Vulcan Cyber announces $10M Series A to automate security patching efforts

Many software vulnerabilities are already known, and vendors have even issued patches, but the problem is there are so many patches that it’s often difficult for companies to keep up. Vulcan Cyber wants to help by bringing a level of automation to the patching operation, and in the process reduce exposure to known risks.

Today, it announced a $10 million Series A round from Ten Eleven Ventures and YL Ventures .

In a typical scenario, security researchers find vulnerabilities, the vendors disclose them and patch them. From there it’s up to individual companies to take care of downloading and installing the patch, but Vulcan Cyber co-founder and CEO Yaniv Bar-Dayan says the number of patches has been growing at a furious pace with 6000 patches in 2016, 16,000 in 2017 and 18,000 last year. And that growth trajectory is continuing this year, he says.

Vulcan’s ultimate mission is to help companies remediate security vulnerabilities from their infrastructure. They do this by bringing a level of automation to the process, recognizing that humans can’t keep up with these numbers. “We automate the process of prioritization and deployment to remediate more vulnerabilities faster,” Bar-Dayan explained. What’s more, he said that Vulcan does this without risking business operations, while reducing risk and costs.

Highest risk packages

Vulcan Cyber risk prioritization view. Screenshot: Vulcan Cyber

The company raised a $4 million seed round last year, bringing the total raised to $14 million so far. As TechCrunch’s Frederic Lardinois pointed out while writing about that seed round, it’s able to achieve this level of automation, while working with the tools developers and security teams typically work with anyway.

“Vulcan Cyber plays nicely with all of the major cloud platforms, as well as tools like Puppet, Chef and Ansible, as well as GitHub and Bitbucket. It also integrates with a number of major security testing tools and vulnerability scanners, including Black Duck, Nessus, Fortify, Tripwire, Checkmarx, Rapid7 and Veracode,” Lardinois wrote.

The company was founded last year and has 25 employees. It plans to continue building its engineering team in Israel with the money from this round, as well as opening an office in San Francisco for sales, marketing and customer success.

Bright Machines wants to put AI-driven automation in every factory

There’s a mythology around today’s factories that says everything is automated by robotics, and while there is some truth to that, it’s hard to bring that level of sophistication to every facility, especially those producing relatively small runs. Today, Bright Machines, a San Francisco startup announced its first product designed to put intelligence and automation in reach of every manufacturer, regardless of its size.

The startup, which emerged last fall with $179 million in Series A funding, has a mission to make every aspect of manufacturing run in a software-defined automated fashion. Company CEO Amar Hanspal understands it’s a challenging goal, and today’s announcement is about delivering version 1.0 of that vision.

“We have this ambitious idea to fundamentally change the way factories operate, and what we are all about is to get to autonomous programmable factories,” he said. To start on that journey, since getting its initial funding in October, the company has been building a team that includes manufacturing, software and artificial intelligence expertise. It brought in people from Autodesk, Amazon and Microsoft and opened offices in Seattle and Tel Aviv.

The product it is releasing today is called the Software Defined Microfactory and it consists of hardware and software components that work in tandem. “What the Software Defined Microfactory does is package together robotics, computer vision, machine handling and converged systems in a modular way with hardware that you can plug and play, then the software comes in to instruct the factory on what to build and how to build it,” Hanspal explained.

Obviously, this is not an easy thing to do, and it’s taken a great deal of expertise to pull it together over the last months since the funding. It’s also required having testing partners. “We have about 20 product brands around the world and about 25 production lines in seven countries that have been iterating with us toward version one, what we are releasing today,” Hanspal said.

The company is concentrating on the assembly line for starters, especially when building smaller runs like say a specialized computer board or a network appliance where the manufacturer might produce just 50,000 in total, and could benefit from automation, but couldn’t justify the cost before.

“The idea here is going after the least automated part inside of factory, which is the assembly line, which is typically where people have to throw bodies at the problem and assembly lines have been hard to automate. The operations around assembly typically require human dexterity and judgment, trying to align things or plug things in,” Hanspal said.

