NASA’s new HPE-built supercomputer will prepare for landing Artemis astronauts on the Moon

NASA and Hewlett Packard Enterprise (HPE) have teamed up to build a new supercomputer, which will serve NASA’s Ames Research Center in California and develop models and simulations of the landing process for Artemis Moon missions.

The new supercomputer is called ‘Aitken,’ named after American astronomer Robert Grant Aitken, and it can run simulations at up to 3.69 petaFLOPs of theoretical performance power. Aitken is custom-designed by HPE and NASA to work with the Ames modular data centre, which is a project it undertook starting in 2017 to massively reduce the amount of water and energy used in cooling its supercomputing hardware.

Aitken employs second generation Intel Xeon processors, Mellanox InfiniBand high-speed networking, and has 221 TB of memory on board for storage. It’s the result of four years of collaboration between NASA and HPE, and it will model different methods of entry, descent and landing for Moon-destined Artemis spacecraft, running simulations to determine possible outcomes and help determine the best, safest approach.

This isn’t the only collaboration between HPE and NASA: The enterprise computer maker built a new kind of supercomputer able to withstand the rigors of space for the agency, and sent it up to the ISS in 2017 for preparatory testing ahead of potential use on longer missions, including Mars. The two partners then opened that supercomputer for use in third-party experiments last year.

HPE also announced earlier this year that it was buying supercomputer company Cray for $1.3 billion. Cray is another long-time partner of NASA’s supercomputing efforts, dating back to the space agency’s establishment of a dedicated computational modelling division and the establishing of its Central Computing Facility at Ames Research Center.

Remediant lands $15M Series A to disrupt privileged access security

Remediant, a startup that helps companies secure privileged access in a modern context, announced a $15 million Series A today led by Dell Technologies Capital and ForgePoint Capital.

Remediant’s co-founders, Paul Lanzi and Tim Keeler, worked in biotech for years and saw a problem first-hand with the way companies secured privileged access. It was granted to certain individuals in the organization carte blanche, and they believed if you could limit access, it would make the space more secure and less vulnerable to hackers.

Lanzi says they started the company with two core concepts. “The first concept is the ability to assess or detect all of the places where privileged accounts exist and what systems they have access to. The second concept is to strip away all of the privileged access from all of those accounts and grant it back on a just-in-time basis,” Lanzi explained.

If you’re thinking that could get in the way of people who need access to do their jobs, as former IT admins, they considered that. Remediant is based a Zero Trust model where you have to prove you have the right to access the privileged area. But they do provide a reasonable baseline amount of time for users who need it within the confines of continuously enforcing access.

“Continuous enforcement is part of what we do, so by default we grant you four hours of access when you need that access, and then after that four hours, even if you forget to come back and end your session, we will automatically revoke that access. In that way all of the systems that are protected by SecureOne (the company’s flagship product) are held in this Zero Trust state where no one has access to them on a day-to-day basis,” Lanzi said.

Remediant SecureONE Dashboard

Remediant SecureONE Dashboard. Screenshot: Remediant

The company has bootstrapped until now, and has actually been profitable, something that’s unusual for a startup at this stage of development, but Lanzi says they decided to take an investment in order to shift gears and concentrate on growth and product expansion.

Deepak Jeevankumar, managing director at investor Dell Technologies Capital says it’s not easy for security startups to rise above the noise, but he saw something in Remediant’s founders. “Tim, and Paul came from the practitioners viewpoint. They knew the actual problems that people face in terms of privileged access. So they had a very strong empathy towards the customer’s problem because they lived through it,” Jeevankumar told TechCrunch.

He added that the privileged access market hasn’t really been updated in two decades. “It’s a market ripe for disruption. They are combining the just-in-time philosophy with the Zero Trust philosophy, and are bringing that to the crown jewel of administrative access,” he said.

The company’s tools are installed on the customer’s infrastructure, either on-prem or in the cloud. They don’t have a pure cloud product at the moment, but they have plans for a SaaS version down the road to help small and medium sized businesses solve the privileged access problem.

Lanzi says they are also looking to expand the product line in other ways with this investment. “The basic philosophies that underpin our technology are broadly applicable. We want to start applying our technology in those other areas as well. So as we think toward a future that looks more like cloud and more like DevOps, we want to be able to add more of those features to our products,” he said.

Enterprise software is hot — who would have thought?

