Apple Archives - Page 9 of 14 - Appunti dalla rete

The best productivity apps in 2023

The premise of this article’s headline is nonsense, sure, but it isn’t clickbait—I promise.

You’re almost certainly here because you searched for “best productivity apps.” I understand that impulse. You want to get more done in less time, which is about as universal a feeling as humans can have at work. The problem: productivity is deeply personal, and the words “productivity tools” mean a lot of different things to different people. What works for you may or may not work for me, which is why—after over a decade of writing about productivity software—I don’t really believe there are objectively “best” productivity apps.

5 things you should automate today

Start automating

I do, however, think there are categories of tools that can help you become a better version of yourself. Some of them work better for more people than others, and not everyone needs an app from every category. Knowing what kinds of apps exist, and what you should look for in an app, is more important than knowing what the “best” app in that category is.

Having said that, you’re here for software recommendations, not my personal reflections on the nature of productivity. So I’m going to go over the main kinds of productivity apps I think most humans who use electronic devices at work should know about. I’ll explain why I think each category is important, point to an app or two that I think will work well for most people, then offer links to other options if you want to learn more.

Just remember: the specific app doesn’t matter. The best productivity app is the one that works best for you. The most important thing is having a system. Sound good? Let’s jump in.

How we evaluate and test apps

All of our best apps roundups are written by humans who’ve spent much of their careers using, testing, and writing about software. We spend dozens of hours researching and testing apps, using each app as it’s intended to be used and evaluating it against the criteria we set for the category. We’re never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.

A to-do list like Todoist

We all have things we need to do—at work and in the rest of our lives. The worst place you could store those things, in my opinion, is in your mind. It’s just stressful: you’ll remember, at random moments, that there’s something you were supposed to be doing, and that memory will result in panic. Writing down everything you need to do allows you to make a plan, and (crucially) means you don’t have to panic.

Not everyone benefits from a dedicated to-do list app—some of the most productive people I know prefer sticky notes, email inboxes, or even spreadsheets. I think that’s great, so long as you have some place to record the things you need to do.

Todoist, our pick for the best to-do list app for balancing power and simplicity

I think that Todoist, shown above, is a great to-do list app for most people. It’s easy to use but also offers a lot of features. It can also be installed on basically any device you can imagine, meaning your to-do list is always available. It allows you to assign due dates to tasks, sort tasks by project, or even view a project using a Kanban board. You don’t have to worry about those features if you don’t want to, though, which is why I think it’s a great starting point for someone who needs a to-do list.

If Todoist doesn’t work for you, though, check out our list of the best to-do list apps—it’s got a wide variety of recommendations. I, personally, use TickTick because I like how easy it is to add tasks, and I also can’t stop saying good things about Things for sheer simplicity on Apple devices. Find a tool you like—and that you remember to actually open. There’s nothing less useful than an app full of tasks you never look at.

Once you’ve picked your to-do list app, make the most of it with automation, so you can easily add tasks that come in by email, team chat apps, project management tools, or notes. Read more about automating your to-do list.

A calendar like Google Calendar

There are only so many hours in the day, unfortunately, which means you have to budget them. A calendar is how you do that. You could use a paper wall calendar, sure, but a calendar app lets you invite other people to an event. Also, in a world where so many meetings are virtual, calendar apps give you a useful place to store the link to your Zoom call.

Google Calendar, our pick for the best free calendar app

I think that Google Calendar, shown above, is the right calendar app for most people—particularly people who already use Gmail. Google Calendar is easy to load on any device, lets you see your calendar in several different views, and makes it easy to invite anyone else to any event or meeting you happen to plan. I could write multiple articles on Google Calendar features (and I have). This app does everything any other app can do, and more, all while being pretty easy to use.

If Google Calendar doesn’t work for you, though, check out our list of the best calendar apps for more options. Microsoft Outlook is a solid alternative, as is the Calendar app that comes with all Apple devices.

I’d also consider looking into some kind of meeting scheduling app. These apps let anyone sign up for appointments with you, which is particularly useful if you have a meeting-heavy calendar. Calendly, shown below, is a solid option, with a lot of customizability and the ability to sync with Google Calendar. You can check out our list of the best meeting schedulers for a more complete rundown of Calendly and other options.

Calendly, our pick for the best meeting scheduler app for simplified scheduling

Once you choose a calendar app, take it to the next level. With automation, you can do things like automatically turn calendar events into tasks on your to-do list or use forms to create calendar events. Here’s how you can bring context to your calendar by connecting other apps.

A note-taking app like OneNote

I’m constantly taking notes: before and during meetings; while researching an article; while brewing beer. And I think most people have some class of information they’ll need to reference later that doesn’t quite meet the threshold of a “document.” Who wants a sprawling series of folders with all of that information?

This, to me, is what note-taking apps are for: quickly writing things down so you can read them later and (hopefully) follow up. They also work well as a personal journal, or a place to store files related to a particular project.

OneNote, above, is probably the note-taking app most people should try first. It’s free—so long as you don’t run out of OneDrive storage—and it gives you all kinds of ways to organize notes, from notebooks to sections to sub-headers. It also has powerful search, which includes the scanned contents of any images or PDFs you might drop in a note.

But OneNote isn’t the only option. You should check out our list of the best note-taking apps for more choices. If you loved Evernote back in the day, you should check out Joplin, which is a completely free and open source replacement for that app. And I personally love Obsidian, which turns your notes into an entire database, complete with internal links and an extensive plugin collection. There are a lot of good choices out there—find something that lets you write things down and dig them up later.

See our favorite ways to use automation to improve how you put your notes to work, track action items from meetings, and put an end to regular copy-paste actions.

A distraction blocker like Freedom

I’ve never tried to work in the middle of an amusement park, but I imagine it would be distracting. The internet is worse. Everything you could possibly imagine is available, all delivered by brilliant engineers who are doing everything they can to keep you looking at more and more and more of it. It’s understandable if you have trouble getting stuff done in that context, which is why apps that block distractions are so helpful.

Freedom, our pick for the best focus app for blocking distractions on all your devices at once

Freedom is a great tool for the job. It runs on every platform and can block distractions—both websites and apps—on all of your devices. That means you can’t, for example, block Twitter on your computer only to pick up your phone and look at it there. With Freedom, you can set up multiple block lists, then start timers for any of them.

I personally love Serene, which combines distraction blocking with a sort of to-do list. You say what you want to do and how long it will take, then you start a distraction-free session to work on it. There’s also Cold Turkey Blocker, which can optionally prevent you from changing the time settings on your computer as a way of working around the block you set up. You’ve got more choices, though, particularly if you’re a Mac user. Check out our list of the best distraction blockers to learn more.

Remember: the internet is distracting on purpose. There’s no shame in using a tool to build discipline.

A habit tracker like Streaks or HabitNow

My dentist tells me I should brush my teeth twice a day, and I believe him, but I tended to only brush at night. I used a habit tracker to change that.

These applications might sound similar to a to-do list, but they’re very different. You can’t add individual tasks to a habit tracker—only recurring ones. The idea is to set an intention to do something regularly, then keep track of how often you regularly do it. Eventually, you have a streak going, which psychologically motivates you to keep it up until the habit becomes second nature. Don’t laugh—it works.

Streaks, our pick for the best habit tracker for iPhone

We recommend checking out Streaks, shown above, for iPhone and HabitNow, below, for Android. These apps both live on your phone, which is the place you’re most likely to look. They both let you create a list of habits you’d like to build, then remind you about that intention. They also both show you your progress in various ways.

HabitNow, our pick for the best habit tracker for Android users

They’re not the only options, however; check out our list of the best habit tracker apps for more ideas. Also keep in mind that some to-do lists have habit-tracking capabilities built right in. I, personally, use TickTick‘s built-in habit tracker—I love it. And some people use a paper calendar for tracking a simple habit—just add an X every day you stick to your habit.

An app to save things for later like Pocket

I’d love to read articles or watch YouTube videos all day. We all would. Sometimes, though, you have to do something else—even though your friend just sent you a really, really interesting article. That’s where read-it-later apps come in. They let you quickly save something you intend to read, so that you can come back to it when you have time.

Pocket, our pick for the best read it later app for turning articles into a podcast

I think that Pocket, above, is the app of choice in this class. It’s free to use, offers extensions for every major browser, and also has great mobile versions that sync your articles for offline reading. There’s even built-in support for highlighting, then reviewing your highlights later.

Instapaper is a close second, and it even lets you send articles to your Kindle. These aren’t your only choices, though—check out our list of the best read-it-later apps for some more options. It’s also worth noting that some people use bookmarking apps or even note-taking apps for the same purpose, and that’s great—they both make it easy to save things for future reference.

Automate the process of saving articles by connecting your read-it-later app to Zapier. Here are some ideas to get you started.

A screen recording tool like Loom

Whether it’s for a quick presentation or troubleshooting a problem, sometimes recording what’s on your screen and sharing it just makes life easier. Screen recording tools are perfect for this, allowing you to quickly record your screen, your voice, and even your face if you have a webcam.

A screenshot of Loom, our pick for the best screen recording software for quickly recording and sharing on desktop

Loom is a great first tool to check out in this category. It’s easy to set up, works on all major platforms, and makes it really simple to share recordings. You can even add your face, via a webcam, to the recording.

I personally use Zappy, which was originally an internal tool used by Zapier. It’s honestly the best screenshot tool I’ve ever used, and it’s free—if you use a Mac, it’s worth a try. Check out our list of the best screen recording tools for more options, and keep in mind you can actually record your screen without any software, if you don’t mind managing the file yourself.

Want to share your screen in real-time? You need a screen sharing tool (Zoom works pretty well, surprisingly).

Other productivity tools worth checking out

This article could go on forever. There’s no end to great software out there, and I love writing about it. I think the above categories should save you all kinds of time—and take up plenty of your time to set up—but here are a few other suggestions if you’re feeling particularly motivated.

Password managers, like LastPass or 1Password, help you generate random passwords for all of your different services without the need for memorization. This is great for security, but it also makes logging in to stuff faster. Here’s a list of the best password managers.
Mobile scanning apps, like Microsoft Lens, let you scan documents using your phone while also digitizing any text using optical character recognition (OCR). Check out our list of the best mobile scanning OCR apps for more choices.
Text expansion tools, like PhraseExpress, mean you’ll never need to look up and copy-paste the same message to multiple people ever again. Read more about text expansion software, or learn how it can make you better at dating.
Dictation software, like Dragon by Nuance, lets you type by talking, which can save you all sorts of time. Here’s our list of the best dictation software.
Time tracking apps, like Toggl Track, are great for keeping track of how long projects take and making sure you’re not spending too much time on the wrong things. Take a look at our list of the best time tracking apps to find the right one for you.
Mind mapping software, like Coggle, helps you map the connections between different ideas while you’re brainstorming. Here are our picks for the best mind mapping software.
AI software, like OpenAI, could make all kinds of tasks easier in the future. It’s early, granted, but I already find it useful when I’m in the brainstorming phase of a project—I can ask the bot to generate ideas.

