SMB loans platform Kabbage to furlough a ‘significant’ number of staff, close office in Bangalore

/0 Comments/in /by

Another tech unicorn is feeling the pinch of doing business during the coronavirus pandemic. Today, Kabbage, the SoftBank-backed lending startup that uses machine learning to evaluate loan applications for small and medium businesses, is furloughing a “significant number” of its U.S. team of 500 employees, according to a memo sent to staff and seen by TechCrunch, in the wake of drastically changed business conditions for the company. It is also completely closing down its office in Bangalore, India, and executive staff is taking a “considerable” pay cut.

The announcement is effective immediately and was made to staff earlier today by way of a video conference call, as the whole company is currently remote working in the current conditions.

Kabbage is not disclosing the full number of staff that are being affected by the news (if you know, you can contact us anonymously). It’s also not putting a time frame on how long the furlough will last, but it’s going to continue providing benefits to affected employees. The intention is to bring them back on when things shift again.

“We realize this is a shock to everyone. No business in the world could have prepared for what has transpired these past few weeks and everyone has been impacted,” co-founder and CEO Rob Frohwein wrote in the memo. “The economic fallout of this virus has rattled the small business community to which Kabbage is directly linked. It’s painful to say goodbye to our friends and colleagues in Bangalore and to furlough a number of U.S. team members. While the duration of the furlough remains uncertain, please bear in mind that the full intention of furloughing is temporary. We simply have no clear idea of how long quarantining or its reverberations in the economy will last.”

Kabbage’s predicament underscores the complicated and stressful calculus faced by tech companies built around providing services to SMBs, or fintech (or both, as in the case of Kabbage).

SMBs are struggling right now in the U.S.: many operate on very short terms when it comes to finances, and closing their businesses (or seeing a drastic reduction in custom) means they will not have the cash to last 10 days without revenue, “and we’re already well past that window,” Frohwein noted in his memo.

In Kabbage’s case, that means not only are SMBs not able to be evaluated and approved for normal loans at the moment, but SMBs that already have loans out are likely facing delinquencies.

The decision to furlough is hard but in relative terms it’s good news: it was made at the eleventh hour after a period when Kabbage was considering layoffs instead.

The company has raised hundreds of millions of dollars in equity and debt, and it was in a healthy state before the coronavirus outbreak. The memo notes that the “board and our top investors are aware of the challenges we are facing and have committed to helping us through this period,” although it doesn’t specify what that means in terms of financial support for the business, and whether that support would have been there for the business as-is.

The shift to furlough from layoffs came in the wake of an announcement yesterday by Steven Mnuchin, the U.S. Secretary of the Treasury, who clarified that “any FDIC bank, any credit union, any fintech lender will be authorized” to make loans to small businesses as a part of the U.S. government’s CARE Act, the giant stimulus package that included nearly $350 billion in loan guarantees for small businesses.

While that provides much-needed relief for these businesses, the implementation of it — the Small Business Administration has already received nearly 1 million claims for disaster-relief loans since the crisis started — has been and is going to be a challenge.

That effectively opens up an opportunity for Kabbage and companies like it to revive and reorient some of its business. (Its USP was always that the AI it uses, which draws on a number of different sources of online data for the business, means a more creative, faster and more accurate assessment of loan applications than what traditional banks typically provide.) Kabbage said it is in “deep discussions” with the Treasury Department, the White House and the Small Business Administration to help expedite applications for aid.

While loans still make up the majority of Kabbage’s business, the company has been making a move to diversify its services, and in recent times it has made acquisitions and launched new services around market intelligence insights and payments services. While there has certainly been a jump in e-commerce, overall the tightening economy will have a chilling effect on the wider market, and it will be worth seeing what happens with other tech companies that focus on loans, as well as adjacent financial services.

Atlassian’s Confluence gets a new template gallery

/0 Comments/in /by

Confluence, Atlassian’s content-centric collaboration tool for teams, is making it easier for new users to get started with the launch of an updated template gallery and 75 new templates. They incorporate what the company has learned from its customers and partners since it first launched the service back in 2004.

