Microsoft Patch Tuesday, January 2021 Edition

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.

Most concerning of this month’s batch is probably a critical bug (CVE-2021-1647) in Microsoft’s default anti-malware suite — Windows Defender — that is seeing active exploitation. Microsoft recently stopped providing a great deal of detail in their vulnerability advisories, so it’s not entirely clear how this is being exploited.

But Kevin Breen, director of research at Immersive Labs, says depending on the vector the flaw could be trivial to exploit.

“It could be as simple as sending a file,” he said. “The user doesn’t need to interact with anything, as Defender will access it as soon as it is placed on the system.”

Fortunately, this bug is probably already patched by Microsoft on end-user systems, as the company continuously updates Defender outside of the normal monthly patch cycle.

Breen called attention to another critical vulnerability this month — CVE-2020-1660 — which is a remote code execution flaw in nearly every version of Windows that earned a CVSS score of 8.8 (10 is the most dangerous).

“They classify this vulnerability as ‘low’ in complexity, meaning an attack could be easy to reproduce,” Breen said. “However, they also note that it’s ‘less likely’ to be exploited, which seems counterintuitive. Without full context of this vulnerability, we have to rely on Microsoft to make the decision for us.”

CVE-2020-1660 is actually just one of five bugs in a core Microsoft service called Remote Procedure Call (RPC), which is responsible for a lot of heavy lifting in Windows. Some of the more memorable computer worms of the last decade spread automatically by exploiting RPC vulnerabilities.

Allan Liska, senior security architect at Recorded Future, said while it is concerning that so many vulnerabilities around the same component were released simultaneously, two previous vulnerabilities in RPC — CVE-2019-1409 and CVE-2018-8514 — were not widely exploited.

The remaining 70 or so flaws patched this month earned Microsoft’s less-dire “important” ratings, which is not to say they’re much less of a security concern. Case in point: CVE-2021-1709, which is an “elevation of privilege” flaw in Windows 8 through 10 and Windows Server 2008 through 2019.

“Unfortunately, this type of vulnerability is often quickly exploited by attackers,” Liska said. “For example, CVE-2019-1458 was announced on December 10th of 2019, and by December 19th an attacker was seen selling an exploit for the vulnerability on underground markets. So, while CVE-2021-1709 is only rated as [an information exposure flaw] by Microsoft it should be prioritized for patching.”

Trend Micro’s ZDI Initiative pointed out another flaw marked “important” — CVE-2021-1648, an elevation of privilege bug in Windows 8, 10 and some Windows Server 2012 and 2019 that was publicly disclosed by ZDI prior to today.

“It was also discovered by Google likely because this patch corrects a bug introduced by a previous patch,” ZDI’s Dustin Childs said. “The previous CVE was being exploited in the wild, so it’s within reason to think this CVE will be actively exploited as well.”

Separately, Adobe released security updates to tackle at least eight vulnerabilities across a range of products, including Adobe Photoshop and Illustrator. There are no Flash Player updates because Adobe retired the browser plugin in December (hallelujah!), and Microsoft’s update cycle from last month removed the program from Microsoft’s browsers.

Windows 10 users should be aware that the operating system will download updates and install them all at once on its own schedule, closing out active programs and rebooting the system. If you wish to ensure Windows has been set to pause updating so you have ample opportunity to back up your files and/or system, see this guide.

Please back up your system before applying any of these updates. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. You never know when a patch roll-up will bork your system or possibly damage important files. For those seeking more flexible and full-featured backup options (including incremental backups), Acronis and Macrium are two that I’ve used previously and are worth a look.

That said, there don’t appear to be any major issues cropping up yet with this month’s update batch. But before you apply updates consider paying a visit to AskWoody.com, which usually has the skinny on any reports about problematic patches.

As always, if you experience glitches or issues installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

Ubiquiti: Change Your Password, Enable 2FA

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

In an email sent to customers today, Ubiquiti Inc. [NYSE: UI] said it recently became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it declined to name that provider.

The statement continues:

“We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.”

Ubiquiti has not yet responded to requests for more information, but the notice was confirmed as official in a post on the company’s user support forum.

The warning from Ubiquiti carries particular significance because the company has made it fairly difficult for customers using the latest Ubiquiti firmware to interact with their devices without first authenticating through the company’s cloud-based systems.

This has become a sticking point for many Ubiquiti customers, as evidenced by numerous threads on the topic in the company’s user support forums over the past few months.

“While I and others do appreciate the convenience and option of using hosted accounts, this incident clearly highlights the problem with relying on your infrastructure for authenticating access to our devices,” wrote one Ubiquiti customer today whose sentiment was immediately echoed by other users. “A lot us cannot take your process for granted and need to keep our devices offline during setup and make direct connections by IP/Hostname using our Mobile Apps.”

