At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange.

In the three days since then, security experts say the same Chinese cyber espionage group has dramatically stepped up attacks on any vulnerable, unpatched Exchange servers worldwide.

In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.

Speaking on condition of anonymity, two cybersecurity experts who’ve briefed U.S. national security advisors on the attack told KrebsOnSecurity the Chinese hacking group thought to be responsible has seized control over “hundreds of thousands” of Microsoft Exchange Servers worldwide — with each victim system representing approximately one organization that uses Exchange to process email.

Microsoft said the Exchange flaws are being targeted by a previously unidentified Chinese hacking crew it dubbed “Hafnium,” and said the group had been conducting targeted attacks on email systems used by a range of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.

Microsoft’s initial advisory about the Exchange flaws credited Reston, Va. based Volexity for reporting the vulnerabilities. Volexity President Steven Adair said the company first saw attackers quietly exploiting the Exchange bugs on Jan. 6, 2021, a day when most of the world was glued to television coverage of the riot at the U.S. Capitol.

But Adair said that over the past few days the hacking group has shifted into high gear, moving quickly to scan the Internet for Exchange servers that weren’t yet protected by the security updates Microsoft released Tuesday.

“We’ve worked on dozens of cases so far where web shells were put on the victim system back on Feb. 28 [before Microsoft announced its patches], all the way up to today,” Adair said. “Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server. The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”

Reached for comment, Microsoft said it is working closely with the U.S. Cybersecurity & Infrastructure Security Agency (CISA), other government agencies, and security companies, to ensure it is providing the best possible guidance and mitigation for its customers.

“The best protection is to apply updates as soon as possible across all impacted systems,” a Microsoft spokesperson said in a written statement. “We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”

Meanwhile, CISA has issued an emergency directive ordering all federal civilian departments and agencies running vulnerable Microsoft Exchange servers to either update the software or disconnect the products from their networks.

Adair said he’s fielded dozens of calls today from state and local government agencies that have identified the backdoors in their Exchange servers and are pleading for help. The trouble is, patching the flaws only blocks the four different ways the hackers are using to get in. But it does nothing to undo the damage that may already have been done.

A tweet from Chris Krebs, former director of the Cybersecurity & Infrastructure Security Agency, responding to a tweet from White House National Security Advisor Jake Sullivan.

White House press secretary Jen Psaki told reporters today the vulnerabilities found in Microsoft’s widely used Exchange servers were “significant,” and “could have far-reaching impacts.”

“We’re concerned that there are a large number of victims,” Psaki said.

By all accounts, rooting out these intruders is going to require an unprecedented and urgent nationwide clean-up effort. Adair and others say they’re worried that the longer it takes for victims to remove the backdoors, the more likely it is that the intruders will follow up by installing additional backdoors, and perhaps broadening the attack to include other portions of the victim’s network infrastructure.

Security researchers have published several tools for detecting vulnerable servers. One of those tools, a script from Microsoft’s Kevin Beaumont, helps companies identify exposed servers.

KrebsOnSecurity has seen portions of a victim list compiled by running such a tool, and it is not a pretty picture. The backdoor web shell is verifiably present on the networks of thousands of U.S. organizations, including banks, credit unions, non-profits, telecommunications providers, public utilities and police, fire and rescue units.

“It’s police departments, hospitals, tons of city and state governments and credit unions,” said one source who’s working closely with federal officials on the matter. “Just about everyone who’s running self-hosted Outlook Web Access and wasn’t patched as of a few days ago got hit with a zero-day attack.”

Another government cybersecurity expert who participated in a recent call with multiple stakeholders impacted by this hacking spree worries the cleanup effort required is going to be Herculean.

“On the call, many questions were from school districts or local governments that all need help,” the source said, speaking on condition they were not identified by name. “If these numbers are in the tens of thousands, how does incident response get done? There are just not enough incident response teams out there to do that quickly.”

When it released patches for the four Exchange Server flaws on Tuesday, Microsoft emphasized that the vulnerability did not affect customers running its Exchange Online service (Microsoft’s cloud-hosted email for businesses). But sources say the vast majority of the organizations victimized so far are running some form of Internet-facing Microsoft Outlook Web Access (OWA) email systems in tandem with Exchange servers internally.

“It’s a question worth asking, what’s Microsoft’s recommendation going to be?,” the government cybersecurity expert said. “They’ll say ‘Patch, but it’s better to go to the cloud.’ But how are they securing their non-cloud products? Letting them wither on the vine.”

The government cybersecurity expert said this most recent round of attacks is uncharacteristic of the kinds of nation-state level hacking typically attributed to China, which tends to be fairly focused on compromising specific strategic targets.

“Its reckless,” the source said. “It seems out of character for Chinese state actors to be this indiscriminate.”

Microsoft has said the incursions by Hafnium on vulnerable Exchange servers are in no way connected to the separate SolarWinds-related attacks, in which a suspected Russian intelligence group installed backdoors in network management software used by more than 18,000 organizations.

“We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services,” the company said.

Nevertheless, the events of the past few days may well end up far eclipsing the damage done by the SolarWinds intruders.

This is a fast-moving story, and likely will be updated multiple times throughout the day. Stay tuned.

Update, 8:27 p.m. ET: Wired cybersecurity reporter Andy Greenberg has confirmed hearing the same number of victim numbers cited in this report: “It’s massive. Absolutely massive,” one former national security official with knowledge of the investigation told WIRED. “We’re talking thousands of servers compromised per hour, globally.” Read Greenberg’s account here.