About a year ago, Atlassian gave Confluence a major makeover, with an updated editor and advanced analytics. Today’s update isn’t quite as dramatic, but goes to show that Confluence has evolved from a niche wiki for technical documentation teams to a tool that is often used across organizations today.

About 60,000 customers are using Confluence daily, and the new templates reflect the different needs of these companies. The new template gallery will make it easier to find the specific template that makes sense for your business, with new search tools, filters and previews that you can find in the right-hand panel of your Confluence site.

The updated gallery features new templates for design, marketing and HR teams, for example. Working with partners, Atlassian also added templates like a job description guide from Indeed and a design system template from InVision, as well as similar use case-specific templates from HubSpot, Optimizely and others. Because most tasks take more than one template, Atlassian is also launching collections of templates for accomplishing more complex tasks around developing marketing strategies, HR workflows, product development and more.

Annual Protest to ‘Fight Krebs’ Raises €150K+

/0 Comments/in /by

In 2018, KrebsOnSecurity unmasked the creators of Coinhive — a now-defunct cryptocurrency mining service that was being massively abused by cybercriminals — as the administrators of a popular German language image-hosting forum. In protest of that story, forum members donated hundreds of thousands of euros to nonprofits that combat cancer (Krebs means “cancer” in German). This week, the forum is celebrating its third annual observance of that protest to “fight Krebs,” albeit with a Coronavirus twist.

Images posted to the decidedly not-safe-for-work German-language image forum pr0gramm[.]com. Members have posted a large number of ‘thank you’ receipts from cancer research organizations that benefited from their fight cancer/krebs campaign.

On March 26, 2018, KrebsOnSecurity published Who and What is Coinhive, which showed the founder of Coinhive was the co-creator of the German forum pr0gramm[dot]com (not safe for work).  I undertook the research because Coinhive’s code at the time was found on tens of thousands of hacked Web sites, and Coinhive seemed uninterested in curbing widespread abuse of its platform.

Pr0gramm’s top members accused KrebsOnSecurity of violating their privacy, even though all of the research published about them was publicly available online. In protest, the forum’s leaders urged members to donate money to medical research in a bid to find a cure for Krebs (i.e. “cancer”). They ended up raising more than a quarter-million dollars worth of donations from members.

Last year’s commemoration of the protest fundraiser — dubbed “Krebsaction” by Pr0gramm — raised almost $300,000 for anti-cancer research groups. Interestingly, Coinhive announced it was shutting down around the same time as that second annual fundraiser.

This year’s Krebsaction started roughly three days ago and so far has raised more than 150,000 euros (~$165,000), with many Pr0gramm members posting screenshots of their online donations. The primary beneficiary appears to be DKMS, a German nonprofit that works to combat various blood cancers, such as leukemia and lymphoma.

The pr0gramm post kicking off this year’s “Krebsaction” fundraiser.

This year, however, Pr0gramm’s administrators exhorted forum members to go beyond just merely donating money to a worthy cause, and encouraged them to do something to help those most affected by the COVID-19/Coronavirus pandemic.

“This year pr0gramm-members shall not only donate but do a good act in terms of corona (and prove it), for example bring food to old people, bring proof of volunteering and such stuff,” reads the Pr0gramm image kicking off this year’s Krebsaction.  The message further states, “Posts mit geringem Einsatz können wir nicht akzeptieren,” which translates roughly to “Posts with little effort we cannot accept.”

The Good, the Bad and the Ugly in Cybersecurity – Week 13

/0 Comments/in /by

This week has been unlike any other week. While everyone’s minds are on keeping our loved ones safe in these days of uncertainty, many are trying to adapt to the era of remote work. For those who have kids, it requires us to switch between being parents, teachers and workers. Despite that, cyberland is as active as it can get, so hang tight, and let’s see what happened this week.

