RSA Report: Cybersecurity is National Security

The role of government in stopping supply chain attacks and other threats to our way of life.

By Amber Wolff
April 26, 2023

How governments play a vital role in developing regulations, stopping supply chain attacks, and diminishing other threats to our way of life.

While new issues are always emerging in the world of cybersecurity, some have been present since the beginning, such as what role cybersecurity should play in government operations and, conversely, what role government should play in cybersecurity. The answer to this question continues to shift and evolve over time, but each new leap in technology introduces additional considerations. As we move into the AI era, how can government best keep citizens safe without constraining innovation and the free market — and how can the government use its defensive capabilities to retain an edge in the conflicts of tomorrow?

The day’s first session, “Cybersecurity and Military Defense in an Increasingly Digital World,” offered a deep dive into the latter question. Over the past 20 years, military conflicts have moved from involving just Land, Air and Sea to also being fought in Space and Cyber. While superior technology has given us an upper hand in previous conflicts, in some areas our allies — and our adversaries — are catching up or even surpassing us. In each great technological leap, companies and countries alike ascend and recede, and to keep our edge in the conflicts of the future, the U.S. will need to shed complacency, develop the right policies, move toward greater infrastructure security and tap the capabilities of the private sector.

SonicWall in particular is well-positioned to work with the federal government and the military. For years, we’ve helped secure federal agencies and defense deployments against enemies foreign and domestic, and have woked to shorten and simplify the acquisition and procurement process. Our list of certifications includes FIPS 140-2, Common Criteria, DoDIN APL, Commercial Solutions for Classified (CSfC), USGv6, IPv6 and TAA and others. And our wide range of certified solutions have been used in a number of government use cases, such as globally distributed networks in military deployments and federal agencies, tip-of-the-spear, hub-and-spoke, defense in-depth layered firewall strategies and more.

Because Zero Trust is just as important for federal agencies as it is for private sector organizations, SonicWall offers the SMA 1000, which offers Zero Trust Network Architecture that complies with federal guidelines, including the DoDIN APL, FIPS and CSfC, as well as the U.S. National Cybersecurity Strategy.

This new strategy was at the center of the day’s next session. In “The National Cyber Strategy as Roadmap to a Secure Cyber Future,” panelists outlined this strategic guidance, which was released just two months ago and offered a roadmap for how the U.S. should protect its digital ecosystem against malicious criminal and nation-state actors. The guidance consists of five pillars, all of which SonicWall is in accord with:

Pillar One: Defend Critical Infrastructure
SonicWall offers several security solutions that align with Pillar One, including firewalls, intrusion prevention, VPN, advanced threat protection, email security, Zero-Trust network access and more. We’re also working to align with and conform to NIST SSDF and NIST Zero Trust Architecture standards.
Pillar Two: Disrupt and Dismantle Threat Actors

SonicWall uses its Email Security to disrupt and mitigate the most common ransomware vector: Phishing. And in 2022 alone, we helped defend against 493.3 million ransomware attacks.

Pillar Three: Shape Market Forces to Drive Security and Resilience

This pillar shifts liability from end users to software providers that ignore best practices, ship insecure or vulnerable products or integrate unvetted or unsafe third-party software. And as part of our efforts to aign with the NIST SSDF, we’re implementing a Software Bill of Materials (SBOM).

Pillar Four: Invest in a Resilient Future

Given CISA’s prominence in this guidance, any regulations created will likely include threat emulation testing, and will likely be mapped to threat techniques, such as MITRE ATT&CK. SonicWall Capture Client (our EDR solution) is powered by SentinelOne, which has been a participant in the MITRE ATT&CK evaluations since 2018 and was a top performer in the 2022 Evaluations.

Pillar Five: Forge International Partnerships to Pursue Shared Goals

An international company, SonicWall recognizes the importance of international partnerships and works to comply with global regulations such as GDPR, HIPAA, PCI-DSS and more. By sharing threat intelligence and collaborating no mitigation strategies, we work with governments and the rest of the cybersecurity community to pursue shared cybersecurity goals.

And with the continued rise in cybercrime, realizing these goals has never been more important. In “The State of Cybersecurity: Year in Review,” Mandiant CEO Kevin Mandia summarized findings from the 1,163 intrusions his company investigated in 2022. The good news, Mandia said, is that we’re detecting threats faster. In just ten years, we’ve gone from averaging 200 days to notice there’s a problem, to just 16 days currently — but at the same time, an increase in the global median dwell time for ransomware shows there’s still work to be done.

Mandia also outined the evolution of how cybercriminals are entering networks, from Unix platforms, to Windows-based attacks, and from phishing, to spearphishing to vulnerabilities — bringing patch management once again to the fore.

Deep within the RSAC Sandbox, where today’s defenders learn, play and test their skills, panelists convened to discuss how to stop attackers’ relentless attempts to shift left. “Software Supply Chain: Panel on Threat Intel, Trends, Mitigation Strategies” explained that while the use of third-party components increases agility, it comes with tremendous risk. More than 96% of software organizations rely on third-party code, 90% of which consists of open source—but the developers of this software are frequently single individuals or small groups who may not have time to incorporate proper security, or even know how. Our current strategy of signing at the end isn’t enough, panelists argued—to truly ensure safety, signing should be done throughout the process (otherwise known as “sign at the station”).

Israel provides an example of how a country can approach the issue of software supply chain vulnerability — among other things, the country has created a GitHub and browser extension allowing developers to check packages for malicious code — but much work would need to be done to implement the Israel model in the U.S. AI also provides some hope, but given its current inability to reliably detect malicious code, we’re still a long way from being able to rely on it. In the meantime, organizations will need to rely on tried-and-true solutions such as SBOMs to help guard against supply chain attacks in the near future.

But while AI has tremendous potential to help defenders, it also has terrible potential to aid attackers. In “ChatGPT: A New Generation of Dynamic Machine-Based Attacks,” the speakers highlighted ways that attackers are using the new generation of AI technology to dramatically improve social engineering attempts, expand their efforts to targets in new areas, and even write ransomware and other malicious code. In real time, the speakers demonstrated the difference between previous phishing emails and phishing generated by ChatGPT, including the use of more natural language, the ability to instantly access details about the target and the ability to imitate a leader or colleague trusted by the victim with a minimum of effort. These advancements will lead to a sharp increase in victims of phishing attacks, as well as things like Business Email Compromise.

And while there are guardrails in place to help prevent ChatGPT from being used maliciously, they can be circumvented with breathtaking ease. With the simple adjustment of a prompt, the speakers demonstrated, ransomware and other malicious code can be generated. While this code isn’t functional on its own, it’s just one or two simple adjustments away — and this capability could be used to rapidly increase the speed with which attacks are launched.

These capabilities are especially concerning given the rise in state-sponsored attacks. In “State of the Hack 2023: NSA’s Perspective,” NSA Director of Cybersecurity Rob Joyce addressed a packed house regarding the NSA’s work to prevent the increasing wave of nation-state threats. The two biggest nation-state threats to U.S. cybersecurity continue to be Russia and China, with much of the Russian effort centering around the U.S.’ assistance in the Russia/Ukraine conflict.

As we detailed in our SonicWall 2023 Cyber Threat Report, since the beginning of the conflict, attacks by Russia’s military and associated groups have driven a massive spike in cybercrime in Ukraine. The good news, Joyce said, is that Russia is currently in intelligence-gathering mode when it comes to the U.S., and is specifically taking care not to release large-scale NotPetya-type attacks. But Russia also appears to be playing the long game, and is showing no signs of slowing or scaling back their efforts.

China also appears to be biding its time — but unlike Russia, whose efforts appear to be focused around traditional military dominance, China is seeking technological dominance. Exploitation by China has increased so much that we’ve become numb to it, Joyce argued. And since these nation-state sponsored attackers don’t incur much reputational damage for their misdeeds, they’ve become increasingly brazen in their attacks, going so far as to require any citizen who finds a zero-day to pass details to the government and hosting competitions for building exploits and finding vulnerabilities. And the country is also making efforts to influence international tech standards in an attempt to tip scales in their favor for years to come.

The 2023 RSA Conference has offered a wealth of information on a wide variety of topics, but it will soon draw to a close. Thursday is the last day to visit the SonicWall booth (#N-5585 in Moscone North) and enjoy demos and presentations on all of our latest technology. Don’t head home without stopping by — and don’t forget to check back for the conclusion of our RSAC 2023 coverage!

Source :
https://blog.sonicwall.com/en-us/2023/04/rsa-report-cybersecurity-is-national-security/

Preventing and Detecting Attacks Involving 3CX Desktop App

In this blog entry, we provide technical details and analysis on the 3CX attacks as they happen. We also discuss available solutions which security teams can maximize for early detection and mitigate the impact of 3CX attacks.

By: Trend Micro Research
March 30, 2023
Read time: 7 min (1870 words)

Updated on:

April 5, 2:39 a.m. EDT: We added Windows, Mac, and network commands to the Trend Micro Vision One™️ guide in the linked PDF.
April 4, 3:29 a.m. EDT: We added Trend Micro XDR filters to the solutions.
April 3, 2:33 a.m. EDT: We added details on d3dcompiler_47.dll‘s abuse of CVE-2013-3900 to make it appear legitimately signed.
April 1, 1:50 a.m. EDT: We added a guide on how Vision One can be used to search for potential threats associated with the 3CX desktop app.
March 31, 11:07 p.m. EDT: We added technical details, an analysis of the info-stealer payload, and information on Trend Micro XDR capabilities for investigating and mitigating risks associated with the 3CX desktop app.
March 31, 3:00 a.m. EDT: We added the execution flow diagram, a link to Trend Micro support page, and a list of Mac IOCs and detection names.

In late March 2023, security researchers revealed that threat actors abused a popular business communication software from 3CX — in particular, the reports mention that a version of the 3CX VoIP (Voice over Internet Protocol) desktop client was being employed to target 3CX’s customers as part of an attack.

On its forums, 3CX has posted an update that recommends uninstalling the desktop app and using the Progressive Web App (PWA) client instead. The company also mentioned that they are working on an update to the desktop app.

For a more comprehensive scope of protection against possible attacks associated with the 3CX Desktop App, the Trend Micro XDR platform can help organizations mitigate the impact by collecting and analyzing extensive activity data from various sources. By applying XDR analytics to the data gathered from its native products, Trend Micro XDR generates correlated and actionable alerts.

Trend Micro customers can also take advantage of Trend Micro Vision One™ to search for and monitor potential threats associated with the 3CX Desktop App, and to better understand observed attack vectors. For more information on how to utilize Trend Micro Vision One features, you may download the PDF guide here.

Additional guidance for Trend Micro customers including help with protection and detection can be found on our support page.

What is the compromised application?

The 3CX app is a private automatic branch exchange (PABX) software that provides several communication functions for its users, including video conferencing, live chat, and call management. The app is available on most major operating systems, including Windows, macOS, and Linux. Additionally, the client is available as a mobile application for both Android and iOS devices, while a Chrome extension and the PWA version of the client allow users to access the software through their browsers.

The issue was said to be limited to the Electron (non-web versions) of their Windows package (versions 18.12.407 and 18.12.416) and macOS clients (versions 18.11.1213, 18.12.402, 18.12.407 and 18.12.416).

According to the company’s website, more than 600,000 businesses and over 12 million daily users around the world use 3CX’s VoIP IPBX software.