Once considered the most boring of topics, enterprise software is now getting infused with such energy that it is arguably the hottest space in tech.

It’s been a long time coming. And it is the developers, software engineers and veteran technologists with deep experience building at-scale technologies who are energizing enterprise software. They have learned to build resilient and secure applications with open-source components through continuous delivery practices that align technical requirements with customer needs. And now they are developing application architectures and tools for at-scale development and management for enterprises to make the same transformation.

“Enterprise had become a dirty word, but there’s a resurgence going on and Enterprise doesn’t just mean big and slow anymore,” said JD Trask, co-founder of Raygun enterprise monitoring software. “I view the modern enterprise as one that expects their software to be as good as consumer software. Fast. Easy to use. Delivers value.”

The shift to scale out computing and the rise of the container ecosystem, driven largely by startups, is disrupting the entire stack, notes Andrew Randall, vice president of business development at Kinvolk.

In advance of TechCrunch’s first enterprise-focused event, TC Sessions: Enterprise, The New Stack examined the commonalities between the numerous enterprise-focused companies who sponsor us. Their experiences help illustrate the forces at play behind the creation of the modern enterprise tech stack. In every case, the founders and CTOs recognize the need for speed and agility, with the ultimate goal of producing software that’s uniquely in line with customer needs.

We’ll explore these topics in more depth at The New Stack pancake breakfast and podcast recording at TC Sessions: Enterprise. Starting at 7:45 a.m. on Sept. 5, we’ll be serving breakfast and hosting a panel discussion on “The People and Technology You Need to Build a Modern Enterprise,” with Sid Sijbrandij, founder and CEO, GitLab, and Frederic Lardinois, enterprise writer and editor, TechCrunch, among others. Questions from the audience are encouraged and rewarded, with a raffle prize awarded at the end.

Traditional virtual machine infrastructure was originally designed to help manage server sprawl for systems-of-record software — not to scale out across a fabric of distributed nodes. The disruptors transforming the historical technology stack view the application, not the hardware, as the main focus of attention. Companies in The New Stack’s sponsor network provide examples of the shift toward software that they aim to inspire in their enterprise customers. Portworx provides persistent state for containers; NS1 offers a DNS platform that orchestrates the delivery internet and enterprise applications; Lightbend combines the scalability and resilience of microservices architecture with the real-time value of streaming data.

“Application development and delivery have changed. Organizations across all industry verticals are looking to leverage new technologies, vendors and topologies in search of better performance, reliability and time to market,” said Kris Beevers, CEO of NS1. “For many, this means embracing the benefits of agile development in multicloud environments or building edge networks to drive maximum velocity.”

Enterprise software startups are delivering that value, while they embody the practices that help them deliver it.

The secrets to speed, agility and customer focus

Speed matters, but only if the end result aligns with customer needs. Faster time to market is often cited as the main driver behind digital transformation in the enterprise. But speed must also be matched by agility and the ability to adapt to customer needs. That means embracing continuous delivery, which Martin Fowler describes as the process that allows for the ability to put software into production at any time, with the workflows and the pipeline to support it.

Continuous delivery (CD) makes it possible to develop software that can adapt quickly, meet customer demands and provide a level of satisfaction with benefits that enhance the value of the business and the overall brand. CD has become a major category in cloud-native technologies, with companies such as CircleCI, CloudBees, Harness and Semaphore all finding their own ways to approach the problems enterprises face as they often struggle with the shift.

“The best-equipped enterprises are those [that] realize that the speed and quality of their software output are integral to their bottom line,” Rob Zuber, CTO of CircleCI, said.

Speed is also in large part why monitoring and observability have held their value and continue to be part of the larger dimension of at-scale application development, delivery and management. Better data collection and analysis, assisted by machine learning and artificial intelligence, allow companies to quickly troubleshoot and respond to customer needs with reduced downtime and tight DevOps feedback loops. Companies in our sponsor network that fit in this space include Raygun for error detection; Humio, which provides observability capabilities; InfluxData with its time-series data platform for monitoring; Epsagon, the monitoring platform for serverless architectures and Tricentis for software testing.

“Customer focus has always been a priority, but the ability to deliver an exceptional experience will now make or break a “modern enterprise,” said Wolfgang Platz, founder of Tricentis, which makes automated software testing tools. “It’s absolutely essential that you’re highly responsive to the user base, constantly engaging with them to add greater value. This close and constant collaboration has always been central to longevity, but now it’s a matter of survival.”