Also, the first and former director of CISA, Chris Krebs (no relation) seems to be suggesting on Twitter that the victim numbers cited here are conservative (or just outdated already):

Update 8:49 p.m.: Included a link to one of the more recommended tools for finding systems vulnerable to this attack.

Update, 10:17 p.m.: Added mention from Reuters story, which said White House officials are concerned about “a large number of victims.”

Feature Spotlight: ML Device Fingerprinting with Singularity Ranger®

Knowing what is on your network is fundamental to securing your IT infrastructure. A single compromised device gives adversaries a foothold from which they can move laterally and take what is yours. Unfortunately, there is no common means for IP-enabled devices to identify themselves. Singularity Ranger from SentinelOne finds and fingerprints every device connected to your network. Our advanced machine learning algorithms, integral to the Sentinel agent, identify the operating system, type, and role of each device on your network. As a result, security professionals have more up-to-date information on, and better visibility into, what is on their network, so that they are more fully equipped to make better risk management decisions.

Alternatives and Limitations

Various passive and active scanning techniques have been available in both open source and commercial solutions for some time, but all these previous attempts have problems which limit their effectiveness.

Active fingerprinting, the process of sending pings and messages and using the responses to infer device information, misses information that is only sent passively. Then there are firewalls, bandwidth considerations, device functional impairment, and interoperability issues with network security solutions (i.e., alert storms and response).

While passive fingerprinting – listening for broadcast data packets – addresses some of these limitations, it is difficult to deploy in advanced network topologies, increasing deployment and maintenance costs. Moreover, data traffic is increasingly encrypted, limiting the effectiveness of many passive solutions beyond Layer 4.

Asset inventorying does not have to be this complicated.

Device Fingerprinting with Ranger

Ranger is uniquely positioned to solve these challenges via a combination of manual rules, MAC addressing, and our AI-driven Sentinel agents. First, Ranger transforms Sentinel agents into distributed network sensors, and it is these Sentinels which play an important role in training the fingerprinting model. Ranger combines passive and active scanning techniques with manual rules and MAC address information to deliver superior device fingerprinting, with no additional hardware or software to deploy. This saves customers time, money, and headache.

Our hierarchical machine learning model consists of three layers. The first model layer narrows in on the OS family, such as Windows, Linux, Android, and macOS. The next layer pinpoints the specific OS version, and the final layer identifies the specific device role and/or type.

Each device with a Sentinel agent reports details on its OS to the SentinelOne Cloud, and while SentinelOne supports a wide range of Linux distributions (among others), there are certain IoT devices which, due to device hardware or software limitations, cannot take a Sentinel agent.

Therefore, Sentinel agents also passively “listen” for broadcast information by any new devices, and then efficiently, actively scan these devices for more clues. These scan settings are highly configurable by subnet, so the admin controls what is scanned when and by what method.

This information is aggregated and used together with MAC address information. This is where SentinelOne partnered with SAM Seamless Network. SAM provides MAC-based fingerprinting for tens of thousands of device models, from smartphones to a wide variety of IoT devices commonly found in small and large networks alike. SAM algorithms continuously learn how to fingerprint devices based solely on their MAC address. By partnering with SAM, SentinelOne quickly augmented our ML model with SAM’s focused expertise based upon millions of connected devices worldwide.

SentinelOne takes care to not overfit the model to manual rules or MAC address prefixes, which would limit the model’s ability to generalize. Whereas a manual rules-only model is costly to develop, maintain, and improve, SentinelOne’s fingerprinting model becomes smarter with every device it sees. SentinelOne customers need only toggle Ranger ON, and the ML model gets right to work.

Summary

Through better fingerprinting, customers are better able to protect their networks. By more accurately categorizing IoT devices on your network, you more completely understand risk which, in turn, informs better corrective action planning.

Identify your agent deployment gaps, quantify your exposure to device-based threats like Ripple20, and prevent vulnerable devices from becoming compromised devices.

Ranger helps you to:

  • take immediate actions based on the risk image
  • isolate devices
  • set tags on devices to group them
  • apply device review statuses to mark as Not Trusted, Suspicious or Allowed.

If you would like to learn more about our device fingerprinting methods, read our whitepaper, Advanced Device Fingerprinting with Singularity Ranger. Let’s work together to discover and protect what is yours.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

SentinelOne and HAFNIUM / Microsoft Exchange 0-days

On Tuesday, March 2nd, Microsoft released an out-of-band security update addressing a total of 7 CVEs, four of which are associated with ongoing, targeted attacks. The update was in response to an active campaign that was seen on Microsoft clients compromising Exchange servers by bypassing authentication and allowing attackers to read emails and potentially penetrate enterprise networks without the need to authenticate.

The SentinelLabs team has been closely tracking HAFNIUM and Exchange Server impacts. Customers with the Deep Visibility threat hunting module (STAR) may also automate responses (alerts, network quarantine, kill, quarantine) should these IoCs be seen in the future. Our customers can stay ahead of this emerging threat with our protection capabilities and real-time alerts.

