Stacklet raises $18M for its cloud governance platform

/0 Comments/in /by

Stacklet, a startup that is commercializing the Cloud Custodian open-source cloud governance project, today announced that it has raised an $18 million Series A funding round. The round was led by Addition, with participation from Foundation Capital and new individual investor Liam Randall, who is joining the company as VP of business development. Addition and Foundation Capital also invested in Stacklet’s seed round, which the company announced last August. This new round brings the company’s total funding to $22 million.

Stacklet helps enterprises manage their data governance stance across different clouds, accounts, policies and regions, with a focus on security, cost optimization and regulatory compliance. The service offers its users a set of pre-defined policy packs that encode best practices for access to cloud resources, though users can obviously also specify their own rules. In addition, Stacklet offers a number of analytics functions around policy health and resource auditing, as well as a real-time inventory and change management logs for a company’s cloud assets.

The company was co-founded by Travis Stanfield (CEO) and Kapil Thangavelu (CTO). Both bring a lot of industry expertise to the table. Stanfield spent time as an engineer at Microsoft and leading DealerTrack Technologies, while Thangavelu worked at Canonical and most recently in Amazon’s AWSOpen team. Thangavelu is also one of the co-creators of the Cloud Custodian project, which was first incubated at Capital One, where the two co-founders met during their time there, and is now a sandbox project under the Cloud Native Computing Foundation’s umbrella.

“When I joined Capital One, they had made the executive decision to go all-in on cloud and close their data centers,” Thangavelu told me. “I got to join on the ground floor of that movement and Custodian was born as a side project, looking at some of the governance and security needs that large regulated enterprises have as they move into the cloud.”

As companies have sped up their move to the cloud during the pandemic, the need for products like Stacklets has also increased. The company isn’t naming most of its customers, but it has disclosed FICO a design partner. Stacklet isn’t purely focused on the enterprise, though. “Once the cloud infrastructure becomes — for a particular organization — large enough that it’s not knowable in a single person’s head, we can deliver value for you at that time and certainly, whether it’s through the open source or through Stacklet, we will have a story there.” The Cloud Custodian open-source project is already seeing serious use among large enterprises, though, and Stacklet obviously benefits from that as well.

“In just 8 months, Travis and Kapil have gone from an idea to a functioning team with 15 employees, signed early Fortune 2000 design partners and are well on their way to building the Stacklet commercial platform,” Foundation Capital’s Sid Trivedi said. “They’ve done all this while sheltered in place at home during a once-in-a-lifetime global pandemic. This is the type of velocity that investors look for from an early-stage company.”

Looking ahead, the team plans to use the new funding to continue to developed the product, which should be generally available later this year, expand both its engineering and its go-to-market teams and continue to grow the open-source community around Cloud Custodian.

Stacklet launches cloud governance platform with $4M seed investment

Pat Gelsinger stepping down as VMware CEO to replace Bob Swan at Intel

/0 Comments/in /by

In a move that could have wide ramifications across the tech landscape, Intel announced that VMware CEO Pat Gelsinger would be replacing interim CEO Bob Swan at Intel on February 15th. The question is why would he leave his job to run a struggling chip giant.

The bottom line is he has a long history with Intel, working with some of the biggest names in chip industry lore before he joined VMware in 2009. It has to be a thrill for him to go back to his roots and try to jump start the company.

“I was 18 years old when I joined Intel, fresh out of the Lincoln Technical Institute. Over the next 30 years of my tenure at Intel, I had the honor to be mentored at the feet of Grove, Noyce and Moore,” Gelsinger wrote in a blog post announcing his new position.

Certainly Intel recognized that the history and that Gelsinger’s deep executive experience should help as the company attempts to compete in an increasingly aggressive chip industry landscape. “Pat is a proven technology leader with a distinguished track record of innovation, talent development, and a deep knowledge of Intel. He will continue a values-based cultural leadership approach with a hyper focus on operational execution,” Omar Ishrak, independent chairman of the Intel board, said in a statement.