The hope is to create a series of templates for different kinds of tooling, where they can get the majority of the way there with the software and robotics, and eventually just have to work on the more customized bits. It is an ambitious goal, and it’s not going to be easy to pull off, but today’s release is a first step.

Showpad, a sales enablement platform for presentations and other collateral, raises $70M

Sales teams have long turned to tech solutions to help improve how they source leads, develop relationships and close deals. Now, one of the startups that helps out at a key point in that trajectory is announcing a round of growth funding to help fuel its own rapid growth. Showpad, a sales enablement platform that lets salespeople source and organise relevant content and other collateral that they use in their deals, has raised a Series D of $70 million.

The funding, which brings the total raised by Showpad to $160 million, is coming in the form of debt and equity. The equity part is co-led by Dawn Capital and Insight Partners, with existing investors Hummingbird Ventures, and Korelya Capital also participating. Silicon Valley Bank is providing debt financing. This is one of the first big investments out of Dawn’s Opportunities Fund that we wrote about last week.

The company is not disclosing its valuation but Pieterjan Bouten, the CEO who co-founded the company with Louis Jonckheere (currently CPO) and Peter Minne (CTO), confirmed that it has doubled since last year, and is seven times the valuation it had when it raised a $50 million Series C in 2016. The company is growing 90% year-on-year at the moment in terms of revenues.

And as a point of reference, another sales enablement player, Seismic, last December raised a Series E of $100 million at a $1 billion valuation.

Founded in Ghent, Belgium, Showpad today operates across two main headquarters, its original European base and Chicago. The latter was the homebase of LearnCore, a company that Showpad acquired last year that focuses on sales coaching and training. This became a strategic acquisition to expand Showpad’s primary product, a platform that acts as a kind of content management system for sales collateral. (Today, while Chicago is where Showpad builds its go-to market efforts and professional services, Ghent focuses on engineering and product, he said.) As it happens, Chicago is also the headquarters of Seismic.

As Bouten described in an interview, Showpad is part of what he considers to be the fourth pillar of the technology marketing stack: storage (the cloud services where you keep all your data), CRM, marketing automation and sales enablement, where Showpad sits.

While the first three are key to helping to manage a salesperson’s activities and work, the fourth is a crucial one for helping to make sure a salesperson can do his or her job more effectively.

Traditionally a lot of the content that salespeople used — presentations, white papers, other materials — to help make their cases and close their deals would be managed offline and directly by individual salespeople. Showpad has taken some of that process and made it digital, which means that now teams of salespeople can more effectively share materials amongst each other; and interestingly the material and its link to successful sales becomes part of how Showpad “learns” what works and what doesn’t.

That, in turn, helps build Showpad’s own artificial intelligence algorithms, to help suggest the best materials for a particular sales effort either to someone else in that team, or to other salespeople using the platform.

“To date there has been enormous innovation in automating the marketing and sales workflow. However, in the end, sales comes down to one person selling to another,” said Norman Fiore, General Partner at Dawn Capital and member of the Showpad Board, in a statement. “Historically, this has been an offline process that has been wildly inconsistent and opaque. Showpad’s suite of products succeeds in bringing this process online for the first time with data-rich feedback loops on the effectiveness of teams, managers, salespeople and even individual pieces of sales content.”

This is a crowded area of the market with a number of standalone companies building sales enablement solutions, but also other companies within the sales stack also adding on enablement as a value-added service.

For now, though, Bouten notes that these are more strategic partners than competitors. For example, Salesforce and Microsoft are partners, and, he adds, “We integrate with Salesloft to make sure sure emails that are sent out are using the right content. We become the single source of truth but also are being used for outreach.”

Today, the company has around 1,200 enterprise customers, including Johnson & Johnson, GE Healthcare, Bridgestone, Honeywell, and Merck. The plan going forward will be to continue building out the services that it offers around its sales enablement software, alongside the core product itself.

“You can equip sales people with the best content, but if they are not trained and coached in the right way, it goes nowhere,” Bouten said.