How does the attack work?

The attack is reportedly a multi-stage chain in which the initial step involves a compromised version of the 3CX desktop app. Based on initial analysis, the MSI package (detected by Trend Micro as Trojan.Win64.DEEFFACE.A and Trojan.Win64.DEEFFACE.SMA) is the one that is compromised with possible trojanized DLLs, since the .exe file has the same name.

The infection chain begins with 3CXDesktopApp.exe loading ffmpeg.dll (detected as Trojan.Win64.DEEFFACE.A andTrojan.Win64.DEEFFACE.SMA). Next, ffmpeg.dll reads and decrypts the encrypted code from d3dcompiler_47.dll (detected as Trojan.Win64.DEEFFACE.A and Trojan.Wind64.DEEFACE.SMD3D).

The decrypted code seems to be the backdoor payload that tries to access the IconStorages GiHub page to access an ICO file (detected as Trojan.Win32.DEEFFACE.ICO) containing the encrypted C&C server that the backdoor connects to in order to retrieve the possible final payload. In addition, d3dcompiler_47.dll also abuses CVE-2013-3900 to make it appear that it is legitimately signed.

As part of its attack routine, it contacts the servers noted in the list of indicators of compromise (IOCs) at the end of this blog entry. These domains are blocked by the Trend Micro Web Reputation Services (WRS).

Execution flow

Upon execution, the MSI package installer will drop the following files that are related to malicious behavior. Trend Micro Smart Scan Pattern (cloud-based) TBL 21474.300.40 can detect these files as Trojan.Win64.DEEFFACE.A.

3CXDesktopApp.exe: A normal file that is abused to load the trojanized DLL
ffmpeg.dll: A trojanized DLL used to read, load, and execute a malicious shellcode from d3dcompiler_47.dll
d3dcompiler_47.dll: A DLL appended with an encrypted shellcode after the fe ed fa ce hex string

Some conditions are necessary for execution. For example, the sleep timestamp varies depending on the following conditions: First, it checks if the manifest file is present, as well as if it is using a specified date. If the file is not present or if it is using the specified date, the timestamp will generate a random number and use the formula rand() % 1800000 + current date + 604800 (604,800 is seven days). After the date is computed, the malware will continue its routine.

Upon execution of 3CXDesktopApp.exe, ffmpeg.dll, which seems to be a trojanized or patched DLL, will be loaded. It will still contain its normal functionalities, but it will have an added malicious function that reads d3dcompiler_47.dll to locate an encrypted shellcode after the fe ed fa ce hex strings.

Figure 2. Reading "d3dcompiler_47.dll" and locating the “fe ed fa ce” hex string — Figure 2. Reading “d3dcompiler_47.dll” and locating the “fe ed fa ce” hex string

Upon decryption of the malicious shellcode using RC4 with the key, 3jB(2bsG#@c7, the shellcode will then try to access the GitHub repository that houses the ICO files containing the encrypted C&C strings that use Base64 encoding and AES + GCM encryption at the end of the image.

These B64 strings seem to be C&C domains that the shellcode tries to connect to for downloading other possible payloads. However, we were unable to confirm the exact nature of these payloads since the GitHub repository (raw.githubusercontent[.]com/IconStorages/images/main/) had already been taken down at the time of this writing. Note that the process exits when the page is inaccessible.

Figure 3. Code snippet showing the hard-coded GitHub repository

Figure 4. An ICO file from the GitHub repository

The above description applies to the Windows version. The behaviour of the Mac version is broadly similar, although it only uses a subset of the Windows C&C domains.

Info-stealer payload analysis

Based on our ongoing analysis of attacks on 3CX and the behaviors observed, the following section details what we know so far about the payload’s attack vector.

Payloads in investigated 3CX attacks are detected as TrojanSpy.Win64.ICONICSTEALER.THCCABC. Upon analysis of the payload named ICONIC Stealer, we discovered that if it is executed using regsvr32.exe as the DLL loader, it will display the following system error:

Figure 5. Error displayed upon executing the sample using "regsvr32.exe" — Figure 5. Error displayed upon executing the sample using “regsvr32.exe”

Meanwhile, if rundll32.exe is used as the DLL loader, it encounters a WerFault error and displays the following pop-up message:

Figure 6. Error displayed if "rundll32.exe" is used as the DLL loader — Figure 6. Error displayed if “rundll32.exe” is used as the DLL loader

This indicates that the sample must be loaded by a specific application to proceed to its malicious routine.

ICONIC Stealer then checks for a file named config.json under the folder “3CXDesktopApp.”

Figure 7. Checking for "config.json" — Figure 7. Checking for “config.json”

ICONIC Stealer was then observed to steal the following system information:

HostName
DomainName
OsVersion

The gathered data will then be converted into a text-string format.

Figure 8. Converting gathered data into a text-string format

ICONIC Stealer then proceeds to its last behavior, which steals browser data. It uses the function shown in Figure 9 to traverse the infected system using predefined directories related to the browser’s history and other browser-related information.

Figure 9. Function for traversing the infected system

The following figure shows a list of predefined strings:

The system directories on the following list compose the targets identified in the partial analysis of the ICONIC Stealer’s behavior. More information will be provided as this blog is updated.

AppData\Local\Google\Chrome\User Data
AppData\Local\Microsoft\Edge\User Data
AppData\Local\BraveSoftware\Brave-Browser\User Data
AppData\Roaming\Mozilla\Firefox\Profiles

Browser	Target information
Chrome	History
Edge	History
Brave	History
Firefox	places.sqlite

^{Table 1. The targeted section of each browser. Note that “places.sqlite” stores the annotations, bookmarks, favorite icons, input history, keywords, and the browsing history of visited pages for Mozilla Firefox.}

ICONIC Stealer was also found with the capability to limit the retrieved data to the first five hundred entries to ensure that the most recent browser activity is the data that is retrieved:

Figure 11. Limiting data to the first 500 entries

“UTF-16LE”, ‘SELECT url, title FROM urls ORDER BY id DESC LIMIT

“UTF-16LE”, ‘500’,0

“UTF-16LE”, ‘SELECT url, title FROM moz_places ORDER BY id DESC

“UTF-16LE”, ‘LIMIT 500’,0

Figure 12. Retrieved results stored on an allocated buffer

The gathered data will be passed to the main loader module to POST then back to the C&C server embedded in the main module.

What is its potential impact?

Due to its widespread use and its importance in an organization’s communication system, threat actors can cause major damage (for example, by monitoring or rerouting both internal and external communication) to businesses that use this software.

What can organizations do about it?

Organizations that are potentially affected should stop using the vulnerable version if possible and apply the patches or mitigation workarounds if these are available. IT and security teams should also scan for confirmed compromised binaries and builds and monitor for anomalous behavior in 3CX processes, with a particular focus on C&C traffic.

Meanwhile, enabling behavioral monitoring in security products can help detect the presence of the attack within the system.

Indicators of Compromise (IOCs)

SHA256	File name / details	Detection name
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc Installer: aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868	3cxdesktopapp-18.12.407.msi (Windows)	Trojan.Win64.DEEFFACE.A
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405 Installer: 59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983	(Windows)	Trojan.Win64.DEEFFACE.A
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02	ffmpeg.dll	Trojan.Win64.DEEFFACE.A
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896	ffmpeg.dll	Trojan.Win64.DEEFFACE.A
11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03	d3dcompiler.dll	Trojan.Win64.DEEFFACE.A
4e08e4ffc699e0a1de4a5225a0b4920933fbb9cf123cde33e1674fde6d61444f		Trojan.Win32.DEEFFACE.ICO
8ab3a5eaaf8c296080fadf56b265194681d7da5da7c02562953a4cb60e147423	Stealer	TrojanSpy.Win64.ICONICSTEALER.THCCABC

Here is the list of IOCs for Mac users:

SHA256	File name	Detection name
5a017652531eebfcef7011c37a04f11621d89084f8f9507201f071ce359bea3f	3CX Desktop App-darwin-x64-18.11.1213.zip	Trojan.MacOS.FAKE3L3CTRON.A
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290	3CXDesktopApp-18.11.1213.dmg	Trojan.MacOS.FAKE3L3CTRON.A
fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7	libffmpeg.dylib	Trojan.MacOS.FAKE3L3CTRON.A
5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505a	child macho file of libffmpeg.dylib	Trojan.MacOS.FAKE3L3CTRON.A
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec	3CXDesktopApp-18.12.416.dmg	Trojan.MacOS.FAKE3L3CTRON.A
a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67	libffmpeg.dylib	Trojan.MacOS.FAKE3L3CTRON.A
87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43c	child macho file of libffmpeg.dylib	Trojan.MacOS.FAKE3L3CTRON.A

The following domains are blocked by Trend Micro Web Reputation Services (WRS)

akamaicontainer[.]com
akamaitechcloudservices[.]com
azuredeploystore[.]com
azureonlinecloud[.]com
azureonlinestorage[.]com
dunamistrd[.]com
glcloudservice[.]com
journalide[.]org
msedgepackageinfo[.]com
msstorageazure[.]com
msstorageboxes[.]com
officeaddons[.]com
officestoragebox[.]com
pbxcloudeservices[.]com
pbxphonenetwork[.]com
pbxsources[.]com
qwepoi123098[.]com
sbmsa[.]wiki
sourceslabs[.]com
visualstudiofactory[.]com
zacharryblogs[.]com

Trend Micro XDR uses the following filters to protect customers from 3CX-related attacks:

Filter	ID	OS
Compromised 3CX Application File Indicators	F6669	macOS, Windows
DLL Sideloading of 3CX Application	F6668	Windows
Web Reputation Services Detection for Compromised 3CX Application	F6670	macOS, Windows
Suspicious Web Access of Possible Compromised 3CX Application	F6673	Windows
Suspicious DNS Query of Possible Compromised 3CX Application	F6672	Windows

Trend Micro Malware Detection Patterns for Endpoint, Servers (Apex One, Worry-Free Business Security Services, Worry-Free Business Security Standard/Advanced, Deep Security with anti-malware, among others), Mail, and Gateway (Cloud App Security, ScanMail for Exchange, IMSVA):

Starting with Trend Micro Smart Scan Pattern (cloud-based) TBL 21474.200.40, known trojanized versions of this application are being detected as Trojan Win64.DEEFFACE.A.
The Mac version of this threat is detected as Trojan.MacOS.FAKE3L3CTRON.A.

Source :
https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html

CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers

Note: Content from this post first appeared in r/CrowdStrike

We will continue to update on this dynamic situation as more details become available. CrowdStrike’s Intelligence team is in contact with 3CX.

On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity.

The CrowdStrike Falcon^® platform has behavioral preventions and atomic indicator detections targeting the abuse of 3CXDesktopApp. In addition, CrowdStrike^® Falcon OverWatch™ helps customers stay vigilant against hands-on-keyboard activity.

CrowdStrike customers can log into the customer support portal and follow the latest updates in Trending Threats & Vulnerabilities: Intrusion Campaign Targeting 3CX Customers

The 3CXDesktopApp is available for Windows, macOS, Linux and mobile. At this time, activity has been observed on both Windows and macOS.

CrowdStrike Intelligence has assessed there is suspected nation-state involvement by the threat actor LABYRINTH CHOLLIMA. CrowdStrike Intelligence customers received an alert this morning on this active intrusion.