But Gelsinger is walking into a bit of a mess. As my colleague Danny Crichton wrote in his year-end review of the chip industry last month, Intel is far behind its competitors, and it’s going to be tough to play catch-up:

Intel has made numerous strategic blunders in the past two decades, most notably completely missing out on the smartphone revolution and also the custom silicon market that has come to prominence in recent years. It’s also just generally fallen behind in chip fabrication, an area it once dominated and is now behind Taiwan-based TSMC, Crichton wrote.

2020’s top 10 enterprise M&A deals totaled a staggering $165B

Patrick Moorhead, founder and principal analyst at Moor Insights & Strategy, agrees with this assertion, saying that Swan was dealt a bad hand, walking in to clean up a mess that has years long timelines. While Gelsinger faces similar issues, Moorhead thinks he can refocus the company. “I am not foreseeing any major strategic changes with Gelsinger, but I do expect him to focus on the company’s engineering culture and get it back to an execution culture,” Moorhead told me.

The announcement comes against the backdrop of massive chip industry consolidation last year with over $100 billion changing hands in four deals, with Nvidia nabbing ARM for $40 billion, the $35 billion AMD-Xilink deal, Analog snagging Maxim for $21 billion and Marvell grabbing Inphi for a mere $10 billion, not to mention Intel dumping its memory unit to SK Hynix for $9 billion.

As for VMware, it has to find a new CEO now. As Moorhead says, the obvious choice would be current COO Sanjay Poonen, but for the time being, it will be CFO Zane Rowe serving as interim CEO, rather than Poonen. In fact, it appears that the company will be casting a wider net than internal options. The official announcement states, “VMware’s Board of Directors is initiating a global executive search process to name a permanent CEO…”

Holger Mueller, an analyst at Constellation Research, says it will be up to Michael Dell to decide who to hand the reins to, but he believes Gelsinger was stuck at Dell and would not get a broader role, so he left.

“VMware has a deep bench, but it will be up to Michael Dell to get a CEO who can innovate on the software side and keep the unique DNA of VMware inside the Dell portfolio going strong, Dell needs the deeper profits of this business for its turnaround,” he said.

The stock market seems to like the move for Intel, with the company stock up 7.26%, but not so much for VMware, whose stock was down close to the same amount at 7.72% as we went to publication.

2021 will be a calmer year for semiconductors and chips (except for Intel)

Slim.ai announces $6.6M seed to build container DevOps platform

/0 Comments/in /by

We are more than seven years into the notion of modern containerization, and it still requires a complex set of tools and a high level of knowledge on how containers work. The DockerSlim open-source project developed several years ago from a desire to remove some of that complexity for developers.

Slim.ai, a new startup that wants to build a commercial product on top of the open-source project, announced a $6.6 million seed round today from Boldstart Ventures, Decibel Partners, FXP Ventures and TechAviv Founder Partners.

Company co-founder and CEO John Amaral says he and fellow co-founder and CTO Kyle Quest have worked together for years, but it was Quest who started and nurtured DockerSlim. “We started coming together around a project that Kyle built called DockerSlim. He’s the primary author, inventor and up until we started doing this company, the sole proprietor of that community,” Amaral explained.

At the time Quest built DockerSlim in 2015, he was working with Docker containers and he wanted a way to automate some of the lower-level tasks involved in dealing with them. “I wanted to solve my own pain points and problems that I had to deal with, and my team had to deal with dealing with containers. Containers were an exciting new technology, but there was a lot of domain knowledge you needed to build production-grade applications and not everybody had that kind of domain expertise on the team, which is pretty common in almost every team,” he said.

Harness hauls in $60M Series B investment on $500M valuation

He originally built the tool to optimize container images, but he began looking at other aspects of the DevOps lifecycle. including the author, build, deploy and run phases. He found as he looked at that, he saw the possibility of building a commercial company on top of the open-source project.

Quest says that while the open-source project is a starting point, he and Amaral see a lot of areas to expand. “You need to integrate it into your developer workflow and then you have different systems you deal with, different container registries, different cloud environments and all of that. […] You need a solution that can address those needs and doing that through an open source tool is challenging, and that’s where there’s a lot of opportunity to provide premium value and have a commercial product offering,” Quest explained.