DevOps is a bit overplayed, but it still is the mainstay workflow for cloud-native technologies and critical to achieving engineering speed and agility in a decoupled, cloud-native architecture. However, DevOps is also undergoing its own transformation, buoyed by the increasing automation and transparency allowed through the rise of declarative infrastructure, microservices and serverless technologies. This is cloud-native DevOps. Not a tool or a new methodology, but an evolution of the longstanding practices that further align developers and operations teams — but now also expanding to include security teams (DevSecOps), business teams (BizDevOps) and networking (NetDevOps).

“We are in this constant feedback loop with our customers where, while helping them in their digital transformation journey, we learn a lot and we apply these learnings for our own digital transformation journey,” Francois Dechery, chief strategy officer and co-founder of CloudBees, said. “It includes finding the right balance between developer freedom and risk management. It requires the creation of what we call a continuous everything culture.”

Leveraging open-source components is also core in achieving speed for engineering. Open-source use allows engineering teams to focus on building code that creates or supports the core business value. Startups in this space include Tidelift and open-source security companies such as Capsule8. Organizations in our sponsor portfolio that play roles in the development of at-scale technologies include The Linux Foundation, the Cloud Native Computing Foundation and the Cloud Foundry Foundation.

“Modern enterprises … think critically about what they should be building themselves and what they should be sourcing from somewhere else,” said Chip Childers, CTO of Cloud Foundry Foundation . “Talented engineers are one of the most valuable assets a company can apply to being competitive, and ensuring they have the freedom to focus on differentiation is super important.”

You need great engineering talent, giving them the ability to build secure and reliable systems at scale while also the trust in providing direct access to hardware as a differentiator.

Is the enterprise really ready?

The bleeding edge can bleed too much for the likings of enterprise customers, said James Ford, an analyst and consultant.

“It’s tempting to live by mantras like ‘wow the customer,’ ‘never do what customers want (instead build innovative solutions that solve their need),’ ‘reduce to the max,’ … and many more,” said Bernd Greifeneder, CTO and co-founder of Dynatrace . “But at the end of the day, the point is that technology is here to help with smart answers … so it’s important to marry technical expertise with enterprise customer need, and vice versa.”

How the enterprise adopts new ways of working will affect how startups ultimately fare. The container hype has cooled a bit and technologists have more solid viewpoints about how to build out architecture.

One notable trend to watch: The role of cloud services through projects such as Firecracker. AWS Lambda is built on Firecracker, the open-source virtualization technology, built originally at Amazon Web Services . Firecracker serves as a way to get the speed and density that comes with containers and the hardware isolation and security capabilities that virtualization offers. Startups such as Weaveworks have developed a platform on Firecracker. OpenStack’s Kata containers also use Firecracker.

“Firecracker makes it easier for the enterprise to have secure code,” Ford said. It reduces the surface security issues. “With its minimal footprint, the user has control. It means less features that are misconfigured, which is a major security vulnerability.”

Enterprise startups are hot. How they succeed will determine how well they may provide a uniqueness in the face of the ever-consuming cloud services and at-scale startups that inevitably launch their own services. The answer may be in the middle with purpose-built architectures that use open-source components such as Firecracker to provide the capabilities of containers and the hardware isolation that comes with virtualization.

Hope to see you at TC Sessions: Enterprise. Get there early. We’ll be serving pancakes to start the day. As we like to say, “Come have a short stack with The New Stack!”

IBM is moving OpenPower Foundation to The Linux Foundation

IBM makes the Power Series chips, and as part of that has open-sourced some of the underlying technologies to encourage wider use of these chips. The open-source pieces have been part of the OpenPower Foundation. Today, the company announced it was moving the foundation under The Linux Foundation, and while it was at it, announced it was open-sourcing several other important bits.

Ken King, general manager for OpenPower at IBM, says that at this point in his organization’s evolution, they wanted to move it under the auspices of the Linux Foundation . “We are taking the OpenPower Foundation, and we are putting it as an entity or project underneath The Linux Foundation with the mindset that we are now bringing more of an open governance approach and open governance principles to the foundation,” King told TechCrunch.

But IBM didn’t stop there. It also announced that it was open-sourcing some of the technical underpinnings of the Power Series chip to make it easier for developers and engineers to build on top of the technology. Perhaps most importantly, the company is open-sourcing the Power Instruction Set Architecture (ISA). These are “the definitions developers use for ensuring hardware and software work together on Power,” the company explained.