Once you have apps set up in some of these categories, you can take the whole productivity thing even further. Automation software like ours at Zapier connects all the other apps you use, with workflows you can build yourself—no code required. Like the tools above, Zapier won’t solve every problem you have, but it’s a great way to connect tools that otherwise don’t integrate well—which means you can use the best tools for you, as opposed to the tools that happen to play nice together. And it’s not limited to productivity—eventually, you’ll find yourself automating even your most business-critical workflows.

Plus, if you sign up for Zapier, we’ll be able to write more useful articles like this one. Here are five things you should automate today to get started.

This post was originally published in September 2018 by Matthew Guay. The most recent update was in December 2022.

Source :
https://zapier.com/blog/best-productivity-apps/

The 8 best to do list apps in 2023

There are too many to-do list apps. Trying them all would be a massive task, and I know because I did.

Why are there so many apps for something easily done on sticky notes? Because managing tasks is an intensely personal thing. People will reject anything that doesn’t feel right. That’s a good instinct, but it makes it hard to find the right app.

Make the most of your to-do list with Zapier

Automate your tasks

To that end, we’ve been hard at work researching the best to-do apps, trying to find the right ones for various use cases. Research for these pieces was exhaustive. We started by finding the best apps for every platform: Android, Windows, macOS, and iPhone/iPad. We then tried the top-rated apps in every respective app store, and spent way too much time migrating our personal to-do lists from one app to another.

And now I’m offering you what I feel is the cream of the crop. Whatever you’re looking for, one of these apps is going to be right for you. Click on any app to learn more about why I chose it, or keep reading for more context on to-do list apps.

The best to-do list apps

Todoist for balancing power and simplicity
TickTick for embedded calendars and timers
Microsoft To Do for Microsoft power users (and Wunderlist refugees)
Things for elegant design
OmniFocus for specific organizational systems
Habitica for making doing things fun
Google Tasks for Google power users
Any.do for people who forget to use to-do apps
Other options, including project management software, note-taking apps, and other tools that can do the job

What makes the best to-do list app?

How we evaluate and test apps

I’ve written about technology in general, and productivity specifically, since 2009. In that time, I’ve personally tried basically every to-do list app that has come out, and I’m usually depending on at least one of them to function.

Of course, when it comes to managing a to-do list online, everyone has different criteria. I kept this in mind as I tested, and I noticed a few features that made certain apps stand out.

The best to-do list apps:

Make it fast to add and organize tasks. Ideally, a task is added and categorized in a couple taps or keystrokes.
Offer multiple ways to organize your tasks. Tags, lists, projects, and due dates are all helpful, and the best to-do apps offer at least a few categories like this.
Remind you about self-imposed deadlines. Notifications, widgets, emails—if you’re using an online to-do list, it should help you track what needs to happen when.
Offer clean user interfaces. The best to-do app fits into your workflow so you can get back to what you’re supposed to be doing.
Sync between every platform you use. Which platforms will depend on what you personally use, but I didn’t consider anything that doesn’t sync between desktop and mobile.

I tried to find the task list apps that balance these things in various ways. None of these options will be right for everyone, but hopefully one of them is right for you. Let’s dive in.

Make 2023 your most efficient year yet

Start the year off right with our five-email course that helps you streamline work across your whole business.

Best to-do list app for balancing power and simplicity

Todoist (Web, Windows, macOS, Android, iPhone, iPad)

Todoist isn’t the most powerful to-do list website out there. It’s also not the simplest. That’s kind of the point: this app balances power with simplicity, and it does so while running on basically every platform that exists. That’s a strong selling point—which is probably why Todoist is one of the most popular to-do lists right now.

Adding tasks was quick on every platform in my tests, thanks in part to natural language processing (type “buy milk Monday” and the task “buy milk” will be added with the next Monday set as your due date). You can put new tasks in your Inbox and then move them to relevant projects; you can also set due dates. Paid users can create custom filters and labels, and there are also some basic collaboration features.

Todoist is flexible enough to adapt to most workflows but not so complicated as to overwhelm. And it adds new features regularly: you can view projects as a Kanban board, for example, and navigating the app by keyboard is much smoother after recent updates. Overall, this is a great first to-do list app to try out, especially if you don’t know where to start.

Todoist also integrates with Zapier, which means you can automatically create tasks in Todoist whenever something happens in one of your favorite apps. Here are some examples.

Add new Google Calendar events to Todoist as tasks

Try it

Google Calendar, Todoist

Google Calendar + TodoistMore details

Add new starred emails to Todoist as tasks [Business Gmail Accounts Only]

Try it

Gmail, Todoist

Gmail + TodoistMore details

Add new Trello cards to Todoist as tasks

Try it

Trello, Todoist

Trello + TodoistMore details

Todoist price: Free version available; paid version from $4/month.

Check out more ideas for automating Todoist with Zapier.

Best to-do list app with embedded calendars and timers

TickTick (Web, Android, Windows, macOS, iPhone and iPad)

TickTick is a fast-growing task list app that offers a wide array of features on just about every platform you can imagine. Adding tasks is quick thanks to natural language processing. There’s also a universal keyboard shortcut offered on the desktop versions and pinned notifications and widgets on mobile, which makes it quick to add a task before getting back to what you’re doing. Tasks can be organized using lists, tags, and due dates, and there’s also the ability to add subtasks to any task.

TickTick offers all of this with apps that feel native—the macOS version is distinct from the Windows version, for example, in ways that make sense given the differences between those two systems. TickTick also offers a few features that are above and beyond what other apps offer.

First, there’s a built-in Pomodoro timer, allowing you to start a 25-minute work session for any of your tasks (complete with numerous white noise options, if you want). Second, there’s integration with various third-party calendars, allowing you to see your tasks and your appointments in one place, and even do some time blocking. There’s also a built-in habit-tracking tool, allowing you to review how many days you did or didn’t stick to your exercise and diet commitments. And an Eisenhower Matrix view allows you to prioritize your tasks based on what’s urgent and what’s important. It’s a great collection of features, unlike anything else on the market.

With TickTick’s Zapier integration, you can connect TickTick to the other tools in your tech stack to automatically create tasks whenever you get new leads, deals, or emails.

Create TickTick tasks for newly-labeled Gmail emails [Business Gmail Accounts Only]

Try it

Gmail, TickTick

Gmail + TickTickMore details

Generate TickTick tasks from new Facebook Leads

Try it

Facebook Lead Ads, TickTick

Facebook Lead Ads + TickTickMore details

Generate TickTick tasks from new HubSpot deals

Try it

HubSpot, TickTick

HubSpot + TickTickMore details

TickTick price: Free version available; paid version from $2.40/month.

Check out other ways you can automate TickTick with Zapier.

Best to-do list app for Microsoft power users (and Wunderlist refugees)

Microsoft To Do (Web, Android, Windows, iPhone and iPad)

In 2015, Microsoft bought Wunderlist and put that team to work on a new to-do list app. Microsoft To Do is the result of that, and you can find Wunderlist’s DNA throughout the project. The main interface is clean and friendly, adding tasks is quick, but there’s a lot of flexibility below the surface.

But the real standout feature here is the deep integration with Microsoft’s ecosystem. Any email flagged in Outlook, for example, shows up as a task. Outlook users can also sync their tasks from that app over to Microsoft To Do, meaning there’s finally a way to sync Outlook tasks to mobile. Windows users can add tasks using Cortana or by typing in the Start menu. For example, you can type “add rice to my shopping list,” and rice will be added to a list called “shopping.” If you’re a Windows user and an Outlook user, this is the app for you.

This is also the prettiest to-do list app on the market, in my opinion. You can set custom background images for every one of your lists, allowing you to tell at a glance which list you’re looking at. You’re going to be looking at your task list all day—it might as well look good.

Microsoft To Do integrates with Zapier, which means you can make sure Microsoft To Do is talking to all the other apps you use, not just the Microsoft ones. Here are some examples to get started.

Create Workboard action items from new tasks in Microsoft To-Do

Try it

Microsoft To Do, Workboard

Microsoft To Do + WorkboardMore details

Send direct Slack messages with new Microsoft To-Do lists

Try it

Microsoft To Do, Slack

Microsoft To Do + SlackMore details

Create Microsoft To-Do tasks from new Salesforce leads

Try it

Salesforce, Microsoft To Do

Salesforce + Microsoft To DoMore details

Microsoft To Do price: Free

Learn how you can make Microsoft To Do a productivity powerhouse with Zapier.

The best to-do list app with elegant design

Things (macOS, iPhone, iPad)

To-do list apps tend to fall into two categories: the complex and the minimalist. Things is somehow both.

That’s about the highest praise I can give a to-do list app. This is an app with no shortage of features, and yet it always feels simple to use. Adding tasks is quick and so is organizing them, but there’s seemingly no end of variation in ways to organize them. Areas can contain tasks or projects; projects can contain tasks or headers that can also contain tasks; and tasks can contain subtasks if you want. It sounds confusing, but it isn’t, which really speaks to how well Things is designed.

Other apps offer these features, but Things does it in a way that never feels cluttered, meaning you can quickly be done with looking at your to-do list and get back to whatever it is you’re doing. Combine this blend of functionality and beauty with features like a system-wide tool for quickly adding tasks, integration with your calendar so you can see your appointments while planning your day, intuitive keyboard shortcuts, reminders with native notifications, and syncing to an iPhone and iPad app.

The only downside here is the complete lack of versions for Windows and Android, though this decision is probably part of what allows the team to focus on making such a clean product. If you’re an Apple user, you owe it to yourself to try out Things.

You can automatically add to-dos to Things from your other apps with Things’ integrations on Zapier. Here’s some inspiration.

Add saved Slack messages to Things as to-dos

Try it

Slack, Things

Slack + ThingsMore details

Add new Trello cards to Things as to-dos

Try it

Trello, Things

Trello + ThingsMore details

Create Things to-dos from starred emails in Gmail [Business Gmail Accounts Only]

Try it

Gmail, Things

Gmail + ThingsMore details

Things price: $49.99 for macOS (15-day free trial), $19.99 for iPad, $9.99 for iPhone.

