tightly installed using either LATCH or the vehicle’s safety belt.
  • Second, it’s not attached to the seat – so if you have to install the seat without its base for whatever reason, you need to remember how it was initially installed. This is important because some car seats are more easily installed with one method or another depending on the vehicle design.

The Safest Kids’ Car Seats Are Always New

Even paying an extra $200-300 for a new seat is more cost-effective than buying used. When it comes down to purchasing a new or used car seat, the answer is easy: Go with new. It’s not worth saving money at the risk of your child’s safety.

It is important to remember that safety has no price. There are too many risks involved in purchasing a used car seat, and it’s just not worth the risk.

We have prepared the below list of the safest car seats for kids to make it easier for you.

Maxi-Cosi Magellan XP Max All-in-One Convertible Car Seat

ASIN: B081K8DKBP

The Maxi-Cosi Magellan XP All-in-One is the safest car seat available. Its AirProtect technology uses energy-absorbing foam to distribute impact forces away from your child’s head, neck and chest through the side of the car seat.

We call it “the Mercedes Benz of Car Seats.” This car seat has passed every test, both in the USA and Europe.

It also has easy-to-use LATCH connectors that will save you time when installing by yourself.

Children develop at different rates; therefore, you may modify the torso up or down to optimize side impact protection to your child’s size. ClipQuik’s auto-magnetic chest clip makes it simple to open with one hand but difficult for kids to unbuckle.

The Magellan XP Max all-in-one Car Seat was created to offer ultimate safety and comfort in mind.

Britax Advocate ClickTight Anti-Rebound Bar Convertible Car Seat

ASIN: B07962ZKK8

The Britax Advocate has a SafeCell Impact Protection base that absorbs crash forces with energy-absorbing materials.

The headrest is adjustable both vertically and laterally to ensure the best fit for your child. The deep side walls are lined with energy-absorbing EPP foam, which limits forces through your child’s body in the event of a crash.

The Advocate is straightforward to install with the ClickTight technology, which ensures that the seat is installed tightly and correctly every time. The harness height can be easily adjusted without re-threading.

Britax made the Advocate Clicktight convertible car seat because they understand how hard it is to leave your child in someone else’s care. They wanted to make sure that your child is as safe as possible, even in an emergency.

That’s why they’ve created the safest car seat available on the market today.

Chicco Fit4 Adapt 4-in-1 Convertible Car Seat

ASIN: B09311PL54

The Fit4 is a safe car seat that will grow with your child. It has 4-in-1 design features: infant, rear-facing travel system, forward-facing, and booster.

Your child can be secured using the 5 point harness until they exceed its weight limit (40 pounds). Then, you can utilize the belt-positioning clip to switch to booster mode easily.

The Fit4 adapt convertible car seat comes standard with the RideRight bubble-level indicators, which work to ensure that your child is sitting in the proper position as you adjust and tighten the harness. The indicator makes it easier for parents who don’t feel confident assessing this themselves.

The Latch connectors make it easy to install the car seat. The Fit4 adapt features the one-pull tightener, enabling you to quickly tighten the harness without re-threading it through complicated back panels.

Chicco made this car seat with all different types of parents in mind. Whether grandparents are watching the kids, they’re helping out babysitters, or they’re just dealing with a busy schedule, this car seat will make it easier for you to go about your daily routine.

Graco Extend2Fit 3-in-1 Car Seat

ASIN: B084QD3HHW

The Extend2Fit is the only car seat you’ll ever need. It has extra legroom and a longer seat bottom, making it easy for your child to sit comfortably throughout their entire childhood.

The main highlights of this car seat are the 10-position extendable headrest, 4-position extension panel, and 6-position recline. Thanks to those, you can extend the car seat to provide additional protection as your child grows.

There’s also a removable infant body support that offers extra comfort for smaller children.

The Graco Extend2Fit has an InRight LATCH system, which makes installing a cinch. There are also 2 hideaway cup holders, which provide a place to store drinks and snacks during long trips.

Summary – What To Look For In A Car Seat For Kids?

The protection of your children is the most crucial aspect of car seat shopping. Some car seats are safer than others, which means they absorb more impact in the event of an accident.

It’s also essential to consider ease of use and comfort when picking out a new car seat. You want something that will make it easier for you to go about your daily routine.

Many car seats are 3 in 1, which means they can be used for more than one growth stage. These types of car seats can grow with your kids, so you don’t have to purchase multiple seats throughout the years.

Some convertible car seats also provide extra head and neck support for young children. This ensures that their head doesn’t wobble around during a car ride.

Most importantly, make sure you do your research before purchasing any car seat. You can check out reviews online or ask friends and family for advice before making a big purchase.

The post Why It’s A Bad Idea To Buy A Used Car Seat appeared first on Comfy Bummy.

REvil Ransom Arrest, $6M Seizure, and $10M Reward

/0 Comments/in /by

The U.S. Department of Justice today announced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the U.S. Department of State is now offering up to $10 million for the name or location any key REvil leaders, and up to $5 million for information on REvil affiliates.

If it sounds unlikely that a normal Internet user could make millions of dollars unmasking the identities of REvil gang members, take heart and consider that the two men indicted as part this law enforcement action do not appear to have done much to separate their cybercriminal identities from their real-life selves.

Exhibit #1: Yaroslav Vasinskyi, the 22-year-old Ukrainian national accused of being REvil Affiliate #22. Vasinskyi was arrested Oct. 8 in Poland, which maintains an extradition treaty with the United States. Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya, Miami-based company whose products help system administrators manage large networks remotely.

Yaroslav Vasinksyi’s Vkontakte profile reads “If they tell you nasty things about me, believe every word.”

According to his indictment (PDF), Vasinskyi used a variety of hacker handles, including “Profcomserv” — the nickname behind an online service that floods phone numbers with junk calls for a fee. Prosecutors say Vasinskyi also used the monikers  “Yarik45,” and “Yaroslav2468.”

These last two nicknames correspond to accounts on several top cybercrime forums way back in 2013, where a user named “Yaroslav2468” registered using the email address yarik45@gmail.com.

That email address was used to register an account at Vkontakte (the Russian version of Facebook/Meta) under the profile name of “Yaroslav ‘sell the blood of css’ Vasinskyi.” Vasinskyi’s Vkontakte profile says his current city as of Oct. 3 was Lublin, Poland. Perhaps tauntingly, Vasinskyi’s profile page also lists the FBI’s 1-800 tip line as his contact phone number. He’s now in custody in Poland, awaiting extradition to the United States.

Exhibit #2: Yevgeniy Igorevich Polyanin, the 28-year-old Russian national who is alleged to be REvil Affiliate #23. The DOJ said it seized $6.1 million in funds traceable to alleged ransom payments received by Polyanin, and that the defendant had been involved in REvil ransomware attacks on multiple U.S. victim organizations.

The FBI’s wanted poster for Polyanin.

Polyanin’s indictment (PDF) says he also favored numerous hacker handles, including LK4D4, Damnating, Damn2life, Noolleds, and Antunpitre. Some of these nicknames go back more than a decade on Russian cybercrime forums, many of which have been hacked and relieved of their user databases over the years.