King sees open-sourcing this technology as an important step for a number of reasons around licensing and governance. “The first thing is that we are taking the ability to be able to implement what we’re licensing, the ISA instruction set architecture, for others to be able to implement on top of that instruction set royalty free with patent rights,” he explained.

The company is also putting this under an open governance workgroup at the OpenPower Foundation. This matters to open-source community members because it provides a layer of transparency that might otherwise be lacking. What that means in practice is that any changes will be subject to a majority vote, so long as the changes meet compatibility requirements, King said.

Jim Zemlin, executive director at the Linux Foundation, says that making all of this part of the Linux Foundation open-source community could drive more innovation. “Instead of a very, very long cycle of building an application and working separately with hardware and chip designers, because all of this is open, you’re able to quickly build your application, prototype it with hardware folks, and then work with a service provider or a company like IBM to take it to market. So there’s not tons of layers in between the actual innovation and value captured by industry in that cycle,” Zemlin explained.

In addition, IBM made several other announcements around open-sourcing other Power Chip technologies designed to help developers and engineers customize and control their implementations of Power chip technology. “IBM will also contribute multiple other technologies including a softcore implementation of the Power ISA, as well as reference designs for the architecture-agnostic Open Coherent Accelerator Processor Interface (OpenCAPI) and the Open Memory Interface (OMI). The OpenCAPI and OMI technologies help maximize memory bandwidth between processors and attached devices, critical to overcoming performance bottlenecks for emerging workloads like AI,” the company said in a statement.

The softcore implementation of the Power ISA, in particular, should give developers more control and even enable them to build their own instruction sets, Hugh Blemings, executive director of the OpenPower Foundation explained. “They can now actually try crafting their own instruction sets, and try out new ways of the accelerated data processes and so forth at a lower level than previously possible,” he said.

The company is announcing all of this today at the The Linux Foundation Open Source Summit and OpenPower Summit in San Diego.

Box introduces Box Shield with increased security controls and threat protection

Box has always had to balance the idea of sharing content broadly while protecting it as it moved through the world, but the more you share, the more likely something can go wrong, such as misconfigured shared links that surfaced earlier this year. In an effort to make the system more secure, the company announced Box Shield today in Beta, a set of tools to help employees sharing Box content better understand who they are sharing with, while helping the security team see when content is being misused.

Link sharing is a natural part of what companies do with Box, and as Chief Product- and Chief Strategy Officer Jeetu Patel says, you don’t want to change the way people use Box. Instead, he says it’s his job to make it easier to make it secure and that is the goal with today’s announcement.

“We’ve introduced Box Shield, which embeds these content controls and protects the content in a way that doesn’t compromise user experience, while ensuring safety for the administrator and the company, so their intellectual property is protected,” Patel explained.

He says this involves two components. The first is about raising user awareness and helping them understand what they’re sharing. In fact, sometimes companies use Box as a content management backend to distribute files like documentation on the internet on purpose. They want them to be indexed in Google. Other times, however, it’s through misuse of the file sharing component, and Box wants to fix that with this release by making it clear who they are sharing with and what that means.

They’ve updated the experience on the web and mobile products to make it much clearer through messaging and interface design what the sharing level they have chosen means. Of course, some users will ignore all these messages, so there is a second component to give administrators more control.

2. Box Shield Smart Access

Box Shield access controls. Photo: Box

This involves helping customers build guardrails into the product to prevent leakage of an entire category of documents that you would never want leaked like internal business plans, salary lists or financial documents, or even to granularly protect particular files or folders. “The second thing we’re trying to do is make sure that Box itself has some built-in security guardrails and boundary conditions that can help people reduce the risk around employee negligence or inadvertent disclosures, and then make sure that you have some very precision-based, granular security controls that can be applied to classifications that you’ve set on content,” he explained.

In addition, the company wants to help customers detect when employees are abusing content, perhaps sharing sensitive data like customers lists with a personal account, and flag these for the security team. This involves flagging anomalous downloads, suspicious sessions or unusual locations inside Box.

The tool can also work with existing security products already in place, so that whatever classification has been applied in Box travels with a file, and anomalies or misuse, can be captured by the company’s security apparatus before the file leaves the company’s boundaries.