Best to-do list app for users with a very specific organizational system

OmniFocus (Web, macOS, iPhone, iPad)

OmniFocus is nothing if not flexible. This Apple-exclusive application is built around the Getting Things Done (GTD) philosophy trademarked by David Allen, but an array of features means it can be used for just about any organizational system you can imagine. There are three different kinds of projects you can set up, for example, depending on whether you need to do tasks in a specific order or not. There are six main views by default, allowing you to organize your tasks by things like due date, projects, and tags. You can even add more views, assuming you have the Pro version.

You get the idea. OmniFocus is a power user’s dream, with more features than anyone can hope to incorporate into a workflow, which is kind of the point: if there’s a feature you want, OmniFocus has it, so you can organize your tasks basically any way you can imagine.

Syncing is offered only between Apple devices. There’s a web version that’s intended for occasional usage away from your Apple machines, but non-Apple users should probably look elsewhere.

You can connect OmniFocus to your other favorite apps with OmniFocus’s Zapier integration. Whenever something happens in another app that you want to keep track of in OmniFocus, Zapier will automatically send it there.

Create OmniFocus tasks from new saved Slack messages

Try it

Slack, OmniFocus

Slack + OmniFocusMore details

Create OmniFocus tasks for new starred emails on Gmail

Try it

Gmail, OmniFocus

Gmail + OmniFocusMore details

Create OmniFocus tasks from new or moved Trello cards

Try it

Trello, OmniFocus

Trello + OmniFocusMore details

OmniFocus price: From $99.99/year for the recurring plan, which includes all apps and the web version. Also available as a one-time purchase from $49.99 (14-day free trial).

Best to-do list app for making doing things fun

Habitica (Web, Android, iPhone and iPad)

Games are fantastic at motivating mundane activity—how else can you explain all that time you’ve spent on mindless fetch quests? Habitica, formerly known as HabitRPG, tries to use principles from game design to motivate you to get things done, and it’s remarkably effective. You can add tasks, daily activities, and habits to a list. You also have a character, who levels up when you get things done and takes damage when you put things off. You can also earn in-game currency for buying offline rewards, such as a snack, or in-game items like weapons or even silly hats.

This is even better when you join a few friends and start a party. You can all fight bosses together, but be careful: fail to finish some tasks on time and your friends will take damage. If that doesn’t motivate you, nothing will.

What’s the downside? Habitica isn’t a great to-do list for managing long-term projects, so you might need something else for that. But if motivation is your problem, Habitica is well worth a spin.

Habitica price: Free version available; paid version from $5/month.

Best to-do list app for Google power users

Google Tasks (Web, Android, iPhone and iPad)

If you live in Gmail and Google Calendar, Google Tasks is an obvious free to-do list app to try out. That’s because it lives right in the sidebar of those two apps, and offers more than a few integrations. Plus, there’s a dedicated mobile app.

The app itself is spartan. Adding tasks is quick, particularly if you spend a lot of time in Gmail anyway, but there’s not a lot of organizational offerings. There are due dates, lists, descriptions, subtasks, and the ability to “Star” tasks. There’s not much beyond that, which is ok. On the desktop, the integration with Gmail is a key selling point. You can drag an email to Google Tasks to turn it into a task, for example. You also can see your tasks on your Google Calendar, if you want.

The best to-do app is one that’s always handy. If you’re the kind of person who always has Gmail open on your computer, it’s hard for any app to be handier than Google Tasks. The mobile versions make those tasks accessible on the go.

You can automatically move information between Google Tasks and your other apps with Google Tasks’ integration on Zapier. Here are a few examples of workflows you can automate, so you can stop manually moving your tasks.

Create Trello cards from new Google Tasks tasks

Try it

Google Tasks, Trello

Google Tasks + TrelloMore details

Add new Google Tasks to Todoist as tasks

Try it

Google Tasks, Todoist

Google Tasks + TodoistMore details

Add Google Tasks tasks for new Google Calendar events

Try it

Google Calendar, Google Tasks

Google Calendar + Google TasksMore details

Google Tasks price: Free

Take a look at how you can power up all of your Google apps using automation.

Best to-do list app for people who forget to use to-do apps

Any.do (Web, Android, iPhone and iPad)

Any.do offers a really slick mobile app that makes it quick to add tasks, organize them into lists, and add due dates. But where it really shines is with its daily “Plan my Day” feature, which forces you to schedule when you’ll accomplish your various tasks, so that you remember to actually do things. Any.do also integrates nicely with Google and Outlook calendars, allowing you to see your appointments and your tasks in one place. This is exactly what you need if you’re the kind of person who adds things to a list and forgets about them.

The desktop version isn’t quite as slick as the mobile version—it feels cluttered and is more than a little confusing. Still, Any.do’s mobile version alone makes a compelling reason to give it a shot, especially if that’s where you do most of your task management.

Any.do integrates with Zapier, so you can automatically add tasks to Any.do whenever there’s a new calendar event, note, or task in your other apps.

Add Evernote reminders to Any.do as tasks

Try it

Evernote, Any.do

Evernote + Any.doMore details

Create tasks in Any.do for new saved messages in Slack

Try it

Slack, Any.do

Slack + Any.doMore details

Add new incomplete Todoist tasks to Any.do

Try it

Todoist, Any.do

Todoist + Any.doMore details

Any.do price: Free version available; paid version from $2.99/month.

Other to-do list options

We focused on dedicated to-do list apps in this roundup, but plenty of other software can fulfill the same function. Here are a few ideas if none of the above quite fit what you’re looking for:

Project management apps like Trello and Asana can be used as to-do lists, especially if you already use them to manage your other work.
Note-taking apps like Evernote, OneNote, and Google Keep also have to-do list features, if you want to combine your to-do lists and notes.
You can use Notion as a to-do list if that’s where you spend most of your time, and the various Notion alternatives work just as well.
Time-blocking apps are another solid option. These combine a task list with your calendar, encouraging you to decide when you’ll do what.
Google Sheets can be your to-do list. Zapier’s CEO even uses Gmail as his to-do list.
Sticky note apps can also do the trick. So can a piece of paper. Don’t overthink things!

Finding the right task management system is hard because it’s so personal. To that end, let me know if there’s anything you think I missed.

Related reading:

This post was originally published in April 2018 by Andrew Kunesh. The most recent update was in November 2022.

Source :
https://zapier.com/blog/best-todo-list-apps/

How to capitalize or change the case of text in any app

Automatically convert the case of your text in Word, Excel, Google Docs, and more.

Capitalization isn’t something you have to think much about. The first letter of a sentence gets capitalized, along with any proper nouns—and you write in all caps when you’re angry (or excited, depending on who you ask).

Automatically convert text case in your workflows

Learn how

As long as you type with the capitalization you want, everything’s fine. But when you go to write a long title and have to hold Shift for every first letter or when you write a few sentences without realizing caps lock was on, capitalization can suddenly get more frustrating. It can take seemingly forever to edit each letter back to the case you want—and it’s so easy to miss the stray cApital letter in a long essay or blog post.

Here’s how to automatically capitalize text properly in Word, Google Docs, and other text editors—and in thousands of other apps using Zapier’s Formatter tool.

How to change case in Word

If you’re working in Microsoft Word, it’s easy to change the capitalization or case of text in your document.

Select your text.
In the Home section of the toolbar, click the Change Caseoption. (It’s right next to your font options: a capital and lowercase Aa with a dropdown arrow.)
Select the case you want.

Your options are: Sentence case., lowercase, UPPERCASE, Capitalize Each Word, or tOGGLE cASE to swap your writing’s current case—perfect for the times you swap capital and lowercase accidentally.

Changing the text case in Microsoft Word

Or you can highlight the text and use Word’s keyboard shortcut—Shift + fn + F3—to change selected text between lowercase, UPPERCASE or Capitalizing Each Word.

How to change case in Excel

It’s a little more complicated in Excel—you’ll need to use a formula to get the job done.

To make text uppercase in Excel, use the formula =UPPER(A1:A99), where A1:A99 is the cell range you want to change.
To make text lowercase in Excel, use the formula =UPPER(A1:A99).
To make text Title Case in Excel, use the formula =PROPER(A1:A99).

In every case, you’ll need to put the formula in another cell, and the new text will show up in that cell or column.

How to capitalize text in Google Docs

Google Docs also includes a capitalization tool, hidden in its menus.

Select your text.
Click Format > Text > Capitalization.
Choose the case you want (lowercase, UPPERCASE, or Title Case).

Changing the capitalization in Google Docs

How to capitalize text on macOS

Change capitalization in TextEdit with the built-in macOS text transformations

Using a Mac? Lots of apps on your Mac already includes macOS’s built-in spelling and grammar checks along with text transformations.

In most Mac apps:

Select the text, and right-click on it to see the text options.
Hover over the Transformations menu.
Select the case you want (the Capitalize option will capitalize the first letter of every word).

The capitalization options in Messages on a Mac

If you don’t see the options in the right-click menu, check the gear icon in the app’s font settings—that’s where Pages and other Apple apps put those same transformations.

How to capitalize text in Sublime Text

One of the most popular code and text editors Sublime Text also includes a capitalization tool.

Select your text.
Click Edit > Convert Case.
Select the case you want.

In addition to the standard options, Sublime Text also includes snake_case (lowercase, with an underscore between each word) and kebab-case (lowercase, with a hyphen between each word).

How to convert case online

Another option is to use a web app to format your text. There are a number of simple web apps that can swap your case for you.

In TitleCase, type or paste in your text, and then choose the case you want to automatically convert your text to.
In Convert Case (pictured above), type or paste in your text, then choose each of the case options you want. It’ll give you your text in all of those cases for a quick way to pick what looks best.

Automatically convert text case with Zapier

These tips work great for changing your capitalization within an app, like if you want to convert caps to lowercase in an article you’re writing. But if you want to change capitalization as you send information from one app to the other, here’s how to automatically convert text case with Zapier.

Related reading:

This article was originally published in September 2017. The most recent update was in December 2022.

Source :
https://zapier.com/blog/capitalize-text/

The 12 Most Impactful Internet Outages

An internet outage can have major consequences for a digital business, especially when it happens during peak usage times and on holidays. Outages can lead to revenue loss, complaints, and customer churn.

Of course, internet outages regularly impact companies across all verticals, including some of the largest internet companies in the world. And they can happen when you least expect them.