The Good

There are plenty of good things around, and cybersecurity is no different. Starting with UK_Daniel_Card, Lisa Forte and Radslaw Gnat who came up with the brilliant idea of forming a cyber task force to protect healthcare institutes during this time when they are on the frontline of the war against COVID-19. If you want to take part, visit the EU based initiative for “Cyber volunteers to help healthcare providers in Europe during the COVID-19 outbreak”. Dan and his partners report that more local initiatives in different countries are doing the same. 

In Israel, the Ministry of Health and a number of volunteers joined forces to create an app, the “Hamagen” Application that maintains privacy while allowing users to check whether they’ve come into contact with a COVID-19 patient. They also made the project open-source both so that other groups can reuse the code and that the privacy aspects are publicly known. 

Hamagen Application - Fighting the Coronavirus

More good news on the fight against COVID-19 can be found at #COVID19GoodNews.

The Bad

Again Microsoft, and again Adobe with a new Type 1 Font Parsing Remote Code Execution Vulnerability. The vuln resides in the Windows Adobe Type Manager Library, a font parsing software that not only parses content when opened with 3rd-party software such as Adobe Acrobat and Adobe Reader, but which is also used by Windows Explorer to display the contents of a file in the ‘Preview Pane’ or ‘Details Pane’ without opening the actual file. Until there’s a fix, the flaw can affect anyone as all versions of Windows, including Windows 10, are affected, although the danger is most severe on Windows 7 devices. The vulnerability is being actively exploited in the wild, according to Microsoft. If a next-gen behavioral-based solution protects your endpoints, you have a good chance to detect earlier or later stages of any such exploitation attempts, but if not you will need to wait for a patch (and please patch it asap). For Windows 7 users, Microsoft suggests some workarounds here.

image of tweet about Windows RCE vulnerability

The Ugly

Well, there is plenty of that this week. One that is worth covering is the behavior of the Maze group, which has been responsible for a large number of ransomware attacks recently and also leaks enterprise information to the public if the victim refuses to pay. We noted that last week the ransomware operators made a statement that they would refrain from attacking healthcare institutes after Vitali Kremez called them out. It took less than 48 hours for this pledge to be broken.

image of tweet from Vitali Kremez about Maze ransomware continuing to attack healthcare providers during COVID 19 pandemic

Meanwhile, Ryuk ransomware operators continue attacking vital services during the pandemic. It seems there is no limit to the lack of humanity in some people. Guys, we are all in it together, and you and your loved one may be in need of the very services you are crippling for profit.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Yaguara nabs $7.2M seed to help e-commerce companies understand customers better

/0 Comments/in /by

Yaguara, a Denver-based startup that wants to help e-commerce companies understand their customers better to deliver more meaningful experiences, announced a $7.2 million seed investment today.

The round was led by Foundation Capital with participation from Gradient Ventures, Rainfall Ventures and Zelkova. It also had help from some e-commerce heavy hitters including Warby Parker, Harry’s and Allbirds.

Yaguara CEO Jonathan Smalley was working at an agency building specialized cloud tools for online businesses when he recognized there was a need to pull data together into a single place and help companies understand their customer’s behavior better.

“Yaguara is based on integrating data and having all their data in the right place. For us, it started with several dozen tools from performance marketing to your actual e-commerce data to your fulfillment and unit economic data — bringing that all into one place letting them see their data in real time.”

“Then our platform serves predictive and prescriptive insights and recommendations to individual users across your teams, so they can drive specific outcomes across the organization based on that unified data set,” Smalley explained.

Screenshot: Yaguara

They build that data set by connecting to a variety of popular tools to help understand what’s happening across the customer lifecycle, whether that’s customer acquisition through Facebook or Google ads or understanding shopping cart abandonment data or how often the customer has returned to buy again, all of which help build a better picture of the customer.

While this may sound like a customer data platform (CDP), Smalley says it’s actually more than that. While the CDP provides the pipeline to your data sources like Yaguara, it doesn’t stop there. He says it reduces the complexity of helping front-line marketing personnel access and query that data without having to know SQL or R or have a technical intermediary to understand the data.