Get fast and easy protection with built-in threat intelligence — request a free trial of CrowdStrike Falcon^® Pro today.

CrowdStrike Falcon Detection and Protection

The CrowdStrike Falcon platform protects customers from this attack and has coverage utilizing behavior-based indicators of attack (IOAs) and indicators of compromise (IOCs) based detections targeting malicious behaviors associated with 3CX on both macOS and Windows.

Customers should ensure that prevention policies are properly configured with Suspicious Processes enabled.

Figure 1. CrowdStrike’s indicator of attack (IOA) identifies and blocks the malicious behavior in macOS (click to enlarge)

Figure 2. CrowdStrike’s indicator of attack (IOA) identifies and blocks the malicious behavior in Windows (click to enlarge)

Hunting in the CrowdStrike Falcon Platform

Falcon Discover

CrowdStrike Falcon® Discover customers can use the following link: US-1 | US-2 | EU | Gov to look for the presence of 3CXDesktopApp in their environment.

Falcon Insight customers can assess if the 3CXDesktopApp is running in their environment with the following query:

Event Search — Application Search

event_simpleName IN (PeVersionInfo, ProcessRollup2) FileName IN ("3CXDesktopApp.exe", "3CX Desktop App")
| stats dc(aid) as endpointCount by event_platform, FileName, SHA256HashData

Falcon Long Term Repository — Application Search

#event_simpleName=/^(PeVersionInfo|ProcessRollup2)$/ AND (event_platform=Win ImageFileName=/\\3CXDesktopApp\.exe$/i) OR (event_platform=Mac ImageFileName=/\/3CX\sDesktop\sApp/i)
| ImageFileName = /.+(\\|\/)(?.+)$/i
| groupBy([event_platform, FileName, SHA256HashData], function=count(aid, distinct=true, as=endpointCount))

Atomic Indicators

The following domains have been observed beaconing, which should be considered an indication of malicious intent.

akamaicontainer[.]com
akamaitechcloudservices[.]com
azuredeploystore[.]com
azureonlinecloud[.]com
azureonlinestorage[.]com
dunamistrd[.]com
glcloudservice[.]com
journalide[.]org
msedgepackageinfo[.]com
msstorageazure[.]com
msstorageboxes[.]com
officeaddons[.]com
officestoragebox[.]com
pbxcloudeservices[.]com
pbxphonenetwork[.]com
pbxsources[.]com
qwepoi123098[.]com
sbmsa[.]wiki
sourceslabs[.]com
visualstudiofactory[.]com
zacharryblogs[.]com

CrowdStrike Falcon® Insight customers, regardless of retention period, can search for the presence of these domains in their environment spanning back one year using Indicator Graph: US-1 | US-2 | EU | Gov.

Event Search — Domain Search

event_simpleName=DnsRequest DomainName IN (akamaicontainer.com, akamaitechcloudservices.com, azuredeploystore.com, azureonlinecloud.com, azureonlinestorage.com, dunamistrd.com, glcloudservice.com, journalide.org, msedgepackageinfo.com, msstorageazure.com, msstorageboxes.com, officeaddons.com, officestoragebox.com, pbxcloudeservices.com, pbxphonenetwork.com, pbxsources.com, qwepoi123098.com, sbmsa.wiki, sourceslabs.com, visualstudiofactory.com, zacharryblogs.com)
| stats dc(aid) as endpointCount, earliest(ContextTimeStamp_decimal) as firstSeen, latest(ContextTimeStamp_decimal) as lastSeen by DomainName
| convert ctime(firstSeen) ctime(lastSeen)

Falcon LTR — Domain Search

#event_simpleName=DnsRequest
| in(DomainName, values=[akamaicontainer.com, akamaitechcloudservices.com, azuredeploystore.com, azureonlinecloud.com, azureonlinestorage.com, dunamistrd.com, glcloudservice.com, journalide.org, msedgepackageinfo.com, msstorageazure.com, msstorageboxes.com, officeaddons.com, officestoragebox.com, pbxcloudeservices.com, pbxphonenetwork.com, pbxsources.com, qwepoi123098.com, sbmsa.wiki, sourceslabs.com, visualstudiofactory.com, zacharryblogs.com])
| groupBy([DomainName], function=([count(aid, distinct=true, as=endpointCount), min(ContextTimeStamp, as=firstSeen), max(ContextTimeStamp, as=lastSeen)]))
| firstSeen := firstSeen * 1000 | formatTime(format="%F %T.%L", field=firstSeen, as="firstSeen")
| lastSeen := lastSeen * 1000 | formatTime(format="%F %T.%L", field=lastSeen, as="lastSeen")
| sort(endpointCount, order=desc)

File Details

SHA256	Operating System	Installer SHA256	FileName
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc	Windows	aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868	3cxdesktopapp-18.12.407.msi
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405	Windows	59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983	3cxdesktopapp-18.12.416.msi
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61	macOS	5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290	3CXDesktopApp-18.11.1213.dmg
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb	macOS	e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec	3cxdesktopapp-latest.dmg

Recommendations

The current recommendation for all CrowdStrike customers is:

Locate the presence of 3CXDesktopApp software in your environment by using the queries outlined above.
Ensure Falcon is deployed to applicable systems.
Ensure “Suspicious Processes” is enabled in applicable Prevention Policies.
Hunt for historical presence of atomic indicators in third-party tooling (if available).

Additional Resources

Request a free CrowdStrike Intelligence threat briefing and learn how to stop adversaries targeting your organization.
The industry-leading CrowdStrike Falcon platform sets the new standard in cybersecurity. Watch this demo to see the Falcon platform in action.
Experience how the industry-leading CrowdStrike Falcon platform protects against modern threats. Start your 15-day free trial today.
Find more information on this situation on our Trending Threats & Vulnerabilities: Intrusion Campaign Targeting 3CX Customers tracking page.

Source :
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/

3 Overlooked Cybersecurity Breaches

Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them.

#1: 2 RaaS Attacks in 13 Months#

Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. These ransomware services can be purchased on the dark web from other threat actors and ransomware gangs. Common purchasing plans include buying the entire tool, using the existing infrastructure while paying per infection, or letting other attackers perform the service while sharing revenue with them.

In this attack, the threat actor consists of one of the most prevalent ransomware groups, specializing in access via third parties, while the targeted company is a medium-sized retailer with dozens of sites in the United States.

The threat actors used ransomware as a service to breach the victim’s network. They were able to exploit third-party credentials to gain initial access, progress laterally, and ransom the company, all within mere minutes.

The swiftness of this attack was unusual. In most RaaS cases, attackers usually stay in the networks for weeks and months before demanding ransom. What is particularly interesting about this attack is that the company was ransomed in minutes, with no need for discovery or weeks of lateral movement.

A log investigation revealed that the attackers targeted servers that did not exist in this system. As it turns out, the victim was initially breached and ransomed 13 months before this second ransomware attack. Subsequently, the first attacker group monetized the first attack not only through the ransom they obtained, but also by selling the company’s network information to the second ransomware group.

In the 13 months between the two attacks, the victim changed its network and removed servers, but the new attackers were not aware of these architectural modifications. The scripts they developed were designed for the previous network map. This also explains how they were able to attack so quickly – they had plenty of information about the network. The main lesson here is that ransomware attacks can be repeated by different groups, especially if the victim pays well.

“RaaS attacks such as this one are a good example of how full visibility allows for early alerting. A global, converged, cloud-native SASE platform that supports all edges, like Cato Networks provides complete network visibility into network events that are invisible to other providers or may go under the radar as benign events. And, being able to fully contextualize the events allows for early detection and remediation.

#2: The Critical Infrastructure Attack on Radiation Alert Networks#

Attacks on critical infrastructure are becoming more common and more dangerous. Breaches of water supply plants, sewage systems and other such infrastructures could put millions of residents at risk of a human crisis. These infrastructures are also becoming more vulnerable, and attack surface management tools for OSINT like Shodan and Censys allow security teams to find such vulnerabilities with ease.

In 2021, two hackers were suspected of targeting radiation alert networks. Their attack relied on two insiders that worked for a third party. These insiders disabled the radiation alert systems, significantly debilitating their ability to monitor radiation attacks. The attackers were then able to delete critical software and disable radiation gauges (which is part of the infrastructure itself).

“Unfortunately, scanning for vulnerable systems in critical infrastructure is easier than ever. While many such organizations have multiple layers of security, they are still using point solutions to try and defend their infrastructure rather than one system that can look holistically at the full attack lifecycle. Breaches are never just a phishing problem, or a credentials problem, or a vulnerable system problem – they are always a combination of multiple compromises performed by the threat actor,” said Etay Maor, Sr. Director of Security Strategy at Cato Networks.

#3: The Three-Step Ransomware Attack That Started with Phishing#

The third attack is also a ransomware attack. This time, it consisted of three steps:

1. Infiltration – The attacker was able to gain access to the network through a phishing attack. The victim clicked on a link that generated a connection to an external site, which resulted in the download of the payload.

2. Network activity – In the second phase, the attacker progressed laterally in the network for two weeks. During this time, it collected admin passwords and used in-memory fileless malware. Then on New Year’s Eve, it performed the encryption. This date was chosen since it was (rightfully) assumed the security team would be off on vacation.

3. Exfiltration – Finally, the attackers uploaded the data out of the network.

In addition to these three main steps, additional sub-techniques were employed during the attack and the victim’s point security solutions were not able to block this attack.

“A multiple choke point approach, one that looks horizontally (so to speak) at the attack rather than as a set of vertical, disjointed issues, is the way to enhance detection, mitigation and prevention of such threats. Opposed to popular belief, the attacker needs to be right many times and the defenders only need to be right just once. The underlying technologies to implement a multiple choke point approach are full network visibility via a cloud-native backbone, and a single pass security stack that’s based on ZTNA.” said Etay Maor, Sr. Director of Security Strategy at Cato Networks.

How Do Security Point Solutions Stack Up?#

It is common for security professionals to succumb to the “single point of failure fallacy”. However, cyber-attacks are sophisticated events that rarely involve just one tactic or technique which is the cause of the breach. Therefore, an all-encompassing outlook is required to successfully mitigate cyber-attacks. Security point solutions are a solution for single points of failure. These tools can identify risks, but they will not connect the dots, which could and has led to a breach.

Here’s Watch Out for in the Coming Months#

According to ongoing security research conducted by Cato Networks Security Team, they have identified two additional vulnerabilities and exploit attempts that they recommend including in your upcoming security plans:

1. Log4j#

While Log4j made its debut as early as December of 2021, the noise its making hasn’t died down. Log4j is still being used by attackers to exploit systems, as not all organizations have been able to patch their Log4j vulnerabilities or detect Log4j attacks, in what is known as “virtual patching”. They recommend prioritizing Log4j mitigation.

2. Misconfigured Firewalls and VPNs#

Security solutions like firewalls and VPNs have become access points for attackers. Patching them has become increasingly difficult, especially in the era of architecture cloudification and remote work. It is recommended to pay close attention to these components as they are increasingly vulnerable.

