Cloudtenna raises $2.5M, launches mobile search app to find content across cloud services

As we find ourselves spreading our content across a variety of cloud services, finding that one document you want that could be attached to an email, somewhere in a Slack conversation, or stored in Box, Dropbox, Google Docs or Office 365, makes that a huge challenge. It’s one that Cloudtenna has been trying to solve, and today the company announced a $2.5 million funding round along with the release of a new mobile search tool.

The funding comes from a variety of unnamed investors along with Blazar Ventures, and brings the total raised to $6.5 million, according to the company.

Cloudtenna co-founder Aaron Ganek says that by using AI and document metadata, his company can find content wherever it lives. “What we’re really focused on is helping companies bring order to file chaos. Files are scattered everywhere across the cloud, and we have developed AI-powered applications that help users find files, no matter where they’re stored,” he said.

The company introduced a desktop search application in 2018 and today it’s announcing a mobile search tool called Workspace to go with it. Ganek says they built this app from the ground up to take advantage of the mobile context.

“Today, we’re bringing the search technology to smartphones and tablets. And just to be clear, this is not just a mobile version of our desktop product, but a complete case study in how people collaborate on the go,” he said.

Image Credit: Cloudtenna

The AI component helps find files wherever they are based on your user history, who you tend to collaborate with and so forth. That helps the tool find the files that are most relevant to you, regardless of where they happen to be stored.

He says that raising money during a pandemic was certainly interesting, but the company has seen an uptick in usage due to the general increase in SaaS usage during this time, and investors saw that too, he said.

The company launched in 2016 and currently has 9 employees, but Ganek said there aren’t any plans to expand on that number at this time, or at least any number he was ready to discuss.

Extra Crunch Live: Join Superhuman’s Rahul Vohra for a live discussion of email, SaaS and buzzy businesses

An email app with a waitlist? No, this isn’t 2004 and I’m not talking about Gmail. Superhuman has managed to attract and maintain constant interest for its subscription email product, with a wait list at over 275,000 people long at last count – all while asking users to pay $30 per month to gain access to the service. Founder and CEO Rahul Vohra will join us on Tuesday, June 26 at 2pm ET/11am PT for an Extra Crunch Live Q&A.

We have plenty of questions of our own, but we bet you do, too! Extra Crunch members can ask their own questions directly to Vohra during the chat.

We’re thrilled to be able to sit down with Vohra for a discussion about email, why it was in need of change, and what’s bringing so much attention and interest to Superhuman on a sustained basis. We’ll talk about the current prevailing market climate and what that’s meant for the business, as well as how you manage to create not one, but two companies (Vohra previously founded and sold Rapportive) that have adapted email to more modern needs – and struck a chord with users as a result.

Meanwhile, SaaS seems to be one of the bright spots in an otherwise fairly gloomy global economic situation, and Superhuman’s $30 per month subscription model definitely qualifies. We’ll ask Vohra what it means to build a successful SaaS startup in 2020, and how there might be plenty of opportunity even in so-called ‘solved’ problems like email and other aspects of our digital lives that have become virtually invisible thanks to habit.

Audience members can also ask their own questions, so come prepared with yours if you’re already an Extra Crunch member. And if you aren’t yet – now’s a great time to sign up.

We hope to see you there!

New Box tools should help ease creation of digitally driven workflows

As COVID-19 has forced companies to move employees from office to home, cloud services have seen a burst in business. Box has been speeding up its product roadmap to help companies who are in the midst of this transition. Today, the company announced the Box Relay template library, which includes a series of workflow templates to help customers build digital workflows faster.

Box CEO Aaron Levie says that the rapid shift to work from home has been a massive accelerant to digital transformation, in some cases driving years of digital transformation into a matter of weeks and months. He says that has made the need to digitize business processes more urgent than ever.

In fact, when he appeared on Extra Crunch Live last month, he indicated that businesses still have way too many manual processes:

We think we’re [in] an environment that anything that can be digitized probably will be. Certainly as this pandemic has reinforced, we have way too many manual processes in businesses. We have way too slow ways of working together and collaborating. And we know that we’re going to move more and more of that to digital platforms.