While the company is young it already has 250 e-commerce customers using the platform. With the new infusion of cash, it should be able to bring in more employees, build more data connectors and continue working to build out the platform.

Kaizo raises $3M for its AI-based tools to improve customer service support teams

/0 Comments/in /by

CRM has for years been primarily a story of software to manage customer contacts, data to help agents do their jobs, and tools to manage incoming requests and outreach strategies. Now to add to that we’re starting to see a new theme: apps to help agents track how they work and to work better.

Today comes the latest startup in that category, a Dutch company called Kaizo, which uses AI and gamification to provide feedback on agents’ work, tips on what to do differently, and tools to set and work to goals — all of which can be used remotely, in the cloud. Today, it is announcing $3 million in a seed round of funding co-led by Gradient — Google’s AI venture fund — and French VC Partech. 

And along with the seed round, Kaizo (which rebranded last week from its former name, Ticketless) is announcing that Christoph Auer-Welsbach, a former partner at IBM Ventures, is joining the company as a co-founder, alongside founder Dominik Blattner. 

Although this is just a seed round, it’s coming after a period of strong growth for the company. Kaizo has already 500 companies including Truecaller, SimpleSurance, Miro, CreditRepairCloud, Justpark, Festicket and Nmbrs are using its software, covering “thousands” of customer support agents, which use a mixture of free and paid tools that integrate with established CRM software from the likes of Salesforce, Zendesk and more.

Customer service, and the idea of gamifying it to motivate employees, might feel like the last thing on people’s minds at the moment, but it is actually timely and relevant to our current state in responding to and living with the coronavirus.

People are spending much more time at home, and are turning to the internet and remote services to get what they need, and in many cases are finding that their best-laid plans are now in freefall. Both of these are driving a lot of traffic to sites and primarily customer support centers, which are getting overwhelmed with people reaching out for help.

And that’s before you consider how customer support teams might be impacted by coronavirus and the many mandates we’ve had to stay away from work, and the stresses they may be under.

“In our current social climate, customer support is an integral part of a company’s stability and growth that has embraced remote work to meet the demands of a globalized customer-base,” said Dominik Blattner, founder of Kaizo, in a statement. “With the rise of support teams utilizing a digital workplace, providing standards to measure an agent’s performance has never been more important. KPIs provide these standards, quantifying the success, achievement and contribution of each team member.”

On a more general level, Kaizo is also changing the conversation around how to improve one’s productivity. There has been a larger push for “quantified self” platforms, which has very much played out both in workplaces and in our personal lives, but a lot of services to track performance have focused on both managers and employees leaning in with a lot of input. That means if they don’t set aside the time to do that, the platforms never quite work the way they should.

This is where the AI element of Kaizo plays a key role, by taking on the need to proactively report into a system.

“This is how we’re distinct,” Auer-Welsbach said in an interview. “Normally KPIs are top-down. They are about people setting goals and then reporting they’ve done something. This is a bottom-up approach. We’re not trying to change employees’ behaviour. We plug into whatever environment they are using, and then our tool monitors. The employee doesn’t have to report or measure anything. We track clicks on the CRM, ticketing, and more, and we analyse all that.” He notes that Kaizo is looking at up to 50 datapoints in its analysis.

“We’re excited about Kaizo’s novel approach to applying AI to existing ticket data from platforms like Zendesk and Salesforce to optimize the customer support workflow,” said Darian Shirazi, General Partner at Gradient Ventures, in a statement. “Using machine learning, Kaizo understands which behaviors in customer service tickets lead to better outcomes for customers and then guides agents to replicate that using ongoing game mechanics. Customer support and service platforms today are failing to leverage data in the right way to make the life of agents easier and more effective. The demand Kaizo has seen since they launched on the Zendesk Marketplace shows agents have been waiting for such a solution for some time.”

Kaizo is not the only startup to have identified the area of building new services to improve the performance of customer support teams. Assembled earlier this month also raised $3.1 million led by Stripe for what it describes as the “operating system” for customer support.