Tundra, the zero-fee wholesale marketplace, picks up $12 million

Tundra, a new zero-commission wholesale marketplace, has today announced the close of $12 million in Series A funding. The round was led by Redpoint’s Annie Kadavy, with participation from investors such as Initialized Capital, Peterson Ventures, FJ Labs, Switch Ventures and Background Capital.

Tundra was founded by married couple Arnold and Katie Engel who previously ran a global supply chain company called Vox Supply Chain. In that world, they quickly realized just how much inefficiency is built into the wholesale market, from disorganized trade shows to transaction fees from the incumbents to a business that’s largely done on phone with pen and paper.

That’s where Tundra comes in.

Tundra allows suppliers to list their products on the platform, which is built to look and feel like a B2C marketplace. Buyers can come on the platform and shop for products, complete with ratings and reviews, supplier performance metrics, and free shipping with easy tracking.

“The wholesale market is set up to benefit big businesses, with other platforms and distributors charging anywhere from 5 percent to 30 percent commission,” said Engel. “That can be particularly pronounced for small businesses.”

Plus, it can be perilous for small players to depend on big platforms like Amazon. Just a few weeks ago, there were rumors that Amazon would focus its attention on big brands like P&G and purge smaller suppliers from the platforms. Amazon denied the rumors, saying it evaluates suppliers on an individual basis.

For Tundra, the hope is to eliminate both the time-consuming and tedious process of negotiating deals at trade shows as well as the cost of simply buying and selling wholesale products online. And, importantly, Tundra has a zero-fee model, which means that buyers and suppliers can operate on the platform without spending a penny if they so choose.

Of course, the company has to generate revenue in some way, which is why Tundra offers premium options at checkout, such as faster shipping, order insurance, and additional custom clearance and logistics services for international orders.

Having spent a year serving as Head of Strategic Operations growing Uber Freight, Redpoint Managing Director Annie Kadavy saw first-hand just how gargantuan the wholesale market is. During a phone interview, she reminded me that almost every item within view at any given moment was shipped on a truck and purchased at a wholesale price before it was purchased by a consumer in a store.

“Tundra’s greatest challenge ahead is execution, because the market opportunity here is very obvious,” said Kadavy. “It’s a huge business that is currently transacted by fax, phone call and pen and paper, so the opportunity is very clear.”

There is clearly movement in the space. Just last month, Shopify acquired Handshake to handle B2B e-commerce directly for customers. That followed its acquisition of dropshipping platform Oberlo in 2017, signaling the fact that existing platforms realize the opportunity of wholesale e-commerce, as well.

And a recent report stated that B2B e-commerce passed the $1 trillion mark for the first time in 2018.

The opportunity is there, as is the competition, but Tundra comes to the table armed with fresh capital.

Orderful nabs $10M from A16Z to modernise the B2B supply chain network

The march of globalization continues unabated, and with it comes a growing demand for companies of all sizes to communicate with and sell to each other, regardless of the distance or any other barrier. Now, a startup that has built a platform to help them do that better and more cheaply is announcing a round of funding to capitalize on the opportunity. Orderful, which aims to modernize supply chain management through an API-based cloud service, has raised $10 million in a Series A from Andreessen Horowitz.

The new funding comes on the back of a previous seed round from Initialized Capital and a period of time mostly bootstrapping the business. It will be used to continue building out more functionality on the platform and to continue to expand the network of partners using it. Today there are 1,000 retailers, 10,000 vendors and 5,000 carriers on Orderful’s platform, but even that still only represents a small part of the wider industry of businesses that buy, sell and transport components and full products from A to B.

To understand the problem that Orderful is trying to fix, a little rundown on how supply chain management works today is helpful. In the old, pre-computer days, all information exchange happened by way of phone, fax, post, and documents that often were delivered along with goods, which all required manual assessment and recording.

The rise of computers and the internet did push that system into the digital world, but only just: electronic data interchange (EDI), as this general area is known, is a loosely organised set of technical standards to use computers to communicate this data between businesses to enable purchases, make accounting reconciliations, and transfer shipping details.

It’s a business that has boomed with the growth of globalization and companies trading with each other at an increasing pace. Supply chain management software is a market that ballooned to $14 billion in value in 2018, according to Gartner. Incumbent leaders include the likes of SAP, Oracle and JDA.