Box Relay is the company’s workflow tool, and while it has had the ability to create workflows, it required a certain level of knowledge and way of thinking to make that happen. Levie says that they wanted to make it as simple as possible for customers to build workflows to digitize manual processes.

“We are announcing an all new set of Box Relay templates, which are going straight to the heart of how do you automate and digitize business processes across the entire enterprise and make it really simple to do that,” he explained.

This could include things like a contract review, change order process or budget review to name a few examples. The template includes the pieces to get going, but the customer can customize the process to meet the needs of the individual organization’s requirements.

Image Credits: Box

While this is confined to Box-built templates for now, Levie says that down the road this could include the ability for customers to deploy templates of their own, or even for third parties like systems integrators to build industry or client-specific templates. But for today, it’s just about the ones you get out of the box from Box.

At the same time, the company is announcing the File Request feature, a name Levie admits doesn’t really do the feature justice. The idea is that in a workflow such as a paperless bank loan process, the individual has to submit multiple documents without having a Box account. After the company receives the documents, it can kick off a workflow automatically based on receiving the set of documents.

He says the combination of these two new capabilities will give customers the ability to digitize more and more of their processes and bring in a level of automation that wasn’t previously possible in Relay. “The combination of these two features is about driving automation across the entire enterprise and digitizing many more paper-based and manual processes in the enterprise,” Levie said.

Box will not be charging additional fees for these new features to customers using Box Relay. File Request should be available at the end of this month, while the template library should be available by the end of July, according to the company.

Canva design platform partners with FedEx Office as it pushes further into the U.S.

Canva, the design platform for non-designers, has recently inked a partnership with FedEx Office to help businesses reopen amid the coronavirus pandemic with a design-to-print integration.

Canva declined to disclose the financial terms of the partnership.

With the new partnership, Canva and FedEx customers alike will be able to use Canva’s extensive libraries of templates, images and illustrations to design print materials for their businesses, like disposable restaurant menus, new hours of operation, information around new safety policies in the wake of the pandemic and more.

These customers can send their designs directly to FedEx for printing and pick up from over 2,000 FedEx Office locations across the U.S.

Canva’s target demographic is not hardcore, professional designers but rather non-designers, with a mission of democratizing design across professional organizations and more broadly to amateur designers.

As of October 2019, the Australia-based company was valued at $3.2 billion. At the time, Canva introduced enterprise collaboration software that allows sales teams, HR teams and other non-design teams to build out their own decks and materials with a simple drag-and-drop interface.

Since, Canva has complemented its design product with video editing software, as well.

The partnership with FedEx Office marks a big push into the U.S. market with increased brand awareness and distribution via the established print and shipping giant.

Pricing around FedEx Office printing of Canva designs remains the same as FedEx’s usual pricing structure, but FedEx is offering a 25 percent discount on orders of more than $50 through August 31.

Google Cloud launches Filestore High Scale, a new storage tier for high-performance computing workloads

Google Cloud today announced the launch of Filestore High Scale, a new storage option — and tier of Google’s existing Filestore service — for workloads that can benefit from access to a distributed high-performance storage option.

With Filestore High Scale, which is based on technology Google acquired when it bought Elastifile in 2019, users can deploy shared file systems with hundreds of thousands of IOPS, 10s of GB/s of throughput and at a scale of 100s of TBs.

“Virtual screening allows us to computationally screen billions of small molecules against a target protein in order to discover potential treatments and therapies much faster than traditional experimental testing methods,” says Christoph Gorgulla, a postdoctoral research fellow at Harvard Medical School’s Wagner Lab., which already put the new service through its paces. “As researchers, we hardly have the time to invest in learning how to set up and manage a needlessly complicated file system cluster, or to constantly monitor the health of our storage system. We needed a file system that could handle the load generated concurrently by thousands of clients, which have hundreds of thousands of vCPUs.”