Among those was carder[.]su, and that forum’s database says a user by the name “Damnating” registered with the forum in 2008 using the email address damnating@yandex.ru. Sure enough, there is a Vkontakte profile tied to that email address under the name “Yevgeniy ‘damn’ Polyanin” from Barnaul, a city in the southern Siberian region of Russia.

The apparent lack of any real operational security by either of the accused here is so common that it is hardly remarkable. As exhibited by countless investigations in my Breadcrumbs story series, I have found that if a cybercriminal is active on multiple forums over more than 10 years, it is extremely likely that person has made multiple mistakes that make it relatively easy to connect his forum persona to his real-life identity.

As I explained earlier this year in The Wages of Password Re-use: Your Money or Your Life, it’s possible in many cases to make that connection thanks to two factors. The biggest is password re-use by cybercriminals (yes, crooks are lazy, too). The other is that cybercriminal forums, services, etc. get hacked just about as much as everyone else on the Internet, and when they do their user databases can reveal some very valuable secrets and connections.

In conjunction with today’s REvil action, the U.S. Department of State said it was offering a reward of up to $10 million for information leading to the identification or location of any individual holding a key leadership position in the REvil ransomware group. The department said it was also offering a reward of up to $5 million for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a REvil ransomware incident.

I really like this bounty offer and I hope we see more just like it for other ransomware groups. Because as we can see from the prosecutions of both Polyanin and Vasinskyi a lot of these guys simply aren’t too hard to find. Let the games begin.

The Good, the Bad and the Ugly in Cybersecurity – Week 45

/0 Comments/in /by

The Good

It’s been a tough week for those in the world of cyber espionage, and while we do recognize that there are spies that work for us as well as those that work against us, this week saw two stories break that will likely bring glad tidings to most.

First up, President Biden continued his administration’s welcome war on cyber bad guys with a ban on four different “spyware” companies, namely Russia’s Positive Technologies, Singapore’s Computer Security Initiative Consultancy and two Israeli companies, Candiru and NSO Group (distributor of the notorious Pegasus spyware). The four were all adjudged by the Biden administration to be trading in hacking tools used to “maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers” in the service of authoritarian repression that “threatens the rules-based international order”.

Meanwhile, Ukraine has outed members of an APT operation run by Russia’s FSB unit, more widely known as the Gamaredon group.

The details are fascinating and well worth a read, but the upshot is that Ukraine’s Security Service (SSU) were able to intercept conversations among FSB hackers and obtain data on thousands of Gamaredon C&C servers. Along with publishing a detailed report on the group’s activities they also ‘outed’ five members of the FSB as being members of the cyber espionage gang. While the TTPs used by Gamaredon are described as ‘not particularly sophisticated’, they have nevertheless been remarkably successful and are worthy of study by defenders in enterprise security teams.

The Bad

While we’ve seen welcome pressure put on DarkSide/BlackMatter ransomware operators this week, nobody is claiming victory just yet in the war against ransomware, particularly not the Las Vegas Cancer Center (LVCC). Back in September the LVCC was hit by a ransomware attack, and this week it turns out that PII belonging to current and former patients may also have been stolen.

The Center said on Monday that encrypted data had been accessed by attackers, and this may have included Personally Identifiable Information (PII) such as names and addresses of patients, date of birth, SSNs, medical records and insurance details.

LVCC were unable to confirm exactly which patient records may have been accessed. While the Center believes that the proprietary format used to store the data may have made it unreadable to hackers, unless it used some kind of strong encryption there’s still a possibility that hackers skilled in reverse engineering techniques would be able to retrieve details even from a proprietary file format.

LVCC has reportedly stated that it “does not believe that any data was copied or transferred from its server, and has received no ransom demand”. Even so, due to the sensitivity of the PII involved, all LVCC patients are advised to monitor credit card activity and be on alert for phishing attempts.

The Ugly

And after the patients comes the medical staff. It seems like there’s no end to the vulnerabilities faced by our healthcare infrastructure these days. This week a Medical School was found to have exposed 157GB of data containing around 200,000 files carrying, among other things, the PII of thousands of medical students, staff and course applicants.

Two years ago to the month, we reported on how researchers from vpnMentor uncovered an unsecured AWS bucket hosting tens of thousands of videos uploaded by users of the Veed platform. Alas, cybersecurity history continues to repeat itself as this week the same researchers reported that the LA-based Phlebotomy Training Specialists had done the exact same thing: an unsecured AWS bucket containing students’ ID cards, driving license details, home addresses, phone numbers, DoBs and professional and educational resumés was left publicly accessible for anyone to view.

The researchers estimate that between 27000 and 50000 individuals are impacted by the leaked data, which contained records from September 2020 to the present day. Affected individuals could be at risk of fraud, identity theft, and phishing attacks. Despite attempts to contact the company, vpnMentor says they have still received no response. Anyone who thinks they may be impacted by the data leak is advised to contact Phlebotomy Training Specialists directly.

‘Tis the Season for the Wayward Package Phish

/0 Comments/in /by

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.

One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Louis Morton, a security professional based in Fort Worth, Texas, forwarded an SMS phishing or “smishing” message sent to his wife’s mobile device that indicated a package couldn’t be delivered.

“It is a nearly perfect attack vector at this time of year,” Morton said. “A link was included, implying that the recipient could reschedule delivery.”

Attempting to visit the domain in the phishing link — o001cfedeex[.]com — from a desktop web browser redirects the visitor to a harmless page with ads for car insurance quotes. But by loading it in a mobile device (or by mimicking one using developer tools), we can see the intended landing page pictured in the screenshot to the right — returns-fedex[.]com.

Blocking non-mobile users from visiting the domain can help minimize scrutiny of the site from non-potential victims, such as security researchers, and thus potentially keep the scam site online longer.

Clicking “Schedule new delivery” brings up a page that requests your name, address, phone number and date of birth. Those who click “Next Step” after providing that information are asked to add a payment card to cover the $2.20 “redelivery fee.”

After clicking “Pay Now,” the visitor is prompted to verify their identity by providing their Social Security number, driver’s license number, email address and email password. Scrolling down on the page revealed more than a half dozen working links to real fedex.com resources online, including the company’s security and privacy policies.

While every fiber of my being hopes that most people would freak out at this page and go away, scams like these would hardly exist if they didn’t work at least some of the time.

After clicking “Verify,” anyone anxious enough over a wayward package to provide all that information is redirected to the real FedEx at Fedex.com.

It appears that sometime in the past 12 hours, the domain that gets loaded when one clicks the link in the SMS phishing message — returns-fedex[.]com — stopped resolving. But I doubt we’ve seen the last of these phishers.

The true Internet address of the link included in the FedEx SMS phishing campaign is hidden behind content distribution network Cloudflare, but a review of its domain name system (DNS) records shows it resolves to 23.92.29[.]42. There are currently more than three dozen other newly-registered FedEx phishing domains tied to that address, all with a similar naming convention, e.g., f001bfedeex[.]com, g001bfedeex[.]com, and so on.

Now is a great time to remind family and friends about the best advice to sidestep phishing scams: Avoid clicking on links or attachments that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of negative consequences should you fail to respond or act quickly.

If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites.

Spider-Man Chairs For Kids

/0 Comments/in /by

With “Spider-Man: No Way Home” approaching cinemas and Christmas just around the corner, it’s time to celebrate!