How to Minimize Your Attack Surface and Gain Visibility into the Network#

To reduce the attack surface, security professionals need visibility into their networks. Visibility relies on three pillars:

Actionable information – that can be used to mitigate attacks
Reliable information – that minimizes the number of false positives
Timely information – to ensure mitigation happens before the attack has an impact

Once an organization has complete visibility to the activity on their network they can contextualize the data, decide whether the activity witnessed should be allowed, denied, monitored, restricted (or any other action) and then have the ability to enforce this decision. All these elements must be applied to every entity, be it a user, device, cloud app etc. All the time everywhere. That is what SASE is all about.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Source :
https://thehackernews.com/2023/02/3-overlooked-cybersecurity-breaches.html

The Definitive Browser Security Checklist

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore, more and more security teams are now turning to the emerging category of purpose-built Browser Security Platform as the answer to the browser’s security challenges.

However, as this security solution category is still relatively new, there is not yet an established set of browser security best practices, nor common evaluation criteria. LayerX, the User-First Browser Security Platform, is addressing security teams’ need with the downable Browser Security Checklist, that guides its readers through the essentials of choosing the best solution and provides them with an actionable checklist to use during the evaluation process.

The Browser is The Most Important Work Interface and the Most Targeted Attack Surface #

The browser has become the core workspace in the modern enterprise. On top of being the gateway to sanctioned SaaS apps and other non-corporate web destinations, the browser is the intersection point between cloud\web environments and physical or virtual endpoints. This makes the browser both a target for multiple types of attacks, as well as a potential source of unintentional data leakage.

Some of these attacks have been around for more than a decade, exploitation of browser vulnerabilities or drive-by download of malicious files, for example. Others have gained recent momentum alongside the steep rise in SaaS adoption, like social engineering users with phishing webpages. Yet others leverage the evolution in web page technology to launch sophisticated and hard-to-detect modifications and abuse of browser features to capture and exfiltrate sensitive data.

Browser Security 101 – What is It That We Need to Protect?#

Browser security can be divided into two different groups: preventing unintended data exposure and protection against various types of malicious activity.

From the data protection aspect, such a platform enforces policies that ensure sensitive corporate data is not shared or downloaded in an insecure manner from sanctioned apps, nor uploaded from managed devices to non-corporate web destinations.

From the threat protection aspect, such a platform detects and prevents three types of attacks:

Attacks that target the browser itself, with the purpose of compromising the host device or the data that resides within the browser application itself, such as cookies, passwords, and others.
Attacks that utilize the browser via compromised credentials to access corporate data that resides in both sanctioned and unsanctioned SaaS applications.
Attacks that leverage the modern web page as an attack vector to target user’s passwords, via a wide range of phishing methods or through malicious modification of browser features.

How to Choose the Right Solution#

What should you focus on when choosing the browser security solution for your environment? What are the practical implications of the differences between the various offerings? How should deployment methods, the solution’s architecture, or user privacy be weighed in the overall consideration? How should threats and risks be prioritized?

As we’ve said before – unlike with other security solutions, you can’t just ping one of your peers and ask what he or she is doing. Browser security is new, and the wisdom of the crowd is yet to be formed. In fact, there’s an excellent chance that your peers are now struggling with the very same questions you are.

The Definitive Browser Security Platform Checklist – What it is and How to Use It#

The checklist (download it here) breaks down the high-level ‘browser security’ headline to small and digestible chunks of the concrete needs that need to be solved. These are brought to the reader in five pillars – deployment, user experience, security functionalities and user privacy. For each pillar there is a short description of its browser context and a more detailed explanation of its capabilities.

The most significant pillar, in terms of scope, is of course, the security functionalities one, which is divided into five sub-sections. Since, in most cases, this pillar would be the initial driver to pursuing browser security platform in the first place it’s worth going over them in more detail:

Browser Security Deep Dive#

The need for browser security platform typically arises from one of the following:

— Attack Surface Management: Proactive reduction of the browser’s exposure to various types of threats, eliminating adversaries’ ability to carry them out.

— Zero Trust Access: Hardening the authentication requirements to ensure that the username and password were indeed provided by the legitimate user and were not compromised.

— SaaS Monitoring and Protection: 360° visibility into all users’ activity and data usage within sanctioned and unsanctioned apps, as well as other non-corporate web destinations, while safeguarding corporate data from compromise or loss.

— Protection Against Malicious Web Pages: Real-time detection and prevention of all the malicious tactics adversaries embed in the modern web page, including credential phishing, downloading of malicious files and data theft.

— Secure 3rd Party Access and BYOD: Enablement of secure access to corporate web resources from unmanaged devices of both the internal workforce as well as external contractors and service providers.

This list enables anyone to easily identify the objective for their browser security platform search and find out the required capabilities for fulfilling it.

The Checklist – A Straightforward Evaluation Shortcut #

The most important and actionable part in the guide is the concluding checklist, which provides, for the first time, a concise summary of all the essential capabilities a browser security platform should provide. This checklist makes the evaluation process easier than ever. All you have to do now is test the solutions you’ve shortlisted against it and see which one scores the highest. Once you have all of them lined up, you can make an informed decision based on the needs of your environment, as you understand them.

Download the checklist here.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Source :
https://thehackernews.com/2023/01/the-definitive-browser-security.html

Is Once-Yearly Pen Testing Enough for Your Organization?

Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization’s reputation and bottom line.

There are two main reasons why regular pen testing is necessary for secure web application development:

Security: Web applications are constantly evolving, and new vulnerabilities are being discovered all the time. Pen testing helps identify vulnerabilities that could be exploited by hackers and allows you to fix them before they can do any damage.
Compliance: Depending on your industry and the type of data you handle, you may be required to comply with certain security standards (e.g., PCI DSS, NIST, HIPAA). Regular pen testing can help you verify that your web applications meet these standards and avoid penalties for non-compliance.

How Often Should You Pentest?#

Many organizations, big and small, have once a year pen testing cycle. But what’s the best frequency for pen testing? Is once a year enough, or do you need to be more frequent?

The answer depends on several factors, including the type of development cycle you have, the criticality of your web applications, and the industry you’re in.

You may need more frequent pen testing if:

You Have an Agile or Continuous Release Cycle#

Agile development cycles are characterized by short release cycles and rapid iterations. This can make it difficult to keep track of changes made to the codebase and makes it more likely that security vulnerabilities will be introduced.

If you’re only testing once a year, there’s a good chance that vulnerabilities will go undetected for long periods of time. This could leave your organization open to attack.

To mitigate this risk, pen testing cycles should align with the organization’s development cycle. For static web applications, testing every 4-6 months should be sufficient. But for web applications that are updated frequently, you may need to test more often, such as monthly or even weekly.

Your Web Applications Are Business-Critical#

Any system that is essential to your organization’s operations should be given extra attention when it comes to security. This is because a breach of these systems could have a devastating impact on your business. If your organization relies heavily on its web applications to do business, any downtime could result in significant financial losses.

For example, imagine that your organization’s e-commerce site went down for an hour due to a DDoS attack. Not only would you lose out on potential sales, but you would also have to deal with the cost of the attack and the negative publicity.

To avoid this scenario, it’s important to ensure that your web applications are always available and secure.

Non-critical web applications can usually get away with being tested once a year, but business-critical web applications should be tested more frequently to ensure they are not at risk of a major outage or data loss.

Your Web Applications Are Customer-Facing#

If all your web applications are internal, you may be able to get away with pen testing less frequently. However, if your web applications are accessible to the public, you must be extra diligent in your security efforts.

Web applications accessible to external traffic are more likely to be targeted by attackers. This is because there is a greater pool of attack vectors and more potential entry points for an attacker to exploit.

Customer-facing web applications also tend to have more users, which means that any security vulnerabilities will be exploited more quickly. For example, a cross-site scripting (XSS) vulnerability in an external web application with millions of users could be exploited within hours of being discovered.

To protect against these threats, it’s important to pen test customer-facing web applications more frequently than internal ones. Depending on the size and complexity of the application, you may need to pen test every month or even every week.

You Are in a High-Risk Industry#

Certain industries are more likely to be targeted by hackers due to the sensitive nature of their data. Healthcare organizations, for example, are often targeted because of the protected health information (PHI) they hold.

If your organization is in a high-risk industry, you should consider conducting pen testing more frequently to ensure that your systems are secure and meet regulatory compliance. This will help protect your data and reduce the chances of a costly security incident.

You Don’t Have Internal Security Operations or a Pen testing Team#

This might sound counterintuitive, but if you don’t have an internal security team, you may need to conduct pen testing more frequently.

Organizations that don’t have dedicated security staff are more likely to be vulnerable to attacks.

Without an internal security team, you will need to rely on external pen testers to assess your organization’s security posture.

Depending on the size and complexity of your organization, you may need to pen test every month or even every week.

You Are Focused on Mergers or Acquisitions#

During a merger or acquisition, there is often a lot of confusion and chaos. This can make it difficult to keep track of all the systems and data that need to be secured. As a result, it’s important to conduct pen testing more frequently during these times to ensure that all systems are secure.

M&A also means that you are adding new web applications to your organization’s infrastructure. These new applications may have unknown security vulnerabilities that could put your entire organization at risk.

In 2016, Marriott acquired Starwood without being aware that hackers had exploited a flaw in Starwood’s reservation system two years earlier. Over 500 million customer records were compromised. This placed Marriott in hot water with the British watchdog ICO, resulting in 18.4 million pounds in fines in the UK. According to Bloomberg, there is more trouble ahead, as the hotel giant could “face up to $1 billion in regulatory fines and litigation costs.”

To protect against these threats, it’s important to conduct pen testing before and after an acquisition. This will help you identify potential security issues so they can be fixed before the transition is complete.

The Importance of Continuous Pen Testing#

While periodic pen testing is important, it is no longer enough in today’s world. As businesses rely more on their web applications, continuous pen testing becomes increasingly important.

There are two main types of pen testing: time-boxed and continuous.

Traditional pen testing is done on a set schedule, such as once a year. This type of pen testing is no longer enough in today’s world, as businesses rely more on their web applications.

Continuous pen testing is the process of continuously scanning your systems for vulnerabilities. This allows you to identify and fix vulnerabilities before they can be exploited by attackers. Continuous pen testing allows you to find and fix security issues as they happen instead of waiting for a periodic assessment.

Continuous pen testing is especially important for organizations that have an agile development cycle. Since new code is deployed frequently, there is a greater chance for security vulnerabilities to be introduced.

Pen testing as a service models is where continuous pen testing shine. Outpost24’s PTaaS (Penetration-Testing-as-a-Service) platform enables businesses to conduct continuous pen testing with ease. The Outpost24 platform is always up-to-date with an organization’s latest security threats and vulnerabilities, so you can be confident that your web applications are secure.

Manual and automated pen testing: Outpost24’s PTaaS platform combines manual and automated pen testing to give you the best of both worlds. This means you can find and fix vulnerabilities faster while still getting the benefits of expert analysis.
Provides comprehensive coverage: Outpost24’s platform covers all OWASP Top 10 vulnerabilities and more. This means that you can be confident that your web applications are secure against the latest threats.
Is cost-effective: With Outpost24, you only pay for the services you need. This makes it more affordable to conduct continuous pen testing, even for small businesses.

The Bottom Line#

Regular pen testing is essential for secure web application development. Depending on your organization’s size, industry, and development cycle, you may need to revise your pen testing schedule.

Once-a-year pen testing cycle may be enough for some organizations, but for most, it is not. For business-critical, customer-facing, or high-traffic web applications, you should consider continuous pen testing.

Outpost24’s PTaaS platform makes it easy and cost-effective to conduct continuous pen testing. Contact us today to learn more about our platform and how we can help you secure your web applications.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Source :
https://thehackernews.com/2023/01/is-once-yearly-pen-testing-enough-for.html

What wireless cards and USB broadband modems are supported on Sonicwall firewalls and access points?