The standard Google Cloud Filestore service already supports some of these use cases, but the company notes that it specifically built Filestore High Scale for high-performance computing (HPC) workloads. In today’s announcement, the company specifically focuses on biotech use cases around COVID-19. Filestore High Scale is meant to support tens of thousands of concurrent clients, which isn’t necessarily a standard use case, but developers who need this kind of power can now get it in Google Cloud.

In addition to High Scale, Google also today announced that all Filestore tiers now offer beta support for NFS IP-based access controls, an important new feature for those companies that have advanced security requirements on top of their need for a high-performance, fully managed file storage service.

Team Insights | How Documentation Delivers a Competitive Edge

In the world of cyber security, it’s no surprise that its the researchers, bug hunters, red teamers, blue teamers and incident responders that often garner all the glory. It’s their work you’ll typically see grabbing the (social) media headlines, filling up repos on github and BitBucket and being widely circulated on platforms like Twitter and LinkedIn.

Integral to most security products’ success, though, are a bunch of other people who, while rarely grabbing media attention, are still celebrated and acknowledged internally for the huge contribution they make: developers, Q&A teams, product managers, sales engineers and technical account managers, among others. And among these less celebrated but equally important groups of people are those who write our documentation. Often unsung heroes, our documentation team plays a vital role in the success of our product. In this blog post, we look at how our team of dedicated technical writers delivers tangible benefits to the SentinelOne experience.

Never Underestimate the Importance of Great Documentation

If you’ve never really thought about it, let’s just review precisely why documentation is an essential part of any product, not just ours. Effective documentation reduces costs and increases customer satisfaction. If your docs help your users find a quick, readily understandable solution to a question or problem they have without needing to contact a support representative, you’ve just saved that customer unwanted hassle and the company one less time-consuming, resource-sapping call.

If your documentation is accurate, functional and anticipates the customers needs, you gain the double benefit of increasing both the customer’s and your company’s productivity. And for added bonus, you also gain the respect of your customers and enhance your brand reputation.

Indeed, great documentation should work so well that customers don’t even notice how great it is because it just moves them through their task with ease. Like the proverbial well-oiled machine, we only notice documentation when it fails us, which is one of the reasons why great documentation teams tend to be unsung heroes.

Team Vision: Ensure User Success

Our technical writers chose our team vision statement to align with the principles of SentinelOne and with our offerings and services.

If It Ain’t Easy, It Ain’t Good

The SentinelOne Management console is all about wrapping power in a usable interface. We align our documentation with the principle of combining simplicity with power. We give you everything we can, wrapped in the SentinelOne version of simplified technical writing. We based our dictionary and rules on ASD-STE100 and revised that copyrighted standard to create our own vocabulary and grammar subset. Our goal is to create documents that are easy to read and that make sense if you use Google Translate to read them in your native language. Our goal is that the docs are so easy to use, you don’t even feel the language.

Every Second Counts

On the security front-line, every second counts. We expect that when you go to the Knowledge Base (KB), you need a direct answer to the challenge of the moment. We keep that in mind when deciding how to structure the knowledge, to give you the answers with as few clicks as possible, without overloading articles with everything you need to succeed. We do not tell you all the different ways to open Endpoint Details. We give you one way and continue quickly to the next step. We do not waste your time with why you should buy-in to a solution. We tell you how to get to where you need to be.

Be Relevant, Timely and Accessible

In 2017, we innovated our methodologies to deliver more accessible documentation. We moved away from manually made KB articles and PDF attachments to automatically pushed, stand-alone articles full of content. This lets you search through the guides on the KB native search engine. Have a question? Find the answer in the KB! At the same time, we deliver the same content in the in-product Help.

All this provides the structure you need to learn how to use all of SentinelOne’s capabilities, whether that’s the basics of installing agents and learning about Threat Management or quickly getting up to speed on advanced topics like SentinelOne Remote Shell, creating Insight Reports or hunting rogue IoT devices with Ranger, you’ll find it all there in clear, easy-to-use steps with links to relevant, related content where applicable.