Ed Sim, founder and general partner at Boldstart Ventures, one of the seed investors, sees a company bringing innovation to an area of technology where it has been lacking, while putting some more control in the hands of developers. “Slim can shift that all left and give developers the power through the Slim tools to answer all those questions, and then, boom, they can develop containers, push them into production and then DevOps can do their thing,” he said.

They are just 15 people right now including the founders, but Amaral says building a diverse and inclusive company is important to him, and that’s why one of his early hires was head of culture. “One of the first two or three people we brought into the company was our head of culture. We actually have that role in our company now, and she is a rock star and a highly competent and focused person on building a great culture. Culture and diversity to me are two sides of the same coin,” he said.

The company is still in the very early stages of developing that product. In the meantime, they continue to nurture the open-source project and to build a community around that. They hope to use that as a springboard to build interest in the commercial product, which should be available some time later this year.

HashiCorp to offer managed versions of its developer tools starting with Consul

Cockroach Labs scores $160M Series E on $2B valuation

/0 Comments/in /by

Cockroach Labs, makers of CockroachDB, have been on a fundraising roll for the last couple of years. Today the company announced a $160 million Series E on a fat $2 billion valuation. The round comes just eight months after the startup raised an $86.6 million Series D.

The latest investment was led by Altimeter Capital, with participation from new investors Greenoaks and Lone Pine, along with existing investors Benchmark, Bond, FirstMark, GV, Index Ventures and Tiger Global. The round doubled the company’s previous valuation and increased the amount raised to $355 million.

Co-founder and CEO Spencer Kimball says the company’s revenue more than doubled in 2020 in spite of COVID, and that caught the attention of investors. He attributed this paradoxical rise to the rapid shift to the cloud brought on by the pandemic that many people in the industry have seen.

“People became more aggressive with what was already underway, a real move to embrace the cloud to build the next generation of applications and services, and that’s really fundamentally where we are,” Kimball told me.

As that happened, the company began a shift in thinking. While it has embraced an open-source version of CockroachDB along with a 30-day free trial on the company’s cloud service as ways to attract new customers to the top of the funnel, it wants to try a new approach.

In fact, it plans to replace the 30-day trial with a newer version later this year without any time limits. It believes this will attract more developers to the platform and enable them to see the full set of features without having to enter credit card information. What’s more, by taking this approach, it should end up costing the company less money to support the free tier.

“What we expect is that you can do all kinds of things on that free tier. You can do a hackathon, any kind of hobby project […] or even a startup that has ambitions to be the next DoorDash or Airbnb,” he said. As he points out, there’s a point where early-stage companies don’t have many users, and can remain in the free tier until they achieve product-market fit.

“That’s when they put a credit card down, and they can extend beyond the free tier threshold and pay for what they use,” he said. The newer free tier is still in the beta testing phase, but will be rolled out during this year.

Kimball says the company wasn’t necessarily looking to raise, although he knew that it would continue to need more cash on the balance sheet to run with giant competitors like Oracle, AWS and the other big cloud vendors, along with a slew of other database startups. As the company’s revenue grows, he certainly sees an IPO in its future, but he doesn’t see it happening this year.

Cockroach Labs launches CockroachDB as managed service

The startup ended the year with 200 employees and Kimball expects to double that by the end of this year. He says growing a diverse group of employees takes good internal data and building a welcoming and inclusive culture.

“I think the starting point for anything you want to optimize in a business is to make sure that you have the metrics in front of you, and that you’re constantly looking at them […] in order to measure how you’re doing,” he explained.

He added, “The thing that we’re most focused on in terms of action is really building the culture of the company appropriately and that’s something we’ve been doing for all six years we’ve been around. To the extent that you have an inclusive environment where people actually really view the value of respect, that helps with diversity.”

Kimball says he sees a different approach to running the business when the pandemic ends, with some small percentage going into the office regularly and others coming for quarterly visits, but he doesn’t see a full return to the office post-pandemic.