Microsoft acquires 5G specialist Affirmed Networks

/0 Comments/in /by

Microsoft today announced that it has acquired Affirmed Networks, a company that specializes in fully virtualized, cloud-native networking solutions for telecom operators.

With its focus on 5G and edge computing, Affirmed looks like the ideal acquisition target for a large cloud provider looking to get deeper into the telco business. According to Crunchbase, Affirmed raised a total of $155 million before this acquisition, and the company’s more than 100 enterprise customers include the likes of AT&T, Orange, Vodafone, Telus, Turkcell and STC.

“As we’ve seen with other technology transformations, we believe that software can play an important role in helping advance 5G and deliver new network solutions that offer step-change advancements in speed, cost and security,” writes Yousef Khalidi, Microsoft’s corporate vice president for Azure Networking. “There is a significant opportunity for both incumbents and new players across the industry to innovate, collaborate and create new markets, serving the networking and edge computing needs of our mutual customers.”

With its customer base, Affirmed gives Microsoft another entry point into the telecom industry. Previously, the telcos would often build their own data centers and stuff it with costly proprietary hardware (and the software to manage it). But thanks to today’s virtualization technologies, the large cloud platforms are now able to offer the same capabilities and reliability without any of the cost. And unsurprisingly, a new technology like 5G, with its promise of new and expanded markets, makes for a good moment to push forward with these new technologies.

Google recently made some moves in this direction with its Anthos for Telecom and Global Mobile Edge Cloud, too. Chances are we will see all of the large cloud providers continue to go after this market in the coming months.

In a somewhat odd move, only yesterday Affirmed announced a new CEO and president, Anand Krishnamurthy. It’s not often that we see these kinds of executive moves hours before a company announces its acquisition.

The announcement doesn’t feature a single hint at today’s news and includes all of the usual cliches we’ve come to expect from a press release that announces a new CEO. “We are thankful to Hassan for his vision and commitment in guiding the company through this extraordinary journey and positioning us for tremendous success in the future,” Krishnamurthy wrote at the time. “It is my honor to lead Affirmed as we continue to drive this incredible transformation in our industry.”

We asked Affirmed for some more background about this and will update this post if we hear more. Update: an Affirmed spokesperson told us that this was “part of a succession plan that had been determined previously.  So it was not related [to] any specific event.”

Salesforce’s Benioff pledges no ‘significant’ layoffs for 90 days

/0 Comments/in /by

In a Twitter thread on Tuesday, Salesforce CEO Marc Benioff outlined an eight-step plan to keep people safe and find treatments and a vaccine for the COVID-19 virus, all while working to find a way to get people back to work safely. He also asked that all CEOs take a 90-day “no lay off” pledge to help everyone get through the crisis.

The same day, he posted another tweet pledging to not make any “significant” layoffs for 90 days. When TechCrunch asked Salesforce to comment on the difference between the two tweets, the company chose not to comment any further on the matter and let the tweets stand on their own.

It sounds like Benioff’s second tweet, which also asked employees to consider paying their own hourly workers like housekeepers and dog walkers throughout the layoff period, whether they were working or not, was designed to give the CEO some wiggle room for at least some layoffs.

Salesforce has almost 50,000 employees worldwide. Even if the company were to lay off just 1% of employees it would equal 500 people without jobs, though it’s not clear if that would count as “significant.” Perhaps more likely, the company might make some cuts to staff for performance or HR-related reasons, but not broad cuts, and thus make both of its CEO’s claims essentially true.

Salesforce is a wildly successful company. It celebrated its 20th anniversary last fall and has grown from a pesky startup to a software behemoth with a projected revenue of over $20 billion for FY2021. It currently has almost $8 billion in cash and equivalents on hand. Certainly companies that use Salesforce’s products will continue to need them, even with the workforce at home.

While it could have an impact on that projection for FY2021 and its ability to land new customers this quarter, it seems like it has the money and revenue to ride out the situation for the short term without making any moves to reduce headcount at this critical time.