To manage your security settings on a Ubiquiti device, visit https://account.ui.com and log in. Click on ‘Security’ from the left-hand menu.

1. Change your password
2. Set a session timeout value
3. Enable 2FA

Image: twitter.com/crosstalksol/

According to Ubiquiti’s investment literature, the company has shipped more than 85 million devices that play a key role in networking infrastructure in over 200 countries and territories worldwide.

This is a developing story that may be updated throughout the day.

The Good, the Bad and the Ugly in Cybersecurity – Week 2

The Good

We always like to highlight law enforcement victories where possible, and it’s especially satisfying when the crime is so ‘dark’. This week, Essex Police in the UK arrested an individual responsible for extorting close to 600 victims spanning Romania, Hong Kong, Australia, and the UK. It is reported that the man, Akash Sondhi of Chafford Hundred, Essex, would routinely hack into the Snapchat accounts of young females. Once he had access and control, he would blackmail the victims into sending him suggestive and compromising photos. In most cases, Sondhi had acquired existing photos from the targeted accounts and used these as leverage to extort further nude and intimate images. Should the victims fail to comply, Sondhi would threaten the release of the sensitive photos to their friends and family. The victims were aged between 16 and 25.

Sondhi’s sextortion campaign wreaked havoc on these victims, causing extensive psychological damage, with one victim actually attempting sucicide. For his crimes, he will now serve a minimum of 11 years in prison and will be placed on the sex offenders register for a period of 10 years after release. This is a victory in the fight against small-time cybercrime, but it can also serve as a reminder to be cautiously critical when interacting with unknown entities on the internet. Stay safe out there!

The Bad

The New Year brings everyone fresh opportunities to start anew and wipe the slate clean. Unfortunately, one thing 2021 did not bring us was an end to ransomware. We started off this week observing a relatively new ransomware family dubbed “Babuk”.

Babuk is not exactly breaking new ground but the threat is all the same. In common with other ransomware operators these days, those behind Babuk also threaten to release stolen data in the event that the victim does not comply with the ransom demands. As of this writing, the entities behind Babuk have been posting victim data only in specific ‘underground’ forums. They also appear to have set up an .onion domain, which currently contains no data.

Babuk claims to use a custom combination of encryption algorithms (ChaCha8/SHA256+ECDH) to ensure that victims are unable to recover their data without paying up. According to reports, the attackers have currently amassed between $60,000 and $85,000.

Time will tell if Babuk will take off like some of its contemporaries, but as of now true in-the-wild-use of this ransomware is very small in scope. So, to ring in the New Year…and to protect yourself from Babuk…make sure all your systems are accounted for, manageable, and properly secured. As an FYI, SentinelOne Singularity fully protects against Babuk infections.

The Ugly

We are all used to phishing emails spoofing various official entities. This becomes more problematic during crises when various government agencies are trying to disperse accurate information as rapidly and efficiently as possible. This week the ACSC (Australian Cyber Security Centre) issued a warning stating that cybercriminals were sending out phishing emails masquerading as official communications from the ACSC.

The emails contain malicious links, which reportedly contain a link to download “antivirus software”, which in turn delivers and executes a banking trojan on the machines of targeted individuals. The ACSC warning goes on to state:

“…there have been reports of cybercriminals calling individuals from a spoofed Australian phone number requesting they download ‘TeamViewer’ or ‘AnyDesk’ onto their device to help resolve malware issues. The scammer then attempts to persuade recipients to take actions, such as enter a URL into a browser and access online banking services, which then compromises their computer to reveal banking information.”

We encourage concerned individuals to review the ACSC warning and continue to take any necessary actions to reduce exposure and minimize risk. You can never be too careful when it comes to email security and hygiene…and as a friendly reminder…email is still the most common delivery method for malware.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Extra Crunch roundup: 2 VC surveys, Tesla’s melt up, The Roblox Gambit, more

This has been quite a week.

Instead of walking backward through the last few days of chaos and uncertainty, here are three good things that happened:

  • Google employee Sara Robinson combined her interest in machine learning and baking to create AI-generated hybrid treats.
  • A breakthrough could make water desalination 30%-40% more effective.
  • Bianca Smith will become the first Black woman to coach a professional baseball team.

Despite many distractions in our first full week of the new year, we published a full slate of stories exploring different aspects of entrepreneurship, fundraising and investing.

We’ve already gotten feedback on this overview of subscription pricing models, and a look back at 2020 funding rounds and exits among Israel’s security startups was aimed at our new members who live and work there, along with international investors who are seeking new opportunities.

Plus, don’t miss our first investor surveys of 2021: one by Lucas Matney on social gaming, and another by Mike Butcher that gathered responses from Portugal-based investors on a wide variety of topics.

Thanks very much for reading Extra Crunch this week. I hope we can all look forward to a nice, boring weekend with no breaking news alerts.