So, just how do you create great documentation and a great documentation team? Let’s find out from some of the SentinelOne documentation team themselves!

No Fear | Rochelle Fisher, Team Leader

We received some feedback from a user who wanted improvements to the API Docs. My first response in the team meeting was, “The Docs team don’t have direct access to this content. It is generated from the code.” So the challenge was: what changes could we implement that would allow us to satisfy the customer’s needs?

Being a Sentinel is all about being innovative, challenging yourself, and questioning the assumptions of what is possible.

I made appointments to speak with R&D leaders. I half-expected to be laughed down with this idea that a tech writer would touch their code. But they explained patiently how to use the system and what to touch to make the changes I wanted.

And the result? We’re excited to say you’ll be able to see the new API Docs content in the next version of the Management Console. We’re not done implementing improvements, but we continue to improve our docs and our methods without the paralyzing fear of “well, we’ve never done that before”.

Thinking On the Go | Ariel Freedman

We always need to keep one step ahead of the game, always think of new ways to improve our docs and make a difference to our customers. While working on the knowledge base, I ask myself: How can I improve this document? Is the procedure correct? Would a video help the customer?

As you might have seen, our sentinelctl docs keep on changing and being updated. One of the first big projects that I undertook was to document all of the missing Windows sentinelctl commands (all 270 of them!). At first, it seemed like an overwhelming task that would take a very long time to do, but as I started to work on it and get into the rhythm, it became a very enjoyable project.

Always keeping in mind how a project is going to help customers inspires me while working on documentation, and it still inspires me as we constantly make sure that the documentation is up to date.

Remain Responsive | Shira Rosenfeld

It was a typical day, working from my home office due to pandemic-who-shall-not-be-named. As usual, I started my workday by checking our organization’s internal messaging system. When our Support Engineers or Solution Engineers ask a question, and the answer is not in our documentation, that often means a new task awaits: Clarify the information in the KB so that it will be readily available for the next person who seeks an answer to the same question. This time was no different. Three new tasks to add helpful information, one correction that needs to be made, and one configuration option that was not documented and should be.

The key to creating good documentation is understanding that it’s a living artifact that needs to evolve and adapt in response to users’ needs.

You can’t ever assume you’ve written a “definitive” set-in-stone document. If it doesn’t answer the customer’s needs you need to be open to that and continually look to improve it.

Always Bringing You the Latest Protection…and Documentation | Mordechai Helfand

The release cadence at SentinelOne is pretty fast. In order to keep up with emerging threats and evolving attacker TTPs, we iterate in a timely manner to ensure you have the latest and greatest endpoint protection.

As a Technical Writer, this means always having our finger on the development pulse; updating and publishing release notes very quickly to inform customers of what has improved and what value it brings to their experience.

Although sometimes it is challenging to keep up, innovation never stops at SentinelOne.

Conclusion

Keeping our customers protected, informed and productive is the name of the game for everyone at SentinelOne and this extends to the Documentation team just as much as it does to all our other teams. As you can see, the Docs team have to be responsive, up-to-date and on their toes. It’s a demanding job where success not only helps drive SentinelOne’s substantial competitive edge but also saves our customers time, effort and money. Their hard work might not be the first thing you hear about in an #infosec social media feed, but we hope that in this post we’ve helped elucidate the value that a great team of tech writers can bring!

If you are interested in joining SentinelOne, check out our open positions here.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

VESoft raises $8M to meet China’s growing need for graph databases

Sherman Ye founded VESoft in 2018 when he saw a growing demand for graph databases in China. Its predecessors, like Neo4j and TigerGraph, had already been growing aggressively in the West for a few years, while China was just getting to know the technology that leverages graph structures to store data sets and depict their relationships, such as those used for social media analysis, e-commerce recommendations and financial risk management.