The problem is that EDI is actually not as easy as it ought to be. It’s a hodge-podge of standards, you usually need a team of specialists to integrate the services at each end point, and it doesn’t allow for a wider network effect that you might get from being “online” with one supplier already. All of that translates to it being actually quite slow and expensive.

Erik Kiser, the founder and CEO of Orderful, found and identified this inefficiency while he was working as one of those specialists, realizing that with the rise of APIs, large database technology and cloud-based software-as-a-service, there was an opportunity to build a new kind of platform that could do everything that EDI did, but on a supercharged basis.

Marc Andreessen (co-founder of A16Z) coined the phrase ‘software will eat the world,’ Kiser noted to me, “But actually software eats software sometimes, too.”

The idea behind Orderful is that it has created a series of APIs that can adapt to whatever systems a business is already using, in turn “translating” that business’s product and other data into information that can be imported into the Orderful platform to in turn be picked up by buyers, sellers, and shippers.

(In other words, there is no expectation of ripping out legacy systems, but simply creating bridges to migrate what is already there to newer and better platforms.) This also brings down the operational costs of hiring teams to build and potentially run EDI integrations.

“EDI predates the internet, and there are not many digital protocols that we use today that are pre-internet,” David Ulevitch, the partner at Andreessen Horowitz who led the investment and joined the board, said in an interview.

“Orderful, and Erik, recognised that as more commerce was becoming digital, there needed to be a better way to do all this. There is currently no SaaS company out there addressing this and removing the friction. It provides velocity between distributors and producers because when you connect once you can then trade with a number of partners. Time is up for EDI.”

While there may be no direct competitor to Orderful at the moment, there are a lot of potential players that I can see posing a challenge down the line (or potentially working with or even buying Orderful if not). They include the incumbents in supply-chain management like Oracle, SAP and the rest.

But also companies like Amazon, which has built its own EDI alternative (or version, you might say) that is used for its own management of suppliers. The company is very well known for building for itself, and then productizing, but for now Kiser says that it’s a partner, and customers can interface and sell to Amazon on Orderful using its APIs.

One thing that Amazon is instructive about, though, is when considering how Orderful’s data trove could be used for more analytics and business intelligence down the line.

“I don’t think companies not doing business with Amazon will be inclined to use its platform for trading,” Kiser said. “But they do have a lot of information about their network.”

Indeed, he pointed out that it’s been said there are some 30 economists at the company looking at its B2B supply chain data, and considering how it can be parsed for example to predict inflation.

“They are already using the data. With Orderful we have the opportunity to be the most influential software company if we can be the plumbing that connects companies,” Kiser said. “There are a ton of services that we can add on the platform and that’s where we are going even if right now we are focused on the plumbing and simply making it easy to trade data.”

 

Snowflake co-founder and president of product Benoit Dageville is coming to TC Sessions: Enterprise

When it comes to a cloud success story, Snowflake checks all the boxes. It’s a SaaS product going after industry giants. It has raised bushels of cash and grown extremely rapidly — and the story is continuing to develop for the cloud data lake company.

In September, Snowflake’s co-founder and president of product Benoit Dageville will join us at our inaugural TechCrunch Sessions: Enterprise event on September 5 in San Francisco.

Dageville founded the company in 2012 with Marcin Zukowski and Thierry Cruanes with a mission to bring the database, a market that had been dominated for decades by Oracle, to the cloud. Later, the company began focusing on data lakes or data warehouses, massive collections of data, which had been previously stored on premises. The idea of moving these elements to the cloud was a pretty radical notion in 2012.

It began by supporting its products on AWS, and more recently expanded to include support for Microsoft Azure and Google Cloud.

The company started raising money shortly after its founding, modestly at first, then much, much faster in huge chunks. Investors included a Silicon Valley who’s who such as Sutter Hill, Redpoint, Altimeter, Iconiq Capital and Sequoia Capital .

Snowflake fund raising by round. Chart: Crunchbase

Snowflake fund raising by round. Chart: Crunchbase

The most recent rounds came last year, starting with a massive $263 million investment in January. The company went back for more in October with an even larger $450 million round.