Description

The latest version of SonicOS firmware provides support for a wide variety of USB and Hotspot devices and wireless service providers as listed below.

Resolution

Broadband Devices

USA & Canada
Gen7		5G/4G/LTE			SonicOS 7.0
CARD REGION	OPERATOR	NAME	GENERATION	TYPE	SONICOS VERSION	SONICWAVE
USA	AT&T	Nighthawk 5G Mobile Hotspot Pro MR 5100	5G	Hotspot	7.0.1	No
USA	AT&T	NightHawk LTE MR1100	4G/LTE	Hotspot	7.0.0	No
USA	AT&T	Global Modem USB800	4G/LTE	USB	7.0.1	Yes
USA	AT&T	iPhone 11 Pro	4G/LTE	Hotspot	7.0.0	No
USA	AT&T	iPhone 12 Pro	4G/LTE	Hotspot	7.0.1	No
USA	Verizon	M2100	5G	Hotspot	7.0.1	Yes
USA	Verizon	M1000	5G	Hotspot	7.0.0	Yes
USA	Verizon	Orbic Speed	4G/LTE	Hotspot	7.0.0	No
USA	Verizon	MiFi Global U620L	4G/LTE	USB	7.0.0	Yes
USA	Sprint	Netstick	4G/LTE	USB	7.0.0	No
USA	Sprint	Franklin U772	4G/LTE	USB	7.0.0	No
USA	T-Mobile	M2000	4G/LTE	Hotspot	7.0.1	No
USA	T-Mobile	Link Zone2	4G/LTE	Hotspot	7.0.0	Yes
Gen6/Gen6.5		4G/LTE			SonicOS 6.x
CARD REGION	OPERATOR	NAME	GENERATION	TYPE	SONICOS VERSION	SONICWAVE
USA	AT&T	Global Modem USB800	4G/LTE	USB	6.5.4.5	Yes
USA	AT&T	Velocity (ZTE MF861)	4G/LTE	USB	6.5.3.1	Yes
USA	AT&T	Beam (Netgear AC340U)²	4G/LTE	USB	5.9.0.1	Yes
USA	AT&T	Momentum (Sierra Wireless 313U)	4G/LTE	USB	5.9.0.0	Yes
USA	Verizon	MiFi Global U620L	4G/LTE	USB	6.5.0.0	Yes
USA	Verizon	Novatel 551L	4G/LTE	USB	6.2.4.2	Yes
USA	Verizon	Pantech UML290	4G/LTE	USB	5.9.0.0	No
USA	Sprint	Franklin U772	4G/LTE	USB	6.5.3.1	No
USA	Sprint	Netgear 341U	4G/LTE	USB	6.2.2.0	Yes
Canada	Rogers	AirCard (Sierra Wireless 330U)	4G/LTE	USB	5.9.0.0	No
Gen5		3G			SonicOS 5.x
USA	AT&T	Velocity (Option GI0461)	3G	USB	5.8.1.1	No
USA	AT&T	Mercury (Sierra Wireless C885)	3G	USB	5.3.0.1	No
USA	Verizon	Pantech UMW190	3G	USB	5.9.0.0	No
USA	Verizon	Novatel USB760	3G	USB	5.3.0.1	No
USA	Verizon	Novatel 727	3G	USB	5.3.0.1	No
USA	Sprint	Novatel U760	3G	USB	5.3.0.1	No
USA	Sprint	Novatel 727U	3G	USB	5.3.0.1	No
USA	Sprint	Sierra Wireless 598U	3G	USB	5.8.1.1	No
USA	T-Mobile	Rocket 3.0 (ZTE MF683)	3G	USB	5.9.0.0	Yes
Canada	Bell	Novatel 760	3G	USB	5.3.1.0	No
International
Gen7		5G/4G/LTE			SonicOS 7.0
CARD REGION	Manufacturer	NAME	GENERATION	TYPE	SONICOS VERSION	SONICWAVE
Worldwide	Huawei	E6878-870	5G	Hotspot	7.0.0	No
Worldwide	Huawei	E8372H**	4G/LTE	USB	7.0.0	No
Worldwide	Huawei	E8201	4G/LTE	USB	7.0.0	No
Worldwide	Huawei	E3372	4G/LTE	USB	7.0.0	No
Worldwide	ZTE	MF833U	4G/LTE	USB	7.0.0	Yes
Worldwide	ZTE	MF825C	4G/LTE	USB	7.0.0	Yes
Worldwide	ZTE	MF79S	4G/LTE	USB	7.0.0	Yes
Gen6/Gen6.5		4G/LTE			SonicOS 6.x
CARD REGION	Manufacturer	NAME	GENERATION	TYPE	SONICOS VERSION	SONICWAVE
Worldwide	Huawei	E8372 (Telstra 4GX)	4G/LTE	USB	6.5.3.1	Yes
Worldwide	Huawei	E3372	4G/LTE	USB	6.5.3.1	Yes
Worldwide	Huawei	E3372h (-608 variant) 6	4G/LTE	USB	6.5.3.1	Yes
Worldwide	Huawei	E3372s (-608 variant) 6	4G/LTE	USB	6.5.3.1	Yes
Worldwide	Huawei	E398 (Kyocera 5005)	4G/LTE	USB	5.9.0.2	Yes
Worldwide	Huawei	E3276s	4G/LTE	USB	No	Yes
Worldwide	D-Link	DWM-221	4G/LTE	USB	6.5.3.1	Yes
Worldwide	D-Link	DWM-222 A1	4G/LTE	USB	6.5.3.1	Yes
Worldwide	ZTE	MF825	4G/LTE	USB	6.5.3.1	Yes
Worldwide	ZTE	MF832G	4G/LTE	USB	No	Yes
Worldwide	ZTE	MF79S	4G/LTE	USB	No	Yes
Gen5		3G			SonicOS 5.x
Worldwide	Huawei	E353 7	3G	USB	5.9.0.2	Yes
Worldwide	Huawei	K4605	3G	USB	5.9.0.2	Yes
Worldwide	Huawei	EC169C	3G	USB	5.9.0.7	No
Worldwide	Huawei	E180	3G	USB	5.9.0.1	No
Worldwide	Huawei	E182	3G	USB	5.9.0.0	No
Worldwide	Huawei	K3715	3G	USB	5.9.0.0	No
Worldwide	Huawei	E1750	3G	USB	5.8.0.2	No
Worldwide	Huawei	E176G	3G	USB	5.3.0.1	No
Worldwide	Huawei	E220	3G	USB	5.3.0.1	No
Worldwide	Huawei	EC122	3G	USB	5.9.0.0	No
		LTE Cellular Extender			SonicOS 6.x
Worldwide	Accelerated	6300-CX LTE router	4G/LTE	SIM	6.5.0.0	No

¹ Cellular network operators around the world are announcing their plans to discontinue 3G services starting as early as December 2020. Therefore LTE or 5G WWAN devices should be used for new deployments. Existing deployments with 3G should be upgraded soon to LTE or 5G in preparation for the imminent discontinuation of 3G services.
² Refer to AT&T 340U article for more info
³ Multiple variations of the Huawei card: E8371h-153, E8372h-155, & E8372h-510
⁴ Huawei Modem 3372h and 3372s have been released by Huawei in multiple variants (i.e. -608, -153, -607, -517, -511) and with different protocols. At the moment, SonicOS does not support Huawei Proprietary protocol so all the variants using a non-standard or proprietary protocol are not supported or require the ISP to provide a PPP APN Type.
⁵ Huawei Modem E353 is not compatible with SOHO 250. Also note that it is not an LTE card
⁶For customers outside of the 90-day warranty support period, an active SonicWall 8×5 or 24×7 Dynamic Support agreement allows you to keep your network security up-to-date by providing access to the latest firmware updates. You can manage all services including Dynamic Support and firmware downloads on any of your registered appliances at mysonicwall.com.

Ubiquiti UniFi – Backups and Migration

Migration is the act of moving your UniFi devices from one host device to another. This is useful when:

You are replacing your UniFi OS Console with a new one of the same model.
You are upgrading your UniFi OS Console to a different model (e.g., a UDM to a UDM Pro).
You are offloading devices to a dedicated UniFi OS Console (e.g., moving cameras from a Cloud Key or UDM to a UNVR).
You are moving from a self-hosted Network application to a UniFi OS Console.

Note: This is not meant to be used as a staging file for setting up multiple applications on different hosts.

Types of Backups

UniFi OS Backups

UniFi OS backup files contain your entire system configuration, including your UniFi OS Console, user, application, and device settings. Assuming Remote Access is enabled, UniFi OS Cloud backups are created weekly by default. You can also generate additional Cloud backups or download localized backups at any time.

UniFi OS backups are useful when:

Restoring a prior system configuration after making network changes.
Migrating all applications to a new UniFi OS Console that is the same model as the original.

Note: Backups do not include data stored on an HDD, such as recorded Protect camera footage.

Application Backups

Each UniFi application allows you to back up and export its configuration. Application backups contain settings and device configurations specific to the respective application.

Application backups are useful when:

You want to restore a prior application configuration without affecting your other applications.
You want to migrate a self-hosted Network application to a UniFi OS Console.
You want to migrate your devices between two different UniFi OS Console models.
You need to back up a self-hosted Network application.

Note: Backups do not include data stored on an HDD, such as recorded Protect camera footage.

UniFi OS Console Migration

UniFi OS backups also allow you to restore your system configuration should you ever need to replace your console with one of the same model.

To do so:

First, ensure that you have already generated a Cloud backup, or downloaded a local backup. If not, please do so in your UniFi OS Settings.
Replace your old UniFi OS Console with the new one. All other network connections should remain unchanged.
Restore your system configuration on the new UniFi OS Console using the backup file. This can be done either during the initial setup or afterwards in your UniFi OS settings.

Note: Currently, UniFi OS backups cannot be used to perform cross-console migrations, but this capability will be added in a future update.

If you are migrating between two different console models, you will need to restore each application’s configuration with their respective backups. Please note, though, that these file(s) will not include UniFi OS users or settings.

See below for more information on using the configuration backups during migrations.

Migrating UniFi Network

Before migrating, we recommend reviewing your Device Authentication Credentials found in your Network application’s System Settings. These can be used to recover adopted device(s) if the migration is unsuccessful.

Standard Migration

This is used when all devices are on the same Layer 2 network (i.e., all devices are on the same network/VLAN as the management application’s host device).

Note: If you are a home user managing devices in a single location and have not used the set-inform command or other advanced Layer 3 adoption methods, this is most likely the method for you.

Download the desired backup file (*.unf) from your original Network application’s System Settings.
Ensure that your new Network application is up to date. Backups cannot be used to restore older application versions.
Replace your old UniFi OS Console with the new one. All other network connections should remain unchanged.
Restore the backup file in the Network application’s System Settings.
Ensure that all devices appear as online in the new application. If they do not, you can try Layer 3 adoption, or factory-reset and readopt your device(s) to the new Network application.

If a device continues to appear as Managed by Other, click on it to open its properties panel, then use its Device Authentication Credentials (from the original Network application’s host device) to perform an Advanced Adoption.