Read on to learn about some of the most impactful internet outages to date and some steps you can take to keep your business out of harm’s way.

Historical Internet Outages You Need to Know About

1. Amazon Web Services

Amazon Web Services (AWS) experienced a major outage in December 2021, lasting for several hours. The outage impacted operations for many leading businesses, including Netflix, Disney, Spotify, DoorDash, and Venmo.

Amazon blames the outage on an automation error causing multiple systems to act abnormally. The outage also prevented users from accessing some cloud services.

This outage proved the largest and safest cloud providers are also susceptible to downtime.

2. Facebook

Facebook as well suffered a major outage in 2021, leaving billions of users unable to access its services, including its main social network, Instagram, and WhatsApp.

According to Facebook, the cause of the outage was a configuration change on its backbone routers responsible for transmitting traffic across its data centers. The outage lasted roughly six hours, an eternity for a social network.

3. Fastly

Cloud service provider Fastly had its network go down in June 2021, taking down several sizeable global news websites, including the New York Times and CNN. It also impacted retailers like Target and Amazon, and several other organizations.

The outage resulted from a faulty software update, stemming from a misconfiguration, causing disruptions across multiple servers.

4. British Airways

British Airways experienced a massive IT failure in 2017 during one of the busiest travel weekends in the United Kingdom.

This event created a nightmare scenario for the organization and its customers. Altogether, it grounded 672 flights and stranded tens of thousands of customers.

According to the company, the outage ensued when an engineer disconnected the data center’s power supply. A massive power surge came next, bringing the business’s network down in the process.

5. Google

Google had a major service outage in 2020. It only lasted about forty-five minutes, but it still impacted users worldwide.

Services including Gmail, YouTube, and Google Calendar all crashed. So did Google Home apps. The outage also impacted third-party applications using Google for authentication.

The issue happened due to inadequate storage capacity for the company’s authentication services.

6. Dyn

Undoubtedly, one of the biggest distributed denial of service (DDoS) attacks in history occurred in 2016 against Dyn, which was a major backbone provider.

The attack occurred in three waves, overwhelming the company’s servers. As a result, many internet users were unable to access partnering platforms like Twitter, Spotify, and Netflix.

7. Verizon Fios

Verizon had a major internet outage in January 2021, which disrupted tens of thousands of customers along the East Coast.

While the internet outage lasted only about an hour, Verizon experienced a sharp drop in traffic volume. Naturally, many customers complained about the loss of service.

At first, the company reported the incident was the result of someone cutting fiber cables. However, it was unrelated and turned out to be a “software issue” during routine network maintenance activities.

8. Microsoft

Another major internet outage occurred at Microsoft when its Azure service went under in December 2021. Azure’s Active Directory service crashed for about ninety minutes.

Compared to some other outages, this one was relatively small. Nonetheless, it prevented users from signing in to Microsoft services such as Office 365. Although applications remained online, users couldn’t access them, making this a major productivity killer for many organizations worldwide.

9. Comcast

There was an internet outage at Comcast in November 2021, which happened when its San Francisco backbone shut down for about two hours.

Following the outage, a broader issue occurred, spanning multiple U.S. cities, including hubs like Philadelphia and Chicago. Several thousand customers lost service, leaving them unable to access basic network functionality during the height of the pandemic.

10. Akamai Edge DNS

Akamai, a global content delivery provider, experienced an outage with its DNS service in 2021. The Akamai outage resulted from a faulty software configuration update activating a bug in its Secure Edge Content Delivery Network.

In a similar fashion to other attacks against service providers, Akamai’s outage caused widespread damage. Other websites—including American Airlines, Fox News, and Steam—all experienced performance issues following the incident.

11. Cox Communications

Cox Communications reported a major internet outage in March 2022, impacting nearly seven thousand customers in the Las Vegas region.

The problem resulted from an NV Energy backhoe damaging a transmission line and triggering a power event. The surge caused a cable modem to reset, and many customers tried to reconnect simultaneously. As a result, it took several hours for service to resume.

12. Slack

The recent Slack outage in January 2021 created havoc for distributed workers who rely on the platform for communication and collaboration.

The platform’s outage impacted organizations across the US, UK, Germany, Japan, and India, with interruptions occurring for about two and a half hours. Slack says the issue came from scaling problems on the AWS Transit Gateway, which couldn’t accommodate a spike in traffic.

Best Practices for Avoiding Internet Outages

At the end of the day, there’s nothing you can do to prevent outages entirely, especially if your business relies on multiple third-party systems. Eventually, your company or a partner will experience some level of service disruption. It’s best to plan for them and, where possible, enable systems to ‘fail gracefully.’

As part of your resiliency planning, here are some steps to mitigate damage, maximize uptime, and keep your organization safe, along with some best practices to help you avoid disruptions from network and connectivity issues.

Set Up a Backup Internet Solution

It’s impossible to protect your business from local internet outages completely. They can stem from issues like local construction, service disruptions, and more.

Consider setting up a backup internet solution as a workaround, so you never lose connectivity. For example, you may choose to combine broadband with a wireless failover solution.

Consider a Multi-Cloud Strategy

If your business is in the cloud, it’s a good idea to explore a multi-cloud strategy. By spreading your workloads across multiple cloud providers, you can prevent cloud service disruptions from knocking your digital applications offline. This approach can also improve uptime and resiliency.

Use Website Performance and Availability Monitoring

One of the best ways to protect your business is to use website performance and availability monitoring. It provides real-time visibility into how end users are interacting with and experiencing your website.

A robust website performance and availability monitoring solution can provide actionable insights into the health and stability of your website. As a result, you can track uptime and performance over time and troubleshoot issues when they occur.

The Pingdom Approach to Website Performance Monitoring

SolarWinds^® Pingdom^® provides real-time and historical end-user experience monitoring, giving your team deep visibility from a single pane of glass. With Pingdom, it’s possible to protect against the kind of outages helping your company make headlines for the wrong reasons.

When you’re ready to jump in, try Pingdom by requesting a free trial today.

This post was written by Justin Reynolds. Justin is a freelance writer who enjoys telling stories about how technology, science, and creativity can help workers be more productive. In his spare time, he likes seeing or playing live music, hiking, and traveling.

Source :
https://www.pingdom.com/outages/internet-outages-the-12-most-impactful/

Yes, AirPods work fine with Pixel phones, but Pixel Buds Pro work better

We see this question floating around the web quite a bit: will my AirPods work with a Pixel? The simple answer is, of course, yes! Though AirPods (or AirPods Pro) are designed to work best with Apple products, they are still Bluetooth earbuds that can be connected to a wide variety of devices. As a matter of fact, I’ve used both the AirPods and AirPods Pro with my Chromebook, too, and there’s no real issue in getting them connected on that front, either.

How to pair your AirPods

Pairing is pretty simple. With the AirPods in their case, flip open the lid, hold the button around back until the LED begins pulsing, and look for your AirPods in the list of available Bluetooth devices to pair. Again, I’ve had little issue whatsoever in getting them connected to anything I’ve tried, so thankfully Apple hasn’t put any blocks in place for non-Apple devices.

What works with AirPods on Pixel

Once you get them all connected, the functionality is pretty basic. For standard AirPods, you can listen to media, take calls, and double-tap near the top to play/pause audio. That’s about it. They stay connected well and have very little latency, so for all sorts of applications, they are pretty great. If you are OK with a straightforward bluetooth earbuds experience, there’s technically nothing broken, here. There’s just not a ton of added features.

For the AirPods Pro, the haptic buttons on the earbuds themselves will work based on how you set them up. Out of the box, they default to a single click for play/pause, double-click for skip forward, and triple-click for skip back. A long press will toggle ANC and transparency modes, too.

What doesn’t work with Airpods on Pixel

When looking at the variety of available earbuds on the market, clearly the AirPods are pretty Spartan in their functionality on non-Apple devices. While they do technically work fine for the basics, there’s a bunch of stuff you need to know that these earbuds won’t do on a Pixel phone. First up, since there’s only support for a double-top on the standard AirPods (it defaults to play/pause), when you are needing to adjust volume or skip a track, you’ll need to grab your phone. As stated above, the AirPods Pro get around this limitation a bit more effortlessly thanks to the haptic buttons on the stems.

None of the physical shortcuts can be adjusted when using a Pixel phone, however, and you’ll need an Apple device of some sort in order to change the device name and customize your click functionalities. It is worth noting, however, that even on Apple devices, the number of custom things you can do with the AirPods Pro is pretty limited, so you aren’t missing out on too much if you don’t have an Apple device around.

A software battery life indicator is another key thing missing from the equation, and apart from installing some 3rd-party software, you won’t know the remaining charge you have on your earbuds when paired to a Pixel phone. If you have a wireless charging pad and keep your AirPods on them regularly, it’s not a huge deal. The only time it really bugs me is with my old, 1st-gen AirPods that don’t come with wireless charging. I forget to top them off regularly.

And speaking of charging, all the AirPods at this point still charge with Lightning cables. That’s right: if you don’t have one of those lying around, you’re gonna be in trouble. For me, wireless charging has solved this issue, but it is still unfortunate. As an Android/ChromeOS guy, I don’t have Lightning cables around very often. It’s a small-but-aggravating thing you need to remember.

Why the Pixel Buds Pro and Pixel phones are a better pair

This should be pretty obvious, but the Pixel Buds Pro are a far better fit if you have a Pixel phone. Well, I say it should be obvious; but Google hasn’t always made it that way, have they? With issues here and there with their older Pixel Buds, I’ve not been a huge fan up until the Pixel Buds Pro. At this point, however, I’m a huge fan and all the niceties you get along with them have totally turned the tide for me.

For starters, the on-ear functionality is fantastic. Gestures like swiping for volume controls, tapping for play/pause/skip, and holding for ANC or transparency are the best in the business. It all works like you’d expect, the surface of the actual earbud is big enough to keep you from missing on a regular basis, and the way the Pixel Buds Pro sit in your ear keep them from feeling uncomfortable when you press on them.

The Pixel Buds Pro also come with Fast Pair, so as soon as you open them up, your Pixel will see them and get you paired up with ease. To be fair, the AirPods do this as well, but only on Apple devices. Pixel Buds Pro will Fast Pair with any eligible Android device or Chromebook, too.

Obviously, the Pixel Buds Pro also have an app (it is baked-in on Pixel phones) that allows for all sorts of customization for your presses, swipes, and EQ settings. Again, this sort of thing is present for the AirPods on Apple devices, but Google’s customization on Pixels and Android phones is far more robust and with Feature Drops, it will only get better over time.