And what’s more festive than spider-strength chairs for kids? Give your little one something special this Christmas – and a good quality chair never hurt anybody.

Why Spider-Man, Of All Superheroes?

Well, not only is he the most easily recognizable one but also probably the favorite of many kids. Furthermore, Marvel is known for its careful balancing of dark and bright, with Spider-Man’s motto – “With great power comes great responsibility” – embodying this approach perfectly.

It is proven that youths want something which they could relate themselves to. Spider-Man is perfect for this role. It is because Peter Parker is just an ordinary guy, who by chance, got his powers. Plus, he is very human – not over-the-top good nor evil. Because of the great responsibility factor, kids can see him as a mentor and role model.

Spider-Man is one of the most popular characters in the history of comics. Since his first appearance in 1962 up until now, the superhero created by Stan Lee and Steve Ditko has inspired children across generations with his incredible strength and powers.

But what does a Spider-Man chair mean to your kid? Well, there is nothing more satisfactory than seeing your child happy and excited about their favorite superhero. Such artificial happiness will not only give you some good vibes but also strengthen the bond between you and your child. That’s the magic of Christmas, right?

Best Spider-Man Kids’ Chairs

So, without further ado, here are the best chairs of Spider-Man you can find on the market right now.

Delta Children Figural Upholstered Chair, Marvel Spider-Man

ASIN: B00QNWEOA6

There can be no kids’ chairs ranking without the trusty products of Delta Children! Delta children are known for their attention to detail since this model has all the features you are looking for in a superhero chair. You can buy it online via Amazon for a great price!

It is a perfect size for kids, with a height of 18 inches and a width of 16 inches. It is not only fun but also very comfortable – with soft polyurethane foam filling and vinyl upholstery. Plus, it can hold up to 100 pounds!

With all these remarkable features, you can buy it for your kid, and be sure they will love it!

Delta Children Spider-Man Cozee Fluffy Chair with Memory Foam Seat

ASIN: B0925MK7YW

If the upholstered chair is not your style, how about a Spider-Man bean bag chair? It can be an excellent fit for both boys and girls, with its super-soft fur.

It’s also very comfortable thanks to its memory foam seat, which will let your kid sink in during long hours reading or watching TV. This model has everything you are looking for – it is well made, comfortable, and has a great design. It also comes with a fantastic price tag via Amazon!

The Spider-Man bean bag chair is excellent for those aged 2 and up.

Delta Children Chair Desk With Storage Bin, Spider-Man

ASIN: B015WKNNS8

Do you have a kid who just loves Spider-Man, but always has homework to do?

Delta Children Spider-Man Chair Desk is the perfect solution! It’s an all in one – chair and desk combo that children from ages 4 years old can use.

Your kid will love it not only because of the cool design but also because of the many features it has. It’s safe to use, with no sharp edges and has a storage bin under the seat. What is more – it is very sturdy and durable!

With its affordable price via Amazon, you can get this fantastic kids’ chair desk combo that will turn your kid into an absolute Spider-Man geek.

Idea Nuova Marvel Spider-Man Toddler Nylon Bean Bag Chair with Piping & Top Carry Handle

ASIN: B091D8P839

If you are looking for a Spider-Man kids’ bean bag chair for your toddler, then this model can be perfect.

It’s very comfortable, thanks to its soft yet durable nylon filling. It is also filled with safe materials that will not harm your child. Very easy to maintain – all you have to do is spot clean it!

It is an excellent chair that kids of various ages can use. Plus, it comes with a top carry handle so that you can move it around without any issues. This is not your regular bean bag chair – its shape is quite unique, making it perfect for any kid.

Needless to say that with such a cool design, it will be hard not to buy the Idea Nuova Marvel Spider-Man Toddler Nylon Bean Bag Chair!

Idea Nuova Marvel Spider-Man Figural Camp Chair for Kids

ASIN: B086M3XSBY

Are you thinking about taking your little superhero on an adventure?

Then the Idea Nuova Marvel Spider-Man Figural Camp Chair would be a perfect fit. It’s a great way to give them a comfortable seat anywhere you go.

This kids’ camp chair is lightweight, easy to fold and carry around with you, and very sturdy and durable. You can buy it via Amazon for an affordable price!

It has a great design – it’s safe, comfortable, and can be folded into a small size. It comes with carrying straps that allow you to take it on various adventures -outdoors and indoors!

If your kid loves Spider-Man, then the Idea Nuova Marvel Spider-Man Camp Chair is a must-have!

Idea Nuova Marvel Spider-Man Micromink Bean Bag Chair

ASIN: B08QVBD3S1

They say there is no such thing as too many bean bag chairs! And I agree – whether you are looking for a chair for your kid or even yourself, there is no such thing as having too many.

The Idea Nuova Marvel Spider-Man Micromink Bean Bag Chair is a unique model that offers many great features. For example, it’s very soft and cozy, has a plush microfiber surface, and comes with a Spider-Man mask design.

It’s made of top-quality materials that will provide you with many years of use. Plus, thanks to its plush design, it’s very comfortable.

This amazing bean bag chair is great for all fans of Spider-Man – adults and children alike! In need of a gift idea?

KidsEmbrace 2-in-1 Harness Booster Car Seat, Marvel Spider-Man

ASIN: B00SUK91K2

Do you have a car and like to travel with your kid? Then you might want to consider getting KidsEmbrace 2-in-1 Harness Booster Car Seat, which will not only transport your child safely but will also bring them a lot of joy.
It’s a very stylish car seat that kids between 22 and 100 pounds can use, and with its modern design, it will look great in any car.

The car seat can be used in 2 different ways: forward-facing for children weighing 22 – 65 pounds and 29 – 49 inches in height. After that, the car seat can be converted into a belt-positioning booster for kids 40 – 100 pounds and 38 – 57 inches high.

This seat has undergone a side impact test according to federal motor vehicle safety standards (FMVSS 213). This car seat is definitely worth buying – it will keep your kid safe while they enjoy the fantastic Spider-Man design!

Superhero kids’ chairs

Spider-Man is a very popular superhero among children from all over the world. Every kid wants to be like Spider-Man – protect New York, fight crime, and have superpowers!

With one of these amazing Spider-Man chairs, you can make your child’s dreams come true. Teaching them that with great power comes great responsibility at a young age is a perfect idea.

These kids’ chairs and bean bag chairs will make your kid feel like they are almost Spider-Man themselves! They will be more than happy to sit in them with such excellent designs that resemble the superhero.

They’re also safe, durable, and comfortable – what else can you ask for? For many parents, it’s a struggle to find the right kids’ chairs and bean bag chairs that will keep their child happy and satisfied, but with these amazing Spider-Man designs, they can do just that!

The post Spider-Man Chairs For Kids appeared first on Comfy Bummy.

Feature Spotlight: Announcing Leading Zero Trust Partnerships for XDR-Powered Autonomous Response

/0 Comments/in /by

In response to the evolving threat landscape, organizations are moving from their legacy layered network defense to a Zero Trust security model. 85% of organizations have already defined Zero Trust initiatives but often don’t know where to start. With Zero Trust, organizations follow the “never trust, always verify” approach, which dictates that endpoints, user identities, applications, and the corporate network are no longer trusted by default. SentinelOne is committed to helping organizations succeed as they shift to a Zero Trust security model.