Working From Home | How to Use Zoom, Slack and Other Remote Software Safely

/0 Comments/in /by

Due to the current Coronavirus pandemic and the large-scale shift to teleworking, we’ve recently posted on how to prepare yourself and your staff for ‘work from home’ (WFH) and warned of common mistakes that can lead to compromise of endpoints and company networks. In this post, we take a look at some popular teleworking software and highlight some of the privacy and security concerns to be aware of. 

Securing Slack and MS Teams Against Malicious Actors

There are likely more than 60 million daily users of workplace chat apps like Slack and Microsoft Teams, and both platforms have seen increased growth as the Coronavirus pandemic has forced most businesses to move to remote work wherever possible. Such apps are vital in today’s digital, distributed workplace, but CISOs and security teams need to be aware of the security implications of using such software. 

It is relatively trivial for an attacker on a compromised machine to exfiltrate all of a user’s entire Slack workspaces, chat messages, files and history. Worse, attackers can also gain current access to the workspace by stealing the stored session cookies on the user’s machine. As researchers noted earlier this month, all an attacker has to do on a Mac is copy off the entire directory at ~/Library/Application Support/Slack (or alternatively, ~/Library/Containers/com.tinyspeck.slackmacgap/Data/Library/Application Support/Slack if using the sandboxed, App Store version). On Windows, the same data can be found at %AppData%RoamingSlack

image of contents of Slack support folder

Having acquired the data, the attacker can then start up a virtual machine instance, install the Slack app, and copy the stolen data to the same location on the VM from where it came (the user name need not be the same). Launching Slack will then log the attacker into the user’s workspaces and give them full, live access. Although this activity will be recorded in the workspace Access Logs on the server-side, it will not be obvious to the user unless the attacker actively tries to impersonate the user in the workspace.

Because the Slack data on the user’s machine is exposed to any unsandboxed process running as the logged in user, it’s possible for a malicious app to exfiltrate this data without the victim’s awareness. 

While Slack’s developers have acknowledged the issue, their official response is that this is not an urgent issue for them at this time, so security teams are going to need to take their own steps to ensure that the organization’s workspace is secure. These include, in the first instance, ensuring all company devices have a good EDR solution to prevent malware from infecting the system to start with. Secondly, educate users and IT admins about the need to regularly sign out of other devices. This may or may not require a password depending on your workspace settings. 

image of how to sign out of all Slack sessions

Thirdly, as with all password protected accounts, remind users to change passwords on a regular basis and to set up 2FA for Slack. With workspace platforms like Slack, changing passwords can be easily overlooked. Users can also review access logs to check whether any unknown devices have been logged into the account.

image of access logs in Slack

The Microsoft Teams’ app, Slack’s major competitor, has also faced security issues in the last 9 or 10 months. Last June, the Teams’ Windows Desktop app was found to be vulnerable to a bug in a dependency, the Squirrel framework, that could allow arbitrary code execution, malicious downloads and privilege escalation. In September of last year, researchers also discovered the Teams app was vulnerable to Cross-Site Scripting (XSS) and a Client Side Template Injection. These vulnerabilities have been addressed in recent Teams.app updates, so it is vital that IT admins ensure users are updating these applications in a timely manner.

Regardless of what platform you use, make sure for critical meetings you have a backup plan in place. MS Teams had a 3hr outage back in February when Microsoft incredibly forgot to renew a critical security certificate. Our online digital world may be more susceptible to disruption now more than ever before as people practice social distancing and bandwidth comes under increasing pressure. Regular communication channels from email to telephone may need to be pressed into service in the event of service unavailability. Those, particularly email, have their own security challenges, of course, including phishing and SIM swapping.

Security & Privacy While Using Video Conferencing Software

Zoom and Skype are great ways to hold meetings from small teams to tens of thousands. But these apps also have security and privacy implications. 

First, ensure your own physical space is suitable for a meeting. Social media has this last week or two been chock with mildly embarrassing images of people engaged in work from home who didn’t consider their surroundings. From the spouse walking around in his underwear to one employee who inadvertently revealed more than colleagues wanted to see after taking her smartphone to the bathroom while on a conference call, it’s always worth remembering your environment. 