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist


Full Extra Crunch articles are only available to members
Use discount code ECFriday to save 20% off a one- or two-year subscription


The Roblox Gambit

In February 2020, gaming platform Roblox was valued at $4 billion, but after announcing a $520 million Series H this week, it’s now worth $29.5 billion.

“Sure, you could argue that Roblox enjoyed an epic 2020, thanks in part to COVID-19,” writes Alex Wilhelm this morning. “That helped its valuation. But there’s a lot of space between $4 billion and $29.5 billion.”

Alex suggests that Roblox’s decision to delay its IPO and raise an enormous Series H was a grandmaster move that could influence how other unicorns will take themselves to market. “A big thanks to the gaming company for running this experiment for us.”

I asked him what inspired the headline; like most good ideas, it came to him while he was trying to get to sleep.

“I think that I had ‘The Queen’s Gambit’ somewhere in my head, so that formed the root of a little joke with myself. Roblox is making a strategic wager on method of going public. So, ‘gambit’ seems to fit!”

8 investors discuss social gaming’s biggest opportunities

girl playing games on desktop computer

Image Credits: Erik Von Weber (opens in a new window) / Getty Images

For our first investor survey of the year, Lucas Matney interviewed eight VCs who invest in massively multiplayer online games to discuss 2021 trends and opportunities:

  • Hope Cochran, Madrona Venture Group
  • Daniel Li, Madrona Venture Group
  • Niko Bonatsos, General Catalyst
  • Ethan Kurzweil, Bessemer Venture Partners
  • Sakib Dadi, Bessemer Venture Partners
  • Jacob Mullins, Shasta Ventures
  • Alice Lloyd George, Rogue
  • Gigi Levy-Weiss, NFX

Having moved far beyond shooters and sims, platforms like Twitch, Discord and Fortnite are “where culture is created,” said Daniel Li of Madrona.

Rep. Alexandria Ocasio-Cortez uses Twitch to explain policy positions, major musicians regularly perform in-game concerts on Fortnite and in-game purchases generated tens of billions last year.

“Gaming is a unique combination of science and art, left and right brain,” said Gigi Levy-Weiss of NFX. “It’s never just science (i.e., software and data), which is why many investors find it hard.”

How to convert customers with subscription pricing

Giant hand and magnet picking up office and workers

Image Credits: C.J. Burton (opens in a new window) / Getty Images

Startups that lack insight into their sales funnel have high churn, low conversion rates and an inability to adapt or leverage changes in customer behavior.

If you’re hoping to convert and retain customers, “reinforcing your value proposition should play a big part in every level of your customer funnel,” says Joe Procopio, founder of Teaching Startup.

What is up with Tesla’s value?

Elon Musk, founder of SpaceX and chief executive officer of Tesla Inc., arrives at the Axel Springer Award ceremony in Berlin, Germany, on Tuesday, Dec. 1, 2020. Tesla Inc. will be added to the S&P 500 Index in one shot on Dec. 21, a move that will ripple through the entire market as money managers adjust their portfolios to make room for shares of the $538 billion company. Photographer: Liesa Johannssen-Koppitz/Bloomberg via Getty Images

Image Credits: Bloomberg (opens in a new window) / Getty Images

Alex Wilhelm followed up his regular Friday column with another story that tries to find a well-grounded rationale for Tesla’s sky-high valuation of approximately $822 billion.

Meanwhile, GM just unveiled a new logo and tagline.

As ever, I learned something new while editing: A “melt up” occurs when investors start clamoring for a particular company because of acute FOMO (the fear of missing out).

Delivering 500,000 cars in 2020 was “impressive,” says Alex, who also acknowledged the company’s ability to turn GAAP profits, but “pride cometh before the fall, as does a melt up, I think.”

Note: This story has Alex’s original headline, but I told him I would replace the featured image with a photo of someone who had very “richest man in the world” face.

How Segment redesigned its core systems to solve an existential scaling crisis

Abstract glowing grid and particles

Image Credits: piranka / Getty Images

On Tuesday, enterprise reporter Ron Miller covered a major engineering project at customer data platform Segment called “Centrifuge.”

“Its purpose was to move data through Segment’s data pipes to wherever customers needed it quickly and efficiently at the lowest operating cost,” but as Ron reports, it was also meant to solve “an existential crisis for the young business,” which needed a more resilient platform.

Dear Sophie: Banging my head against the wall understanding the US immigration system

Image Credits: Sophie Alcorn

Dear Sophie:

Now that the U.S. has a new president coming in whose policies are more welcoming to immigrants, I am considering coming to the U.S. to expand my company after COVID-19. However, I’m struggling with the morass of information online that has bits and pieces of visa types and processes.

Can you please share an overview of the U.S. immigration system and how it works so I can get the big picture and understand what I’m navigating?

— Resilient in Romania

The first “Dear Sophie” column of each month is available on TechCrunch without a paywall.