Executive Summary

  • The attack is relevant for Microsoft Exchange servers (on-prem only). The SentinelOne agent supports protecting Exchange servers and is widely deployed on Exchange servers.
  • The SentinelOne agent includes dedicated logic to protect from password scraping, including LSASS dumping and Mimikatz attempts on the agent.
  • The SentinelOne Singularity platform supports Deep Visibility hunting queries, allowing customers to do retrospective hunting to identify if there were any HAFNIUM artifacts in their environments.
  • All SentinelOne Vigilance clients have already been proactively reviewed for any HAFNIUM attempts and will be closely monitored.
  • SentinelLabs and the WatchTower threat hunting teams continue to monitor our existing customers’ infrastructure for any evidence of HAFNIUM, its payloads, and other TTPs. If identified, customers will be notified by our Vigilance service and provided with a course of recommended actions to follow.

Technical Review

Microsoft update addresses a total of 7 CVEs, 4 of which are associated with ongoing and targeted attacks.

The associated flaws affect Microsoft Exchange 2013, 2016, and 2019. These flaws have been leveraged by an attack group dubbed HAFNIUM, and represent a portion of a more broad attack chain. Additional tools associated with this campaign include:

  • Nishang
  • PowerCAT
  • Procdump

In the days following the disclosure of these flaws, we have observed a significant increase in the amount of scanning and subsequent exploit attempts of these vulnerabilities. The targeting of these flaws is not exclusive to the HAFNIUM group, and we are starting to see separate campaigns which attempt to distribute additional malware families.

It is also critical to note that we are also observing the proliferation of public PoC code for CVE-2021-27065.

Exploited Vulnerabilities

CVE-2021-26855 – Remote Code Execution flaw, via untrusted connections to the Exchange server on port 443.  Does not require user interaction

CVE-2021-26857 – Remote Code Execution flaw, via untrusted connections to the Exchange server on port 443

CVE-2021-26858 – Remote Code Execution flaw, via untrusted connections to the Exchange server on port 443

CVE-2021-27065 – Remote Code Execution flaw, via untrusted connections to the Exchange server on port 443

Three additional CVEs are included in the fix, but these are not known to be part of the observed attacks. These are CVE-2021-26412, CVE-2021-26854, CVE-27078

It should be noted that all but CVE-2021-26855 require user interaction. In addition, the relevant CVEs affect on-prem installs of Exchange Server only. Exchange Online is not directly affected, though hybrid environments will have at least one Exchange server requiring patching.

Further Details

The exploitation of these vulnerabilities allowed the attackers to gain their initial foothold in the environment. Once the target had been breached, webshells of various types were deployed to allow for further management and exfiltration from compromised hosts. Where needed, additional tools were used to facilitate lateral movement, persistent access, and remote manipulation. Open source tools such as PowerCAT, Nishang, 7zip, WinRAR, and Procdump were utilized to do just that.

HAFNIUM, as a group, has been linked to attacks against the defense industry, government and policy-related entities, law firms, and medical and educational institutions. Current intelligence indicates that the group operates out of China. The group is considered highly-sophisticated. Their arsenal of tools includes 0-days along with customized malware, COTS/Open-source tools, and LOTL techniques. This includes heavy use of PowerShell and other common native OS features.

Mitigation

In addition to releasing an out-of-band update, Microsoft has also provided detailed guidance and hunting queries (primarily Exchange log-based). We recommend prioritizing Microsoft’s update, along with the additional guidance made available.

Microsoft KB5000871 – Security update for Microsoft Exchange Server 2019, 2016, and 2013.

Microsoft KB5000978 – Security update for Microsoft Exchange Server 2010 Service Pack 3.

Microsoft MSRC Blog Post – Multiple Security Updates Released for Exchange Server.

Microsoft Blog – New nation-state cyberattacks.

IOCs

Associated Threats:  Webshells

SHA256
b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0
097549cf7d0f76f0d99edf8b2d91c60977fd6a96e4b8c3c94b0b1733dc026d3e
2b6f1ebb2208e93ade4a6424555d6a8341fd6d9f60c25e44afe11008f5c1aad1
65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5
511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1
4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea
811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d
1631a90eb5395c4e19c7dbcbf611bbe6444ff312eb7937e286e4637cb9e72944

Attacker Infrastructure

(Note: A majority of the hosts below are VPS/VPN/Cloud service providers. The ‘maliciousness’ of these hosts has a limited shelf-life and may result in false positives if limited to this activity.)

103.77.192.219
104.140.114.110
104.250.191.110
108.61.246.56
149.28.14.163
157.230.221.198
167.99.168.251
185.250.151.72
192.81.208.169
203.160.69.66
211.56.98.146
5.254.43.18
80.92.205.81

MITRE ATT&CK

  • T1003.003 – OS Credential Dumping: NTDS
  • T1021.002 – Remote Services: SMB/Windows Admin Shares
  • TA0010 – Exfiltration
  • T1105 – Ingress Tool Transfer
  • T1003.001 – OS Credential Dumping: LSASS Memory
  • T1059.001 – Command and Scripting Interpreter: PowerShell
  • T1114.001 – Email Collection: Local Email Collection
  • T1136 – Create Account
  • S0020 – China Chopper
  • T1027 – Obfuscated Files or Information

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Papaya Global raises $100M more at a $1B+ valuation for tools to hire, pay and manage distributed workforces

Remote working — hiring people further afield and letting people work outside of a central physical office — is looking like it will be here to stay, and today one of the startups building tools for that environment is announcing a big fundraise in response to the opportunity.

Papaya Global, an Israeli startup that provides cloud-based payroll and hiring, onboarding and compliance services across 140 countries for organizations that employ full-time, part-time and contract workers outside of their home country, has picked up $100 million in funding and has confirmed that its valuation is now over $1 billion.