While Patel acknowledges, there is no way to prevent user misuse or abuse in all cases, by implementing Box Shield, the company is attempting to provide customers with a set of tools to help them reduce the possibility of it going undetected. Box Shield is in private Beta today and will be released in the Fall.

Forced Password Reset? Check Your Assumptions

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site’s efforts to identify customers who are reusing passwords from other sites that have already been hacked.

But ironically, many companies taking these proactive steps soon discover that their explanation as to why they’re doing it can get misinterpreted as more evidence of lax security. This post attempts to unravel what’s going on here.

Over the weekend, a follower on Twitter included me in a tweet sent to California-based job search site Glassdoor, which had just sent him the following notice:

The Twitter follower expressed concern about this message, because it suggested to him that in order for Glassdoor to have done what it described, the company would have had to be storing its users’ passwords in plain text. I replied that this was in fact not an indication of storing passwords in plain text, and that many companies are now testing their users’ credentials against lists of hacked credentials that have been leaked and made available online.

The reality is Facebook, Netflix and a number of big-name companies are regularly combing through huge data leak troves for credentials that match those of their customers, and then forcing a password reset for those users. Some are even checking for password re-use on all new account signups.

The idea here is to stymie a massively pervasive problem facing all companies that do business online today: Namely, “credential-stuffing attacks,” in which attackers take millions or even billions of email addresses and corresponding cracked passwords from compromised databases and see how many of them work at other online properties.

So how does the defense against this daily deluge of credential stuffing work? A company employing this strategy will first extract from these leaked credential lists any email addresses that correspond to their current user base.

From there, the corresponding cracked (plain text) passwords are fed into the same process that the company relies upon when users log in: That is, the company feeds those plain text passwords through its own password “hashing” or scrambling routine.

Password hashing is designed to be a one-way function which scrambles a plain text password so that it produces a long string of numbers and letters. Not all hashing methods are created equal, and some of the most commonly used methods — MD5 and SHA-1, for example — can be far less secure than others, depending on how they’re implemented (more on that in a moment). Whatever the hashing method used, it’s the hashed output that gets stored, not the password itself.

Back to the process: If a user’s plain text password from a hacked database matches the output of what a company would expect to see after running it through their own internal hashing process, that user is then prompted to change their password to something truly unique.

Now, password hashing methods can be made more secure by amending the password with what’s known as a “salt” — or random data added to the input of a hash function to guarantee a unique output. And many readers of the Twitter thread on Glassdoor’s approach reasoned that the company couldn’t have been doing what it described without also forgoing this additional layer of security.

My tweeted explanatory reply as to why Glassdoor was doing this was (in hindsight) incomplete and in any case not as clear as it should have been. Fortunately, Glassdoor’s chief information officer Anthony Moisant chimed in to the Twitter thread to explain that the salt is in fact added as part of the password testing procedure.

“In our [user] database, we’ve got three columns — username, salt value and scrypt hash,” Moisant explained in an interview with KrebsOnSecurity. “We apply the salt that’s stored in the database and the hash [function] to the plain text password, and that resulting value is then checked against the hash in the database we store. For whatever reason, some people have gotten it into their heads that there’s no possible way to do these checks if you salt, but that’s not true.”

CHECK YOUR ASSUMPTIONS

You — the user — can’t be expected to know or control what password hashing methods a given site uses, if indeed they use them at all. But you can control the quality of the passwords you pick.

I can’t stress this enough: Do not re-use passwords. And don’t recycle them either. Recycling involves rather lame attempts to make a reused password unique by simply adding a digit or changing the capitalization of certain characters. Crooks who specialize in password attacks are wise to this approach as well.

If you have trouble remembering complex passwords (and this describes most people), consider relying instead on password length, which is a far more important determiner of whether a given password can be cracked by available tools in any timeframe that might be reasonably useful to an attacker.

In that vein, it’s safer and wiser to focus on picking passphrases instead of passwords. Passphrases are collections of multiple (ideally unrelated) words mushed together. Passphrases are not only generally more secure, they also have the added benefit of being easier to remember.

According to a recent blog entry by Microsoft group program manager Alex Weinert, none of the above advice about password complexity amounts to a hill of beans from the attacker’s standpoint.

Weinert’s post makes a compelling argument that as long as we’re stuck with passwords, taking full advantage of the most robust form of multi-factor authentication (MFA) offered by a site you frequent is the best way to deter attackers. Twofactorauth.org has a handy list of your options here, broken down by industry.