Revenue-based financing: The next step for private equity and early-stage investment

Shot of a group of people holding plants growing out of soil

Image Credits: Hiraman (opens in a new window) / Getty Images

For founders who aren’t interested in angel investment or seeking validation from a VC, revenue-based investing is growing in popularity.

To gain a deeper understanding of the U.S. RBI landscape, we published an industry report on Wednesday that studied data from 134 companies, 57 funds and 32 investment firms before breaking out “specific verticals and business models … and the typical profile of companies that access this form of capital.”

Lisbon’s startup scene rises as Portugal gears up to be a European tech tiger

Man using laptop at 25th of April Bridge in Lisbon, Portugal

Image Credits: Westend61 (opens in a new window)/ Getty Images

Mike Butcher continues his series of European investor surveys with his latest dispatch from Lisbon, where a nascent startup ecosystem may get a Brexit boost.

Here are the Portugal-based VCs he interviewed:

  • Cristina Fonseca, partner, Indico Capital Partners
  • Pedro Ribeiro Santos, partner, Armilar Venture Partners
  • Tocha, partner, Olisipo Way
  • Adão Oliveira, investment manager, Portugal Ventures
  • Alexandre Barbosa, partner, Faber
  • António Miguel, partner, Mustard Seed MAZE
  • Jaime Parodi Bardón, partner, impACT NOW Capital
  • Stephan Morais, partner, Indico Capital Partners
  • Gavin Goldblatt, managing partner, Portugal Gateway

How late-stage edtech companies are thinking about tutoring marketplaces

Life Rings flying out beneath storm clouds are a metaphor for rescue, help and aid.

Image Credits: John Lund (opens in a new window)/ Getty Images

How do you scale online tutoring, particularly when demand exceeds the supply of human instructors?

This month, Chegg is replacing its seven-year-old marketplace that paired students with tutors with a live chatbot.

A spokesperson said the move will “dramatically differentiate our offerings from our competitors and better service students,” but Natasha Mascarenhas identified two challenges to edtech automation.

“A chatbot won’t work for a student with special needs or someone who needs to be handheld a bit more,” she says. “Second, speed tutoring can only work for a specific set of subjects.”

Decrypted: How bad was the US Capitol breach for cybersecurity?

Image Credits: Treedeo (opens in a new window) / Getty Images

While I watched insurrectionists invade and vandalize the U.S. Capitol on live TV, I noticed that staffers evacuated so quickly, some hadn’t had time to shut down their computers.

Looters even made off with a laptop from Senator Jeff Merkley’s office, but according to security reporter Zack Whittaker, the damages to infosec wasn’t as bad as it looked.

Even so, “the breach will likely present a major task for Congress’ IT departments, which will have to figure out what’s been stolen and what security risks could still pose a threat to the Capitol’s network.”

Extra Crunch’s top 10 stories of 2020

On New Year’s Eve, I made a list of the 10 “best” Extra Crunch stories from the previous 12 months.

My methodology was personal: From hundreds of posts, these were the 10 I found most useful, which is my key metric for business journalism.

Some readers are skeptical about paywalls, but without being boastful, Extra Crunch is a premium product, just like Netflix or Disney+. I know, we’re not as entertaining as a historical drama about the reign of Queen Elizabeth II or a space western about a bounty hunter. But, speaking as someone who’s worked at several startups, Extra Crunch stories contain actionable information you can use to build a company and/or look smart in meetings — and that’s worth something.

Lacework lands $525M investment as revenue grows 300%

As the pandemic took hold in 2020, companies accelerated their move to cloud services. Lacework, the cloud security startup, was in the right place at the right time as customers looked for ways to secure their cloud native workloads. The company reported that revenue grew 300% year over year for the second straight year.

It was rewarded for that kind of performance with a $525 million Series D today. It did not share an exact valuation, only saying that it exceeded $1 billion, which you would expect on such a hefty investment. Sutter Hill and Altimeter Capital led the round with help from D1 Capital Management, Coatue, Dragoneer Investment Group, Liberty Global Ventures, Snowflake Ventures and Tiger Global Management. The company has now raised close to $600 million.

Lacework CEO Dan Hubbard says one of the reasons for such widespread interest from investors is the breadth of the company’s security solution. “We enable companies to build securely in the cloud, and we span across multiple different categories of markets, which enable the customers to do that,” he said.

He says that encompasses a range of services, including configuration and compliance, security for infrastructure as code, build time and runtime vulnerability scanning and runtime security for cloud native environments like Kubernetes and containers.

As the company has grown revenue, it has been adding employees quickly. It started the year with 92 employees and closed with more than 200, with plans to double that by the end of this year. As he looks at hiring, Hubbard is aware of the need to build a diverse organization, but acknowledges that tech in general hasn’t done a great job so far.