With the rise of credential stuffing attacks and ransomware, endpoints and identities are two of the most commonly exploited attack vectors to gain access to an organization’s data.

Attacks like these have made organizations reconsider the ‘trust by default’ approach. Insider credentials are attractive targets for attackers as they can be taken advantage of for elevated access. In contrast to attacks originating from outside of the corporate network, adversaries can leverage the implicit trust given to an identity or endpoint to move laterally within an organization’s network.

Many customers today interconnect their endpoint and identity security solutions to gain complete visibility on compromised users. This is often done through their Security Information and Event Management (SIEM) or User and Entity Behavior Analytics (UEBA) solution.

However, this results in several disadvantages:

  • Struggles with scalability
  • Requires setup and maintenance of integration
  • Limited automation opportunities for automatic remediation
  • Lack of real-time detection and response, relying on logs and events after-the-fact to reconstruct attacks
  • Lack of prevention capabilities to stop attacks from progressing, no automated response and recovery

As organizations move to a Zero Trust model, they are looking to understand how they can continuously verify the trust of all their assets and provide explicit just-in-time access. To achieve that, organizations are looking into Extended Detection and Response (XDR) as their modern security platform that can solve the data ingestion, data analytics and processing, and central response problem.

Adopting Zero Trust Model

Whereas legacy models focused on neutralizing threats originating outside an organization’s network, Zero Trust acknowledges that threats may well exist both inside and outside the network. Legacy security models trust by default the endpoints and identities within their sphere of influence; in contrast, Zero Trust follows the principle of “never trust, always verify” for all endpoints and identities.

By successfully adopting Zero Trust, organizations can perform risk-based access control and leverage the concept of least privileged access for every access decision. Organizations that successfully adopt a Zero Trust concept become more effective in protecting their assets and faster at responding to cyber threats. Ultimately, adopting Zero Trust will help organizations to reduce risk as well as Mean-time-to-Detect (MTTD) and Mean-time-to-Respond (MTTR).

SentinelOne for Zero Trust

The SentinelOne Singularity XDR extends visibility, analytics, and response capabilities across endpoint, user identity, cloud applications, and the network, enabling Singularity XDR to power the organization’s Zero Trust security model.

To achieve that, SentinelOne has partnered with leading solutions in Identity and Access Management (IAM), Cloud Application Security Broker (CASB), and Network Detection Response (NDR) to provide a best-of-breed Zero Trust security model where organizations can choose the vendors of their own choice.

“Open ecosystems are critical to a Zero Trust strategy as organizations look to use best-of-breed solutions” David Baldwin, Director of Product Management for Ecosystem, SentinelOne.

Protecting User Identity with Azure AD Integration

SentinelOne is a member of the Microsoft Intelligent Security Association and is excited to announce the general availability of the SentinelOne App for Azure Active Directory. The SentinelOne Singularity XDR Platform integrates Microsoft Azure Active Directory (Azure AD), a leading enterprise identity and access management solution, to provide Zero Trust capabilities for endpoints and identities. Through the integration, organizations benefit from autonomous response capabilities that help security professionals respond to cyber threats faster.

​​“Global cyberattacks attacks like Kaseya or SUNBURST are a constant reminder of the importance of modernizing legacy security architectures”, said Sue Bohn, Vice President of Program Management, Microsoft. “The integration between SentinelOne and Azure Active Directory will allow organizations to combine leading endpoint and identity solutions to embrace a Zero Trust security model.”

“Joint customers benefit from built-in integration for autonomous real-time response actions”, said Raj Rajamani, Chief Product Officer, SentinelOne. “Bringing together leading endpoint and identity solutions will go a long way towards helping customers develop and mature their Zero Trust programs”.

Through the SentinelOne App for Azure Active Directory, when an endpoint is compromised, the impacted user identity information is shared in real-time with Azure AD, allowing the organization’s Conditional Access policy to prevent access to corporate resources and services.

With SentinelOne and Microsoft, organizations can begin their Zero Trust journey by unifying endpoint security and identity management for conditional access. With seamless integration, connect SentinelOne Singularity XDR to Microsoft Azure AD to enforce identity policy and automatically respond to threats.

With this powerful integration, joint customers can:

  • Enforce MFA for user identities authenticated on a compromised endpoint
    When a user is authenticated on a compromised endpoint you can enforce MFA.
  • Block access for compromised user identities
    Block in real-time access to corporate resources and services for users authenticated on a compromised endpoint.
  • Limit access for compromised user identities
    Limit access to corporate information when the user is using a compromised endpoint.
  • Hassle-free connection between Singularity and Azure Active Directory
    No complex API work is required or manual maintenance required.

Monitor, Secure and Enforce Endpoint Policies

Today endpoints, regardless of whether they are workstations, laptops, mobile devices, or servers, often have different configurations, patch statuses, and operating systems, leading to inconsistent approaches to applying security policy. This problem is compounded by the rise of bring-your-own-endpoint (BYOD) and the loss of visibility from legacy network controls due to the rise of remote and hybrid working practices.

Adopting Zero Trust for endpoints can assist organizations in reducing this risk by providing the means to monitor, isolate, secure, control, and remove any endpoint from the network at any time. When integrated into a Zero Trust ecosystem, endpoints can provide valuable trust signals when determining whether to grant network access, including the endpoint’s identity, health, and compliance status.

SentinelOne Singularity XDR Protection combines next-gen prevention and Endpoint Detection Response (EDR) capabilities in a single platform with a single agent.

With Singularity, organizations benefit from:

  • Robust Prevention & Control
    Replace legacyAV solutions with Static AI models trained to detect threats by looking at various static attributes extracted from executables, eliminating dependencies on signatures, and offering superior detection of file-based threats.
  • Threat Detection with Storyline™
    Behavioral AI evaluates threats — like fileless attacks, lateral movement, and actively executing rootkits — in real-time, delivering high-fidelity detections without human intervention.Individual events are automatically correlated into a context-rich Storyline to reconstruct the attack from start to finish.
  • Automated Remediation
    Patented 1-click remediation automates threat resolution with fully autonomous responses that trigger protective actions in real-time. SentinelOne provides a clear picture of an endpoint’s health, management status, and the ability to automatically quarantine or remediate it to bring the device into compliance.
  • Singularity Conditional Policy
    Organizations struggle to balance between security and user productivity. When looking at security configurations, they typically treat all endpoints equally regardless if they are compromised. With Singularity Conditional Policy, organizations can change in real-time security enforcements depending on whether an endpoint is compromised.
  • Device Hardening and Control
    SentinelOne’s Device Control suite helps organizations embrace a more hardened posture for data loss prevention by restricting USB, Bluetooth, and Bluetooth Low Energy communications. Admins can restrict by endpoint class – for example, USB mass storage endpoints – which dramatically reduces the potential attack surface for insider threats and data loss.

Protect Cloud Workloads and Applications

According to Forrester, “public cloud migrations and other disruptive IT changes have often acted as a good vehicle for achieving a Zero Trust security model.”

A Zero Trust solution for cloud workloads must provide a repeatable and consistent approach to securing private, public, hybrid, and multi-cloud environments. Regardless of the public cloud environment, it’s the organization’s responsibility to monitor their cloud attack surface, which is just as vulnerable to compromise as user endpoints.