Cockroach Labs scores $86.6M Series D as scalable database resonates

Gett raises $115M for its on-demand ride-hailing platform for business users

/0 Comments/in /by

As ride-hailing companies like Uber and Lyft continue to find their feet in a new landscape for transportation services — where unessential travel is being actively discouraged in many markets and people remain concerned about catching the coronavirus in restricted, shared spaces — a smaller player that has carved out a place for itself targeting business users is announcing more funding.

Gett, which started out as a more direct competitor to the likes of Uber and Lyft but now focuses mainly on ground transportation services for business clients in major cities around the world, said in a short statement that it has closed a round of $115 million. The company — co-headquartered in London and Israel — also said it is now “operationally profitable” and is hitting its budget targets.

The funding is being led by new backer Pelham Capital Investments Ltd. and also included participation from unnamed existing investors.

Including this round, Gett has now raised $865 million, with past investors including VW, Access and its founder Len BlavatnikKreos, MCI and more. Gett’s last confirmed valuation was $1.5 billion, pegged to a $200 million fundraise in May 2019. It’s not talking about current valuation, or any recent customer numbers, today.

Dave Waiser, Gett’s founder and CEO, described the funding earlier today in a note to me as an extension to the company’s previous round, a $100 million equity investment that it announced in July last year.

Chairman Amos Genish, said in a statement that the funding round was oversubscribed, “which shows the market’s interest in our platform and long-term vision. Gett is disrupting and transforming a fragmented market delivering ever-critical cost optimisation and client satisfaction.”

The company has been building out a focus on the B2B market for several years now — a smart way of avoiding the expensive and painful race to compete like-for-like against the Ubers of the world — and this most recent round is focused on doubling down on that.

The Gett of the past — it was originally founded in 2010 under the name GetTaxi — did indeed try to build a business around both consumers and higher-end users, but the idea behind Gett today is to focus on corporate accounts.

Gett provides those businesses’ employees with a predictable and reliable app-based platform to make it easier to order car services wherever they happen to be traveling, and those businesses — which in the past would have used a fragmented mix of local services — then have a consolidated way of managing, accounting for and analysing those travel expenses. It claims to be able to save companies some 25%-40% in costs.

The company previously said that its network covered some 1,500 cities. In certain metropolitan areas like London and Moscow, Gett provides transportation services directly. In markets where it does not have direct operations (such as anywhere in the U.S., including New York), it partners with third parties, such as Lyft.

“We are on a journey to transform corporate ground travel and I’m delighted that investors find our model attractive,” Waiser said in a statement today. “This investment will allow us to further develop our SaaS technology and deepen our proposition within the corporate ground travel market.”

Juno shuts down its operations in NYC as owner Gett signs strategic partnership with Lyft

Updated to correct that this is an extension of the $100 million round.

‘Brand tech’ company You & Mr. Jones adds $60M to its Series B

/0 Comments/in /by

You & Mr. Jones announced today that it has added $60 million in new funding from Merian Chrysalis, bringing the Series B round announced in December to a total of $260 million.

The round values the company at $1.36 billion, post-money.

You & Mr. Jones takes its name from CEO David Jones, who founded the company in 2015. After having served as the CEO of ad giant Havas, Jones told me that his goal in starting what he called “a brand tech group” was to provide marketers with something that neither traditional agencies nor technology companies could give them.

“At that moment, the choices were to go work with an agency group, which is great at brand and marketing, but they don’t understand tech, or with a tech company, which will only ever recommend their platform and don’t have the same [brand and marketing] expertise,” he said.

So You & Mr. Jones has built its own technology platform to help marketers with their digital, mobile and e-commerce needs, while also investing in companies like Pinterest and Niantic. And it makes acquisitions — last year, for example, it bought influencer marketing company Collectively.

Former Ad Exec David Jones Launches $350 Million “Brandtech” Group

You & Mr. Jones has grown to 3,000 employees, and its clients include Unilever, Accenture, Google, Adidas, Marriott and Microsoft. In fact, Jones said that as of the third quarter of 2020, its net revenue had grown 27% year over year.