He says they are working with the various teams inside the company to try and change that, while also working to support outside organizations that are helping educate underrepresented groups to get the skills they need and then building from that. “If you can help solve the problem at an earlier stage, then I think you’ve got a bigger opportunity [to have a base of people to hire] there,” he said.

The company was originally nurtured inside Sutter Hill and is built on top of the Snowflake platform. It reports that $20 million of today’s total comes from Snowflake’s new venture arm, which is putting some money into an early partner.

“We were an alpha Snowflake customer, and they were an alpha customer of ours. Our platform is built on top of the Snowflake data cloud and their new venture arm has also joined the round with an investment to further strengthen the partnership there,” Hubbard said.

As for Sutter Hill, investor Mike Speiser sees Lacework as one of his firm’s critical investments. “[Much] like Snowflake at a similar point in its evolution, Lacework is growing revenue at over 300% per year making Lacework one of Sutter Hill Ventures’ most important and promising portfolio companies,” he said in a statement.

Glia raises $78M for its integrated, hands-on, AI-based customer service platform

The ongoing push for social distancing to slow the spread of COVID-19 has meant that more people than ever are using internet-based services to get things done. And that is having a direct impact on digital customer service, which is seeing unprecedented traffic and demands when things are not running smoothly. Today, one of the startups that’s built an interesting, very “hands-on” approach to addressing that problem is announcing a round of funding to expand its business.

Glia, which has built a platform that not only integrates and helps manage different customer support channels, but also provides tools to help agents proactively get into a customer’s app or web page to help them find things or fix issues, is today announcing that it has picked up $78 million in a Series C round of funding. Dan Michaeli, the co-founder and CEO who is based out of New York (the company has a substantial operation in Estonia too), said it will be used to continue developing its technology and expanding to address inbound interest for its services after seeing its revenues grow by 150% in 2020.

The company’s original focus was around financial services and it counts a large base of customers in that area, but it is also seeing a lot of activity in adjacent industries like insurance, as well as education, retail and other categories Michaeli said.

“We’ve had overwhelming demand and it’s incredible to see how businesses want to adopt us right now,” he said in an interview. “The plan is to significantly scale up and continue to define and meet that demand for digital customer service.” The company is likely also to use some of the funding for acquisitions in what appears to be a rapidly consolidating market.

The round is being led by Insight Partners, with Don Brown (an entrepreneur in the world of customer service, with his company Interactive Intelligence acquired by Genesys for $1.4 billion) also participating.

Glia isn’t disclosing other investors, but past backers include Tola Capital, Temerity Capital, Grassy Creek and Wildcat Capital, as well as Insight. Prior to this, the company, which has been around since 2012 and was previously known as SaleMove, had raised just $28 million and its valuation was a modest $69 million according to PitchBook data (and it’s not disclosing valuation today).

There are a lot of customer service startups in the market today, and a number of them are seeing huge boosts in their business, and even some consolidation as others snap up tech to make sure they have their own customer service strategies going in the right direction. (Witness Facebook of all companies acquiring omnichannel customer support and CRM leader Kustomer for $1 billion in November.)

Glia is not unlike many of the new guard of these companies, in that its focus is very squarely on providing a platform to be able to manage and interact across whatever digital channel a customer happens to be using. Glia, I should point out, means “glue” in Greek.

What makes Glia quite interesting and different from these are some of the twists it uses to engage with users. One of these involves being able to give agents the ability to actually get on the screen of the user in question, in order to both guide the user around the screen, and to see what the user is doing on that screen.

To be clear, the connection and ability to track what the user is doing is just on the screen in question, and it’s done with the user’s awareness of what is going on. In the demo of the service that I went through, it’s a very smooth service, which reminded me just a little of things like Clippy on Microsoft Word.

Alongside this, Glia provides tools to agents to coach them on questions to ask, phrasing to use and links for answers, and Glia also develops virtual customer service assistants, to help with more basic questions. These also have the ability to interact with people’s screens when they make contact with a company. This in effect sees the company combining a number of technologies in one place, from natural language to suggest (and in some cases run) customer service responses, through to computer vision to help detect what is going on on the remote screen, through to more fundamental CRM technology to run those services across multiple platforms.

While screen sharing has been a well-used tool in other areas — for example in workforce collaboration environments, or for presenting online — Glia is seen as one of the pioneers in leveraging that for customer service. For investors, the interest in Glia has been to tap into that.

“We are proud to expand our investment in Glia as the company continues to lead the evolution of Digital Customer Service for businesses across the globe,” said Lonne Jaffe, managing director at Insight Partners, in a statement. “Glia’s platform provides the modern technology necessary for businesses to meet customers in their digital journeys and communicate through the customer’s channel of choice. With this capital, the company will continue to scale and keep up with skyrocketing demand.”