With Singularity Cloud Workload Security, organizations benefit from:

  • Runtime Protection
    Runtime protection and EDR for virtual machines (VMs) and containerized workloads. Organizations can manage and secure hybrid, private, and multi-cloud workloads from a single console with a single agent. Workload health status is available in real-time and affected workloads can automatically be brought back into compliance.
  • Automated Application Control
    Application Control preserves the immutable nature of the workload by employing a default-deny posture for any new code not present in the validated initial VM or container image. Not only does this harden the image itself, but it prevents attackers from executing arbitrary code that could be used for compromise or lateral movement.
  • Cloud Application Access Control
    Cloud application access control enables default-deny policies for access to cloud workloads and services. Cloud services are denied by default, reducing the amount of shadow IT and shadow cloud usage. Only approved endpoints will access the cloud resources and can be managed by exception by the security team.

Segment and Control Network Access

Networks have evolved due to the rise of remote work, and our perception of the network perimeter has evolved as well. Managed networks are no longer contained to a single location; they exist wherever devices, cloud workloads, and mobile devices access corporate resources.

With Singularity, organizations can better see and control their network with:

  • Attack Surface Visibility and Control
    To gain visibility into the network, SentinelOne Singularity Ranger turns endpoints into distributed network sensors that provide monitoring of the enterprise attack surface in real-time. SentinelOne agents actively fingerprint and inventory all IP-enabled endpoints on the network to identify abnormal communications and open vulnerabilities.With Ranger, risk from devices that are not secured with SentinelOne can be mitigated by either automatically deploying an agent or isolating the device from the secured endpoints. This is how Ranger can be used to effectively reduce the attack surface.
  • Zero Trust Network Access
    SentinelOne’s integrations with Zscaler and Cloudflare uses device signals from SentinelOne to inform ZTNA access decisions. Information about the endpoint, including whether it is managed and has a SentinelOne agent installed, is provided to Zscaler and Cloudflare. This information is combined with contextually relevant information from an identity provider to determine a point-in-time network access decision.
  • Microsegmentation
    SentinelOne’s integration with Guardicore provides centralized visibility of network activity, including network data generated from endpoints and cloud workloads. SentinelOne agents report metadata to Guardicore that creates detailed visibility and network topology in the Guardicore console for decision-making, forensics, and micro-segmentation policy creation. Policies can be exported from Guardicore, where SentinelOne’s native firewall controls enforce them. Guardicore can define segmentation and micro-segmentation policies and then use the SentinelOne APIs to enforce them on the agent.
  • Network Detection Response
    SentinelOne integrates with a number of NDR solutions including Vectra AI, Awake Security (Arista Networks), and Fidelis. The combination of SentinelOne’s EDR with partner NDR capabilities provides visibility, detection, and response for both managed and unmanaged endpoints. While NDR connects related network activity into a broader attack map, SentinelOne provides contextual awareness by enriching information coming from managed endpoints such as device name, last logged-in user, operating system details, and other endpoint characteristics. This provides comprehensive threat detection, rapid and effective response, endpoint containment, and forensic analysis capabilities.

Summary

SentinelOne has partnered with other leading vendors to build the first-of-its-kind Zero Trust platform. Organizations have a wide variety of available vendors that can be integrated into a unified security platform, allowing organizations to benefit from data ingestion at scale, data analytics, and centralized autonomous response capabilities.

Want to learn more about SentinelOne for Zero Trust? Choose the path that suits you or your team best:

Accelerate Your Journey to Zero Trust with SentinelOne
Join the Webinar with Milad Aslaner & Jeremy Goldstein

Save Your Spot

Are Non-IsoFix Car Seats Safe?

/0 Comments/in /by

The short answer is: Yes! But check this article from ComfyBummy for the details.

Are non-Isofix car seats safe to use? This question comes up pretty often, and we did some research to bring you the answers you are looking for.

Although we are very invested in a child’s comfort and proper sitting position, one more thing is equally important: safety.

A car crash is the most common cause of death in children between one and fourteen years old. In most cases, death or injuries happen because of a collision with another car. Injuries usually occur to the head and neck areas which are not protected by seatbelts.

Accidents can also happen relatively easily: even at a sudden stop or during turns. Again, that is one of the reasons for using an appropriate type of child restraint system that protects your child from injuries in case of a crash.

How to choose the right car seat for your child?

There are a few things to consider when purchasing a car seat for your child.

Child’s age, size, and weight.

Let’s start with infant seats which are the safest for infants up to 12 months of age (9 kg – 20 lbs). These car seats make them feel like they are still in mama’s arms, and the reclined bucket seat position keeps their head against the shell rather than flailing it around during a sudden stop. Another essential thing is special straps to hold your baby’s head and neck in case of an accident.

Britax B-Safe Gen2 Flexfit Infant Car Seat

ASIN: B08RKXK1ZJ

An infant seat should stay rear-facing for as long as possible (until the height and weight limits allow it). When moving from a car seat to a belt-positioning booster, make sure it fits both your child and the belt.

Remember to move your child from a 5-point harness into a belt-positioning booster as soon as their shoulders reach the top slots of the car seat and they are mature enough to stay adequately seated during a ride without leaning forward. Usually, this happens around 4 years old or when they weigh more than 22 kg (48 pounds), typically the weight of 6-7-year-olds.

Chicco KidFit 2-in-1 Belt-Positioning Booster Car Seat

ASIN: B07ZPP4DSS

If you are thinking about getting a convertible car seat, it will stay rear-facing for longer – up to 4 years which is also the legal requirement in many countries (check your local regulations). After switching to a front-facing position, these seats can be used until the height and weight limits are reached.

Graco Extend2Fit Convertible Car Seat

ASIN: B019EGMGR0

Always make sure your child fits properly in a car seat and always follow the height and weight limits mentioned in the user manual. Children should be restrained with a 5-point harness or seatbelt, depending on their car seat. Inflatable seatbelts are not safe for children because they do not fit well around the hips and shoulders.

Proper position

And don’t forget about proper positioning! If you want your kid to be safe, make sure the harness is snug and lower on the thighs, near hips (no shoulders!). Some types of child restraints are not appropriate for newborns. For example, rear-facing seats should only be used in the car since they can be very dangerous when placed on any other surface (even a flat floor).

Ease of use

You also need to consider practical matters like size and ease of use. Some car seats are much easier to install than others which can be a problem, especially when you have more than one child who needs a ride.

In the end, remember to install and use a car seat correctly – do not assume that others will know how to do it properly. Ask your friends and family for help if you doubt or have problems installing or using a particular seat. Your child’s safety is only your responsibility!

When it comes to car seats, there are two types of installation: Isofix and seatbelt. Each type has its advantages and disadvantages.

The European standard Isofix is the safest way to install a car seat. You just need to push your car seat into an Isofix base that stays in your car, and you are good to go!

Let’s take a closer look at the Isofix system.

What is Isofix?

Isofix is a car seat installation system introduced by the European Union in 2004 to enable easier and safer attachment of car seats to vehicle seats.

The Isofix system uses metal bars attached to the vehicle’s floor, with special sockets on the car seat’s base that attach to these bars.

This makes it securely fastened to the car and easier to attach by the user.

Do all the cars have Isofix?