The company targets organizations that not only have global workforces, but are expanding their employee bases quickly. They include fast-growing startups like OneTrust, nCino and Hopin (which today announced a monster $400 million round), as well as major corporates like Toyota, Microsoft, Wix and General Dynamics.

Papaya is not disclosing revenue numbers but said that sales have grown 300% year-over-year for each of the last three years.

Led by Greenoaks Capital Partners, this Series C also includes significant participation from IVP and Alkeon Capital. Previous backers Insight Venture Partners, Scale Venture Partners, Bessemer Venture Partners, Dynamic Loop, New Era and Workday Ventures, Access Ventures and Group 11 also chipped in. The new investment brings Papaya’s total funding to $190 million.

Papaya has been on a fundraising tear in the last 18 months. Today’s news comes less than six months after it raised a $40 million Series B. And that round came less than a year after a $45 million Series A.

Why so much, so quickly? Partly because of the demands on the business, but possibly also to capitalize on an opportunity at a time when so many others are also going after it as well.

The opportunity is that companies and other organizations are finding themselves needing tools to address the current state of play: Workforce growth today doesn’t look like it did in 2019, and so incumbent solutions like ADP, or cobbled together solutions covering multiple geographies, either don’t cut it, or are too costly to maintain.

Papaya Global, in contrast, says it has built an AI-based platform that automates a lot of work and removes much of the manual activity that comes out of trying to right-size a lot of legacy payroll products to work in new paradigms.

“The major impact of COVID-19 for us has been changing attitudes,” CEO Eynat Guez, who co-founded the company with Ruben Drong and Ofer Herman, told me in an interview last September. “People usually think that payroll works by itself, but it’s one of the more complex parts of the organization, covering major areas like labor, accounting, tax. Eight months ago, a lot of clients thought, it just happens. But now they realize they didn’t have control of the data, some don’t even have a handle on who is being paid.”

One challenge, however, is that many others are also chasing these customers in hopes of becoming the ADP of distributed and global work.

Last month, a startup called Oyster, also aimed at distributed workforces, raised $20 million. Others in the same area that have raised lots of capital include Turing,  DeelRemoteHibob, Personio, Factorial, Lattice, Turing and Rippling.

And as we have pointed out before, these are just some of the HR startups that have raised money in the last year. There are many, many more.

Investors here are hoping that as we see some consolidation emerge out of this mix, there will be a few leaders and that Papaya will be one of them.

“Papaya Global has built a best in class solution to onboard new employees, automate payroll, and manage a global workforce through a single pane of glass. Both growing and established companies have dramatically changed their working practices in recent years, and Papaya has seen impressive growth as a result. We’re excited to continue supporting them as they seek to simplify an increasingly complex challenge for some of the world’s biggest companies,” said Patrick Backhouse, partner at Greenoaks Capital, in a statement.


Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, product-market fit, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included for audience questions and discussion.

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’
}, “https://tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();

Google speeds up its release cycle for Chrome

Google today announced that its Chrome browser is moving to a faster release cycle by shipping a new milestone every four weeks instead of the current six-week cycle (with a bi-weekly security patch). That’s one way to hasten the singularity, I guess, but it’s worth noting that Mozilla also moved to a four-week cycle for Firefox last year.

“As we have improved our testing and release processes for Chrome, and deployed bi-weekly security updates to improve our patch gap, it became clear that we could shorten our release cycle and deliver new features more quickly,” the Chrome team explains in today’s announcement.

Google, however, also acknowledges that not everybody wants to move this quickly — especially in the enterprise. For those users, Google is adding a new Extended Stable option with updates that come every eight weeks. This feature will be available to enterprise admins and Chromium embedders. They will still get security updates on a bi-weekly schedule, but Google notes that “those updates won’t contain new features or all security fixes that the 4 week option will receive.”

The new four-week cycle will start with Chrome 94 in Q3 2021, and at this faster rate, we’ll see Chrome 100 launch into the stable channel by March 29, 2022. I expect there will be cake.

Making sense of the $6.5B Okta-Auth0 deal

When Okta announced that it was acquiring Auth0 yesterday for $6.5 billion, the deal raised eyebrows. After all, it’s a substantial amount of money for one identity and access management (IAM) company to pay to buy another, similar entity. But the deal ultimately brings together two companies that come at identity from different sides of the market — and as such could be the beginning of a beautiful identity friendship.

The deal ultimately brings together two companies that come at identity from different sides of the market — and as such could be the beginning of a beautiful identity friendship.

On a simple level, Okta delivers identity and access management (IAM) to companies who use the service to provide single-sign-on access for employees to a variety of cloud services — think Gmail, Salesforce, Slack and Workday.

Meanwhile, Auth0 is a developer tool providing coders with easy API access to single-sign-on functionality. With just a couple of lines of code, the developer can deliver IAM tooling without having to build it themselves. It’s a similar value proposition to what Twilio offers for communications or Stripe for payments.

The thing about IAM is that it’s not exciting, but it is essential. That could explain why such a large number of dollars are exchanging hands. As Auth0 co-founder and CEO Eugenio Pace told TechCrunch’s Zack Whittacker in 2019, “Nobody cares about authentication, but everybody needs it.”

Putting the two companies together generates a fairly comprehensive approach to IAM covering back end to front end. We’re going to look at why this deal matters from an identity market perspective, and if it was worth the substantial price Okta paid to get Auth0.