We are in a key moment of digital transformation in customer services. Surprisingly, there are still many who opt for calling in to ask questions, but as Michaeli noted, these days, even when they are still using phones, customers will do so with “their screens in front of them.”

Brown believes that this is the other opportunity to seize. “Many companies are still focused on moving antiquated, on-premises telephony systems to cloud contact centers that essentially offer the same functionality,” he said in a statement. “Instead, businesses can leapfrog this process and move directly to a digital-first cloud approach by partnering with Glia. If I were to build Interactive Intelligence for today’s contact center, I would take Glia’s approach.”

RedHat is acquiring container security company StackRox

RedHat today announced that it’s acquiring container security startup StackRox . The companies did not share the purchase price.

RedHat, which is perhaps best known for its enterprise Linux products has been making the shift to the cloud in recent years. IBM purchased the company in 2018 for a hefty $34 billion and has been leveraging that acquisition as part of a shift to a hybrid cloud strategy under CEO Arvind Krishna.

The acquisition fits nicely with RedHat OpenShift, its container platform, but the company says it will continue to support StackRox usage on other platforms including AWS, Azure and Google Cloud Platform. This approach is consistent with IBM’s strategy of supporting multicloud, hybrid environments.

In fact, Red Hat president and CEO Paul Cormier sees the two companies working together well. “Red Hat adds StackRox’s Kubernetes-native capabilities to OpenShift’s layered security approach, furthering our mission to bring product-ready open innovation to every organization across the open hybrid cloud across IT footprints,” he said in a statement.

CEO Kamal Shah, writing in a company blog post announcing the acquisition, explained that the company made a bet a couple of years ago on Kubernetes and it has paid off. “Over two and half years ago, we made a strategic decision to focus exclusively on Kubernetes and pivoted our entire product to be Kubernetes-native. While this seems obvious today; it wasn’t so then. Fast forward to 2020 and Kubernetes has emerged as the de facto operating system for cloud-native applications and hybrid cloud environments,” Shah wrote.

Shah sees the purchase as a way to expand the company and the road map more quickly using the resources of Red Hat (and IBM), a typical argument from CEOs of smaller acquired companies. But the trick is always finding a way to stay relevant inside such a large organization.

StackRox’s acquisition is part of some consolidation we have been seeing in the Kubernetes space in general and the security space more specifically. That includes Palo Alto Networks acquiring competitor TwistLock for $410 million in 2019. Another competitor, Aqua Security, which has raised $130 million, remains independent.

StackRox was founded in 2014 and raised over $65 million, according to Crunchbase data. Investors included Menlo Ventures, Redpoint and Sequoia Capital. The deal is expected to close this quarter subject to normal regulatory scrutiny.

F5 snags Volterra multi-cloud management startup for $500M

Applications networking company F5 announced today that it is acquiring Volterra, a multi-cloud management startup, for $500 million. That breaks down to $440 million in cash and $60 million in deferred and unvested incentive compensation.

Volterra emerged in 2019 with a $50 million investment from multiple sources, including Khosla Ventures and Mayfield, along with strategic investors like M12 (Microsoft’s venture arm) and Samsung Ventures. As the company described it to me at the time of the funding:

Volterra has innovated a consistent, cloud-native environment that can be deployed across multiple public clouds and edge sites — a distributed cloud platform. Within this SaaS-based offering, Volterra integrates a broad range of services that have normally been siloed across many point products and network or cloud providers.

The solution is designed to provide a single way to view security, operations and management components.

F5 president and CEO François Locoh-Donou sees Volterra’s edge solution integrating across its product line. “With Volterra, we advance our Adaptive Applications vision with an Edge 2.0 platform that solves the complex multi-cloud reality enterprise customers confront. Our platform will create a SaaS solution that solves our customers’ biggest pain points,” he said in a statement.

Volterra founder and CEO Ankur Singla, writing in a company blog post announcing the deal, says the need for this solution only accelerated during 2020 when companies were shifting rapidly to the cloud due to the pandemic. “When we started Volterra, multi-cloud and edge were still buzzwords and venture funding was still searching for tangible use cases. Fast forward three years and COVID-19 has dramatically changed the landscape — it has accelerated digitization of physical experiences and moved more of our day-to-day activities online. This is causing massive spikes in global Internet traffic while creating new attack vectors that impact the security and availability of our increasing set of daily apps,” he wrote.

He sees Volterra’s capabilities fitting in well with the F5 family of products to help solve these issues. While F5 had a quiet 2020 on the M&A front, today’s purchase comes on top of a couple of major acquisitions in 2019, including Shape Security for $1 billion and NGINX for $670 million.

The deal has been approved by both companies’ boards, and is expected to close before the end of March, subject to regulatory approvals.

All Aboard the Pequod!

Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation’s capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For those trying to draw meaning from the experience, might I suggest consulting the literary classic Moby Dick, which simultaneously holds clues about QAnon’s origins and offers an apt allegory about a modern-day Captain Ahab and his ill-fated obsessions.