Migrating Applications That Manage Layer 3 Devices

This method is for users that have performed Layer 3 device adoption (i.e., devices are on a different network/VLAN than the application’s host device). This may also be useful when migrating to a Network application host that is NOT also a gateway.

Download the desired backup file (*.unf) from your original Network application’s System Settings.
Enable the Override Inform Host field on the original Network application’s host device, then enter the IP address of the new host device. This will tell your devices where they should establish a connection in order to be managed. Once entered, all devices in the old application should appear as Managed by Other.

Note: When migrating to a Cloud Console, you can copy the Inform URL from the Cloud Console’s dashboard. Be aware that you will need to remove the initial http:// and the ending :8080/inform.
Ensure that your new Network application is up to date. Backups cannot be used to restore older application versions.
Restore the backup file in the Network application’s System Settings.
Ensure that all devices appear as online in the new application. If they do not, you can try Layer 3 adoption, or factory-reset and readopt your device(s) to the new application.

If a device continues to appear as Managed by Other, click on it to open its properties panel, then use its Device Authentication Credentials (from the original Network application’s host) to perform an Advanced Adoption.

Exporting Individual Sites from a Multi-Site Host

Certain Network application hosts (e.g., Cloud Key, Cloud Console, self-hosted Network applications) can manage multiple sites. Site exportation allows you to migrate specific sites from one multi-site host to another. To do so:

Click Export Site in your Network application’s System Settings to begin the guided walkthrough.
Select the device(s) you wish to migrate to your new Network application.
Enter the Inform URL of your new host. This will tell your devices where they should establish a connection in order to be managed. Once entered, all devices in the old application should appear as Managed by Other in the new one.

Note: When migrating to a Cloud Console, you can copy the Inform URL from the Cloud Console’s dashboard. Be aware that you will need to remove the initial http:// and the ending :8080/inform.
Go to your new Network application and select Import Site from the Site switcher located in the upper-left corner of your dashboard.

Note: You may need to enable Multi-Site Management in your System Settings.
Ensure that all devices appear as online in the new application. If they do not, you try Layer 3 adoption, or factory-reset and readopt your device(s) to the new application.

If a device continues to appear as Managed by Other, click on it to open its properties panel, then use its Device Authentication Credentials (from the original Network application’s host) to perform an Advanced Adoption.

Migrating UniFi Protect

We recommend saving your footage with the Export Clips function before migrating. Although we provide HDD migration instructions, it is not an officially supported procedure due to nuances in the RAID array architecture.

Standard Migration

Download the desired backup file (*.zip) from the original Protect application’s settings.
Ensure that your new Protect application is up to date. Backups cannot be used to restore older application firmware.
Replace your old UniFi OS Console with the new one. All other camera connections should remain unchanged.
Restore the backup file in the Protect application’s settings.

HDD Migration

Full HDD migration is not officially supported; however, some users have been able to perform successful migrations by ensuring consistent ordering when ejecting and reinstalling drives into their new console to preserve RAID arrays.

Note: This is only possible if both UniFi OS Consoles are the same model.

Remove the HDDs from the old console. Record which bay each one was installed in, but do not install them in the new console yet.
Turn on the new console and complete the initial setup wizard. Do not restore a Protect application or Cloud backup during initial setup!
Upgrade the new console and its Protect application to a version that is either the same or newer than the original console.
Shut down the new console, and then install the HDDs in the same bays as the original console.
Turn on the new console again. The Protect application should start with its current configuration intact, and all exported footage should be accessible.

Source :
https://help.ui.com/hc/en-us/articles/360008976393-UniFi-Backups-and-Migration

The best productivity apps in 2023

The premise of this article’s headline is nonsense, sure, but it isn’t clickbait—I promise.

You’re almost certainly here because you searched for “best productivity apps.” I understand that impulse. You want to get more done in less time, which is about as universal a feeling as humans can have at work. The problem: productivity is deeply personal, and the words “productivity tools” mean a lot of different things to different people. What works for you may or may not work for me, which is why—after over a decade of writing about productivity software—I don’t really believe there are objectively “best” productivity apps.

5 things you should automate today

Start automating

I do, however, think there are categories of tools that can help you become a better version of yourself. Some of them work better for more people than others, and not everyone needs an app from every category. Knowing what kinds of apps exist, and what you should look for in an app, is more important than knowing what the “best” app in that category is.

Having said that, you’re here for software recommendations, not my personal reflections on the nature of productivity. So I’m going to go over the main kinds of productivity apps I think most humans who use electronic devices at work should know about. I’ll explain why I think each category is important, point to an app or two that I think will work well for most people, then offer links to other options if you want to learn more.

Just remember: the specific app doesn’t matter. The best productivity app is the one that works best for you. The most important thing is having a system. Sound good? Let’s jump in.

How we evaluate and test apps

All of our best apps roundups are written by humans who’ve spent much of their careers using, testing, and writing about software. We spend dozens of hours researching and testing apps, using each app as it’s intended to be used and evaluating it against the criteria we set for the category. We’re never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.

A to-do list like Todoist

We all have things we need to do—at work and in the rest of our lives. The worst place you could store those things, in my opinion, is in your mind. It’s just stressful: you’ll remember, at random moments, that there’s something you were supposed to be doing, and that memory will result in panic. Writing down everything you need to do allows you to make a plan, and (crucially) means you don’t have to panic.

Not everyone benefits from a dedicated to-do list app—some of the most productive people I know prefer sticky notes, email inboxes, or even spreadsheets. I think that’s great, so long as you have some place to record the things you need to do.

Todoist, our pick for the best to-do list app for balancing power and simplicity

I think that Todoist, shown above, is a great to-do list app for most people. It’s easy to use but also offers a lot of features. It can also be installed on basically any device you can imagine, meaning your to-do list is always available. It allows you to assign due dates to tasks, sort tasks by project, or even view a project using a Kanban board. You don’t have to worry about those features if you don’t want to, though, which is why I think it’s a great starting point for someone who needs a to-do list.

If Todoist doesn’t work for you, though, check out our list of the best to-do list apps—it’s got a wide variety of recommendations. I, personally, use TickTick because I like how easy it is to add tasks, and I also can’t stop saying good things about Things for sheer simplicity on Apple devices. Find a tool you like—and that you remember to actually open. There’s nothing less useful than an app full of tasks you never look at.

Once you’ve picked your to-do list app, make the most of it with automation, so you can easily add tasks that come in by email, team chat apps, project management tools, or notes. Read more about automating your to-do list.

A calendar like Google Calendar

There are only so many hours in the day, unfortunately, which means you have to budget them. A calendar is how you do that. You could use a paper wall calendar, sure, but a calendar app lets you invite other people to an event. Also, in a world where so many meetings are virtual, calendar apps give you a useful place to store the link to your Zoom call.

Google Calendar, our pick for the best free calendar app

I think that Google Calendar, shown above, is the right calendar app for most people—particularly people who already use Gmail. Google Calendar is easy to load on any device, lets you see your calendar in several different views, and makes it easy to invite anyone else to any event or meeting you happen to plan. I could write multiple articles on Google Calendar features (and I have). This app does everything any other app can do, and more, all while being pretty easy to use.

If Google Calendar doesn’t work for you, though, check out our list of the best calendar apps for more options. Microsoft Outlook is a solid alternative, as is the Calendar app that comes with all Apple devices.

I’d also consider looking into some kind of meeting scheduling app. These apps let anyone sign up for appointments with you, which is particularly useful if you have a meeting-heavy calendar. Calendly, shown below, is a solid option, with a lot of customizability and the ability to sync with Google Calendar. You can check out our list of the best meeting schedulers for a more complete rundown of Calendly and other options.

Calendly, our pick for the best meeting scheduler app for simplified scheduling

Once you choose a calendar app, take it to the next level. With automation, you can do things like automatically turn calendar events into tasks on your to-do list or use forms to create calendar events. Here’s how you can bring context to your calendar by connecting other apps.

A note-taking app like OneNote

I’m constantly taking notes: before and during meetings; while researching an article; while brewing beer. And I think most people have some class of information they’ll need to reference later that doesn’t quite meet the threshold of a “document.” Who wants a sprawling series of folders with all of that information?

This, to me, is what note-taking apps are for: quickly writing things down so you can read them later and (hopefully) follow up. They also work well as a personal journal, or a place to store files related to a particular project.

OneNote, above, is probably the note-taking app most people should try first. It’s free—so long as you don’t run out of OneDrive storage—and it gives you all kinds of ways to organize notes, from notebooks to sections to sub-headers. It also has powerful search, which includes the scanned contents of any images or PDFs you might drop in a note.

But OneNote isn’t the only option. You should check out our list of the best note-taking apps for more choices. If you loved Evernote back in the day, you should check out Joplin, which is a completely free and open source replacement for that app. And I personally love Obsidian, which turns your notes into an entire database, complete with internal links and an extensive plugin collection. There are a lot of good choices out there—find something that lets you write things down and dig them up later.

See our favorite ways to use automation to improve how you put your notes to work, track action items from meetings, and put an end to regular copy-paste actions.

A distraction blocker like Freedom

I’ve never tried to work in the middle of an amusement park, but I imagine it would be distracting. The internet is worse. Everything you could possibly imagine is available, all delivered by brilliant engineers who are doing everything they can to keep you looking at more and more and more of it. It’s understandable if you have trouble getting stuff done in that context, which is why apps that block distractions are so helpful.

Freedom, our pick for the best focus app for blocking distractions on all your devices at once

Freedom is a great tool for the job. It runs on every platform and can block distractions—both websites and apps—on all of your devices. That means you can’t, for example, block Twitter on your computer only to pick up your phone and look at it there. With Freedom, you can set up multiple block lists, then start timers for any of them.

I personally love Serene, which combines distraction blocking with a sort of to-do list. You say what you want to do and how long it will take, then you start a distraction-free session to work on it. There’s also Cold Turkey Blocker, which can optionally prevent you from changing the time settings on your computer as a way of working around the block you set up. You’ve got more choices, though, particularly if you’re a Mac user. Check out our list of the best distraction blockers to learn more.

Remember: the internet is distracting on purpose. There’s no shame in using a tool to build discipline.

A habit tracker like Streaks or HabitNow

My dentist tells me I should brush my teeth twice a day, and I believe him, but I tended to only brush at night. I used a habit tracker to change that.

These applications might sound similar to a to-do list, but they’re very different. You can’t add individual tasks to a habit tracker—only recurring ones. The idea is to set an intention to do something regularly, then keep track of how often you regularly do it. Eventually, you have a streak going, which psychologically motivates you to keep it up until the habit becomes second nature. Don’t laugh—it works.

Streaks, our pick for the best habit tracker for iPhone

We recommend checking out Streaks, shown above, for iPhone and HabitNow, below, for Android. These apps both live on your phone, which is the place you’re most likely to look. They both let you create a list of habits you’d like to build, then remind you about that intention. They also both show you your progress in various ways.

HabitNow, our pick for the best habit tracker for Android users

They’re not the only options, however; check out our list of the best habit tracker apps for more ideas. Also keep in mind that some to-do lists have habit-tracking capabilities built right in. I, personally, use TickTick‘s built-in habit tracker—I love it. And some people use a paper calendar for tracking a simple habit—just add an X every day you stick to your habit.

An app to save things for later like Pocket

I’d love to read articles or watch YouTube videos all day. We all would. Sometimes, though, you have to do something else—even though your friend just sent you a really, really interesting article. That’s where read-it-later apps come in. They let you quickly save something you intend to read, so that you can come back to it when you have time.