“Your password doesn’t matter, but MFA does,” Weinert wrote. “Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.”

Glassdoor’s Moisant said the company doesn’t currently offer MFA for its users, but that it is planning to roll that out later this year to both consumer and business users.

Password managers also can be useful for those who feel encumbered by having to come up with passphrases or complex passwords. If you’re uncomfortable with entrusting a third-party service or application to handle this process for you, there’s absolutely nothing wrong with writing down your passwords, provided a) you do not store them in a file on your computer or taped to your laptop or screen or whatever, and b) that your password notebook is stored somewhere relatively secure, i.e. not in your purse or car, but something like a locked drawer or safe.

Although many readers will no doubt take me to task on that last bit of advice, as in all things security related it’s important not to let the perfect become the enemy of the good. Many people (think moms/dads/grandparents) can’t be bothered to use password managers  — even when you go through the trouble of setting them up on their behalf. Instead, without an easier, non-technical method they will simply revert to reusing or recycling passwords.

What’s New With Bluekeep? Are Your Devices Vulnerable?

On May 14th, Microsoft released its May 2019 Patch Tuesday. Among several security fixes, it also included a fix for a high-severity security flaw in Microsoft Windows’ RDP (Remote Desktop) component. The vulnerability, dubbed “Bluekeep” and cataloged as CVE-2019-0708 allows attackers to gain remote code execution on machines without being authenticated. The vulnerable versions of Windows are Windows XP, Windows Server 2003, Windows Server 2008 R2 and Windows 7.

The vulnerability is so severe that Microsoft has released exceptional patches for no-longer supported versions of the OS: Windows XP and Windows Server 2003.

Are Your Devices Vulnerable To Bluekeep?

Recently, Shodan added a new dashboard for tracking Bluekeep, Eternalblue and HeartBleed per country. In the US alone, for example, there are currently 101,744 Bluekeep unpatched servers.

image of shodan

According to BinaryEdge, there are almost 1 million worldwide exposed vulnerable machines on the net. 

That’s the reason why “Bluekeep” was marked by the security community as the next “WannaCry” because of its potential for mass damage just like the outbreak of the infamous malware back in 2017.

Has Bluekeep Been Seen In The Wild?

Despite the high profile and the fact that several researchers tweeted about having a working POC, there is still no evidence of an active campaign using this exploit.

Although the security community has shown respectable signs of maturity by not sharing working POCs (for all the understandable reasons), one can’t help but wonder how come the “bad guys” haven’t abused this vulnerability so far? Aren’t they “talented” enough to build a stable exploit? Is it a matter of ROI and it being much easier to use email phishing to infect machines? Or maybe the “bad guys” are keeping their exploits for the right time and for targeted attacks only? 

On July 22nd @MalwareTech, a popular Twitter account focused on hacking and security, tweeted about a published Chinese slide deck “explaining how to turn the crash POC into RCE.”

image of malwaretech tweet

On July 23rd, security researcher @polarply tweeted the following:

image of polarply tweet

On the same day, a researcher going by the name 0xeb-bp published a Bluekeep POC aimed at Windows XP. This POC could be expanded relatively easily by trained hackers into working malicious exploits, and not only for Windows XP. As “0xeb-bp” himself put it in his published analysis:

image of BlueKeep poc

Several cybersecurity companies started to use Bluekeep exploits as part of their pentest services. Among them were Immunity Inc, who added Bluekeep exploit to Canvas – its pentest framework, and NCC Group Infosec who has published at the beginning of August that its consultants are now “armed” with a Bluekeep exploit.

On August 7th, Metasploit added a new DoS exploit to its existing Bluekeep module.

image of metasploit bluekeep module

The point is clear: winter is (coming) getting closer…

SentinelOne Has You Covered

As a NG-AV solution vendor, SentinelOne deploys various honeypots all around the internet. We constantly observe thousands of RDP scans per day. These scans try to brute-force the RDP credentials. In the past few weeks, however, our honeypots have started to detect scans searching for Bluekeep vulnerable machines. At this stage, we haven’t seen exploitation attempts, but the enumeration of such machines indicates that there are “players” who are preparing for the right time to attack (waiting for the exploit to become public?).

Analyzing 20 days of monitored data revealed a pattern of three scans per day for Bluekeep. Following is a list of the source IPs that have scanned our honeypots for that vulnerability.