A few quick tips for personal comfort: look behind you and check what can be seen by the camera. Make sure family and others who share your living space are aware of when you’re on a work call. Whether it’s barking dogs or a family spat, unwanted background noise can be both disturbing and embarrassing for other meeting participants. Also take care when screen sharing. Ensure there are no applications, images or videos visible that might be in the Not Safe For Work (NSFW) category or that might expose personal or confidential business data. Check which tabs are visible in the top bar of your browser and whether you’re accidentally about to reveal sites you’ve recently been visiting. 

Second, be aware of the privacy policies and features of the software you’re using. Zoom has some interesting features, like attention tracking and some “should know” policies on data collection and sharing

As for security, there are a number of issues to be aware of with video conferencing software. Account managers should ensure that end-to-end encryption is enabled to prevent snooping of traffic, particularly if remote workers are connecting to meetings from outside of the company’s secure VPN network.

Also, remember that video meetings can be recorded by any participant, and that raises issues of confidentiality. Recordings are stored locally on the user’s device. With Zoom, for example, they can be found in ~/Documents/Zoom on a Mac, and Users/UsersDocumentsZoom on Windows. If that device is compromised, those recordings are also vulnerable to being leaked and leveraged. Extorting and exposing victims is a technique that’s increasingly popular with some attackers, like ransomware developers Maze and DoppelPaymer, for instance.

Earlier this year, researchers found that Zoom had a vulnerability which made it possible to figure out which random numbers were valid Zoom calls. The researchers were then able to use those numbers to eavesdrop on calls. This vulnerability was discovered shortly after Zoom and a number of other video conferencing apps were found to contain a software vulnerability that could lead to remote command execution (RCE) on any macOS device, even if the Zoom app had been uninstalled. In this case, Apple took quick action and updated their own internal security software to remove the vulnerability. Both vulnerabilities are patched in the latest versions of Zoom.

As with workplace chat apps, so with teleconferencing software: ensure that your users are patching as soon as updates are available, and that endpoints are protected by a security platform that can protect against malware, malicious devices and network compromise.

Conclusion

It’s a truism that all software contains bugs. Most are trivial and never noticed by users, some are zero days we never learn of until after they’ve been either patched or exploited in the wild, while others are critical and patched in a timely fashion. There’s another class of issues that fall in between the cracks: developers are informed, but the issue remains unpatched, perhaps because the vendor does not agree as to the severity of the security risk, or doesn’t think it’s their bug to fix, or cannot find a technical solution. On top of that, some security and privacy issues arise not from flaws in programs, but in the way we use those programs, such as not being aware of our environment when teleconferencing. The best way to protect ourselves from such a wide range of issues is to share knowledge, follow best practices and implement security technology where we can to mitigate issues on our behalf. 

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Tech giants should let startups defer cloud payments

/0 Comments/in /by

Google, Amazon and Microsoft are the landlords. Amidst the coronavirus economic crisis, startups need a break from paying rent. They’re in a cash crunch. Revenue has stopped flowing in, capital markets like venture debt are hesitant and startups and small-to-medium sized businesses are at risk of either having to lay off huge numbers of employees and/or shut down.

Meanwhile, the tech giants are cash rich. Their success this decade means they’re able to weather the storm for a few months. Their customers cannot.

Cloud infrastructure costs area amongst many startups’ top expense besides payroll. The option to pay these cloud bills later could save some from going out of business or axing huge parts of their staff. Both would hurt the tech industry, the economy and the individuals laid off. But most worryingly for the giants, it could destroy their customer base.

The mass layoffs have already begun. Soon we’re sure to start hearing about sizable companies shutting down, upended by COVID-19. But there’s still an opportunity to stop a larger bloodbath from ensuing.

That’s why I have a proposal: cloud relief.