So, in a nutshell, if you are a Pixel owner, AirPods will definitely work with your device, but I’d recommend the Pixel Buds Pro in the end. They’ve been on sale a ton of times for $149, and for that price, they are barely more expensive than the standard AirPods and far cheaper than the AirPods Pro. They pair easier, have more features, and I’d argue the sound quality is better too. While the AirPods and AirPods Pro technically will work for you, I’d only recommend them if you are in possession of them already, have an Apple device or two you use on a regular basis, or you get them as a gift. In any other case, go for the Pixel Buds Pro.

Source :
https://chromeunboxed.com/airpods-pro-pixel-phones-will-it-work/

7 Cyber Security Tips for SMBs

When the headlines focus on breaches of large enterprises like the Optus breach, it’s easy for smaller businesses to think they’re not a target for hackers. Surely, they’re not worth the time or effort?

Unfortunately, when it comes to cyber security, size doesn’t matter.

Assuming you’re not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple security steps in place. Few small businesses prioritise cybersecurity, and hackers know it. According to Verizon, the number of smaller businesses being hit has climbed steadily in the last few years – 46% of cyber breaches in 2021 impacted businesses with fewer than 1,000 employees.

Cyber security doesn’t need to be difficult#

Securing any business doesn’t need to be complex or come with a hefty price tag. Here are seven simple tips to help the smaller business secure their systems, people and data.

1 — Install anti-virus software everywhere#

Every organisation has anti-virus on their systems and devices, right? Unfortunately, business systems such as web servers get overlooked all too often. It’s important for SMBs to consider all entry points into their network and have anti-virus deployed on every server, as well as on employees’ personal devices.

Hackers will find weak entry points to install malware, and anti-virus software can serve as a good last-resort backstop, but it’s not a silver bullet. Through continuous monitoring and penetration testing you can identify weaknesses and vulnerabilities before hackers do, because it’s easier to stop a burglar at the front door than once they’re in your home.

2 — Continuously monitor your perimeter#

Your perimeter is exposed to remote attacks because it’s available 24/7. Hackers constantly scan the internet looking for weaknesses, so you should scan your own perimeter too. The longer a vulnerability goes unfixed, the more likely an attack is to occur. With tools like Autosploit and Shodan readily available, it’s easier than ever for attackers to discover internet facing weaknesses and exploit them.

Even organisations that cannot afford a full-time, in-house security specialist can use online services like Intruder to run vulnerability scans to uncover weaknesses.

Intruder is a powerful vulnerability scanner that provides a continuous security review of your systems. With over 11,000 security checks, Intruder makes enterprise-grade scanning easy and accessible to SMBs.

Intruder will promptly identify high-impact flaws, changes in the attack surface, and rapidly scan your infrastructure for emerging threats.

3 — Minimise your attack surface#

Your attack surface is made up of all the systems and services exposed to the internet. The larger the attack surface, the bigger the risk. This means exposed services like Microsoft Exchange for email, or content management systems like WordPress can be vulnerable to brute-forcing or credential-stuffing, and new vulnerabilities are discovered almost daily in such software systems. By removing public access to sensitive systems and interfaces which don’t need to be accessible to the public, and ensuring 2FA is enabled where they do, you can limit your exposure and greatly reduce risk.

A simple first step in reducing your attack surface is by using a secure virtual private network (VPN). By using a VPN, you can avoid exposing sensitive systems directly to the internet whilst maintaining their availability to employees working remotely. When it comes to risk, prevention is better than cure – don’t expose anything to the internet unless it’s absolutely necessary!

4 — Keep software up to date#

New vulnerabilities are discovered daily in all kinds of software, from web browsers to business applications. Just one unpatched weakness could lead to full compromise of a system and a breach of customer data; as TalkTalk discovered when 150,000 of its private data records were stolen.

According to a Cyber Security Breaches Survey, businesses that hold electronic personal data of their customers are more likely than average to have had breaches. Patch management is an essential component of good cyber hygiene, and there are tools and services to help you check your software for any missing security patches.

5 — Back up your data #

Ransomware is on the increase. In 2021, 37% of businesses and organisations were hit by ransomware according to research by Sophos. Ransomware encrypts any data it can access, rendering it unusable, and can’t be reversed without a key to decrypt the data.

Data loss is a key risk to any business either through malicious intent or a technical mishap such as hard disk failure, so backing up data is always recommended. If you back up your data, you can counter attackers by recovering your data without needing to pay the ransom, as systems affected by ransomware can be wiped and restored from an unaffected backup without the attacker’s key.

6 — Keep your staff security aware#

Cyber attackers often rely on human error, so it’s vital that staff are trained in cyber hygiene so they recognise risks and respond appropriately. The Cyber Security Breaches Survey 2022 revealed that the most common types of breaches were staff receiving fraudulent emails or phishing attacks (73%), followed by people impersonating the organisation in emails or online (27%), viruses, spyware and malware (12%), and ransomware (4%).

Increasing awareness of the benefits of using complex passwords and training staff to spot common attacks such as phishing emails and malicious links, will ensure your people are a strength rather than a vulnerability.

7 — Protect yourself relative to your risk#

Cyber security measures should always be appropriate to the organisation. For example, a small business which handles banking transactions or has access to sensitive information such as healthcare data should employ far more stringent security processes and practices than a pet shop.

That’s not to say a pet shop doesn’t have a duty to protect customer data, but it’s less likely to be a target. Hackers are motivated by money, so the bigger the prize the more time and effort will be invested to achieve their gains. By identifying your threats and vulnerabilities with a tool like Intruder, you can take appropriate steps to mitigate and prioritize which risks need to be addressed and in which order.

It’s time to raise your cyber security game#

Attacks on large companies dominate the news, which feeds the perception that SMBs are safe, when the opposite is true. Attacks are increasingly automated, so SMBs are just as vulnerable targets as larger enterprises, more so if they don’t have adequate security processes in place. And hackers will always follow the path of least resistance. Fortunately, that’s the part Intruder made easy…

About Intruder#

Intruder is a cyber security company that helps organisations reduce their attack surface by providing continuous vulnerability scanning and penetration testing services. Intruder’s powerful scanner is designed to promptly identify high-impact flaws, changes in the attack surface, and rapidly scan the infrastructure for emerging threats. Running thousands of checks, which include identifying misconfigurations, missing patches, and web layer issues, Intruder makes enterprise-grade vulnerability scanning easy and accessible to everyone. Intruder’s high-quality reports are perfect to pass on to prospective customers or comply with security regulations, such as ISO 27001 and SOC 2.

Intruder offers a 14-day free trial of its vulnerability assessment platform. Visit their website today to take it for a spin!

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Source :
https://thehackernews.com/2022/11/7-cyber-security-tips-for-smbs.html

Details Released for Recently Patched new macOS Archive Utility Vulnerability

Security researchers have shared details about a now-addressed security flaw in Apple’s macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple’s security measures.

The vulnerability, tracked as CVE-2022-32910, is rooted in the built-in Archive Utility and “could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive,” Apple device management firm Jamf said in an analysis.

Following responsible disclosure on May 31, 2022, Apple addressed the issue as part of macOS Big Sur 11.6.8 and Monterey 12.5 released on July 20, 2022. The tech giant, for its part, also revised the earlier-issued advisories as of October 4 to add an entry for the flaw.

Apple described the bug as a logic issue that could allow an archive file to get around Gatekeeper checks, which is designed so as to ensure that only trusted software runs on the operating system.

The security technology achieves this by verifying that the downloaded package is from a legitimate developer and has been notarized by Apple – i.e., given a stamp of approval to ensure it’s not been maliciously tampered with.

“Gatekeeper also requests user approval before opening downloaded software for the first time to make sure the user hasn’t been tricked into running executable code they believed to simply be a data file,” Apple notes in its support documentation.

It’s also worth noting archive files downloaded from the internet are tagged with the “com.apple.quarantine” extended attribute, including the items within the file, so as to trigger a Gatekeeper check prior to execution.

But in a peculiar quirk discovered by Jamf, the Archive Utility fails to add the quarantine attribute to a folder “when extracting an archive containing two or more files or folders in its root directory.”

Thus by creating an archive file with the extension “exploit.app.zip,” it leads to a scenario where an unarchival results in the creation of a folder titled “exploit.app,” while also lacking the quarantine attribute.

This application “will bypass all Gatekeeper checks allowing an unnotarized and/or unsigned binary to execute,” Jamf researcher Ferdous Saljooki, who discovered the flaw, said. Apple said it resolved the vulnerability with improved checks.

The findings come more than six months after Apple addressed another similar flaw in macOS Catalina, Big Sur 11.6.5, and Monterey 12.3 (CVE-2022-22616) that could allow a malicious ZIP archive to bypass Gatekeeper checks.

Source :
https://thehackernews.com/2022/10/details-released-for-recently-patched.html

Alert (AA22-277A) Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Summary

Actions to Help Protect Against APT Cyber Activity:

• Enforce multifactor authentication (MFA) on all user accounts.
• Implement network segmentation to separate network segments based on role and functionality.
• Update software, including operating systems, applications, and firmware, on network assets.
• Audit account usage.

From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to advanced persistent threat (APT) activity on a Defense Industrial Base (DIB) Sector organization’s enterprise network. During incident response activities, CISA uncovered that likely multiple APT groups compromised the organization’s network, and some APT actors had long-term access to the environment. APT actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.

This joint Cybersecurity Advisory (CSA) provides APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified during the incident response activities by CISA and a third-party incident response organization. The CSA includes detection and mitigation actions to help organizations detect and prevent related APT activity. CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of cyber threats to their networks.

Download the PDF version of this report: pdf, 692 KB

For a downloadable copy of IOCs, see the following files:

Technical Details

Threat Actor Activity

Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 11. See the MITRE ATT&CK Tactics and Techniques section for a table of the APT cyber activity mapped to MITRE ATT&CK for Enterprise framework.

From November 2021 through January 2022, CISA conducted an incident response engagement on a DIB Sector organization’s enterprise network. The victim organization also engaged a third-party incident response organization for assistance. During incident response activities, CISA and the trusted –third-party identified APT activity on the victim’s network.