That’s particularly impressive given the impact of the pandemic on ad spending, but Jones said that’s one of the key distinctions between digital advertising and the broader brand tech category, which he said has grown steadily, even during the pandemic, and which also sets the company apart from agencies that are “digital and tech in press release only.”

“We’re not an ad agency, we’ll never acquire agencies,” he said. “We have the technology platform, process and people to deliver all of your end-to-end, always-on content — social, digital, e-commerce and community management.”

In addition to the funding, the company is announcing that it has hired Paulette Forte, who was previously senior director of human services at the NBA, as its first chief people officer.

“The brand tech category didn’t even exist before You & Mr Jones was established,” Forte said in a statement. “The company became a true industry disruptor in short order, and growth has been swift. In order to keep up with the momentum, it’s critical to have systems in place that help talent develop their skills, encourage diversity and creativity, and find pathways to improving workflow. I am excited to join the leadership team to drive this crucial work forward.”

Publicis Sapient’s John Maeda explains how big companies can think like startups

Microsoft Patch Tuesday, January 2021 Edition

/0 Comments/in /by

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.

Most concerning of this month’s batch is probably a critical bug (CVE-2021-1647) in Microsoft’s default anti-malware suite — Windows Defender — that is seeing active exploitation. Microsoft recently stopped providing a great deal of detail in their vulnerability advisories, so it’s not entirely clear how this is being exploited.

But Kevin Breen, director of research at Immersive Labs, says depending on the vector the flaw could be trivial to exploit.

“It could be as simple as sending a file,” he said. “The user doesn’t need to interact with anything, as Defender will access it as soon as it is placed on the system.”

Fortunately, this bug is probably already patched by Microsoft on end-user systems, as the company continuously updates Defender outside of the normal monthly patch cycle.

Breen called attention to another critical vulnerability this month — CVE-2020-1660 — which is a remote code execution flaw in nearly every version of Windows that earned a CVSS score of 8.8 (10 is the most dangerous).

“They classify this vulnerability as ‘low’ in complexity, meaning an attack could be easy to reproduce,” Breen said. “However, they also note that it’s ‘less likely’ to be exploited, which seems counterintuitive. Without full context of this vulnerability, we have to rely on Microsoft to make the decision for us.”

CVE-2020-1660 is actually just one of five bugs in a core Microsoft service called Remote Procedure Call (RPC), which is responsible for a lot of heavy lifting in Windows. Some of the more memorable computer worms of the last decade spread automatically by exploiting RPC vulnerabilities.

Allan Liska, senior security architect at Recorded Future, said while it is concerning that so many vulnerabilities around the same component were released simultaneously, two previous vulnerabilities in RPC — CVE-2019-1409 and CVE-2018-8514 — were not widely exploited.

The remaining 70 or so flaws patched this month earned Microsoft’s less-dire “important” ratings, which is not to say they’re much less of a security concern. Case in point: CVE-2021-1709, which is an “elevation of privilege” flaw in Windows 8 through 10 and Windows Server 2008 through 2019.

“Unfortunately, this type of vulnerability is often quickly exploited by attackers,” Liska said. “For example, CVE-2019-1458 was announced on December 10th of 2019, and by December 19th an attacker was seen selling an exploit for the vulnerability on underground markets. So, while CVE-2021-1709 is only rated as [an information exposure flaw] by Microsoft it should be prioritized for patching.”

Trend Micro’s ZDI Initiative pointed out another flaw marked “important” — CVE-2021-1648, an elevation of privilege bug in Windows 8, 10 and some Windows Server 2012 and 2019 that was publicly disclosed by ZDI prior to today.

“It was also discovered by Google likely because this patch corrects a bug introduced by a previous patch,” ZDI’s Dustin Childs said. “The previous CVE was being exploited in the wild, so it’s within reason to think this CVE will be actively exploited as well.”