VESoft is ready for further growth after closing an $8 million funding round led by Redpoint China Ventures, an investment firm launched by Silicon Valley-based Redpoint Ventures in 2005. Existing investor Matrix Partners China also participated in the Series pre-A round. The new capital will allow the startup to develop products and expand to markets in North America, Europe and other parts of Asia.

The 30-people team is comprised of former employees from Alibaba, Facebook, Huawei and IBM. It’s based in Hangzhou, a scenic city known for its rich history and housing Alibaba and its financial affiliate Ant Financial, where Ye previously worked as a senior engineer after his four-year stint with Facebook in California. From 2017 to 2018, the entrepreneur noticed that Ant Financial’s customers were increasingly interested in adopting graph databases as an alternative to relational databases, a model that had been popular since the 80s and normally organizes data into tables.

“While relational databases are capable of achieving many functions carried out by graph databases… they deteriorate in performance as the quantity of data grows,” Ye told TechCrunch during an interview. “We didn’t use to have so much data.”

Information explosion is one reason why Chinese companies are turning to graph databases, which can handle millions of transactions to discover patterns within scattered data. The technology’s rise is also a response to new forms of online businesses that depend more on relationships.

“Take recommendations for example. The old model recommends content based purely on user profiles, but the problem of relying on personal browsing history is it fails to recommend new things. That was fine for a long time as the Chinese [internet] market was big enough to accommodate many players. But as the industry becomes saturated and crowded… companies need to ponder how to retain existing users, lengthen their time spent, and win users from rivals.”

The key lies in serving people content and products they find appealing. Graph databases come in handy, suggested Ye, when services try to predict users’ interest or behavior as the model uncovers what their friends or people within their social circles like. “That’s a lot more effective than feeding them what’s trending.”

Neo4j compares relational and graph databases (Link)

The company has made its software open source, which the founder believed can help cultivate a community of graph database users and educate the market in China. It will also allow VESoft to reach more engineers in the English-speaking world who are well-acquainted with the open-source culture.

“There is no such thing as being ‘international’ or ‘domestic’ for a technology-driven company. There are no boundaries between countries in the open-source world,” reckoned Ye.

When it comes to generating income, the startup plans to launch a paid version for enterprises, which will come with customized plug-ins and host services.

The Nebula Graph, the brand of VESoft’s database product, is now serving 20 enterprise clients from areas across social media, e-commerce and finance, including big names like food delivery giant Meituan, popular social commerce app Xiaohongshu and e-commerce leader JD.com. A number of overseas companies are also trialing Nebula.

The time is ripe for enterprise-facing startups with a technological moat in China as the market for consumers has been divided by incumbents like Tencent and Alibaba. This makes fundraising relatively easy for VESoft. The founder is confident that Chinese companies are rapidly catching up with their Western counterparts in the space, for the gargantuan amount of data and the myriad of ways data is used in the country “will propel the technology forward.”

How Liberty Mutual shifted 44,000 workers from office to home

In a typical month, an IT department might deal with a small percentage of employees working remotely, but tracking a few thousand employees is one thing — moving an entire company offsite requires next-level planning.

To learn more about how large organizations are adapting to the rapid shift to working from home, we spoke to Liberty Mutual CIO James McGlennon, who helped orchestrate his company’s move about the challenges he faced as he shifted more than 44,000 employees in a variety of jobs, locations, cultures and living situations from office to home in short order.

Laying the groundwork

Insurance company Liberty Mutual is headquartered in the heart of Boston, but the company has offices in 29 countries. While some staffers in parts of Asia and Europe were sent home earlier in the year, by mid-March the company had closed all of its offices in the U.S. and Canada, eventually sending every employee home.

McGlennon said he never imagined such a situation, but the company saw certain networking issues in recent years that gave them an inkling of what it might look like. That included an unexpected incident in which two points on a network ring around one of its main data centers went down in quick succession, first because a backhoe hit a line, and then at another point because someone stole the fiber-optic cable.

That got the CIO and his team thinking about how to respond to worst cases. “We certainly hadn’t contemplated needing to get 44,000 people working from home or working remotely so quickly, but there have been a few things that have happened over the last few years that made me think,” he said.