Some APT actors gained initial access to the organization’s Microsoft Exchange Server as early as mid-January 2021. The initial access vector is unknown. Based on log analysis, the actors gathered information about the exchange environment and performed mailbox searches within a four-hour period after gaining access. In the same period, these actors used a compromised administrator account (“Admin 1”) to access the EWS Application Programming Interface (API). In early February 2021, the actors returned to the network and used Admin 1 to access EWS API again. In both instances, the actors used a virtual private network (VPN).

Four days later, the APT actors used Windows Command Shell over a three-day period to interact with the victim’s network. The actors used Command Shell to learn about the organization’s environment and to collect sensitive data, including sensitive contract-related information from shared drives, for eventual exfiltration. The actors manually collected files using the command-line tool, WinRAR. These files were split into approximately 3MB chunks located on the Microsoft Exchange server within the CU2\he\debug directory. See Appendix: Windows Command Shell Activity for additional information, including specific commands used.

During the same period, APT actors implanted Impacket, a Python toolkit for programmatically constructing and manipulating network protocols, on another system. The actors used Impacket to attempt to move laterally to another system.

In early March 2021, APT actors exploited CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 to install 17 China Chopper webshells on the Exchange Server. Later in March, APT actors installed HyperBro on the Exchange Server and two other systems. For more information on the HyperBro and webshell samples, see CISA MAR-10365227-2 and -3.

In April 2021, APT actors used Impacket for network exploitation activities. See the Use of Impacket section for additional information. From late July through mid-October 2021, APT actors employed a custom exfiltration tool, CovalentStealer, to exfiltrate the remaining sensitive files. See the Use of Custom Exfiltration Tool: CovalentStealer section for additional information.

APT actors maintained access through mid-January 2022, likely by relying on legitimate credentials.

Use of Impacket

CISA discovered activity indicating the use of two Impacket tools: wmiexec.py and smbexec.py. These tools use Windows Management Instrumentation (WMI) and Server Message Block (SMB) protocol, respectively, for creating a semi-interactive shell with the target device. Through the Command Shell, an Impacket user with credentials can run commands on the remote device using the Windows management protocols required to support an enterprise network.

The APT cyber actors used existing, compromised credentials with Impacket to access a higher privileged service account used by the organization’s multifunctional devices. The threat actors first used the service account to remotely access the organization’s Microsoft Exchange server via Outlook Web Access (OWA) from multiple external IP addresses; shortly afterwards, the actors assigned the Application Impersonation role to the service account by running the following PowerShell command for managing Exchange:

powershell add-pssnapin *exchange*;New-ManagementRoleAssignment – name:”Journaling-Logs” -Role:ApplicationImpersonation -User:<account>

This command gave the service account the ability to access other users’ mailboxes.

The APT cyber actors used virtual private network (VPN) and virtual private server (VPS) providers, M247 and SurfShark, as part of their techniques to remotely access the Microsoft Exchange server. Use of these hosting providers, which serves to conceal interaction with victim networks, are common for these threat actors. According to CISA’s analysis of the victim’s Microsoft Exchange server Internet Information Services (IIS) logs, the actors used the account of a former employee to access the EWS. EWS enables access to mailbox items such as email messages, meetings, and contacts. The source IP address for these connections is mostly from the VPS hosting provider, M247.

Use of Custom Exfiltration Tool: CovalentStealer

The threat actors employed a custom exfiltration tool, CovalentStealer, to exfiltrate sensitive files.

CovalentStealer is designed to identify file shares on a system, categorize the files, and upload the files to a remote server. CovalentStealer includes two configurations that specifically target the victim’s documents using predetermined files paths and user credentials. CovalentStealer stores the collected files on a Microsoft OneDrive cloud folder, includes a configuration file to specify the types of files to collect at specified times and uses a 256-bit AES key for encryption. See CISA MAR-10365227-1 for additional technical details, including IOCs and detection signatures.

MITRE ATT&CK Tactics and Techniques

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. CISA uses the ATT&CK Framework as a foundation for the development of specific threat models and methodologies. Table 1 lists the ATT&CK techniques employed by the APT actors.

Initial Access
Technique Title	ID	Use
Valid Accounts	T1078	Actors obtained and abused credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. In this case, they exploited an organization’s multifunctional device domain account used to access the organization’s Microsoft Exchange server via OWA.
Execution
Technique Title	ID	Use
Windows Management Instrumentation	T1047	Actors used Impacket tools wmiexec.py and smbexec.py to leverage Windows Management Instrumentation and execute malicious commands.
Command and Scripting Interpreter	T1059	Actors abused command and script interpreters to execute commands.
Command and Scripting Interpreter: PowerShell	T1059.001	Actors abused PowerShell commands and scripts to map shared drives by specifying a path to one location and retrieving the items from another. See Appendix: Windows Command Shell Activity for additional information.
Command and Scripting Interpreter: Windows Command Shell	T1059.003	Actors abused the Windows Command Shell to learn about the organization’s environment and to collect sensitive data. See Appendix: Windows Command Shell Activity for additional information, including specific commands used.The actors used Impacket tools, which enable a user with credentials to run commands on the remote device through the Command Shell.
Command and Scripting Interpreter: Python	T1059.006	The actors used two Impacket tools: wmiexec.py and smbexec.py.
Shared Modules	T1129	Actors executed malicious payloads via loading shared modules. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths.
System Services	T1569	Actors abused system services to execute commands or programs on the victim’s network.
Persistence
Technique Title	ID	Use
Valid Accounts	T1078	Actors obtained and abused credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Create or Modify System Process	T1543	Actors were observed creating or modifying system processes.
Privilege Escalation
Technique Title	ID	Use
Valid Accounts	T1078	Actors obtained and abused credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. In this case, they exploited an organization’s multifunctional device domain account used to access the organization’s Microsoft Exchange server via OWA.
Defense Evasion
Technique Title	ID	Use
Masquerading: Match Legitimate Name or Location	T1036.005	Actors masqueraded the archive utility WinRAR.exe by renaming it VMware.exe to evade defenses and observation.
Indicator Removal on Host	T1070	Actors deleted or modified artifacts generated on a host system to remove evidence of their presence or hinder defenses.
Indicator Removal on Host: File Deletion	T1070.004	Actors used the del.exe command with the /f parameter to force the deletion of read-only files with the .rar and tempg wildcards.
Valid Accounts	T1078	Actors obtained and abused credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. In this case, they exploited an organization’s multifunctional device domain account used to access the organization’s Microsoft Exchange server via OWA.
Virtualization/Sandbox Evasion: System Checks	T1497.001	Actors used Windows command shell commands to detect and avoid virtualization and analysis environments. See Appendix: Windows Command Shell Activity for additional information.
Impair Defenses: Disable or Modify Tools	T1562.001	Actors used the taskkill command to probably disable security features. CISA was unable to determine which application was associated with the Process ID.
Hijack Execution Flow	T1574	Actors were observed using hijack execution flow.
Discovery
Technique Title	ID	Use
System Network Configuration Discovery	T1016	Actors used the systeminfo command to look for details about the network configurations and settings and determine if the system was a VMware virtual machine.The threat actor used route print to display the entries in the local IP routing table.
System Network Configuration Discovery: Internet Connection Discovery	T1016.001	Actors checked for internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways.
System Owner/User Discovery	T1033	Actors attempted to identify the primary user, currently logged in user, set of users that commonly use a system, or whether a user is actively using the system.
System Network Connections Discovery	T1049	Actors used the netstat command to display TCP connections, prevent hostname determination of foreign IP addresses, and specify the protocol for TCP.
Process Discovery	T1057	Actors used the tasklist command to get information about running processes on a system and determine if the system was a VMware virtual machine.The actors used tasklist.exe and find.exe to display a list of applications and services with their PIDs for all tasks running on the computer matching the string “powers.”
System Information Discovery	T1082	Actors used the ipconfig command to get detailed information about the operating system and hardware and determine if the system was a VMware virtual machine.
File and Directory Discovery	T1083	Actors enumerated files and directories or may search in specific locations of a host or network share for certain information within a file system.
Virtualization/Sandbox Evasion: System Checks	T1497.001	Actors used Windows command shellcommands to detect and avoid virtualization and analysis environments.
Lateral Movement
Technique Title	ID	Use
Remote Services: SMB/Windows Admin Shares	T1021.002	Actors used Valid Accounts to interact with a remote network share using Server Message Block (SMB) and then perform actions as the logged-on user.
Collection
Technique Title	ID	Use
Archive Collected Data: Archive via Utility	T1560.001	Actor used PowerShell commands and WinRAR to compress and/or encrypt collected data prior to exfiltration.
Data from Network Shared Drive	T1039	Actors likely used net share command to display information about shared resources on the local computer and decide which directories to exploit, the powershell dircommand to map shared drives to a specified path and retrieve items from another, and the ntfsinfo command to search network shares on computers they have compromised to find files of interest.The actors used dir.exe to display a list of a directory’s files and subdirectories matching a certain text string.
Data Staged: Remote Data Staging	T1074.002	The actors split collected files into approximately 3 MB chunks located on the Exchange server within the CU2\he\debug directory.
Command and Control
Technique Title	ID	Use
Non-Application Layer Protocol	T1095	Actors used a non-application layer protocol for communication between host and Command and Control (C2) server or among infected hosts within a network.
Ingress Tool Transfer	T1105	Actors used the certutil command with three switches to test if they could download files from the internet.The actors employed CovalentStealer to exfiltrate the files.
Proxy	T1090	Actors are known to use VPN and VPS providers, namely M247 and SurfShark, as part of their techniques to access a network remotely.
Exfiltration
Technique Title	ID	Use
Schedule Transfer	T1029	Actors scheduled data exfiltration to be performed only at certain times of day or at certain intervals and blend traffic patterns with normal activity.
Exfiltration Over Web Service: Exfiltration to Cloud Storage	T1567.002	The actor’s CovalentStealer tool stores collected files on a Microsoft OneDrive cloud folder.