Isofix is a standard in most modern vehicles, which means that the metal bars are present in all cars that meet minimum requirements.

This also means that any car seat with an Isofix fitting can be attached to these bars. The requirement of the car seats is higher because you are adding extra forces when you connect it with 6 points harness.

You can check if your car is Isofix compatible by looking for the metal bars on the car’s floor.

There are also caps that cover them when they are not used, so you can see if someone removed one of them or these metal bars simply don’t exist in your car – which is very unlikely.

Are all Isofix bases the same?

No, they are not.

Each manufacturer has its own Isofix base with specific characteristics.

They can fit different types of car seats, have different ways for fixing them to the metal bars or even different dimensions of these bars. This means that you need to use only one brand when purchasing a new base – otherwise, your child’s car seat will not be safely attached to the car.

The Isofix bases are made up of metal bars that attach to the car’s floor and a plastic cap with holes on it.

Do you need to use a seatbelt with an Isofix base?

Yes, you should. This is a requirement from the European safety standards for car seats.

It’s called “Universal Anchor to the Car,” meaning any seat must be attached with both Isofix and seat belt to be considered safe enough.

This guarantees that the seat will not move while driving, which is very important for smaller children.

How to check if the Isofix car seat is installed correctly?

You can tell if your child’s car seat is correctly attached by looking at two white lines painted next to each other on top of one of the metal bars. These lines should be horizontally level and parallel to each other.

You can also check if the seat is appropriately fixed by pulling on it with all your strength and checking if it moves more than 15 cm (6 inches) in any direction.

Also, once you’ve found an Isofix base that fits your car seat, make sure to attach it with the car seat every time you use the vehicle.

Isofix or car belt – which is safer?

First of all, the difference between Isofix and seat belt installation is that an Isofix car seat has two metal bars underneath it that are firmly attached to the back seat. Those bars connect with a click when you push the child’s seat in place. So there’s not much room for mistakes when installing the seat securely in your car.

You can install the Isofix car seat with a seat belt too. But in this case, you have to pull the shoulder part of the seat belt very tightly over the child’s car seat, then push it down firmly on one side and do that for both sides. When your car has 3-point belts in the back, that means you have to pull the belt very tightly over the seat and across the child’s shoulder.

If you didn’t attach an Isofix car seat correctly, it could easily move during a crash or sudden braking.

When an accident happens, things can change very quickly. Your child needs the best protection you can give them!

That’s why it’s crucial to choose the right kind of safety gear for your little traveler.

This is why we recommend choosing a seat with an Isofix base, also when it’s more expensive. That way, you install the seat correctly every time.

To be extra safe, you can use Isofix car seats with an Isofix base for your youngest kids or those who are still rear-facing.

When it comes to the Isofix vs. Belt installation – it’s generally safer to use an Isofix seat than a belt – but that doesn’t mean that belts should not be used. Kids who are too small for an Isofix seat can be seated with a 3-point belt.

Is Isofix car seat worth it?

Yes! Isofix car seats are worth it for several reasons.

First of all, most of them are very lightweight and easy to carry around. If you travel a lot with your baby – that’s something you’ll appreciate.

Secondly, some models have a very slim profile after you fasten them to the metal bars. That way, they don’t take much space in your car – especially if you have a small vehicle or need more storage room.

Thirdly, many of these seats come with excellent safety features that protect kids in an accident. But make sure to always check if the car seat you choose comes with comfortable straps and is easy for your child to use.

When is your child ready to switch from infant seat to children seat?

There is no universal answer to this question since it depends on several different factors. But don’t worry – we have got you covered!

First things first: safety ratings and instructions should be the primary source for proper guidance. If a car seat is not recommended by experts and fellow parents or doesn’t include proper information regarding age, height, and weight requirements, it simply means it is not designed for your child.

And remember: We are all different, and there might be children who exceed height, weight, or age recommendations even though they feel uncomfortable in a regular forward-facing car seat. In the end, only you can decide if it’s safe to let them stay in a particular type of restraint until they turn four or five years old.

The post Are Non-IsoFix Car Seats Safe? appeared first on Comfy Bummy.

Amazon Black Friday Sales For Kids Chairs And More

/0 Comments/in /by

Black Friday on Amazon is the best time to find deals on most baby products and kids’ stuff. Often, baby products and equipment will go down in price by anywhere between 10 and 50%. It is also an excellent opportunity to save up if you need some furniture for your children.

We compiled this list of best Amazon Black Friday sales for kids, which will hopefully save you some time while shopping on the world’s largest online retailer. Remember to check out these Black Friday deals to get more information about any discount that might interest you – you will find new offers every day!

Kids Chairs And Table Sets

If you need a table and chairs for your kids, you should definitely check the sales on Black Friday. The possibilities are endless – all you really need to do is know how many chairs and what kind of table your kid needs. Here are the best Black Friday deals on Amazon right now:

Humble Crew Kids Wood Table and 4 Chair Set

20% Off

This set from Humble Crew is a great choice for small kids. It comes with a table and four chairs, all made of wood. The chairs are also stackable, making them easy to store away after use or between playtimes.

Humble Crew Kids 2-in-1 Plastic Building Blocks-Compatible Activity Table and 2 Chairs Set

28% Off

This table and chair set from Humble Crew are ideal for toddlers. It comes with a table and two chairs, all made of durable plastic. It also comes with plastic building blocks that can be used to build various things. They are compatible with other leading brands of building block sets, so you don’t have to worry about switching between brands. Perfect for creative kids and parents.

Baby Relax Hunter 3 Piece Kiddy Table and Chair Set

55% Off

This 3 piece kiddy table and chair set from Baby Relax is an excellent choice for small children. It comes with a small table and two chairs, all made of solid wood. They are made to last and can be used for years to come. If you need this set, now is the time to buy it as it is going for a great discount.

Kids’ Outdoor Chairs

If you have kids, you probably need at least a couple of chairs made to be used outside. It gets extremely hot during summer, and sometimes it can be difficult keeping kids in the house all day long. With these outdoor chairs, your child will now have a place to relax when they want to get some fresh air. It

Here are the best deals for kids’ outdoor chairs that you can find on Amazon:

Baby Delight Go with Me Venture Chair

22% Off

This baby chair from Baby Delight is excellent for kids of all ages. It folds easily and can be carried around effortlessly. It also comes with a sun canopy that protects your child from the sun’s harsh rays when they are out in the open. The frame itself is made to last and is built of high-quality materials.

Hook-On Baby Chair

20% Off

This baby chair is ideal for kids below 16 kg. It can be easily attached to your existing dining table, and it comes with a harness that protects your child’s safety at all times. The kid’s chair can be hung anywhere as long as there is a stable structure, and it will remain there firmly.

Kid’s High Chair Black Friday Sales

Black Friday is an excellent time to get your kids a new high chair. There are plenty of different chairs available, with each one being different in some sense or the other. Here are the best Black Friday deals on Amazon for kid’s high chairs:

Abiie Beyond Wooden High Chair with Tray

20% Off

This solid wood high chair from Abiie comes in a rich walnut finish and a tray that can be easily attached. You can use it for your infant or toddler, thanks to the adjustable three-position reclining seat. It also has a five-point harness system that keeps your child safe at all times. Solid wood is highly durable and makes the high chair an excellent choice.