Halt! Who goes there?

When you think about identity and access management, it’s about making sure you are who you say you are, and that you have the right to enter and access a set of applications. That’s why it’s a key part of any company’s security strategy.

Gartner found that IAM was a $12 billion business last year with projected growth to over $13.5 billion in 2021. To give you a sense of where Okta and Auth0 fit, Okta just closed FY2021 with over $800 million in revenue. Meanwhile Auth0 is projected to close this year with $200 million in annual recurring revenue.

Identity and access management market numbers from Gartner.

Image Credits: Gartner

Among the top players in this market according to Gartner’s November 2020 Magic Quadrant market analysis are Ping Identity, Microsoft and Okta in that order. Meanwhile Gartner listed Auth0 as a key challenger in their market grid.

Michael Kelly, a Gartner analyst, told TechCrunch that Okta and Auth0 are both gaining something from the deal.

“For Okta, while they have a very good product, they have marketing muscle and adoption rates that are not available to smaller vendors like Auth0. When having [IAM] conversations with clients, Okta is almost always on the short list. Auth0 will immediately benefit from being associated with the larger Okta brand, and Okta will likewise now have credibility in the deals that involve a heavy developer focused buyer,” Kelly told me.

Okta co-founder and CEO Todd McKinnon said he was enthusiastic about the deal precisely because of the complementary nature of the two companies’ approaches to identity. “How a developer interacts with the service, and the flexibility they need is different from how the CIO wants to work with [identity]. So by giving customers this choice and support, it’s really compelling,” McKinnon explained.

How Pariti is connecting founders with capital, resources and talent in emerging markets

According to Startup Genome, Beijing, London, Silicon Valley, Stockholm, Tel Aviv are some of the world’s best startup ecosystems. The data and research organisation uses factors like performance, capital, market reach, connectedness, talent, and knowledge to produce its rankings.

Startup ecosystems from emerging markets excluding China and India didn’t make the organisations’ top 40 list last year. It is a known fact that these regions lag well behind in all six factors, and decades might pass before they catch up to the standards of the aforementioned ecosystems.

However, a Kenyan B2B management startup founded by Yacob Berhane and Wossen Ayele wants to close the gap on three of the six factors — access to capital, knowledge, and talent.

These issues, specifically that of access to capital, is heightened in Africa. For instance, only 25% of funding goes to early-stage startups in Sub-Saharan Africa compared to more than 50% in Latin America, MENA, and South Asia regions.

“We wanted to build a solution that will help startups be successful that otherwise would not have been able to get the resources they needed,” said CEO Berhane to TechCrunch. “This problem is especially acute in Africa because it’s particularly nascent, but this platform is designed for founders across emerging markets. So basically anywhere that doesn’t have a mature, healthy startup ecosystem.”

So, how is the team at Pariti setting out to solve these problems? Ayele tells me that in one sense, Pariti is like an unbundled accelerator.

In a typical accelerator, founders will need to go through an intense program where they are loaded with information on all the things a startup will likely need to know at some point in their growth. Whereas with Pariti, founders get the needed information or resources that are immediately relevant to helping them get to the next stage of the business.

A three-way marketplace

When a founder joins Pariti, they run their company through an assessment tool. There, they share pitch materials and information about their business. Pariti then assesses each company across more than 70 information points ranging from the team and market to product and economics.

After this is done, Pariti benchmarks each company against its peers. Companies in the same industry, product stage, revenue, fundraising are some of the comparisons made. The founder gets a detailed assessment with feedback on their pitch materials, the underlying metrics that they can use to develop their business and, their ability to raise capital down the line.

“This approach gives us an extremely granular view of their businesses, its strengths, weaknesses and allows us to triage the right resources to the founder based on their particular needs.”

It doesn’t end there. Pariti also connects the founders for one-on-one sessions with members of its global expert community. Their backgrounds, according to Ayele, run the gamut from finance and marketing to product and technology across a range of sectors. Pariti also provides vetted professionals for hire from its community if a founder needs more hands-on support building a product.

Ayele says founders can continue to go through this process multiple times, getting assessed, implementing feedback, and connecting with resources and talent.

On another end, Pariti allows investors to sign up on its platform, thereby collating data on their preferences. So once a startup wants to raise capital, the platform matches them with investors based on their profile and preferences.

“We’ve built an algorithm-based matching platform where we curate relevant deals to VC investors. We also simplify the investor reach-out process for founders, which is a huge pain point — especially in this ecosystem.”

Pariti’s investor platform

In a nutshell, Pariti helps founders connect with affordable talent, access capital and develop their businesses. Professionals can find interesting opportunities to mentor startups and get paid gig opportunities. They also get more exposure to the early stage ecosystem while tracking their progress, verifying their skills and increasing earning potential. Investors can run extremely lean operations with access to proprietary deal flow, automated deal filtering and on-demand experts to support due diligence, research and portfolio support.

According to the COO, the company has seen a tremendous amount of value built through the platform so far. A testament to this is an experience shared by Kiiru Muhoya, founder of Kenyan fintech startup Fingo Africa with TechCrunch, on how the platform helped him raise a $250,000 pre-seed round.

He said that after going through Pariti’s assessment ahead of a planned fundraiser, he realized that the market he was targeting was too small. Also, he needed to learn more about what VCs were looking for to be successful.