DETECTION

Given the actors’ demonstrated capability to maintain persistent, long-term access in compromised enterprise environments, CISA, FBI, and NSA encourage organizations to:

Monitor logs for connections from unusual VPSs and VPNs. Examine connection logs for access from unexpected ranges, particularly from machines hosted by SurfShark and M247.
Monitor for suspicious account use (e.g., inappropriate or unauthorized use of administrator accounts, service accounts, or third-party accounts). To detect use of compromised credentials in combination with a VPS, follow the steps below:
- Review logs for “impossible logins,” such as logins with changing username, user agent strings, and IP address combinations or logins where IP addresses do not align to the expected user’s geographic location.
- Search for “impossible travel,” which occurs when a user logs in from multiple IP addresses that are a significant geographic distance apart (i.e., a person could not realistically travel between the geographic locations of the two IP addresses in the time between logins). Note: This detection opportunity can result in false positives if legitimate users apply VPN solutions before connecting to networks.
- Search for one IP used across multiple accounts, excluding expected logins.
  - Take note of any M247-associated IP addresses used along with VPN providers (e.g., SurfShark). Look for successful remote logins (e.g., VPN, OWA) for IPs coming from M247- or using SurfShark-registered IP addresses.
- Identify suspicious privileged account use after resetting passwords or applying user account mitigations.
- Search for unusual activity in typically dormant accounts.
- Search for unusual user agent strings, such as strings not typically associated with normal user activity, which may indicate bot activity.
Review the YARA rules provided in MAR-10365227-1 to assist in determining whether malicious activity has been observed.
Monitor for the installation of unauthorized software, including Remote Server Administration Tools (e.g., psexec, RdClient, VNC, and ScreenConnect).
Monitor for anomalous and known malicious command-line use. See Appendix: Windows Command Shell Activity for commands used by the actors to interact with the victim’s environment.
Monitor for unauthorized changes to user accounts (e.g., creation, permission changes, and enabling a previously disabled account).

CONTAINMENT AND REMEDIATION

Organizations affected by active or recently active threat actors in their environment can take the following initial steps to aid in eviction efforts and prevent re-entry:

Report the incident. Report the incident to U.S. Government authorities and follow your organization’s incident response plan.
- Report incidents to CISA via CISA’s 24/7 Operations Center (report@cisa.gov or 888-282-0870).
- Report incidents to your local FBI field office at fbi.gov/contact-us/field-offices or to FBI’s 24/7 Cyber Watch (CyWatch) via (855) 292-3937 or CyWatch@fbi.gov.
- For DIB incident reporting, contact the Defense Cyber Crime Center (DC3) via DIBNET at dibnet.dod.mil/portal/intranet or (410) 981 0104.
Reset all login accounts. Reset all accounts used for authentication since it is possible that the threat actors have additional stolen credentials. Password resets should also include accounts outside of Microsoft Active Directory, such as network infrastructure devices and other non-domain joined devices (e.g., IoT devices).
Monitor SIEM logs and build detections. Create signatures based on the threat actor TTPs and use these signatures to monitor security logs for any signs of threat actor re-entry.
Enforce MFA on all user accounts. Enforce phishing-resistant MFA on all accounts without exception to the greatest extent possible.
Follow Microsoft’s security guidance for Active Directory—Best Practices for Securing Active Directory.
Audit accounts and permissions. Audit all accounts to ensure all unused accounts are disabled or removed and active accounts do not have excessive privileges. Monitor SIEM logs for any changes to accounts, such as permission changes or enabling a previously disabled account, as this might indicate a threat actor using these accounts.
Harden and monitor PowerShell by reviewing guidance in the joint Cybersecurity Information Sheet—Keeping PowerShell: Security Measures to Use and Embrace.

Mitigations

Mitigation recommendations are usually longer-term efforts that take place before a compromise as part of risk management efforts, or after the threat actors have been evicted from the environment and the immediate response actions are complete. While some may be tailored to the TTPs used by the threat actor, recovery recommendations are largely general best practices and industry standards aimed at bolstering overall cybersecurity posture.

Segment Networks Based on Function

Implement network segmentation to separate network segments based on role and functionality. Proper network segmentation significantly reduces the ability for ransomware and other threat actor lateral movement by controlling traffic flows between—and access to—various subnetworks. (See CISA’s Infographic on Layering Network Security Through Segmentation and NSA’s Segment Networks and Deploy Application-Aware Defenses.)
Isolate similar systems and implement micro-segmentation with granular access and policy restrictions to modernize cybersecurity and adopt Zero Trust (ZT) principles for both network perimeter and internal devices. Logical and physical segmentation are critical to limiting and preventing lateral movement, privilege escalation, and exfiltration.

Manage Vulnerabilities and Configurations

Update software, including operating systems, applications, and firmware, on network assets. Prioritize patching known exploited vulnerabilities and critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment.
Implement a configuration change control process that securely creates device configuration backups to detect unauthorized modifications. When a configuration change is needed, document the change, and include the authorization, purpose, and mission justification. Periodically verify that modifications have not been applied by comparing current device configurations with the most recent backups. If suspicious changes are observed, verify the change was authorized.

Search for Anomalous Behavior

Use cybersecurity visibility and analytics tools to improve detection of anomalous behavior and enable dynamic changes to policy and other response actions. Visibility tools include network monitoring tools and host-based logs and monitoring tools, such as an endpoint detection and response (EDR) tool. EDR tools are particularly useful for detecting lateral connections as they have insight into common and uncommon network connections for each host.
Monitor the use of scripting languages (e.g., Python, Powershell) by authorized and unauthorized users. Anomalous use by either group may be indicative of malicious activity, intentional or otherwise.

Restrict and Secure Use of Remote Admin Tools

Limit the number of remote access tools as well as who and what can be accessed using them. Reducing the number of remote admin tools and their allowed access will increase visibility of unauthorized use of these tools.
Use encrypted services to protect network communications and disable all clear text administration services(e.g., Telnet, HTTP, FTP, SNMP 1/2c). This ensures that sensitive information cannot be easily obtained by a threat actor capturing network traffic.

Implement a Mandatory Access Control Model

Implement stringent access controls to sensitive data and resources. Access should be restricted to those users who require access and to the minimal level of access needed.

Audit Account Usage

Monitor VPN logins to look for suspicious access (e.g., logins from unusual geo locations, remote logins from accounts not normally used for remote access, concurrent logins for the same account from different locations, unusual times of the day).
Closely monitor the use of administrative accounts. Admin accounts should be used sparingly and only when necessary, such as installing new software or patches. Any use of admin accounts should be reviewed to determine if the activity is legitimate.
Ensure standard user accounts do not have elevated privileges Any attempt to increase permissions on standard user accounts should be investigated as a potential compromise.

VALIDATE SECURITY CONTROLS

In addition to applying mitigations, CISA, FBI, and NSA recommend exercising, testing, and validating your organization’s security program against threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. CISA, FBI, and NSA recommend testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.

To get started:

Select an ATT&CK technique described in this advisory (see Table 1).
Align your security technologies against the technique.
Test your technologies against the technique.
Analyze the performance of your detection and prevention technologies.
Repeat the process for all security technologies to obtain a set of comprehensive performance data.
Tune your security program, including people, processes, and technologies, based on the data generated by this process.

CISA, FBI, and NSA recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory.

RESOURCES

CISA offers several no-cost scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors. See cisa.gov/cyber-hygiene-services.

U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System (PDNS) services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov.

ACKNOWLEDGEMENTS

CISA, FBI, and NSA acknowledge Mandiant for its contributions to this CSA.

APPENDIX: WINDOWS COMMAND SHELL ACTIVITY

Over a three-day period in February 2021, APT cyber actors used Windows Command Shell to interact with the victim’s environment. When interacting with the victim’s system and executing commands, the threat actors used /q and /c parameters to turn the echo off, carry out the command specified by a string, and stop its execution once completed.

On the first day, the threat actors consecutively executed many commands within the Windows Command Shell to learn about the organization’s environment and to collect sensitive data for eventual exfiltration (see Table 2).

Command	Description / Use
net share	Used to create, configure, and delete network shares from the command-line.[1] The threat actor likely used this command to display information about shared resources on the local computer and decide which directories to exploit.
powershell dir	An alias (shorthand) for the PowerShell Get-ChildItem cmdlet. This command maps shared drives by specifying a path to one location and retrieving the items from another.[2] The threat actor added additional switches (aka options, parameters, or flags) to form a “one liner,” an expression to describe commonly used commands used in exploitation: powershell dir -recurse -path e:\<redacted>\|select fullname,length\|export-csv c:\windows\temp\temp.txt. This particular command lists subdirectories of the target environment when.
systeminfo	Displays detailed configuration information [3], tasklist – lists currently running processes [4], and ipconfig – displays all current Transmission Control Protocol (TCP)/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings, respectively [5]. The threat actor used these commands with specific switches to determine if the system was a VMware virtual machine: systeminfo > vmware & date /T, tasklist /v > vmware & date /T, and ipconfig /all >> vmware & date /.
route print	Used to display and modify the entries in the local IP routing table. [6] The threat actor used this command to display the entries in the local IP routing table.
netstat	Used to display active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics, and IPv6 statistics.[7] The threat actor used this command with three switches to display TCP connections, prevent hostname determination of foreign IP addresses, and specify the protocol for TCP: netstat -anp tcp.
certutil	Used to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.[8] The threat actor used this command with three switches to test if they could download files from the internet: certutil -urlcache -split -f https://microsoft.com temp.html.
ping	Sends Internet Control Message Protocol (ICMP) echoes to verify connectivity to another TCP/IP computer.[9] The threat actor used ping -n 2 apple.com to either test their internet connection or to detect and avoid virtualization and analysis environments or network restrictions.
taskkill	Used to end tasks or processes.[10] The threat actor used taskkill /F /PID 8952 to probably disable security features. CISA was unable to determine what this process was as the process identifier (PID) numbers are dynamic.
PowerShell Compress-Archive cmdlet	Used to create a compressed archive or to zip files from specified files and directories.[11] The threat actor used parameters indicating shared drives as file and folder sources and the destination archive as zipped files. Specifically, they collected sensitive contract-related information from the shared drives.

On the second day, the APT cyber actors executed the commands in Table 3 to perform discovery as well as collect and archive data.

Command	Description / Use
ntfsinfo.exe	Used to obtain volume information from the New Technology File System (NTFS) and to print it along with a directory dump of NTFS meta-data files.[12]
WinRAR.exe	Used to compress files and subsequently masqueraded WinRAR.exe by renaming it VMware.exe.[13]

On the third day, the APT cyber actors returned to the organization’s network and executed the commands in Table 4.