It brought on industry veteran Bob Muglia in 2014 to lead it through its initial growth spurt. Muglia left the company earlier this year and was replaced by former ServiceNow chairman and CEO Frank Slootman.

TC Sessions: Enterprise (September 5 at San Francisco’s Yerba Buena Center) will take on the big challenges and promise facing enterprise companies today. TechCrunch’s editors will bring to the stage founders and leaders from established and emerging companies to address rising questions, like the promised revolution from machine learning and AI, intelligent marketing automation and the inevitability of the cloud, as well as the outer reaches of technology, like quantum computing and blockchain.

Tickets are now available for purchase on our website at the early-bird rate of $395.

Student tickets are just $245 – grab them here.

We have a limited number of Startup Demo Packages available for $2,000, which includes four tickets to attend the event.

For each ticket purchased for TC Sessions: Enterprise, you will also be registered for a complimentary Expo Only pass to TechCrunch Disrupt SF on October 2-4.

WeWork acquires Waltz, an app that lets users access different spaces with a single credential

WeWork announced today that it will acquire Waltz, a building access and security management startup, for an undisclosed amount. Waltz’s smartphone app and reader allows users to enter different properties with a single credential and will make it easier for WeWork’s enterprise clients, such as GE Healthcare and Microsoft, to manage their employees’ on-demand memberships to WeWork spaces.

WeWork’s announcement said “with deep expertise in mobile access and system integrations, Waltz has the most advanced and sophisticated products to provide that single credential to our members and to help us better connect them with our spaces.” Waltz was founded in 2015 by CEO Matt Kopel and has offices in New York and Montreal. After the acquisition, Waltz will be integrated into WeWork, but maintain its current customer base.

WeWork has been on an acquisition spree over the past year as it evolves from co-working spaces to a software-as-a-service provider. Companies it has bought include office management platforms Teem (for $100 million) and Managed by Q, as well as Euclid, a “spatial analytics platform” that allows companies to analyze the use of workspaces by their employees and participation at meetings and other events.

Likewise, Waltz isn’t just an alternative to keys or access cards. Its cloud-based management portal gives companies data about who enters and exits their buildings and also allows teams to set “Door Groups,” which restricts the use of some spaces to certain people. According to Waltz’s help site, it can also be used to make revenue through ads displayed in its app.

Tracing the Supply Chain Attack on Android

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “Yehuo” or “Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware.

“Yehuo” () is Mandarin for “wildfire,” so one might be forgiven for concluding that Google was perhaps using another dictionary than most Mandarin speakers. But Google was probably just being coy: The vendor in question appears to have used both “blazefire” and “wildfire” in two of many corporate names adopted for the same entity.

An online search for the term “yehuo” reveals an account on the Chinese Software Developer Network which uses that same nickname and references the domain blazefire[.]com. More searching points to a Yehuo user on gamerbbs[.]cn who advertises a mobile game called “Xiaojun Junji,” and says the game is available at blazefire[.]com.

Research on blazefire[.]com via Domaintools.com shows the domain was assigned in 2015 to a company called “Shanghai Blazefire Network Technology Co. Ltd.” just a short time after it was registered by someone using the email address “tosaka1027@gmail.com“.

The Shanghai Blazefire Network is part of a group of similarly-named Chinese entities in the “mobile phone pre-installation business and in marketing for advertisers’ products to install services through mobile phone installed software.”

“At present, pre-installed partners cover the entire mobile phone industry chain, including mobile phone chip manufacturers, mobile phone design companies, mobile phone brand manufacturers, mobile phone agents, mobile terminal stores and major e-commerce platforms,” reads a descriptive blurb about the company.

A historic records search at Domaintools on that tosaka1027@gmail.com address says it was used to register 24 Internet domain names, including at least seven that have been conclusively tied to the spread of powerful Android mobile malware.

Two of those domains registered to tosaka1027@gmail.com — elsyzsmc[.]com and rurimeter[.]com — were implicated in propagating the Triada malware. Triada is the very same malicious software Google said was found pre-installed on many of its devices and being used to install spam apps that display ads.