Many have speculated that Jim Watkins, the administrator of the online message board 8chan (a.k.a. 8kun), and/or his son Ron are in fact “Q,” the anonymous persona behind the QAnon conspiracy theory, which holds that President Trump is secretly working to save the world from a satanic cult of pedophiles and cannibals.

Last year, as I was scrutinizing the computer networks that kept QAnon online, researcher Ron Guilmette pointed out a tantalizing utterance from Watkins the younger which adds tenuous credence to the notion that one or both of them is Q.

We’ll get to how the Great White Whale (the Capitol?) fits into this tale in a moment. But first, a bit of background. A person identified only as “Q” has for years built an impressive following for the far-right conspiracy movement by leaving periodic “Q drops,” cryptic messages that QAnon adherents spend much time and effort trying to decipher and relate to current events.

Researchers who have studied more than 5,000 Q drops are convinced that there are two distinct authors of these coded utterances. The leading theory is that those identities corresponded to the aforementioned father-and-son team responsible for operating 8chan.

Jim Watkins, 56, is the current owner of 8chan, a community perhaps now best known as a forum for violent extremists and mass shooters. Watkins is an American pig farmer based in the Philippines; Ron reportedly resides in Japan.

In the aftermath of back-to-back mass shootings on Aug. 3 and Aug. 4, 2019 in which a manifesto justifying one of the attacks was uploaded to 8chan, Cloudflare stopped providing their content delivery network to 8chan. Several other providers quickly followed suit, leaving 8chan offline for months before it found a haven at a notorious bulletproof hosting facility in Russia.

One reason Q watchers believe Ron and Jim Watkins may share authorship over the Q drops is that while 8chan was offline, the messages from Q ceased. The drops reappeared only months later when 8chan rebranded as 8kun.

CALL ME ISHMAEL

Here’s where the admittedly “Qonspiratorial” clue about the Watkins’ connection to Q comes in. On Aug. 5, 2019, Ron Watkins posted a Twitter message about 8chan’s ostracization which compared the community’s fate to that of the Pequod, the name of the doomed whaling ship in the Herman Melville classic “Moby Dick.”

“If we are still down in a few hours then maybe 8chan will just go clearnet and we can brave DDOS attacks like Ishmael on the Pequod,” Watkins the younger wrote.

Ishmael, the first-person narrator in the novel, is a somewhat disaffected American sailor who decides to try his hand at a whaling ship. Ishmael is a bit of a minor character in the book; very soon into the novel we are introduced to a much more interesting and enigmatic figure — a Polynesian harpooner by the name of Queequeg.

Apart from being a cannibal from the Pacific islands who has devoured many people, Queequeg is a pretty nice guy and shows Ismael the ropes of whaling life. Queequeg is covered head to toe in tattoos, which are described by the narrator as the work of a departed prophet and seer from the cannibal’s home island.

Like so many Q drops, Queequeg’s tattoos tell a mysterious tale, but we never quite learn what that full story is. Indeed, the artist who etched them into Queequeg’s body is long dead, and the cannibal himself can’t seem to explain what it all means.

Ishmael describes Queequeg’s mysterious markings in this passage:

“…a complete theory of the heavens and earth, and a mystical treatise on the art of attaining truth; so that Queequeg in his own proper person was a riddle to unfold; a wondrous work in one volume; but whose mysteries not even himself could read, though his own live heart beat against them; and these mysteries were therefore destined in the end to moulder away with the living parchment whereon they were inscribed, and so be unsolved to the last.”

THE GREAT WHITE WHALE

It’s perhaps fitting then that one of the most recognizable figures from the mob that stormed the U.S. Capitol on Wednesday was a heavily-tattooed, spear-wielding QAnon leader who goes by the name “Q Shaman” (a.k.a. Jake Angeli).

“Q Shaman,” a.k.a. Jake Angeli, at a Black Lives Matter event in Arizona (left) and Wednesday, confronted by U.S. Capitol Police. Image: Twitter, @KelemenCari.

“Angeli’s presence at the riot, along with others wearing QAnon paraphernalia, comes as the conspiracy-theory movement has been responsible for the popularization of Trump’s voter-fraud conspiracy theories,” writes Rachel E. Greenspan for Yahoo! News.

“As Q has become increasingly hands-off, giving fewer and fewer messages to his devotees, QAnon leaders like Angeli have gained fame and power in the movement,” Greenspan wrote.

If somehow Moby Dick was indeed the inspiration for the “Q” identity in QAnon, yesterday’s events at The Capitol were the inexorable denouement of a presidential term that increasingly came to be defined by conspiracy theories. In a somewhat prescient Hartford Courant op-ed published in 2018, author Steven Almond observed that Trump’s presidency could be best understood through the lens of the Pequod’s Captain Ahab. To wit:

“Melville is offering a mythic account of how one man’s virile bombast ensnares everyone and everything it encounters. The setting is nautical, the language epic. But the tale, stripped to its ribs, is about the seductive power of the wounded male ego, how naturally a ship steered by men might tack to its vengeful course.”