IOC – source IPs of the Bluekeep Scanners:

142.93.153.141
169.197.108.6
173.255.204.83
184.105.139.68
184.105.139.70
185.156.177.219
185.209.0.70
185.230.127.229
207.154.245.162
209.126.230.71
212.83.191.95
212.92.112.81
212.92.122.96
216.218.206.68
45.32.64.125
5.45.73.53
54.39.134.24
54.39.134.36
54.39.134.39
66.36.230.17
74.82.47.2
74.82.47.4
78.128.112.70
80.82.77.240
87.236.212.183

Almost all of the above IPs are well known IPs of botnets scanning the Internet trying to brute-force” the credentials of several exposed protocols like FTP, Telnet, SSH and RDP to login to those machines. It seems that these botnets are expanding their business to also scan the Internet for machines vulnerable to Bluekeep.

SentinelOne Protects Enterprises From Bluekeep

SentinelOne Agent introduces detection and blocking of exploits targeting the Bluekeep vulnerability, including the POC mentioned above.

If you have any questions about Bluekeep and how it might affect your organization, or if you would like to try a free demo to see how SentinelOne can protect your business from various cyberthreats from ransomware and cryptominers to targeted attacks and APT groups, don’t hesitate to contact us today.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

The five great reasons to attend TechCrunch’s Enterprise show Sept. 5 in SF

The vast enterprise tech category is Silicon Valley’s richest, and today it’s poised to change faster than ever before. That’s probably the biggest reason to come to TechCrunch’s first-ever show focused entirely on enterprise. But here are five more reasons to commit to joining TechCrunch’s editors on September 5 at San Francisco’s Yerba Buena Center for an outstanding day (agenda here) addressing the tech tsunami sweeping through enterprise. 

No. 1: Artificial intelligence
At once the most consequential and most hyped technology, no one doubts that AI will change business software and increase productivity like few, if any, technologies before it. To peek ahead into that future, TechCrunch will interview Andrew Ng, arguably the world’s most experienced AI practitioner at huge companies (Baidu, Google) as well as at startups. AI will be a theme across every session, but we’ll address it again head-on in a panel with investor Jocelyn Goldfein (Zetta), founder Bindu Reddy (Reality Engines) and executive John Ball (Salesforce / Einstein). 

No. 2: Data, the cloud and Kubernetes
If AI is at the dawn of tomorrow, cloud transformation is the high noon of today. Indeed, 90% of the world’s data was created in the past two years, and no enterprise can keep its data hoard on-prem forever. Azure’s CTO
Mark Russinovitch will discuss Microsft’s vision for the cloud. Leaders in the open-source Kubernetes revolution — Joe Beda (VMware), Aparna Sinha (Google) and others — will dig into what Kubernetes means to companies making the move to cloud. And last, there is the question of how to find signal in all the data — which will bring three visionary founders to the stage: Benoit Dageville (Snowflake), Ali Ghodsi (Databricks) and Murli Thirumale (Portworx). 

No. 3: Everything else on the main stage!
Let’s start with a fireside chat with
SAP CEO Bill McDermott and Qualtrics Chief Experience Officer Julie Larson-Green. We have top investors talking where they are making their bets, and security experts talking data and privacy. And then there is quantum computing, the technology revolution waiting on the other side of AI: Jay Gambetta, the principal theoretical scientist behind IBM’s quantum computing effort, Jim Clarke, the director of quantum hardware at Intel Labs and Krysta Svore, who leads Microsoft’s quantum effort.

All told, there are 21 programming sessions.

No. 4: Network and get your questions answered
There will be two Q&A breakout sessions with top enterprise investors; this is for founders (and anyone else) to query investors directly. Plus, TechCrunch’s unbeatable CrunchMatch app makes it really easy to set up meetings with the other attendees, an
incredible array of folks, plus the 20 early-stage startups exhibiting on the expo floor.

No. 5: SAP
Enterprise giant SAP is our sponsor for the show, and they are not only bringing a squad of top executives, they are producing four parallel track sessions, featuring key SAP Chief Innovation Officer
Max Wessel, SAP Chief Designer and Futurist Martin Wezowski and SAP.IO’s managing director Ram Jambunathan (SAP.iO), in sessions including how to scale-up an enterprise startup, how startups win large enterprise customers, and what the enterprise future looks like.

Check out the complete agenda. Don’t miss this show! This line-up is a view into the future like none other. 

Grab your $349 tickets today, and don’t wait til the day of to book because prices go up at the door!