In July 2017, Russian antivirus vendor Dr.Web published research showing that Triada had been installed by default on at least four low-cost Android models. In 2018, Dr.Web expanded its research when it discovered the Triada malware installed on 40 different models of Android devices.

At least another five of the domains registered to tosaka1027@gmail.com — 99youx[.]com, buydudu[.]com, kelisrim[.]com, opnixi[.]com and sonyba[.]comwere seen as early as 2016 as distribution points for the Hummer Trojan, a potent strain of Android malware often bundled with games that completely compromises the infected device.

A records search at Domaintools for “Shanghai Blazefire Network Technology Co” returns 11 domains, including blazefire[.]net, which is registered to a yehuo@blazefire.net. For the remainder of this post, we’ll focus on the bolded domain names below:

Domain Name      Create Date   Registrar
2333youxi[.]com 2016-02-18 ALIBABA CLOUD COMPUTING (BEIJING) CO., LTD
52gzone[.]com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., LTD
91gzonep[.]com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., LTD
blazefire[.]com 2000-08-24 ALIBABA CLOUD COMPUTING (BEIJING) CO., LTD
blazefire[.]net 2010-11-22 ALIBABA CLOUD COMPUTING (BEIJING) CO., LTD
hsuheng[.]com 2015-03-09 GODADDY.COM, LLC
jyhxz.net 2013-07-02 —
longmen[.]com 1998-06-19 GODADDY.COM, LLC
longmenbiaoju[.]com 2012-12-09 ALIBABA CLOUD COMPUTING (BEIJING) CO., LTD
oppayment[.]com 2013-10-09 ALIBABA CLOUD COMPUTING (BEIJING) CO., LTD
tongjue[.]net 2014-01-20 ALIBABA CLOUD COMPUTING (BEIJING) CO., LTD

Following the breadcrumbs from some of the above domains we can see that “Blazefire” is a sprawling entity with multiple business units and names. For example, 2333youxi[.]com is the domain name for Shanghai Qianyou Network Technology Co., Ltd., a firm that says it is “dedicated to the development and operation of Internet mobile games.”

Like the domain blazefire[.]com, 2333youxi[.]com also was initially registered to tosaka1027@gmail.com and soon changed to Shanghai Blazefire as the owner.

The offices of Shanghai Quianyou Network — at Room 344, 6th Floor, Building 10, No. 196, Ouyang Rd, Shanghai, China — are just down the hall from Shanghai Wildfire Network Technology Co., Ltd., reportedly at Room 35, 6th Floor, Building 10, No. 196, Ouyang Rd, Shanghai.

The domain tongjue[.]net is the Web site for Shanghai Bronze Network Technology Co., Ltd., which appears to be either another name for or a sister company to Shanghai Tongjue Network Technology Co., Ltd.  According to its marketing literature, Shanghai Tongjue is situated one door down from the above-mentioned Shanghai Quianyou Network — at Room 36, 6th Floor, Building 10, No. 196, Ouyang Road.

“It has developed into a large domestic wireless Internet network application,” reads a help wanted ad published by Tongjue in 2016.  “The company is mainly engaged in mobile phone pre-installation business.”

That particular help wanted ad was for a “client software development” role at Tongjue. The ad said the ideal candidate for the position would have experience with “Windows Trojan, Virus or Game Plug-ins.” Among the responsibilities for this position were:

-Crack the restrictions imposed by the manufacturer on the mobile phone.
-Research and master the android [operating] system
-Reverse the root software to study the root of the android mobile phone
-Research the anti-brushing and provide anti-reverse brushing scheme

WHO IS BLAZEFIRE/YEHUO?

Many of the domains mentioned above have somewhere in their registration history the name “Hsu Heng” and the email address yehuo@blazefire.net. Based on an analysis via cyber intelligence firm 4iq.com of passwords and email addresses exposed in multiple data breaches in years past, the head of Blazefire goes by the nickname “Hagen” or “Haagen” and uses the email “chuda@blazefire.net“.