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.

Earlier this year, KrebsOnSecurity heard from the owners of Privnote.com, who complained that someone had set up a fake clone of their site that was fooling quite a few regular users of the service.

And it’s not hard to see why: Privnotes.com is confusingly similar in name and appearance to the real thing, and comes up second in Google search results for the term “privnote.” Also, anyone who mistakenly types “privnotes” into Google search may see at the top of the results a misleading paid ad for “Privnote” that actually leads to privnotes.com.

A Google search for the term “privnotes” brings up a misleading paid ad for the phishing site privnotes.com, which is listed above the legitimate site — privnote.com.

Privnote.com (the legit service) employs technology that encrypts all messages so that even Privnote itself cannot read the contents of the message. And it doesn’t send and receive messages. Creating a message merely generates a link. When that link is clicked or visited, the service warns that the message will be gone forever after it is read.

But according to the owners of Privnote.com, the phishing site Privnotes.com does not fully implement encryption, and can read and/or modify all messages sent by users.

“It is very simple to check that the note in privnoteS is sent unencrypted in plain text,” Privnote.com explained in a February 2020 message, responding to inquiries from KrebsOnSecurity. “Moreover, it doesn’t enforce any kind of decryption key when opening a note and the key after # in the URL can be replaced by arbitrary characters and the note will still open.”

But that’s not the half of it. KrebsOnSecurity has learned that the phishing site Privnotes.com uses some kind of automated script that scours messages for bitcoin addresses, and replaces any bitcoin addresses found with its own bitcoin address. The script apparently only modifies messages if the note is opened from a different Internet address than the one that composed the address.

Here’s an example, using the bitcoin wallet address from bitcoin’s Wikipedia page as an example. The following message was composed at Privnotes.com from a computer with an Internet address in New York, with the message, “please send money to bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq thanks”:

A test message composed on privnotes.com, which is phishing users of the legitimate encrypted message service privnote.com. Pay special attention to the bitcoin address in this message.

When I visited the Privnotes.com link generated by clicking the “create note” button on the above page from a different computer with an Internet address in California, this was the result. As you can see, it lists a different bitcoin address, albeit one with the same first four characters the same.

The altered message. Notice the bitcoin address has been modified and is not the same address that was sent in the original note.

Several other tests confirmed that the bitcoin modifying script does not seem to change message contents if the sender and receiver’s IP addresses are the same, or if one composes multiple notes with the same bitcoin address in it.

Allison Nixon, the security expert who helped me with this testing, said the script also only seems to replace the first instance of a bitcoin address if it’s repeated within a message, and the site stops replacing a wallet address if it is sent repeatedly over multiple messages.

“And because of the design of the site, the sender won’t be able to view the message because it self destructs after one open, and the type of people using privnote aren’t the type of people who are going to send that bitcoin wallet any other way for verification purposes,” said Nixon, who is chief research officer at Unit 221B. “It’s a pretty smart scam.”

Given that Privnotes.com is phishing bitcoin users, it’s a fair bet the phony service also is siphoning other sensitive data from people who use their site.

“So if there are password dumps in the message, they would be able to read that, too,” Nixon said. “At first, I thought that was their whole angle, just to siphon data. But the bitcoin wallet replacement is probably much closer to the main motivation for running the fake site.”

Even if you never use or plan to use the legitimate encrypted message service Privnote.com, this scam is a great reminder why it pays to be extra careful about using search engines to find sites that you plan to entrust with sensitive data. A far better approach is to bookmark such sites, and rely exclusively on those instead.

The Good, the Bad and the Ugly in Cybersecurity – Week 24

The Good

With the first half of 2020 more or less behind us, and the U.S. Election season fast approaching in what is already the most turbulent year in decades, it’s good to see cybersecurity being ramped up at the national level. To that end, the National Guard and U.S. Cyber Command have teamed up to provide timely data and response to cyber attacks, from ransomware infections to election security incidents, through its Cyber 9-Line initiative.