Pocket, our pick for the best read it later app for turning articles into a podcast

I think that Pocket, above, is the app of choice in this class. It’s free to use, offers extensions for every major browser, and also has great mobile versions that sync your articles for offline reading. There’s even built-in support for highlighting, then reviewing your highlights later.

Instapaper is a close second, and it even lets you send articles to your Kindle. These aren’t your only choices, though—check out our list of the best read-it-later apps for some more options. It’s also worth noting that some people use bookmarking apps or even note-taking apps for the same purpose, and that’s great—they both make it easy to save things for future reference.

Automate the process of saving articles by connecting your read-it-later app to Zapier. Here are some ideas to get you started.

A screen recording tool like Loom

Whether it’s for a quick presentation or troubleshooting a problem, sometimes recording what’s on your screen and sharing it just makes life easier. Screen recording tools are perfect for this, allowing you to quickly record your screen, your voice, and even your face if you have a webcam.

A screenshot of Loom, our pick for the best screen recording software for quickly recording and sharing on desktop

Loom is a great first tool to check out in this category. It’s easy to set up, works on all major platforms, and makes it really simple to share recordings. You can even add your face, via a webcam, to the recording.

I personally use Zappy, which was originally an internal tool used by Zapier. It’s honestly the best screenshot tool I’ve ever used, and it’s free—if you use a Mac, it’s worth a try. Check out our list of the best screen recording tools for more options, and keep in mind you can actually record your screen without any software, if you don’t mind managing the file yourself.

Want to share your screen in real-time? You need a screen sharing tool (Zoom works pretty well, surprisingly).

Other productivity tools worth checking out

This article could go on forever. There’s no end to great software out there, and I love writing about it. I think the above categories should save you all kinds of time—and take up plenty of your time to set up—but here are a few other suggestions if you’re feeling particularly motivated.

Password managers, like LastPass or 1Password, help you generate random passwords for all of your different services without the need for memorization. This is great for security, but it also makes logging in to stuff faster. Here’s a list of the best password managers.
Mobile scanning apps, like Microsoft Lens, let you scan documents using your phone while also digitizing any text using optical character recognition (OCR). Check out our list of the best mobile scanning OCR apps for more choices.
Text expansion tools, like PhraseExpress, mean you’ll never need to look up and copy-paste the same message to multiple people ever again. Read more about text expansion software, or learn how it can make you better at dating.
Dictation software, like Dragon by Nuance, lets you type by talking, which can save you all sorts of time. Here’s our list of the best dictation software.
Time tracking apps, like Toggl Track, are great for keeping track of how long projects take and making sure you’re not spending too much time on the wrong things. Take a look at our list of the best time tracking apps to find the right one for you.
Mind mapping software, like Coggle, helps you map the connections between different ideas while you’re brainstorming. Here are our picks for the best mind mapping software.
AI software, like OpenAI, could make all kinds of tasks easier in the future. It’s early, granted, but I already find it useful when I’m in the brainstorming phase of a project—I can ask the bot to generate ideas.

Once you have apps set up in some of these categories, you can take the whole productivity thing even further. Automation software like ours at Zapier connects all the other apps you use, with workflows you can build yourself—no code required. Like the tools above, Zapier won’t solve every problem you have, but it’s a great way to connect tools that otherwise don’t integrate well—which means you can use the best tools for you, as opposed to the tools that happen to play nice together. And it’s not limited to productivity—eventually, you’ll find yourself automating even your most business-critical workflows.

Plus, if you sign up for Zapier, we’ll be able to write more useful articles like this one. Here are five things you should automate today to get started.

This post was originally published in September 2018 by Matthew Guay. The most recent update was in December 2022.

Source :
https://zapier.com/blog/best-productivity-apps/

The 8 best to do list apps in 2023

There are too many to-do list apps. Trying them all would be a massive task, and I know because I did.

Why are there so many apps for something easily done on sticky notes? Because managing tasks is an intensely personal thing. People will reject anything that doesn’t feel right. That’s a good instinct, but it makes it hard to find the right app.

Make the most of your to-do list with Zapier

Automate your tasks

To that end, we’ve been hard at work researching the best to-do apps, trying to find the right ones for various use cases. Research for these pieces was exhaustive. We started by finding the best apps for every platform: Android, Windows, macOS, and iPhone/iPad. We then tried the top-rated apps in every respective app store, and spent way too much time migrating our personal to-do lists from one app to another.

And now I’m offering you what I feel is the cream of the crop. Whatever you’re looking for, one of these apps is going to be right for you. Click on any app to learn more about why I chose it, or keep reading for more context on to-do list apps.

The best to-do list apps

Todoist for balancing power and simplicity
TickTick for embedded calendars and timers
Microsoft To Do for Microsoft power users (and Wunderlist refugees)
Things for elegant design
OmniFocus for specific organizational systems
Habitica for making doing things fun
Google Tasks for Google power users
Any.do for people who forget to use to-do apps
Other options, including project management software, note-taking apps, and other tools that can do the job

What makes the best to-do list app?

How we evaluate and test apps

I’ve written about technology in general, and productivity specifically, since 2009. In that time, I’ve personally tried basically every to-do list app that has come out, and I’m usually depending on at least one of them to function.

Of course, when it comes to managing a to-do list online, everyone has different criteria. I kept this in mind as I tested, and I noticed a few features that made certain apps stand out.

The best to-do list apps:

Make it fast to add and organize tasks. Ideally, a task is added and categorized in a couple taps or keystrokes.
Offer multiple ways to organize your tasks. Tags, lists, projects, and due dates are all helpful, and the best to-do apps offer at least a few categories like this.
Remind you about self-imposed deadlines. Notifications, widgets, emails—if you’re using an online to-do list, it should help you track what needs to happen when.
Offer clean user interfaces. The best to-do app fits into your workflow so you can get back to what you’re supposed to be doing.
Sync between every platform you use. Which platforms will depend on what you personally use, but I didn’t consider anything that doesn’t sync between desktop and mobile.

I tried to find the task list apps that balance these things in various ways. None of these options will be right for everyone, but hopefully one of them is right for you. Let’s dive in.

Make 2023 your most efficient year yet

Start the year off right with our five-email course that helps you streamline work across your whole business.

Best to-do list app for balancing power and simplicity

Todoist (Web, Windows, macOS, Android, iPhone, iPad)

Todoist isn’t the most powerful to-do list website out there. It’s also not the simplest. That’s kind of the point: this app balances power with simplicity, and it does so while running on basically every platform that exists. That’s a strong selling point—which is probably why Todoist is one of the most popular to-do lists right now.

Adding tasks was quick on every platform in my tests, thanks in part to natural language processing (type “buy milk Monday” and the task “buy milk” will be added with the next Monday set as your due date). You can put new tasks in your Inbox and then move them to relevant projects; you can also set due dates. Paid users can create custom filters and labels, and there are also some basic collaboration features.

Todoist is flexible enough to adapt to most workflows but not so complicated as to overwhelm. And it adds new features regularly: you can view projects as a Kanban board, for example, and navigating the app by keyboard is much smoother after recent updates. Overall, this is a great first to-do list app to try out, especially if you don’t know where to start.

Todoist also integrates with Zapier, which means you can automatically create tasks in Todoist whenever something happens in one of your favorite apps. Here are some examples.

Add new Google Calendar events to Todoist as tasks

Try it

Google Calendar, Todoist

Google Calendar + TodoistMore details

Add new starred emails to Todoist as tasks [Business Gmail Accounts Only]

Try it

Gmail, Todoist

Gmail + TodoistMore details

Add new Trello cards to Todoist as tasks

Try it

Trello, Todoist

Trello + TodoistMore details

Todoist price: Free version available; paid version from $4/month.

Check out more ideas for automating Todoist with Zapier.

Best to-do list app with embedded calendars and timers

TickTick (Web, Android, Windows, macOS, iPhone and iPad)

TickTick is a fast-growing task list app that offers a wide array of features on just about every platform you can imagine. Adding tasks is quick thanks to natural language processing. There’s also a universal keyboard shortcut offered on the desktop versions and pinned notifications and widgets on mobile, which makes it quick to add a task before getting back to what you’re doing. Tasks can be organized using lists, tags, and due dates, and there’s also the ability to add subtasks to any task.

TickTick offers all of this with apps that feel native—the macOS version is distinct from the Windows version, for example, in ways that make sense given the differences between those two systems. TickTick also offers a few features that are above and beyond what other apps offer.

First, there’s a built-in Pomodoro timer, allowing you to start a 25-minute work session for any of your tasks (complete with numerous white noise options, if you want). Second, there’s integration with various third-party calendars, allowing you to see your tasks and your appointments in one place, and even do some time blocking. There’s also a built-in habit-tracking tool, allowing you to review how many days you did or didn’t stick to your exercise and diet commitments. And an Eisenhower Matrix view allows you to prioritize your tasks based on what’s urgent and what’s important. It’s a great collection of features, unlike anything else on the market.

With TickTick’s Zapier integration, you can connect TickTick to the other tools in your tech stack to automatically create tasks whenever you get new leads, deals, or emails.

Create TickTick tasks for newly-labeled Gmail emails [Business Gmail Accounts Only]

Try it

Gmail, TickTick

Gmail + TickTickMore details

Generate TickTick tasks from new Facebook Leads

Try it

Facebook Lead Ads, TickTick

Facebook Lead Ads + TickTickMore details

Generate TickTick tasks from new HubSpot deals

Try it

HubSpot, TickTick

HubSpot + TickTickMore details

TickTick price: Free version available; paid version from $2.40/month.

Check out other ways you can automate TickTick with Zapier.

Best to-do list app for Microsoft power users (and Wunderlist refugees)

Microsoft To Do (Web, Android, Windows, iPhone and iPad)

In 2015, Microsoft bought Wunderlist and put that team to work on a new to-do list app. Microsoft To Do is the result of that, and you can find Wunderlist’s DNA throughout the project. The main interface is clean and friendly, adding tasks is quick, but there’s a lot of flexibility below the surface.

But the real standout feature here is the deep integration with Microsoft’s ecosystem. Any email flagged in Outlook, for example, shows up as a task. Outlook users can also sync their tasks from that app over to Microsoft To Do, meaning there’s finally a way to sync Outlook tasks to mobile. Windows users can add tasks using Cortana or by typing in the Start menu. For example, you can type “add rice to my shopping list,” and rice will be added to a list called “shopping.” If you’re a Windows user and an Outlook user, this is the app for you.

This is also the prettiest to-do list app on the market, in my opinion. You can set custom background images for every one of your lists, allowing you to tell at a glance which list you’re looking at. You’re going to be looking at your task list all day—it might as well look good.

Microsoft To Do integrates with Zapier, which means you can make sure Microsoft To Do is talking to all the other apps you use, not just the Microsoft ones. Here are some examples to get started.

Create Workboard action items from new tasks in Microsoft To-Do

Try it

Microsoft To Do, Workboard

Microsoft To Do + WorkboardMore details

Send direct Slack messages with new Microsoft To-Do lists

Try it

Microsoft To Do, Slack

Microsoft To Do + SlackMore details

Create Microsoft To-Do tasks from new Salesforce leads

Try it

Salesforce, Microsoft To Do

Salesforce + Microsoft To DoMore details

Microsoft To Do price: Free

Learn how you can make Microsoft To Do a productivity powerhouse with Zapier.