Searching on the phrase “chuda” in Mandarin turns up a 2016 story at the Chinese gaming industry news site Youxiguancha.com that features numerous photos of Blazefire employees and their offices. That story also refers to the co-founder and CEO of Blazefire variously as “Chuda” and “Chu da”.

“Wildfire CEO Chuda is a tear-resistant boss with both sports (Barcelona hardcore fans) and literary genre (playing a good guitar),” the story gushes. “With the performance of leading the wildfire team and the wildfire product line in 2015, Chu has won the top ten new CEO awards from the first Black Rock Award of the Hardcore Alliance.”

Interestingly, the registrant name “Chu Da” shows up in the historical domain name records for longmen[.]com, perhaps Shanghai Wildfire’s oldest and most successful mobile game ever. That record, from April 2015, lists Chu Da’s email address as yehuo@blazefire.com.

The CEO of Wildfire/Blazefire, referred to only as “Chuda” or “Hagen.”

It’s not clear if Chuda is all or part of the CEO’s real name, or just a nickname; the vice president of the company lists their name simply as “Hua Wei,” which could be a real name or a pseudonymous nod to the embattled Chinese telecom giant by the same name.

According to this cached document from Chinese business lookup service TianYanCha.com, Chuda also is a senior executive at six other companies.

Google declined to elaborate on its blog post. Shanghai Wildfire did not respond to multiple requests for comment.

It’s perhaps worth noting that while Google may be wise to what’s cooking over at Shanghai Blazefire/Wildfire Network Technology Co., Apple still has several of the company’s apps available for download from the iTunes store, as well as others from Shanghai Qianyou Network Technology.

Linux Admins! Grab Our Free Tool To Protect Against Netflix SACK Panic

Linux admins are being urged to check for and patch three TCP networking vulnerabilities discovered by Netflix researchers. While patches have been made available, testing patches against a full stack of software applications can sometimes be a lengthy process. Given the urgency and widespread nature of the vulnerabilities, SentinelOne has released a free tool that can quickly identify affected Linux systems and immediately protect against these new vulnerabilities.

What Did Netflix Discover?

A security advisory from Netflix researchers on Friday identified three vulnerabilities that affect Linux kernels. The vulnerabilities are catalogued as 

  • CVE-2019-11477: SACK Panic (Linux >= 2.6.29) Severity: Important
  • CVE-2019-11478: SACK Excess Resource Usage (Linux < 4.15 / All Linux Versions) Severity: Moderate
  • CVE-2019-11479: Excess Resource Usage (all Linux versions) Severity: Moderate

A fourth, related, vulnerability, CVE-2019-5599 also affects devices running FreeBSD.

Affected Linux systems may be vulnerable to attacks from maliciously crafted TCP packets that use low MMS (Maximum Segment Size) values and manipulate TCP SACK (Selective TCP Acknowledgement) processing. 

Exploiting these vulnerabilities could result in excess resource consumption or trigger a kernel panic, leading to a possible Denial-of-Service attack.

Why is the Linux Kernel Vulnerable to SACK Panic?

SACK or Selective TCP Acknowledgement is a technology designed to make TCP more efficient. When a device receives a data stream over TCP, it doesn’t need to care about the order the packets arrive in. TCP is designed so that packets can be reassembled in the right order by making use of sequence numbers in the TCP headers. As part of the two-way communication between host and receiver, Selective TCP Acknowledgements are sent back to the host so that both the host and receiver know which packets have arrived and which need to be resent.

The SACK Panic vulnerability lies in the way the receiver holds on to the data while waiting for the transmission to be complete. When a packet is processed with a low MMS, it’s possible for the sequence of SACKs to exceed the number of segments that can be stored in the Socket Buffer (SKB) at any one time. When that happens, an integer overflow occurs and causes a kernel panic.

How Can I Protect Against SACK Panic?

To exploit the SACK Panic and related vulnerabilities, attackers would need to attack a Linux box that has both TCP probing and SACK processing enabled. These are, however, common defaults. 