Graco DuoDiner DLX 6 in 1 High Chair

29% Off

If you don’t want to buy a high chair, why not consider buying one that can be easily transformed into a different type of seating? This 6 in 1 high chair from Graco transforms into a toddler seat and a booster seat. It is good quality and suitable for kids up to 50 pounds.

Black Friday Car Seat Deals

Car seats are a major necessity for young children, and it might be a good idea to invest in some high-quality items as they will last for years before you upgrade them. If you buy from Amazon on Black Friday, there is a chance that you can save up to 40% on car seats. Here are the best deals right now:

Baby Trend Secure Snap Tech 35 Infant Car Seat

30% Off

This car seat from Baby Trend is designed to keep small children safe while they travel. It comes with an adjustable base that allows it to fit into all cars and has an integrated anti-rebound bar on the front. It is also equipped with five-point harnesses and can be used for babies between 5 and 35 pounds.

Graco SnugRide SnugLock 35 Elite Infant Car Seat

20% Off

This car seat from Graco is one of the best Amazon Black Friday deals for kids. It comes with a cushioned base which makes it safe but also easy to clean when needed. The Snuglock technology allows you to easily install this in all types of cars without too much hassle. It is equipped with five-point harnesses and can be used for babies between 5 and 35 pounds.

Diono Radian 3RXT, 4-in-1 Convertible Extended Rear & Forward Facing Car Seat

26% Off

This car seat from Diono can be used in many different ways and serves a variety of functions. It has a high weight capacity and is equipped with energy absorption padding to keep your child safe while they travel. It also comes with adjustable headings and shoulder pads to adjust the seat’s interior to fit your child best.

Get Nursery Furniture On A Black Friday Sale

If you plan to decorate your child’s nursery, now might be the best time to do so. The right furniture will make your child’s nursery feel more comfortable and come with numerous benefits. You can get incredible savings on nursery furniture when you buy from Amazon on Black Friday. Here are some of the most exciting deals:

Bellababy Bedside Sleeper

15% Off

This bedside sleeper from Bellababy is a great choice for those who want to have their baby close by but also want to give them some privacy. It can be used as a bassinet and a crib and comes with some storage space underneath, which you can use to store toys or diapers.

Touched by Nature Unisex Baby Organic Cotton Nursery Blankets 7-Pack

35% Off

These blankets from Touched by Nature are made of 100% organic cotton and can be used throughout the year. They can be used as a blanket in the winter or a sheet when it is warmer. They are available in different designs and come at a great discount.

BONBAY Bionic Baby Lounger

20% Off

This is one of the best Black Friday deals for parents looking for a comfortable place to put their babies when they are not sleeping in the crib. It is made of breathable fabric, which allows your baby to be rested and relaxed, even when it’s pretty hot outside.

Big Joe Fuf Beanbag Puff Chair

36% Off

This beanbag chair comes in a variety of colors and serves multiple functions. It can be used as seating or as a footrest while you are cuddling a baby. It is also made of durable materials and is easy to clean. The beans inside it can be easily adjusted, allowing you to choose the firmness of your beanbag chair.

GoodBaby Baby Monitor with Remote Pan-Tilt-Zoom Camera

15% Off

This baby monitor is an excellent choice for those who want to keep an eye on their child while they are sleeping. It can be used as a standard monitor or as a camera which allows you to see what’s happening in the nursery. It has some great features and comes with a remote which will enable you to move the camera around.

Conclusion

While Black Friday is a fantastic day to shop for stuff, it also features some of the best deals when it comes to things for your baby. If you are looking forward to getting a great deal on one or more of these products, then make sure to take a look at Amazon!

The post Amazon Black Friday Sales For Kids Chairs And More appeared first on Comfy Bummy.

The ‘Groove’ Ransomware Gang Was a Hoax

/0 Comments/in /by

A number of publications in September warned about the emergence of “Groove,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists.

“An appeal to business brothers!” reads the Oct. 22 post from Groove calling for attacks on the United States government sector.

Groove was first announced Aug. 22 on RAMP, a new and fairly exclusive Russian-language darknet cybercrime forum.

“GROOVE is first and foremost an aggressive financially motivated criminal organization dealing in industrial espionage for about two years,” wrote RAMP’s administrator “Orange” in a post asking forum members to compete in a contest for designing a website for the new group. “Let’s make it clear that we don’t do anything without a reason, so at the end of the day, it’s us who will benefit most from this contest.”

According to a report published by McAfee, Orange launched RAMP to appeal to ransomware-related threat actors who were were ousted from major cybercrime forums for being too toxic, or to cybercriminals who complained of being short-changed or stiffed altogether by different ransomware affiliate programs.

The report said RAMP was the product of a dispute between members of the Babuk ransomware gang, and that its members likely had connections to another ransomware group called BlackMatter.

“[McAfee] believes, with high confidence, that the Groove gang is a former affiliate or subgroup of the Babuk gang, who are willing to collaborate with other parties, as long as there is financial gain for them,” the report said. “Thus, an affiliation with the BlackMatter gang is likely.”

In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. Fortinet said the credentials were collected from systems that hadn’t yet implemented a patch issued in May 2019.

Some security experts said the post of the Fortinet VPN usernames and passwords was aimed at drawing new affiliates to Groove. But it seems more likely the credentials were posted to garner the attention of security researchers and journalists.

Sometime in the last week, Groove’s darknet blog disappeared. In a post on the Russian cybercrime forum XSS, an established cybercrook using the handle “Boriselcin” explained that Groove was little more than a pet project to screw with the media and security industry.

“For those who don’t understand what’s going on: I set up a fake Groove Gang and named myself a gang,” Boriselcin wrote. The rest of the post reads:

“They ate it up, I dumped 500k old Fortinet [access credentials] that no one needed and they ate it up. I say that I am going to target the U.S. government sector and they eat it up. Few journalists realized that this was all a show, a fake, and a scam! And my respect goes out to those who figured it out. I don’t even know what to do now with this blog with a ton of traffic. Maybe sell it? Now I just need to start writing [the article], but I can’t start writing it without checking everything.”

A review of Boriselcin’s recent postings on XSS indicate he has been planning this scheme for several months. On Sept. 13, Boriselcin posted that “several topics are ripening,” and that he intended to publish an article about duping the media and security firms.

“Manipulation of large information security companies and the media through a ransom blog,” he wrote. “It’s so funny to read Twitter and the news these days 🙂 But the result is great so far. Triggering the directors of information security companies. We fuck the supply chain of the information security office.”

Image: @nokae8

Throughout its short existence, Groove listed only a handful of victims on its darknet victim shaming blog, leading some to conclude the group wasn’t much of a threat.

“I wouldn’t take this call too seriously,” tweeted The Record’s Catalin Cimpanu in response to tweets about Groove’s rallying cry to attack U.S. government interests. “Groove are low-tier actors with few skills.”

Normally, when a cybercriminal forum or enterprise turns out to be fake or a scam, we learn the whole thing was a sting operation by federal investigators from the United States and/or other countries. Perhaps the main reason we don’t see more scams like Boricelcin’s is because there’s not really any money in it.

But that’s not to say his cynical ploy fails to serve a larger purpose. Over the past few years, we’ve seen multiple ransomware gangs reinvent themselves and rebrand to evade prosecution or economic sanctions. From that vantage point, anything which sows confusion and diverts the media and security industry’s time and attention away from real threats is a net plus for the cybercriminal community.