Separately, Adobe released security updates to tackle at least eight vulnerabilities across a range of products, including Adobe Photoshop and Illustrator. There are no Flash Player updates because Adobe retired the browser plugin in December (hallelujah!), and Microsoft’s update cycle from last month removed the program from Microsoft’s browsers.

Windows 10 users should be aware that the operating system will download updates and install them all at once on its own schedule, closing out active programs and rebooting the system. If you wish to ensure Windows has been set to pause updating so you have ample opportunity to back up your files and/or system, see this guide.

Please back up your system before applying any of these updates. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. You never know when a patch roll-up will bork your system or possibly damage important files. For those seeking more flexible and full-featured backup options (including incremental backups), Acronis and Macrium are two that I’ve used previously and are worth a look.

That said, there don’t appear to be any major issues cropping up yet with this month’s update batch. But before you apply updates consider paying a visit to AskWoody.com, which usually has the skinny on any reports about problematic patches.

As always, if you experience glitches or issues installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

SolarWinds: What Hit Us Could Hit Others

/0 Comments/in /by

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software providers.

In a blog post published Jan. 11, SolarWinds said the attackers first compromised its development environment on Sept. 4, 2019. Soon after, the attackers began testing code designed to surreptitiously inject backdoors into Orion, a suite of tools used by many Fortune 500 firms and a broad swath of the federal government to manage their internal networks.

Image: SolarWinds.

According to SolarWinds and a technical analysis from CrowdStrike, the intruders were trying to work out whether their “Sunspot” malware — designed specifically for use in undermining SolarWinds’ software development process — could successfully insert their malicious “Sunburst” backdoor into Orion products without tripping any alarms or alerting Orion developers.

In October 2019, SolarWinds pushed an update to their Orion customers that contained the modified test code. By February 2020, the intruders had used Sunspot to inject the Sunburst backdoor into the Orion source code, which was then digitally signed by the company and propagated to customers via SolarWinds’ software update process.

Crowdstrike said Sunspot was written to be able to detect when it was installed on a SolarWinds developer system, and to lie in wait until specific Orion source code files were accessed by developers. This allowed the intruders to “replace source code files during the build process, before compilation,” Crowdstrike wrote.

The attackers also included safeguards to prevent the backdoor code lines from appearing in Orion software build logs, and checks to ensure that such tampering wouldn’t cause build errors.

“The design of SUNSPOT suggests [the malware] developers invested a lot of effort to ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers,” CrowdStrike wrote.

A third malware strain — dubbed “Teardrop” by FireEye, the company that first disclosed the SolarWinds attack in December — was installed via the backdoored Orion updates on networks that the SolarWinds attackers wanted to plunder more deeply.

So far, the Teardrop malware has been found on several government networks, including the Commerce, Energy and Treasury departments, the Department of Justice and the Administrative Office of the U.S. Courts.

SolarWinds emphasized that while the Sunspot code was specifically designed to compromise the integrity of its software development process, that same process is likely common across the software industry.

“Our concern is that right now similar processes may exist in software development environments at other companies throughout the world,” said SolarWinds CEO Sudhakar Ramakrishna. “The severity and complexity of this attack has taught us that more effectively combatting similar attacks in the future will require an industry-wide approach as well as public-private partnerships that leverage the skills, insight, knowledge, and resources of all constituents.”

Ubiquiti: Change Your Password, Enable 2FA

/0 Comments/in /by

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

In an email sent to customers today, Ubiquiti Inc. [NYSE: UI] said it recently became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it declined to name that provider.

The statement continues:

“We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.”

Ubiquiti has not yet responded to requests for more information, but the notice was confirmed as official in a post on the company’s user support forum.

The warning from Ubiquiti carries particular significance because the company has made it fairly difficult for customers using the latest Ubiquiti firmware to interact with their devices without first authenticating through the company’s cloud-based systems.

This has become a sticking point for many Ubiquiti customers, as evidenced by numerous threads on the topic in the company’s user support forums over the past few months.