Muhoya decided to switch to being at the other end of things. Joining the expert platform on Pariti, he began to review companies and provided feedback to other founders. This led him to take some months off to pivot his business based on Pariti’s first feedback and what he had learned from the expert platform. He took his startup through another assessment on the platform and thus closed the round.

The company has made significant strides since launching in 2019. It has over 500 companies across 42 countries, 100 freelance experts, and 60 investors using its platform. Berhane also adds that five funds currently use Pariti’s operating system for their deal management.

“For us, I think we’re building the rails for how ventures are built and scaled in emerging markets. We have partners in place across emerging markets, including Latin America and India. We also have a strong interest in the United States, where we see a real need for our platform.” Berhane said.

It charges a subscription model for investors, but Berhane wouldn’t disclose the numbers. He says that Pariti will begin to charge a subscription fee for founders as well. Another revenue stream comes when investors or founders pay a certain transaction fee when using Pariti’s freelance experts for projects. The same happens when there’s any fundraise executed from the platform.

Talking about fundraising, the company recently secured an undisclosed pre-seed capital from angels and VCs like 500 Startups, Kepple Africa and Huddle VC.

But it hasn’t been smooth sailing for Pariti as one issue that has stood out in dealing with founders and investors is trust. Berhane says founders have shared some horror stories about engaging with investors, while investors have shared trust concerns about founders reporting false numbers.

Pariti tries to address this by providing NDAs for both parties where the company will not share founders data with investors until they want it to be.  And investors won’t get deals that Pariti hasn’t thoroughly vetted.

Both founders of East African descent — Berhane from Eritrea and Ayele from Ethiopia — crossed paths a couple of times but took different routes to be where they are now.

Wossen Ayele (COO) and Yacob Berhane (CEO)

Ayele started his career at a consulting shop with offices across East Africa before moving back to the U.S. for law school. There, he got his first exposure to the early-stage startup world and worked with an emerging markets-focused VC fund.

“I could see how technology and innovation could play a role in helping communities – whether it’s through financial inclusion, access to essential goods and services, connecting people at the base of the pyramid to markets,” he said.

Upon graduation and completion of his legal training, Ayele headed back to Nairobi to get involved with its growing African startup ecosystem, where he and Berhane founded the company.

The CEO who studied finance and investment banking in the U.S. moved back to Africa to start a pan-African accelerator in Johannesburg, South Africa. While he has worked in managerial positions for companies like the African Leadership University and Ajua, Berhane spent most of his time brokering deals for them which ultimately led him to start Pariti. 

“After helping businesses raise more than $20m and seeing how that money led to job creation and upward mobility for employees, I knew there was a path I could have that would be meaningful within finance. I continued to think about the growing asymmetry of access to capital, talent and knowledge in the startup ecosystem and the lack of infrastructure addressing it. Pariti was how we wanted to solve it.”

Three Top Russian Cybercrime Forums Hacked

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums.

References to the leaked Mazafaka crime forum database were posted online in the past 48 hours.

On Tuesday, someone dumped thousands of usernames, email addresses and obfuscated passwords on the dark web apparently pilfered from Mazafaka (a.k.a. “Maza,” “MFclub“), an exclusive crime forum that has for more than a decade played host to some of the most experienced and infamous Russian cyberthieves.

At the top of a 35-page PDF leaked online is a private encryption key allegedly used by Maza administrators. The database also includes ICQ numbers for many users. ICQ, also known as “I seek you,” was an instant message platform trusted by countless early denizens of these older crime forums before its use fell out of fashion in favor of more private networks, such as Jabber and Telegram.

This is notable because ICQ numbers tied to specific accounts often are a reliable data point that security researchers can use to connect multiple accounts to the same user across many forums and different nicknames over time.

Cyber intelligence firm Intel 471 assesses that the leaked Maza database is legitimate.

“The file comprised more than 3,000 rows, containing usernames, partially obfuscated password hashes, email addresses and other contact details,” Intel 471 found, noting that Maza forum visitors are now redirected to a breach announcement page. “Initial analysis of the leaked data pointed to its probable authenticity, as at least a portion of the leaked user records correlated with our own data holdings.”

The attack on Maza comes just weeks after another major Russian crime forum got plundered. On Jan. 20, a longtime administrator of the Russian language forum Verified disclosed that the community’s domain registrar had been hacked, and that the site’s domain was redirected to an Internet server the attackers controlled.

A note posted by a Verified forum administrator concerning the hack of its registrar in January.

“Our [bitcoin] wallet has been cracked. Luckily, we did not keep large amounts in it, but this is an unpleasant incident anyway. Once the circumstances became clear, the admin assumed that THEORETICALLY, all the forum’s accounts could have been compromised (the probability is low, but it is there). In our business, it’s better to play safe. So, we’ve decided to reset everyone’s codes. This is not a big deal. Simply write them down and use them from now on.”

A short time later, the administrator updated his post, saying:

“We are getting messages that the forum’s databases were filched after all when the forum was hacked. Everyone’s account passwords were forcibly reset. Pass this information to people you know. The forum was hacked through the domain registrar. The registrar was hacked first, then domain name servers were changed, and traffic was sniffed.”

On Feb. 15, the administrator posted a message purportedly sent on behalf of the intruders, who claimed they hacked Verified’s domain registrar between Jan. 16 and 20.

“It should be clear by now that the forum administration did not do an acceptable job with the security of this whole thing,” the attacker explained. “Most likely just out of laziness or incompetence, they gave up the whole thing. But the main surprise for us was that they saved all the user data, including cookies, referrers, ip addresses of the first registrations, login analytics, and everything else.”