Tom Hoffman, senior vice president of intelligence at Flashpoint, said mocking Western media outlets and reporters is a constant fixture of the conversation on top-tier cybercrime forums. ”

“It is clear the criminal actors read all the press releases and Twitter claims about them,” Hoffman said. “We know some of them just want to inflict pain on the West, so this type of trolling is likely to continue. With the high level of attention this one got, I would assume we will see some other copycats pretty soon.”

Cyber intelligence firm Intel471 said while it’s possible that a single actor concocted Groove as a way to troll security researchers and the media, they believe it’s more likely that the actor’s attempt to create their own ransomware group didn’t work out as they had planned.

“It’s also important to remember that the true identity and nature of any Ransomware-as-a-Service gang is not always clear and the membership makeup or affiliates of these gangs can be fluid,” Intel 471 wrote. “Despite that and based on our research from multiple sources, which includes but isn’t limited to observations of shared infrastructure and victimology, we believe “boriselcin” operated the Groove blog and the RAMP forum. This individual is a well-known member of the Russian-language cybercrime community with ties to a number of ransomware gangs and in August offered $1000 for someone to design a ransomware victim shaming blog for Groove. We are skeptical of the claims raised by the actor that Groove was an elaborate hoax from the beginning although we wouldn’t be surprised to see further claims by the actor claiming this in future.”

Update, 5:56 p.m. ET: Included perspective from Intel 471.

Moving to a Zero Trust Security Model

/0 Comments/in /by

Recent cyberattacks like those on Colonial Pipeline and Kaseya, along with trends like the shift towards remote work have made many organizations realize the need to modernize their security model.

Historically, organizations utilized a perimeter-based security model as it helped them defend against cyber threats outside their corporate network. Layered network defenses have been the traditional approach to security for decades. Network-centric methods relied heavily on physical sensors—like firewalls, Intrusion Prevention System (IPS), and Intrusion Detection System (IDS)—to control and secure north-south traffic. Once inside the corporate network, trust was implicit and given to everyone.

This security model introduced significant blindspots as organizations started to utilize cloud solutions, and employees, contractors, and partners were required to connect to corporate resources outside the corporate network. Today, almost all enterprises use cloud services. In the U.S. alone, organizations expect that 60% of their workforce will be mobile workers, and 87% of businesses depend on the employee’s ability to access business information on their mobile devices.

In the past, most resources and services that store corporate data were protected behind the corporate network. This has changed with the adoption of cloud applications like Office 365, Slack, or Dropbox and the mobile workforce working virtually from anywhere. Today, many resources and services that were unthinkable to be accessible outside the corporate network are hosted in the cloud and outside the security boundary that a perimeter-based security model can protect.

As organizations move from a legacy perimeter-based security to a Zero Trust security model, they are looking for strategic partners to help them in their journey.

According to Neil Binnie, Head of Information Security and Compliance at Morgan Sindall Group PLC:

“Even before the COVID-19 pandemic, we had hundreds of mobile staff working from almost three hundred work locations as well as home offices and coffee shops. So we have always had to adopt a defense in depth approach with multiple virtual perimeters. Moving to the Zero Trust security model is a natural progression of that approach.”

Binnie says that organizations are looking to take advantage of AI-powered autonomous Extended Detection Response (XDR) platforms that help them make decisions based on an asset’s behavior.

“We review the trust relationship on a dynamic basis based on behaviors of the user identity and endpoint. The trust level can increase if the user passes a Multi-Factor Authentication (MFA) challenge, or the trust can decrease If the endpoint is infected with malware.” and “With Singularity Conditional Policy, we can increase the security controls for compromised assets automatically.”

As organizations are mapping out their transaction flow and protect surface, they are looking for ways to make easy sense of their telemetry data. “With Singularity Ranger, we were able to identify endpoints on our corporate network that may be part of the legitimate transaction but were previously not as well managed or monitored”, Binnie noted. “We leveraged SentinelOne Deep Visibility to help identify our transaction flows and protect surface.”

According to Binnie, moving to Zero Trust is a multi-year journey for many organizations, and it’s essential to identify a strategic partner that helps the organization. “We started our journey to move to a Zero Trust security model, and for that, SentinelOne is our strategic partner.”

Zero Trust Security Model Explained

With a Zero Trust security model, trust is no longer granted by default to anyone regardless of whether they are inside or outside the corporate network. Instead, Zero Trust follows the principle of “never trust, always verify”. The user identity and endpoint need to prove they are not compromised, and only then will they receive access to corporate resources and services.

Whereas legacy perimeter-based security models are focused on defending against threats coming from outside the network, Zero Trust acknowledges that threats may well exist both inside and outside the network. By successfully adopting Zero Trust, organizations can perform risk-based access control and leverage the concept of least privileged access for every access decision. That is why many organizations are looking to move from their legacy perimeter into a Zero Trust security model.

In a recent study, 42% of organizations confirmed that they plan to adopt a Zero Trust strategy. Additionally, 60% of North American organizations (and 40% globally) are currently working on  Zero Trust projects. The recent Executive Order (EO) on Improving the Nation’s Cybersecurity Zero Trust has become even further focused as the U.S. government looks to accelerate its Zero Trust adoption.

With Zero Trust, organizations become able to continuously monitor and manage the hygiene, risk, and hardening of their entire estate across endpoints, cloud workloads, user identity, and networks. To achieve that, organizations are looking for a security and data analytics platform like an Extended Detection Response (XDR) platform that can perform data ingest at scale, data analytics, and centralized incident response and access management.

Building a Zero Trust Security Model

While the end-state of a Zero Trust security model sounds very promising, the challenge that many organizations face is defining a blueprint on how they can begin their Zero Trust journey and successfully migrate from their legacy perimeter-based model to a Zero Trust security model.

It’s important to acknowledge that moving to a Zero Trust security model will take time and won’t happen overnight. Therefore, it is essential to understand where you are starting from and what the long-term objectives are.

To do so, you can utilize the Zero Trust maturity level matrix:

As organizations start their Zero Trust journey, this simple 5-step methodology can be helpful:

  1. Define your protect surface: This could be user information, personal identifiers, financial records, business information, assets, or anything else.
  2. Map transaction flows: This is tracking the way people are trafficked through a network.
  3. Architect the Environment: ZTN designs are unique per organization because your protected surface determines them.
  4. Outline the Zero Trust policies: Determine the Zero Trust policies by answering who, what, when, where, why, and how to access corporate resources and services.
  5. Monitor and Maintain the Environment: Gather telemetry, leverage autonomous solutions to perform analytics, detect anomalies and automatically respond based on the defined Zero Trust policies.

Next Steps

Everything is assumed to be breached in a Zero Trust environment, and endpoints and user identities must prove otherwise. An effective Zero Trust framework integrates best-of-breed solutions and existing infrastructure to fill security gaps without a forklift upgrade of the security stack. SentinelOne’s approach to Zero Trust provides the means for security teams to continuously monitor and manage the hygiene, risk, and hardening of their entire estate as part of a Zero Trust strategy.

If you would like to learn more about how SentinelOne can secure your business, contact us or request a free demo.