We still have two Startup Demo Tables left. Each table comes with four tickets and a prime location to demo your startup on the expo floor. Book your demo table now before they’re all gone!

Ally raises $8M Series A for its OKR solution

OKRs, or Objectives and Key Results, are a popular planning method in Silicon Valley. Like most of those methods that make you fill in some form once every quarter, I’m pretty sure employees find them rather annoying and a waste of their time. Ally wants to change that and make the process more useful. The company today announced that it has raised an $8 million Series A round led by Accel Partners, with participation from Vulcan Capital, Founders Co-op and Lee Fixel. The company, which launched in 2018, previously raised a $3 million seed round.

Ally founder and CEO Vetri Vellore tells me that he learned his management lessons and the value of OKR at his last startup, Chronus. After years of managing large teams at enterprises like Microsoft, he found himself challenged to manage a small team at a startup. “I went and looked for new models of running a business execution. And OKRs were one of those things I stumbled upon. And it worked phenomenally well for us,” Vellore said. That’s where the idea of Ally was born, which Vellore pursued after selling his last startup.

Most companies that adopt this methodology, though, tend to work with spreadsheets and Google Docs. Over time, that simply doesn’t work, especially as companies get larger. Ally, then, is meant to replace these other tools. The service is currently in use at “hundreds” of companies in more than 70 countries, Vellore tells me.

One of its early adopters was Remitly . “We began by using shared documents to align around OKRs at Remitly. When it came time to roll out OKRs to everyone in the company, Ally was by far the best tool we evaluated. OKRs deployed using Ally have helped our teams align around the right goals and have ultimately driven growth,” said Josh Hug, COO of Remitly.

Desktop Team OKRs Screenshot

Vellore tells me that he has seen teams go from annual or bi-annual OKRs to more frequently updated goals, too, which is something that’s easier to do when you have a more accessible tool for it. Nobody wants to use yet another tool, though, so Ally features deep integrations into Slack, with other integrations in the works (something Ally will use this new funding for).

Since adopting OKRs isn’t always easy for companies that previously used other methodologies (or nothing at all), Ally also offers training and consulting services with online and on-site coaching.

Pricing for Ally starts at $7 per month per user for a basic plan, but the company also offers a flat $29 per month plan for teams with up to 10 users, as well as an enterprise plan, which includes some more advanced features and single sign-on integrations.

Join The New Stack for Pancake & Podcast with Q&A at TC Sessions: Enterprise

Popular enterprise news and research site The New Stack is coming to TechCrunch Sessions: Enterprise on September 5 for a special Pancake & Podcast session with live Q&A, featuring, you guessed it, delicious pancakes and awesome panelists!

Here’s the “short stack” of what’s going to happen:

  • Pancake buffet opens at 7:45 am on Thursday, September 5 at TC Sessions: Enterprise
  • At 8:15 am the panel discussion/podcast kicks off; the topic, “The People and Technology You Need to Build a Modern Enterprise
  • After the discussion, the moderators will host a live audience Q&A session with the panelists
  • Once the Q&A is done, attendees will get the chance to win some amazing raffle prizes

You can only take part in this fun pancake-breakfast podcast if you register for a ticket to  TC Sessions: Enterprise. Use the code TNS30 to get 30% off the conference registration price!

Here’s the longer version of what’s going to happen:

At 8:15 a.m., The New Stack founder and publisher Alex Williams takes the stage as the moderator and host of the panel discussion. Our topic: “The People and Technology You Need to Build a Modern Enterprise.” We’ll start with intros of our panelists and then dive into the topic with Sid Sijbrandij, founder and CEO at GitLab, and Frederic Lardinois, enterprise reporter and editor at TechCrunch, as our initial panelists. More panelists to come!

Then it’s time for questions. Questions we could see getting asked (hint, hint): Who’s on your team? What makes a great technical team for the enterprise startup? What are the observations a journalist has about how the enterprise is changing? What about when the time comes for AI? Who will I need on my team?

And just before 9 a.m., we’ll pick a ticket out of the hat and announce our raffle winner. It’s the perfect way to start the day.

On a side note, the pancake breakfast discussion will be published as a podcast on The New Stack Analysts

But there’s only one way to get a prize and network with fellow attendees, and that’s by registering for TC Sessions: Enterprise and joining us for a short stack with The New Stack. Tickets are now $349, but you can save 30% with code TNS30.