Other sources indicate tens of thousands of private messages between Verified users were stolen, including information about bitcoin deposits and withdrawals and private Jabber contacts.

The compromise of Maza and Verified — and possibly a third major forum — has many community members concerned that their real-life identities could be exposed. Exploit — perhaps the next-largest and most popular Russian forum after Verified, also experienced an apparent compromise this week.

According to Intel 471, on March 1, 2021, the administrator of the Exploit cybercrime forum claimed that a proxy server the forum used for protection from distributed denial-of-service (DDoS) attacks might have been compromised by an unknown party. The administrator stated that on Feb. 27, 2021, a monitoring system detected unauthorized secure shell access to the server and an attempt to dump network traffic.

Some forum lurkers have speculated that these recent compromises feel like the work of some government spy agency.

“Only intelligence services or people who know where the servers are located can pull off things like that,” mused one mainstay of Exploit. “Three forums in one month is just weird. I don’t think those were regular hackers. Someone is purposefully ruining forums.”

Others are wondering aloud which forum will fall next, and bemoaning the loss of trust among users that could be bad for business.

“Perhaps they work according to the following logic,” wrote one Exploit user. “There will be no forums, there will be no trust between everyone, less cooperation, more difficult to find partners – fewer attacks.”

Update, March 4, 6:58 p.m. ET: Intel 471 says there was a fourth crime forum that got hit recently. From the blog post they just published on these events: “In February, the administrator of another popular cybercrime forum, Crdclub, announced the forum sustained an attack that resulted in the compromise of the administrator’s account. By doing so, the actor behind the attack was able to lure forum customers to use a money transfer service that was allegedly vouched for by the forum’s admins. That was a lie, and resulted in an unknown amount of money being diverted from the forum. The forum’s admins promised to reimburse those who were defrauded. No other information looked to be compromised in the attack.”

Dooly closes on $20M for AI-based tools to help salespeople with their busywork

Robotic process automation has taken the enterprise world by storm by providing a set of tools for those doing repetitive, volume-based tasks to use software to remove some of that labor to let those people focus on more complicated tasks. Today a startup that’s taken some of that ethos and is applying it to more individualized work — that of salespeople — is announcing some funding.

Dooly, a Vancouver, Canada-based startup that has built a set of AI-based tools that automate the busywork that goes into updating data in their sales software, and namely Salesforce, has picked up $20 million in funding to build out its business, which to date has picked up a number of customers among the sales teams of enterprise-focused software companies. They include Airtable, Asana, Intercom, Contentful, Vidyard, BigCommerce, Liftoff and CrowdRiff.

Its aim is to make sales software more useful for salespeople by eliminating the work that goes into inputting data into those systems.

“Really they’ve just created a mountain of virtual filing cabinets,” Kris Hartvigsen, Dooly’s founder and CEO, said in an emailed interview with me. “Filing cabinets just wait for drawers to be opened — or in the case of enterprise software, reports to be pulled and data to be input. We know people are capturing information across the business and our job is to make sure that the people and systems across the business have a better, faster, more far-reaching way of staying informed.”

The funding is being announced today, but it was actually raised in two tranches that had not previously been disclosed. A $3.3 million seed round was led by Boldstart Ventures and also included BoxGroup. Its $17 million Series A, meanwhile, was led by Addition, with Boldstart and BoxGroup again participating, along with Battery Ventures, Mantis (representing musicians The Chainsmokers) and SV Angel.

Alongside the VCs, there are a number of interesting strategic individual investors, too. Daniel Dines and Brandon Deer of UiPath (the RPA connection clearly is not one that I’m imagining!); Allison Pickens, the ex-COO of Gainsight; Zander Lurie of SurveyMonkey); Jay Simons, ex-CEO of Atlassian); Harry Stebbings; and other unnamed investors are all also involved. Ed Sim of Boldstart is joining Dooly’s board of directors with this announcement.

The challenge that Dooly has been built to solve is that while there are a lot of tools out there now to help salespeople source leads, manage the progress of their sales, give them advice and other helpful material to supplement their charm and the basic strength of a product, manage customers once they’ve signed on, and so on, all of them still require something important to work: a time commitment from salespeople to keep them updated with information. Ironically, the more tools to help them that are built, the more time salespeople need to spend feeding them data.

Even more ironically, one of the big daddies of the problem — the somewhat overweight Salesforce — has published figures (cited by Dooly) that say salespeople spend just 34% of their time selling. The rest (minus trips to get coffee to stay caffeinated) seems to be about data entry.

The idea with Dooly is that you turn it on, connect it to what you are using — starting with Salesforce — and Dooly lets you make notes which it then organises and puts into the right places in the rest of your apps.

“When a salesperson starts using Dooly, the ‘aha moment’ is pretty immediate,” Hartvigsen said. “Whether they want to do quick pipeline edits or push their notes to Salesforce, we don’t ask the user to learn any new patterns they aren’t familiar with, we just automate a bunch of things they hate doing, often comparing those traditional chores to clerical work.” For example, he notes, when they sync a note, Dooly automatically updates any Salesforce with any contacts found in the meeting, updates fields, adds to-dos, logs activities, and pushes messages to the appropriate internal stakeholders on Slack, all in the same motion.