“Trump’s presidency has been, in its way, a retelling of this epic. Whether we cast him as agent or principal hardly matters. What matters is that Americans have joined the quest. In rapture or disgust, we’ve turned away from the compass of self-governance and toward the mesmerizing drama of aggression on display, the masculine id unchained and all that it unchains within us. With every vitriolic tweet storm and demeaning comment, Trump strikes through the mask.”

EPILOGUE

If all of the above theorizing reads like yet another crackpot QAnon conspiracy, that may be the inevitable consequence of my spending far too much time going down this particular rabbit hole (and re-reading Moby Dick in the process!).

In any case, none of this is likely to matter to the diehard QAnon conspiracy theorists themselves, says Mike Rothschild, a writer who specializes in researching and debunking conspiracy theories.

“Even if Jim Watkins was revealed as owning the board or making the posts, it wouldn’t matter,” Rothschild said. “Anything that happens that disconfirms Q being an official in the military industrial complex is going to help fuel their persecution complex.”

Rothschild has been working hard on finishing his next book, “The Storm is Upon Us: How QAnon Became a Movement, Cult, and Conspiracy Theory of Everything,” which is due to be published in October 2021. Who’s printing the book? Ten points if you guessed Melville House, an independent publisher named after Herman Melville.

Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.

The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a discovery that its own systems were compromised as part of the SolarWinds supply chain attack. That intrusion involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for some 18,000 users of its Orion network management software as far back as March 2020.

“The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings,” the agency said in a statement published Jan. 6.

“An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation,” the statement continues. “Due to the nature of the attacks, the review of this matter and its impact is ongoing.”

The AO declined to comment on specific questions about their breach disclosure. But a source close to the investigation told KrebsOnSecurity that the federal court document system was “hit hard,” by the SolarWinds attackers, which multiple U.S. intelligence and law enforcement agencies have attributed as “likely Russian in origin.”

The source said the intruders behind the SolarWinds compromise seeded the AO’s network with a second stage “Teardrop” malware that went beyond the “Sunburst” malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software. This suggests the attackers were targeting the agency for deeper access to its networks and communications.

The AO’s court document system powers a publicly searchable database called PACER, and the vast majority of the files in PACER are not restricted and are available to anyone willing to pay for the records.

But experts say many other documents stored in the AO’s system are sealed — either temporarily or indefinitely by the courts or parties to a legal matter — and may contain highly sensitive information, including intellectual property and trade secrets, or even the identities of confidential informants.

Nicholas Weaver, a lecturer at the computer science department at University of California, Berkeley, said the court document system doesn’t hold documents that are classified for national security reasons. But he said the system is full of sensitive sealed filings — such as subpoenas for email records and so-called “trap and trace” requests that law enforcement officials use to determine with whom a suspect is communicating via phone, when and for how long.

“This would be a treasure trove for the Russians knowing about a lot of ongoing criminal investigations,” Weaver said. “If the FBI has indicted someone but hasn’t arrested them yet, that’s all under seal. A lot of the investigative tools that get protected under seal are filed very early on in the process, often with gag orders that prevent [the subpoenaed party] from disclosing the request.”

The acknowledgement from the AO comes hours after the U.S. Justice Department said it also was a victim of the SolarWinds intruders, who took control over the department’s Office 365 system and accessed email sent or received from about three percent of DOJ accounts (the department has more than 100,000 employees).

The SolarWinds hack also reportedly jeopardized email systems used by top Treasury Department officials, and granted the attackers access to networks inside the Energy, Commerce and Homeland Security departments.

The New York Times on Wednesday reported that investigators are examining whether a breach at another software provider — JetBrains — may have precipitated the attack on SolarWinds. The company, which was founded by three Russian engineers in the Czech Republic, makes a tool called TeamCity that helps developers test and manage software code. TeamCity is used by developers at 300,000 organizations, including SolarWinds and 79 of the Fortune 100 companies.

“Officials are investigating whether the company, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies,” The Times said. “Security experts warn that the monthslong intrusion could be the biggest breach of United States networks in history.”

Under the AO’s new procedures, highly sensitive court documents filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system. These sealed documents will not be uploaded to CM/ECF.

“This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not available to the public,” the AO said.

James Lewis, senior vice president at the Center for Strategic and International Studies, said it’s too soon to tell the true impact of the breach at the court system, but the fact that they were apparently targeted is a “a very big deal.”

“We don’t know what the Russians took, but the fact that they had access to this system means they had access to a lot of great stuff, because federal cases tend to involve fairly high profile targets,” he said.