Microsoft has entered an agreement to purchase RiskIQ in an effort to improve hybrid work cybersecurity.
The COVID-19 pandemic has forever altered the workforce, leading many companies to speed up their adoption of remote and hybrid work strategies. Despite the benefits of this approach, cybersecurity can pose additional challenges as people work remotely, often using personal computers and devices.
Microsoft is acquiring RiskIQ to help address this shortcoming, as RiskIQ provides a cloud-based SaaS cybersecurity platform. The company helps companies provide security beyond the firewall, analyzing and assessing the overall attack surface of the entire organization. This includes a company’s cloud resources, on-premise resources and supply chains.
“The vision and mission of RiskIQ is to provide unmatched internet visibility and insights to better protect and inform our customers and partners’ security programs,” said RiskIQ Cofounder and CEO Elias Manousos. “We’re thrilled to add RiskIQ’s Attack Surface and Threat Intelligence solutions to the Microsoft Security portfolio, extending and accelerating our impact. Our combined capabilities will enable best-in-class protection, investigations, and response against today’s threats.”
Software company Kaseya, at the heart of the largest ransomware attack in history, says its services have now been fully restored.
Kaseya’s software was the target of a ransomware attack by the REvil group. Because Kaseya’s software is used in managed services around the world, as many as 1,500 customers were believed to have been impacted.
The company has been working hard to restore services, and today announced they have succeeded.
The restoration of services is now complete, with 100% of our SaaS customers live as of 3:30 AM US EDT. Our support teams continue to work with VSA On-Premises customers who have requested assistance with the patch.
We will continue to post updates as new information becomes available.
The attack on Kaseya illustrates the growing cybersecurity issues involved in an ever-connected software industry, where thousands of companies rely on common frameworks, services and applications. Rather than attack each company one-by-one, attacking a common service allowed REvil to cripple far more companies than could be realistically targeted in the same time.
Microsoft has disclosed the results of its bug bounty program, including the fact that it paid $13.6 million in bounties over the last year.
Most major companies offer bounties for security researchers who find and report major bugs. Microsoft has long made use of bug bounties as a way to secure its products and services.
According to the Microsoft Security Response Center (MSRC) Team, the company paid $13.6 million to dozens of researchers around the globe.
Over the past 12 months, Microsoft awarded $13.6M in bug bounties to more than 340 security researchers across 58 countries. The largest award was $200K under the Hyper-V Bounty Program. With an average of more than $10,000 USD per award across all programs, each of the over 1,200 eligible reports reflect the talent and creativity of the global security research community and their invaluable partnership in addressing the challenges of a constantly changing security environment.
The MSRC Team credits the success of the last year to a revamping of the program that puts greater emphasis on the highest impact bugs.
Kaseya has acknowledged as many as 1,500 businesses may have been impacted by the ransomware attack targeting its software.
On July 2, Kaseya began learning of a coordinated attack against its software. Kaseya makes IT management software, and its customers provide managed IT services to somewhere between 800,000 and 1,000,000 small businesses.
The company says it immediately shut down the software being targeted, although an estimated 800 to 1,500 businesses have been compromised.
“Our global teams are working around the clock to get our customers back up and running,” said Fred Voccola, CEO, Kaseya. “We understand that every second they are shut down, it impacts their livelihood, which is why we’re working feverishly to get this resolved.”
The perpetrators appear to be the REvil gang, most recently responsible for the ransomware attack on meat processor JBS. That attack resulted in JSB paying an $11 million ransom to prevent excessive strain on the world’s meat supply.
In this case, the group initially demanded a $70 million ransom. According to CNBC, REvil has privately lowered the demand to $50 million.
New York Rep. Joe Morelle has introduced right to repair legislation, in a bid that could have a major impact on device manufacturers.
As phones, tablets and computers have become more complicated, the ability for the average consumer to repair them has become equally difficult. Even something as basic as changing a cellphone battery is nearly impossible for the average person.
On the heels of the New York Senate passing its own right to repair legislation, New York Rep. Joe Morelle has now introduced right to repair legislation in the US House of Representatives.
“For too long, large corporations have hindered the progress of small business owners and everyday Americans by preventing them from the right to repair their own equipment,” said Congressman Joe Morelle. “It’s long past time to level the playing field, which is why I’m so proud to introduce the Fair Repair Act and put the power back in the hands of consumers. This common-sense legislation will help make technology repairs more accessible and affordable for items from cell phones to laptops to farm equipment, finally giving individuals the autonomy they deserve.”
The Fair Repair Act will require manufactures to make tools, parts and information available to customers, as well as third-party repairers, making it easier for them to repair their own devices.
Given the anti-Big Tech sentiment that seems to be growing in both political parties, there’s a good chance the Fair Repair Act could soon become law.
McDonald’s now joins an ever-growing list of major companies impacted by data breaches.
On the same day that VW announced it was impacted by a data breach, fast-food leader McDonald’s announced it too has suffered a breach. The company says private information was accessed for both employees and customers in South Korea and Taiwan.
According to CNN Business, McDonald’s says it’s cybersecurity investments were to thank for helping the company identify the breach as fast as it did, preventing additional harm.