“While I and others do appreciate the convenience and option of using hosted accounts, this incident clearly highlights the problem with relying on your infrastructure for authenticating access to our devices,” wrote one Ubiquiti customer today whose sentiment was immediately echoed by other users. “A lot us cannot take your process for granted and need to keep our devices offline during setup and make direct connections by IP/Hostname using our Mobile Apps.”

To manage your security settings on a Ubiquiti device, visit https://account.ui.com and log in. Click on ‘Security’ from the left-hand menu.

1. Change your password
2. Set a session timeout value
3. Enable 2FA

Image: twitter.com/crosstalksol/

According to Ubiquiti’s investment literature, the company has shipped more than 85 million devices that play a key role in networking infrastructure in over 200 countries and territories worldwide.

This is a developing story that may be updated throughout the day.

The Good, the Bad and the Ugly in Cybersecurity – Week 2

/0 Comments/in /by

The Good

We always like to highlight law enforcement victories where possible, and it’s especially satisfying when the crime is so ‘dark’. This week, Essex Police in the UK arrested an individual responsible for extorting close to 600 victims spanning Romania, Hong Kong, Australia, and the UK. It is reported that the man, Akash Sondhi of Chafford Hundred, Essex, would routinely hack into the Snapchat accounts of young females. Once he had access and control, he would blackmail the victims into sending him suggestive and compromising photos. In most cases, Sondhi had acquired existing photos from the targeted accounts and used these as leverage to extort further nude and intimate images. Should the victims fail to comply, Sondhi would threaten the release of the sensitive photos to their friends and family. The victims were aged between 16 and 25.

Sondhi’s sextortion campaign wreaked havoc on these victims, causing extensive psychological damage, with one victim actually attempting sucicide. For his crimes, he will now serve a minimum of 11 years in prison and will be placed on the sex offenders register for a period of 10 years after release. This is a victory in the fight against small-time cybercrime, but it can also serve as a reminder to be cautiously critical when interacting with unknown entities on the internet. Stay safe out there!

The Bad

The New Year brings everyone fresh opportunities to start anew and wipe the slate clean. Unfortunately, one thing 2021 did not bring us was an end to ransomware. We started off this week observing a relatively new ransomware family dubbed “Babuk”.

Babuk is not exactly breaking new ground but the threat is all the same. In common with other ransomware operators these days, those behind Babuk also threaten to release stolen data in the event that the victim does not comply with the ransom demands. As of this writing, the entities behind Babuk have been posting victim data only in specific ‘underground’ forums. They also appear to have set up an .onion domain, which currently contains no data.

Babuk claims to use a custom combination of encryption algorithms (ChaCha8/SHA256+ECDH) to ensure that victims are unable to recover their data without paying up. According to reports, the attackers have currently amassed between $60,000 and $85,000.

Time will tell if Babuk will take off like some of its contemporaries, but as of now true in-the-wild-use of this ransomware is very small in scope. So, to ring in the New Year…and to protect yourself from Babuk…make sure all your systems are accounted for, manageable, and properly secured. As an FYI, SentinelOne Singularity fully protects against Babuk infections.

The Ugly

We are all used to phishing emails spoofing various official entities. This becomes more problematic during crises when various government agencies are trying to disperse accurate information as rapidly and efficiently as possible. This week the ACSC (Australian Cyber Security Centre) issued a warning stating that cybercriminals were sending out phishing emails masquerading as official communications from the ACSC.

The emails contain malicious links, which reportedly contain a link to download “antivirus software”, which in turn delivers and executes a banking trojan on the machines of targeted individuals. The ACSC warning goes on to state:

“…there have been reports of cybercriminals calling individuals from a spoofed Australian phone number requesting they download ‘TeamViewer’ or ‘AnyDesk’ onto their device to help resolve malware issues. The scammer then attempts to persuade recipients to take actions, such as enter a URL into a browser and access online banking services, which then compromises their computer to reveal banking information.”

We encourage concerned individuals to review the ACSC warning and continue to take any necessary actions to reduce exposure and minimize risk. You can never be too careful when it comes to email security and hygiene…and as a friendly reminder…email is still the most common delivery method for malware.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security