The platform giants should let startups and small businesses defer their cloud infrastructure payments for three to six months until they can pay them back in installments. Amazon AWS, Google Cloud, Microsoft Azure, these companies’ additional infrastructure products, and other platform providers should let customers pause payment until the worst of the first wave of the COVID-19 economic disruption passes. Profitable SaaS providers like Salesforce could give customers an extension too.

There are plenty of altruistic reasons to do this. They have the resources to help businesses in need. We all need to support each other in these tough times. This could protect tons of families. Some of these startups are providing important services to the public and even discounting them, thereby ramping up their bills while decreasing revenue.

Then there are the PR reasons. After years of techlash and anti-trust scrutiny, here’s the chance for the giants to prove their size can be beneficial to the world. Recruiters could use it as a talking point. “We’re the company that helped save Silicon Valley.” There’s an explanation for them squirreling away so much cash: the rainy day has finally arrived.

But the capitalistic truth and the story they could sell to Wall Street is that it’s not good for our business if our customers go out of business. Look at what happened to infrastructure providers in the dot-com crash. When tons of startups vaporized, so did the profits for those selling them hosting and tools. Any government stimulus for businesses would be better spent by them paying employees than paying the cloud companies that aren’t in danger. Saving one future Netflix from shutting down could cover any short-term loss from helping 100 other businesses.

This isn’t a handout. These startups will still owe the money. They’d just be able to pay it a little later, spread out over their monthly bills for a year or so. Once mass shelter-in-place orders subside, businesses can operate at least a little closer to normal, investors can get less cautious and customers will have the cash they need to pay their dues. Plus interest, if necessary.

Meanwhile, they’ll be locked in and loyal customers for the foreseeable future. Cloud vendors could gate the deferment to only customers that have been with them for X amount of months or that have already spent Y amount on the platform. The vendors also could offer the deferment on the condition that customers add a year or more to their existing contracts. Founders will remember who gave them the benefit of the doubt.

cloud ice cream cone imagine

Consider it a marketing expense. Platforms often offer discounts or free trials to new customers. Now it’s existing customers that need a reprieve. Instead of airport ads, the giants could spend the money ensuring they’ll still have plenty of developers building atop them by the end of 2020.

Beyond deferred payment, platforms could just push the due date on all outstanding bills to three or six months from now. Alternatively, they could offer a deep discount such as 50% off for three months if they didn’t want to deal with accruing debt and then servicing it. Customers with multi-year contracts could offered the opportunity to downgrade or renegotiate their contracts without penalties. Any of these might require giving sales quota forgiveness to their account executives.

It would likely be far too complicated and risky to accept equity in lieu of cash, a cut of revenue going forward or to provide loans or credit lines to customers. The clearest and simplest solution is to let startups skip a few payments, then pay more every month later until they clear their debt. When asked for comment or about whether they’re considering payment deferment options, Microsoft declined, and Amazon and Google did not respond.

To be clear, administering payment deferment won’t be simple or free. There are sure to be holes that cloud economists can poke in this proposal, but my goal is to get the conversation started. It could require the giants to change their earnings guidance. Rewriting deals with significantly sized customers will take work on both ends, and there’s a chance of breach of contract disputes. Giants would face the threat of customers recklessly using cloud resources before shutting down or skipping town.

Most taxing would be determining and enforcing the criteria of who’s eligible. The vendors would need to lay out which customers are too big so they don’t accidentally give a cloud-intensive but healthy media company a deferment they don’t need. Businesses that get questionably excluded could make a stink in public. Executing on the plan will require staff when giants are stretched thin trying to handle logistics disruptions, misinformation and accelerating work-from-home usage.

Still, this is the moment when the fortunate need to lend a hand to the vulnerable. Not a hand out, but a hand up. Companies with billions in cash in their coffers could save those struggling to pay salaries. All the fundraisers and info centers and hackathons are great, but this is how the tech giants can live up to their lofty mission statements.

We all live in the cloud now. Don’t evict us. #CloudRelief

Thanks to Falon Fatemi, Corey Quinn, Ilya Fushman, Jason Kim, Ilya Sukhar and Michael Campbell for their ideas and feedback on this proposal.