The best to-do list app with elegant design

Things (macOS, iPhone, iPad)

To-do list apps tend to fall into two categories: the complex and the minimalist. Things is somehow both.

That’s about the highest praise I can give a to-do list app. This is an app with no shortage of features, and yet it always feels simple to use. Adding tasks is quick and so is organizing them, but there’s seemingly no end of variation in ways to organize them. Areas can contain tasks or projects; projects can contain tasks or headers that can also contain tasks; and tasks can contain subtasks if you want. It sounds confusing, but it isn’t, which really speaks to how well Things is designed.

Other apps offer these features, but Things does it in a way that never feels cluttered, meaning you can quickly be done with looking at your to-do list and get back to whatever it is you’re doing. Combine this blend of functionality and beauty with features like a system-wide tool for quickly adding tasks, integration with your calendar so you can see your appointments while planning your day, intuitive keyboard shortcuts, reminders with native notifications, and syncing to an iPhone and iPad app.

The only downside here is the complete lack of versions for Windows and Android, though this decision is probably part of what allows the team to focus on making such a clean product. If you’re an Apple user, you owe it to yourself to try out Things.

You can automatically add to-dos to Things from your other apps with Things’ integrations on Zapier. Here’s some inspiration.

Add saved Slack messages to Things as to-dos

Try it

Slack, Things

Slack + ThingsMore details

Add new Trello cards to Things as to-dos

Try it

Trello, Things

Trello + ThingsMore details

Create Things to-dos from starred emails in Gmail [Business Gmail Accounts Only]

Try it

Gmail, Things

Gmail + ThingsMore details

Things price: $49.99 for macOS (15-day free trial), $19.99 for iPad, $9.99 for iPhone.

Best to-do list app for users with a very specific organizational system

OmniFocus (Web, macOS, iPhone, iPad)

OmniFocus is nothing if not flexible. This Apple-exclusive application is built around the Getting Things Done (GTD) philosophy trademarked by David Allen, but an array of features means it can be used for just about any organizational system you can imagine. There are three different kinds of projects you can set up, for example, depending on whether you need to do tasks in a specific order or not. There are six main views by default, allowing you to organize your tasks by things like due date, projects, and tags. You can even add more views, assuming you have the Pro version.

You get the idea. OmniFocus is a power user’s dream, with more features than anyone can hope to incorporate into a workflow, which is kind of the point: if there’s a feature you want, OmniFocus has it, so you can organize your tasks basically any way you can imagine.

Syncing is offered only between Apple devices. There’s a web version that’s intended for occasional usage away from your Apple machines, but non-Apple users should probably look elsewhere.

You can connect OmniFocus to your other favorite apps with OmniFocus’s Zapier integration. Whenever something happens in another app that you want to keep track of in OmniFocus, Zapier will automatically send it there.

Create OmniFocus tasks from new saved Slack messages

Try it

Slack, OmniFocus

Slack + OmniFocusMore details

Create OmniFocus tasks for new starred emails on Gmail

Try it

Gmail, OmniFocus

Gmail + OmniFocusMore details

Create OmniFocus tasks from new or moved Trello cards

Try it

Trello, OmniFocus

Trello + OmniFocusMore details

OmniFocus price: From $99.99/year for the recurring plan, which includes all apps and the web version. Also available as a one-time purchase from $49.99 (14-day free trial).

Best to-do list app for making doing things fun

Habitica (Web, Android, iPhone and iPad)

Games are fantastic at motivating mundane activity—how else can you explain all that time you’ve spent on mindless fetch quests? Habitica, formerly known as HabitRPG, tries to use principles from game design to motivate you to get things done, and it’s remarkably effective. You can add tasks, daily activities, and habits to a list. You also have a character, who levels up when you get things done and takes damage when you put things off. You can also earn in-game currency for buying offline rewards, such as a snack, or in-game items like weapons or even silly hats.

This is even better when you join a few friends and start a party. You can all fight bosses together, but be careful: fail to finish some tasks on time and your friends will take damage. If that doesn’t motivate you, nothing will.

What’s the downside? Habitica isn’t a great to-do list for managing long-term projects, so you might need something else for that. But if motivation is your problem, Habitica is well worth a spin.

Habitica price: Free version available; paid version from $5/month.

Best to-do list app for Google power users

Google Tasks (Web, Android, iPhone and iPad)

If you live in Gmail and Google Calendar, Google Tasks is an obvious free to-do list app to try out. That’s because it lives right in the sidebar of those two apps, and offers more than a few integrations. Plus, there’s a dedicated mobile app.

The app itself is spartan. Adding tasks is quick, particularly if you spend a lot of time in Gmail anyway, but there’s not a lot of organizational offerings. There are due dates, lists, descriptions, subtasks, and the ability to “Star” tasks. There’s not much beyond that, which is ok. On the desktop, the integration with Gmail is a key selling point. You can drag an email to Google Tasks to turn it into a task, for example. You also can see your tasks on your Google Calendar, if you want.

The best to-do app is one that’s always handy. If you’re the kind of person who always has Gmail open on your computer, it’s hard for any app to be handier than Google Tasks. The mobile versions make those tasks accessible on the go.

You can automatically move information between Google Tasks and your other apps with Google Tasks’ integration on Zapier. Here are a few examples of workflows you can automate, so you can stop manually moving your tasks.

Create Trello cards from new Google Tasks tasks

Try it

Google Tasks, Trello

Google Tasks + TrelloMore details

Add new Google Tasks to Todoist as tasks

Try it

Google Tasks, Todoist

Google Tasks + TodoistMore details

Add Google Tasks tasks for new Google Calendar events

Try it

Google Calendar, Google Tasks

Google Calendar + Google TasksMore details

Google Tasks price: Free

Take a look at how you can power up all of your Google apps using automation.

Best to-do list app for people who forget to use to-do apps

Any.do (Web, Android, iPhone and iPad)

Any.do offers a really slick mobile app that makes it quick to add tasks, organize them into lists, and add due dates. But where it really shines is with its daily “Plan my Day” feature, which forces you to schedule when you’ll accomplish your various tasks, so that you remember to actually do things. Any.do also integrates nicely with Google and Outlook calendars, allowing you to see your appointments and your tasks in one place. This is exactly what you need if you’re the kind of person who adds things to a list and forgets about them.

The desktop version isn’t quite as slick as the mobile version—it feels cluttered and is more than a little confusing. Still, Any.do’s mobile version alone makes a compelling reason to give it a shot, especially if that’s where you do most of your task management.

Any.do integrates with Zapier, so you can automatically add tasks to Any.do whenever there’s a new calendar event, note, or task in your other apps.

Add Evernote reminders to Any.do as tasks

Try it

Evernote, Any.do

Evernote + Any.doMore details

Create tasks in Any.do for new saved messages in Slack

Try it

Slack, Any.do

Slack + Any.doMore details

Add new incomplete Todoist tasks to Any.do

Try it

Todoist, Any.do

Todoist + Any.doMore details

Any.do price: Free version available; paid version from $2.99/month.

Other to-do list options

We focused on dedicated to-do list apps in this roundup, but plenty of other software can fulfill the same function. Here are a few ideas if none of the above quite fit what you’re looking for:

Project management apps like Trello and Asana can be used as to-do lists, especially if you already use them to manage your other work.
Note-taking apps like Evernote, OneNote, and Google Keep also have to-do list features, if you want to combine your to-do lists and notes.
You can use Notion as a to-do list if that’s where you spend most of your time, and the various Notion alternatives work just as well.
Time-blocking apps are another solid option. These combine a task list with your calendar, encouraging you to decide when you’ll do what.
Google Sheets can be your to-do list. Zapier’s CEO even uses Gmail as his to-do list.
Sticky note apps can also do the trick. So can a piece of paper. Don’t overthink things!

Finding the right task management system is hard because it’s so personal. To that end, let me know if there’s anything you think I missed.

Related reading:

This post was originally published in April 2018 by Andrew Kunesh. The most recent update was in November 2022.

Source :
https://zapier.com/blog/best-todo-list-apps/

The role of government in stopping supply chain attacks and other threats to our way of life.

What is the compromised application?

CrowdStrike Falcon Detection and Protection

Hunting in the CrowdStrike Falcon Platform

Recommendations

Additional Resources

#1: 2 RaaS Attacks in 13 Months#

#2: The Critical Infrastructure Attack on Radiation Alert Networks#

#3: The Three-Step Ransomware Attack That Started with Phishing#

How Do Security Point Solutions Stack Up?#

Here’s Watch Out for in the Coming Months#

1. Log4j#

2. Misconfigured Firewalls and VPNs#

How to Minimize Your Attack Surface and Gain Visibility into the Network#

The Browser is The Most Important Work Interface and the Most Targeted Attack Surface #

Browser Security 101 – What is It That We Need to Protect?#

How to Choose the Right Solution#

The Definitive Browser Security Platform Checklist – What it is and How to Use It#

Browser Security Deep Dive#

The Checklist – A Straightforward Evaluation Shortcut #

How Often Should You Pentest?#

You Have an Agile or Continuous Release Cycle#

Your Web Applications Are Business-Critical#

Your Web Applications Are Customer-Facing#

You Are in a High-Risk Industry#

You Don’t Have Internal Security Operations or a Pen testing Team#

You Are Focused on Mergers or Acquisitions#

The Importance of Continuous Pen Testing#

The Bottom Line#

Description

Resolution

Related Articles

Categories

Types of Backups

UniFi OS Backups

Application Backups

UniFi OS Console Migration

Migrating UniFi Network

Standard Migration

Migrating Applications That Manage Layer 3 Devices

Exporting Individual Sites from a Multi-Site Host

Migrating UniFi Protect

Standard Migration

HDD Migration

How we evaluate and test apps

A to-do list like Todoist

A calendar like Google Calendar

A note-taking app like OneNote

A distraction blocker like Freedom

A habit tracker like Streaks or HabitNow

An app to save things for later like Pocket

A screen recording tool like Loom

Other productivity tools worth checking out

The best to-do list apps

What makes the best to-do list app?

How we evaluate and test apps

Best to-do list app for balancing power and simplicity

Add new Google Calendar events to Todoist as tasks

Add new starred emails to Todoist as tasks [Business Gmail Accounts Only]

Add new Trello cards to Todoist as tasks

Best to-do list app with embedded calendars and timers

Create TickTick tasks for newly-labeled Gmail emails [Business Gmail Accounts Only]

Generate TickTick tasks from new Facebook Leads

Generate TickTick tasks from new HubSpot deals

Best to-do list app for Microsoft power users (and Wunderlist refugees)

Create Workboard action items from new tasks in Microsoft To-Do

Send direct Slack messages with new Microsoft To-Do lists

Create Microsoft To-Do tasks from new Salesforce leads

The best to-do list app with elegant design

Add saved Slack messages to Things as to-dos

Add new Trello cards to Things as to-dos

Create Things to-dos from starred emails in Gmail [Business Gmail Accounts Only]

Best to-do list app for users with a very specific organizational system

Create OmniFocus tasks from new saved Slack messages

Create OmniFocus tasks for new starred emails on Gmail

Create OmniFocus tasks from new or moved Trello cards

Best to-do list app for making doing things fun

Best to-do list app for Google power users

Create Trello cards from new Google Tasks tasks

Add new Google Tasks to Todoist as tasks