Fortunately, we can effectively close these vulnerabilities either by manipulating the tables used by the Linux kernel firewall, using iptables to drop packets received with a low MMS or by disabling SACK processing entirely. We also need to ensure that TCP probing is disabled by setting the appropriate value with sysctl.

In order to determine if you’re running an affected system and to quickly apply the needed workarounds, SentinelOne researcher Dor Dankner has developed this script

You can use the script to first check if your system is vulnerable, and if so to apply the workarounds. The script makes a backup copy of your current settings to allow you to easily revert if needed, and it also ensures that the settings are persistent across reboots.

Running as root, let’s first use the script’s check option to see if we’re vulnerable.

image of initial check

In this case, it looks like we are, so we’ll now use install to enable the protection:

image of install patch

All looks good, and we have the option to restore if needed. Persistence is also enabled. Let’s just confirm by running check again.

image of confirm check

As expected, the script now reports that this device is no longer vulnerable to the three Linux kernel TCP networking vulnerabilities discovered by Netflix. 

Be aware that there is an edge case here, which is that by preventing a low MMS, legitimate connections utilising a low MMS will also be dropped. Therefore, it’s a good idea to test and apply appropriate patches at your earliest opportunity for a more robust, long-term solution.

Where is the Free Tool Available?

You can download the free tool from SentinelOne’s public Github repository here.

Conclusion

Given the huge number of affected devices, it’s only a matter of time before threat actors move to develop exploits for Linux machines that are not protected against these TCP networking vulnerabilities. Using the free SentinelOne tool, you can secure your endpoints immediately from any such attacks. 


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Gartner finds RPA is fastest growing market in enterprise software

If you asked the average person on the street what Robotic Process Automation is, most probably wouldn’t have a clue. Yet new data from Gartner finds the RPA market grew over 63% last year, making it the fastest growing enterprise software category. It is worth noting, however, that the overall market value of $846.2 million remains rather modest compared to other multi-billion dollar enterprise software categories.

RPA helps companies automate a set of highly manual processes.The beauty of RPA, and why companies like it so much, is that it enables customers to bring a level of automation to legacy processes without having to rip and replace the legacy systems.

As Gartner points out, this plays well in companies with large amounts of legacy infrastructure like banks, insurance companies, telcos and utilities.”The ability to integrate legacy systems is the key driver for RPA projects. By using this technology, organizations can quickly accelerate their digital transformation initiatives, while unlocking the value associated with past technology investments,” Fabrizio Biscotti, research vice president at Gartner said in a statement.

The biggest winner in this rapidly growing market is UIPath, the startup that raised $568 million on a fat $7 billion valuation last year. One reason it’s attracted so much attention is its incredible growth trajectory. Consider that UIPath brought in $15.7 million in revenue in 2017 and increased that by a whopping 629.5% to $114.8 million last year. That kind of growth tends to get you noticed. It was good for 13.6% marketshare and first place, all the way up from fifth place in 2017, according to Gartner.

Another startup nearly as hot as UIPath is Automation Anywhere, which grabbed $300M from SoftBank at a $2.6B valuation last year. The two companies have raised a gaudy $1.5 billion between them with UIPath bringing in an even $1 billion and Automation Anywhere getting $550 million, according to Crunchbase.

Chart: Gartner

Automation Anywhere revenue grew from $74 million to $108.4 million, a growth clip of 46.5%, good for second place and 12.8 percent marketshare. Automation Anywhere was supplanted in first place by UIPath last year.

Blue Prism, which went public in 2016, issued $130 million in stock last year to raise some more funds, probably to help keep up with UIPath and Automation Anywhere. Whatever the reason, it more than doubled its revenue from $34.6 million to $71 million, a healthy growth rate of 105 percent, good for third place with 8.4 percent marketshare.

For now, everyone it seems is winning as the market grows in leaps and bounds. In fact, the growth numbers down the line are impressive with NTT-ATT growing 456% and Kofax growing 256% year over year as two prime examples, but even with those growth numbers, the marketshare begins to fragment into much smaller bites.

While the market is still very much in a development phase, which could account for this level of growth and jockeying for market position, at some point that fragmentation at the bottom of the market might lead to consolidation as companies try to buy additional marketshare.