The product currently also integrates with Slack, G-Cal and G-Drive, because, Hartvigsen said, “we see this as an area where there is the most immediate friction and an area that was in need of disruption.” He added that the plan is to add more integrations over time. “We see need to expand the solutions that anchor to our connected workspace, with our near-term focus being the systems that touch revenue teams,” he said.

The design of Dooly seems to be about investing a little in order to save more. On average people are using Dooly between 2.5 and 5 hours each day, but Hartvigsen claims that right now the system helps people make up for more hours each week in lost productivity. Its pricing starts at $25 per user per month, going up depending on features and use.

There are quite literally thousands of products out in the market today, and among them hundreds of strong ones, being built to help salespeople with different aspects of getting their jobs done. I’ve written about quite a few of them, and I’ve actually asked companies about whether they are tackling the very issue that Dooly has identified and is trying to fix.

They weren’t, but that doesn’t mean that they won’t. Chief among them are companies like UiPath and Salesforce, which sit on different sides of this problem and could well move into it as they keep growing. (Having UiPath as a backer by way of its founder and a senior executive points to a relationship there, which is interesting.)

In the meantime, there have been some other interesting innovations using AI to improve the sales process, with companies like Pipedrive, Clari, Seismic, Chorus.ai and Gong all using natural language, machine learning and big data analytics (itself helped by AI) to improve how sales get done.

“The first thing we noticed when we met the Dooly team was the thoughtful design-first approach to product that engendered tons of customer love. This love was inherent not only on popular ratings sites like G2 Crowd but also in the individual usage and viral adoption throughout companies with only one initial user,” said Ed Sim, founder and managing partner at Boldstart Ventures in a statement. “Dooly is revolutionizing the note-taking experience for customer facing end users from sales to customer success to product.”

“Dooly is relentlessly focused on building a user-first experience for its customers to seamlessly create workflows and unlock new revenue opportunities,” said Lee Fixel, founder of Addition, added. “We are thrilled to support Dooly as it continues to scale and enhance the sales function for more businesses.”


Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, legal, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included in each for audience questions and discussion.

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’
}, “https://tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();

Yugabyte announces $48M investment as cloud-native database makes enterprise push

As demand for cloud-native applications is growing, Yugabyte, makers of the cloud-native, open-source YugabyteDB database, is seeing a corresponding rise in demand for its products, especially with large enterprise customers. Today, the company announced a $48 million financing round to help build on that momentum. The round is an extension of the startup’s $30 million Series B last June.

Lightspeed Venture Partners led the round with participation from Greenspring Associates, Dell Technologies Capital, Wipro Ventures and 8VC. It has raised a total of $103 million, according to the company.

Kannan Muthukkaruppan, Yugabyte co-founder and president, says the startup saw a marked increase in interest in both the open-source and commercial offerings in 2020 as the pandemic pushed many companies to the cloud faster than they might have gone otherwise, something many startup founders have pointed out to me.

“The distributed SQL space is definitely heating up, and if anything over the last six months almost in every vector in terms of enterprise customers — from Fortune 500 companies across financial, retail, ISP or telcos — are putting Yugabyte in production to be the system of record database to meet some of their business critical services needs,” Muthukkaruppan told me.

In addition, he’s seeing a similar rise in the level of interest from the open-source version of the product. “Similarly, the groundswell on the community and the open-source adoption has been phenomenal. Our Slack [open source] user community quadrupled in 2020,” he said.

That kind of momentum led to the increased investor interest, says co-founder and CTO Karthik Ranganathan. “Some of the primary reasons to go and even ask for funding was that we realized we could accelerate some of this stuff, and we couldn’t do that with the original $30 million we had raised,” he said. The original thinking was to do a secondary raise in the $15-20 million range, but multiple investors expressed interest in participating, and it ended up being $48 million when all was said and done.

Former Pivotal president Bill Cook came on board as CEO at the same time they were announcing their last funding round in June, and brought some enterprise chops to the table. It was his job to figure out how to expand the market opportunity with larger high-value enterprise clients. “And so the last six or seven months has been about that, dealing with enterprise clients on one hand and then this emerging developer-led cloud offering as well,” Cook said.

The company has a three-tier offering that includes the open-source YugabyteDB. Then there is a fully managed cloud version called Yugabyte Cloud, and finally there is a self-managed cloud version of the database called Yugabyte Platform. The latter is especially attractive to large enterprise customers who want to be in the cloud, but still want to maintain control of their data and infrastructure, and so choose to manage the cloud installation themselves.

Yugabyte started last year with 50 employees, doubled that to this point, and now expects to reach 200 by the end of this year. As they add employees, the leadership team is cognizant of the importance of building a diverse and inclusive workforce, while recognizing the challenges in doing so.

“It’s work in progress as always. We’ve added diversity candidates right along the whole spectrum as we’ve grown but from my perspective it’s never sufficient, and we just need to keep pushing on it hard, and I think as a leadership team we recognize that,” Cook said.

The three leaders of the company have been working together remotely now since the announcement in June, and had only met briefly in person prior to the pandemic shutting down offices, but they say that it has gone smoothly. And while they would obviously like to meet in person again when the time is right, the momentum the company is experiencing shows that things are moving in the right direction, regardless of where they are getting their work done.

Note: The article originally stated this was a Series C round, but the company later clarified that it was a B-1 round; we’ve updated the article to reflect that.


Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, legal, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included in each for audience questions and discussion.

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-dde292b93a5f3017145419dd51bb9fce’
}, “https://tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();