Command	Description / Use
powershell -ep bypass import-module .\vmware.ps1;export-mft -volume e	Threat actors ran a PowerShell command with parameters to change the execution mode and bypass the Execution Policy to run the script from PowerShell and add a module to the current section: powershell -ep bypass import-module .\vmware.ps1;export-mft -volume e. This module appears to acquire and export the Master File Table (MFT) for volume E for further analysis by the cyber actor.[14]
set.exe	Used to display the current environment variable settings.[15] (An environment variable is a dynamic value pointing to system or user environments (folders) of the system. System environment variables are defined by the system and used globally by all users, while user environment variables are only used by the user who declared that variable and they override the system environment variables (even if the variables are named the same).
dir.exe	Used to display a list of a directory’s files and subdirectories matching the eagx* text string, likely to confirm the existence of such file.
tasklist.exe and find.exe	Used to display a list of applications and services with their PIDs for all tasks running on the computer matching the string “powers”.[16][17][18]
ping.exe	Used to send two ICMP echos to amazon.com. This could have been to detect or avoid virtualization and analysis environments, circumvent network restrictions, or test their internet connection.[19]
del.exe with the /f parameter	Used to force the deletion of read-only files with the .rar and tempg wildcards.[20]

References

[1] Microsoft Net Share

[2] Microsoft Get-ChildItem

[3] Microsoft systeminfo

[4] Microsoft tasklist

[5] Microsoft ipconfig

[6] Microsoft Route

[7] Microsoft netstat

[8] Microsoft certutil

[9] Microsoft ping

[10] Microsoft taskkill

[11] Microsoft Compress-Archive

[12] NTFSInfo v1.2

[13] rarlab

[14] Microsoft Import-Module

[15] Microsoft set (environment variable)

[16] Microsoft tasklist

[17] Mitre ATT&CK – Sofware: TaskList

[18] Microsoft find

[19] Microsoft ping

[20] Microsoft del

Revisions

October 4, 2022: Initial version

Source :
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a

UniFi Talk – Use UniFi Talk devices

This article describes how to use your UniFi Talk devices once they’re set up and configured in the Talk application. For more information on how to set up and configure your devices, please refer to these articles on adopting devices and using the Talk application.

For optimal performance, make sure you’re using the latest firmware for your devices and the latest UniFi Talk application version.

Configure voicemail

To configure voicemail on the Touch and Touch Max phone:

From the Keypad, dial *86 or long-press 1 to access voicemail configuration.
Follow the audio prompts to complete voicemail configuration.

Note: Visual voicemail configuration is coming soon.

To configure voicemail on the Flex phone:

Press the MESSAGE button to access voicemail configuration.
Follow the audio prompts to complete voicemail configuration.

Forward an incoming call

To forward an incoming call on the Touch and Touch Max phone:

From the incoming call screen, press the blue Forward button to view your contact list.
Select a contact to forward the incoming call.

Start a parallel call

To start a parallel call (i.e., start a new call while one or more calls are already ongoing) on the Touch and Touch Max phone:

From the active call screen, press the Add / Transfer button.
There are two options for starting a parallel call:
1. From the Contacts tab of the Add / Transfer screen, select a contact from your contact list.
2. From the Keypad tab of the Add / Transfer screen, dial a number and press the green button at the bottom of the screen.
Press the Call button to start a parallel call. The current active call will be placed on hold.
When two or more calls are active in parallel, swipe left or right to navigate between active calls.

Transfer an active call

To transfer an active call on the Touch or Touch Max phone:

From the active call screen, press the Add / Transfer button.
There are two options for transferring an active call:
1. From the Contacts tab of the Add / Transfer screen, select a contact from your contact list.
2. From the Keypad tab of the Add / Transfer screen, dial a number and press the green button at the bottom of the screen.
You will have the option to press Transfer or Warm Transfer.
1. If you press the Transfer button, this will utilize a cold (blind) transfer. The active call will immediately be transferred and will ring the destination phone once you press the Transfer button.
2. If you select the Warm Transfer option, the original caller is placed on hold while the transfer destination is dialed. The transfer destination has to pick up, at which point you have to again press the blue transfer button to complete the transfer.

To transfer an active call on the Flex phone:

While the call is active, press the TRANSFER button.
From here, you can either transfer to a specific number or a contact.
1. To transfer to a specific number, enter the number you’d like to transfer the call to and press the DIAL soft key.
2. To transfer to a contact, press the CONTACT soft key to load your contact list. Navigate the contact list using the up/down keys and dial the desired contact by pressing the DIAL soft key or the OK button.
You’re now calling the transfer destination. Once the transfer destination answers the call, press the TRANSFER button again to connect the original caller with the transfer destination.

Note: The Flex phone utilizes a warm (attended) transfer. The original caller will be placed on hold while a second call is established with the transfer destination. Once the second call is connected, the transfer can be completed to connect the original caller with the transfer destination.

Start a conference call

To start a conference call on the Touch and Touch Max phone:

From the active call screen, press the Add / Transfer button.
There are two options for adding additional parties to a conference call:
1. From the Contacts tab of the Add / Transfer screen, select a contact and press the Add to Call button.
2. From the Keypad tab of the Add / Transfer screen, dial the additional party’s number, press the green button at the bottom of the screen, and select the Add to Call option.

To start a three-way conference call on the Flex phone:

While the call is active, press the CONF soft key.
From here, you can either start a call with a specific number or a contact.
1. To call a specific number, enter the number you’d like to transfer the call to and press the DIAL soft key.
2. To call a contact, press the CONTACT soft key to load your contact list. Navigate the contact list using the up/down keys and dial the desired contact by pressing the DIAL soft key or the OK button.
You’re now calling the third party. Once the third party answers the call, press the CONF soft key again to start a conference call.

Manage your status

To manage your status on the Touch and Touch Max phone:

Press the App Selector button, located below the phone’s touchscreen to the left of the Ubiquiti logo.
Select Settings and click on My Status.
From here, you can select between three status settings:
1. Create a DND Allow List to allow specific numbers to ring your device when your status is set to Do Not Disturb.
2. Specify a redirect number using the Change Redirect Number button on the My Status page.
1. Available: Incoming calls will ring your device.
2. Do Not Disturb (DND): Incoming calls will be sent to voicemail.
3. Redirect: Incoming calls will be forwarded to the specified redirect number.

To manage your status on the Flex phone:

Do Not Disturb (DND): Incoming calls will be sent to voicemail.
1. Press the DND soft key to place your device in Do Not Disturb mode. Incoming calls will go to voicemail. When DND is enabled you will see the word DND with a symbol in the top-left corner of the screen.
2. Press the DND soft key again to disable Do Not Disturb mode.
Redirect: Incoming calls will be forwarded to the specified redirect number.
1. Press the MENU soft key, then select 2. SETTINGS.
2. Use the up/down keys to navigate the settings menu and select 5. CALL FORWARD.
3. Press the YES soft key to set a redirect status.

On the CALL FORWARD NUMBER screen, press the EDIT soft key, enter your redirect number with the keypad, and press the CONFIRM soft key.

Troubleshooting

My Talk device is showing a Connection Error screen

This error means that your Talk device cannot communicate with the Talk application.

To troubleshoot a Connection Error state:

Ensure that the Talk application is running. To check on Talk’s status, open unifi.ui.com, select your UniFi OS Console, go to Settings > Updates, and locate the Talk application tile. If Talk is stopped, click on the three dots menu in the Talk application tile and select Start.
Restart the Talk application. See this section for instructions on how to restart Talk.
Restart your UniFi OS Console by going to its Settings > Advanced and clicking Restart Console under the Console Controls header.
If you’re still encountering this issue after the troubleshooting steps above, please contact Ubiquiti Support.

Source :
https://help.ui.com/hc/en-us/articles/4409791920791-UniFi-Talk-Use-UniFi-Talk-devices

UniFi Protect – Configure location-based activity notifications

You can configure UniFi Protect location-based activity notifications so you are only notified when the user(s) are off-site. This article outlines the steps needed to set this up for your account.

In this article, you will learn how to:

Set the location of your UniFi OS Console

To set the location of your UniFi OS Console:

Make sure that your UniFi OS Console has remote access enabled.
In the UniFi OS settings, go to Console Settings > Time Zone / Location > Edit Location on Map.
Search for the Address or drag your UOS Console to the correct location.
Adjust the Geofencing Radius slider to define your console’s on-site radius (i.e, “geofence”).
Click Apply Changes when you’ve set the desired geofence.

If you experience unexpected status changes while on site, increase the geofence’s radius.

Configure your primary mobile device

Your primary mobile device will be the one used to determine whether you are on or off-site (i.e., within the geofence).

To configure your primary mobile device:

Make sure cellular data is enabled on your mobile device.
Make sure that the UniFi Protect mobile app has proper location permissions:
1. For iOS devices, set the Protect mobile app’s Location Setting permission to Always. Precise Location should also be enabled.
2. For Android devices, make sure that Protect mobile app’s location access is set to Allow all the time.
Open the Protect mobile app, tap the Settings icon on the bottom-left corner of the screen followed by Primary Device; then, select the desired mobile device from the list.
To activate your UniFi OS Console’s geofence, use the Protect mobile app to go to Settings > UniFi OS Console > Network and enable the Geofencing toggle.

Configure location-based activity notifications

After you’ve configured the locations of your UniFi OS Console and primary mobile device, you can create activity notifications using your UniFi Protect web application or mobile app.

To create activity notifications using the UniFi Protect mobile app:

Go to Settings > Notifications to create a new activity notification or edit an existing one.
Select from Off, Default, or Custom.
1. If you choose Custom, click the Activity tab to customize the notification for each camera.

To create or edit activity notifications using the Protect web application:

Log in and go to Settings > Notifications > Activity.
Adjust When to Send > Location Based to receive notifications when you are off site (When I’m Away) or when all users are off site (When Everyone is Away).
Go back and customize the notifications for your cameras.

Troubleshooting inaccurate location tracking

The Protect mobile app uses GPS and communication with the UniFi OS Console to provide an accurate location.

If you are experiencing location inaccuracies, follow the device-specific steps below to improve the mobile app’s location tracking:

For iOS / iPadOS devices:

Disable Low Power mode, as it may prevent the app from sending location status updates.
Enable Background App Refresh and Cellular Data for the UniFi Protect mobile app.
Disable VPN or Mobile Hotspot if they interfere with location accuracy.

For Android devices:

Select High Accuracy mode for mobile phone location tracking, if available.
Disable data saving settings.
Disable battery optimization for the UniFi Protect mobile app by tapping Settings > Battery > Battery Optimization > Don’t Optimize.
Disable power saving mode to ensure it isn’t auto-enabled once your phone battery is low.
If your mobile has a Deep Sleep feature, disable it for the UniFi Protect mobile app to make sure you don’t receive location status updates after opening it.

Source :
https://help.ui.com/hc/en-us/articles/360037982314-UniFi-Protect-Configure-location-based-activity-notifications