Cyber 9-Line uses a common framework to allow rapid reporting of incidents by National Guard units that is fed into USCYBERCOM’s Cyber Nation Mission Force. The CNMF can then diagnose and provide unclassified feedback to help address the incident. While only 12 states have so far completed the registration process, most others are now working through the steps to establish accounts and undertake training. USCYBERCOM have said that defense of the 2020 Election is “the number-one priority of both the command and the National Security Agency”. Cyber 9-Line is expected to play a crucial role in ensuring election integrity.

Meanwhile, over the pond in the UK the Ministry of Defence has also been gearing up to fight off digital attacks with the launch of a new cyber regiment, the 13th Signal Regiment. In a statement, the British Army said that the new outfit would match “cutting edge technology with cyber-fit soldiers to compete and win in the information age.”

The Bad

Remember Meltdown and Spectre? And the side-channel attacks RIDL, Fallout and ZombieLoad? These processor-level vulnerabilities from yesteryear (OK, 2018 and 2019, actually) made it possible for attackers to extract sensitive information as it passed through an Intel CPU’s microarchitectural buffers.

The source of the problem, dubbed Microarchitectural Data Sampling (MDS), was so deeply rooted it wasn’t possible to prevent the buffers leaking; the best Intel could do was update existing processors’ microcode so that buffers would be overwritten whenever the CPU switched to a new security-sensitive task. Intel subsequently released their 8th-gen Whiskey Lake CPUs that were supposed to be resistant to these kinds of MDS attacks. Alas, the bad news is it seems these mitigation strategies didn’t entirely work. New research from two separate teams has shown that even on Whiskey Lake machines, it’s possible to bypass the countermeasures.

SGAxe builds on an earlier attack, CacheOut, and exploits CVE-2020-0549 to steal user data from Security Guard Extensions (SGX) secure enclaves, while CrossTalk makes it possible for attackers to leak data protected in an SGX enclave even if the attacker’s code is running on a different CPU Core to that holding the sensitive data.

The researchers said that “it is almost trivial to apply these attacks to break code running in Intel’s secure SGX enclaves” and that “mitigations against existing transient execution attacks are largely ineffective”.

Intel refers to CrossTalk as Special Register Buffer Data Sampling (SRBDS) and has said that its Atom, Xeon Scalable and 10th Gen Intel Core families of processors are not affected. For processor families that are affected, expect vendors to provide updates in the coming weeks. Patches against an earlier vulnerability, as well as developers following recommended guidelines, should also help to protect against CacheOut and SGAxe, Intel have said.

The Ugly

Human rights defenders, environmentalists, and journalists as well as politicians and CEOs are among tens of thousands that have been targeted by an hitherto unknown hackers-for-hire group dubbed ‘Dark Basin’, according to Citzen Lab, a Canadian research group focused on digital threats to civil society.

American non-profit organizations have been extensively targeted by the Dark Basin group, who also engaged in phishing campaigns against organizations advocating net neutrality and fighting to expose climate denial activities. A partial list of targets who agreed to be named includes:

  • 350.org
  • Climate Investigations Center
  • Conservation Law Foundation
  • Center for International Environmental Law
  • Greenpeace
  • Public Citizen
  • Union of Concerned Scientists

The Dark Basin group were uncovered due to their use of a custom URL shortener used in their phishing campaigns. The researchers were able to identify almost 28,000 URLs containing email addresses of targets after they discovered that the shorteners created URLs with sequential shortcodes. The malicious links led to credential phishing sites: attacker-controlled clones of login pages for popular services like Facebook, LinkedIn and Google Mail, among others.

Initially suspecting the threat actor may have been a state-sponsored APT, Citizen Lab unearthed links between the targets and individuals working at a private, Indian-based company called “BellTrox InfoTech Services” and “BellTrox D|G|TAL Security”. While the researchers say they have “high confidence” that BellTrox employees are behind Dark Basin activities, they do not have strong evidence pointing to any party who may have commissioned their hacking activities.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security