“These tools allowed us to quickly identify and contain recent unauthorized activity on our network,” a spokesperson told CNN Business. “A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”
It seems the damage could have been far worse had McDonald’s not contained the breach so fast. According to The Wall Street Journal, the hackers also gained access to some US employees’ business contact information, as well minor logistical information on some US restaurants, such as seating capacity. No sensitive or personal information was leaked for US employees or customers.
Avaddon ransomware group appears to be closing shop and has sent all its decryption keys to BleepingComputer.
Avaddon had previously announced they were shutting down operations, and it’s not uncommon for a group to release decryption keys when that happens, as there’s no longer any financial incentive to keep victims locked out of their files.
BleepingComputer made the announcement via Twitter.
Today, BleepingComputer was anonymously sent the decryption keys for Avaddon ransomware, likely by the threat actors themselves.
All told, there 2,934 decryption keys, each one associated with a victim. Given that experts previously only had proof of 88 Avaddon victims, the number of keys suggest the group was far more successful than anyone realized. It also highlights how few companies actually disclose an attack.
Fabian Wosar, an expert that helped BleepingComputer verify the decryption keys, told ZDNet that negotiations with Avaddon had recently taken on a new intensity, likely indicating the shutdown was planned and negotiators were trying to get whatever they could before the shutdown date.
The shutdown likely resulted from the group making all the money they wanted.
“This isn’t new and isn’t without precedence. Several ransomware threat actors have released the key database or master keys when they decide to shut down their operations,” Wosar told ZDNet.
“Ultimately, the key database we obtained suggests that they had at least 2,934 victims. Given the average Avaddon ransom at about $600,000 and average payment rates for ransomware, you can probably come up with a decent estimate of how much Avaddon generated.”
Fastly has said a single customer caused yesterday’s outage, an outage that had widespread repercussions.
Fastly made headlines yesterday when an issue with the company’s network led to a major outage. As a content delivery network, some of the biggest companies in the world rely on Fastly, including Amazon, the BBC, CNN, Financial Times, The New York Times, Reddit, Spotify, GitHub, Twitch, Stack Overflow, Hulu, HBO Max, Quora, PayPal, Shopify, Stripe and Vimeo.
According to TheStreet, the company rolled out a software update in May that introduced a bug that could be triggered under very specific circumstances. The bug only needed a single customer to have a very specific configuration for the bug to active, which ultimately happened.
“Even though there were specific conditions that triggered this outage, we should have anticipated it,” the company said. “We apologize to our customers and those who rely on them for the outage and sincerely thank the community for its support.”
A glitch at Fastly, a popular CDN, led to outages for some of the internet’s biggest sites Tuesday morning.
CDNs, or content delivery networks, are distributed networks of servers designed to help websites and web apps manage their user load and remain responsive. Fastly is a popular CDN option that helps power some of the biggest websites on the net.
Early Tuesday, a glitch at Fastly led to outages at the BBC, CNN, Financial Times, The New York Times, Reddit, Spotify, GitHub, Twitch, Stack Overflow, Hulu, HBO Max, Quora, PayPal, Shopify, Stripe and Vimeo.
Fastly confirmed the issue, and was able to quickly resolve it, although the outage illustrates the challenges associated with so many websites relying on a single point of potential failure.
“Today’s outage of major websites once again highlights the importance of access to online news and government services, underlining the importance of the internet for day to day living,” Matthew McDermott, Senior Officer, Access Partnership, a global tech policy consultancy, told WebPronews. “Fastly responded quickly to restored the issue but this serves as a reminder that resilience is an important part of digital infrastructure to modern life. Organisations and government bodies need to look at implementing the steps that look to assess, stabilize, improve and monitor to ensure this issue do not pose further problems in the future. Assessment is needed to determine the server’s bottleneck then stabilizing the issue with implementation of quick fixes will mitigate impact to broader stakeholders and users. After this, stakeholders will need to improve by augmenting and optimize server capabilities to ensure it meets the necessary needs. Lastly, regular monitoring will need to be set up using automated tools to help prevent future issues.”
Alibaba is working to make its Apsara cloud OS compatible with a variety of architectures in an effort to future-proof it.
Alibaba started as an online marketplace, but has grown to be one of the biggest companies in the world. The company is a leader in AI, e-commerce and, increasingly, the cloud market.
The company is working on its Apsara cloud OS, and is learning from the challenges its fellow Chinese firms have faced. Huawei, ZTE and Xiaomi have all experienced setbacks as a result of sanctions by the US government and its allies. Huawei, in particular, has struggled due to being cut off from the semiconductors it relied on for its products.
Alibaba’s solution is to make sure Apsara can work on a variety of chip architectures, ensuring no geopolitical factors negatively impact the OS or the company’s plans. According to TechCrunch, Alibaba is building support for x86, Arm and RISC-V into Aspara.
The addition of RISC-V is particularly interesting, as it is an open source architecture that anyone is free to use. There are no fees associated with using it, and it is beyond the reach of US sanctions. As a result, RISC-V is growing in popularity among Chinese companies, offering them a measure of security they do not have with other options.
If RISC-V continues to gain widespread use, other companies will likely be forced to support it too.
Prosus has announced it is buying Stack Overflow for $1.8 billion, as it increases its focus on the online learning market.
Prosus is a consumer internet group that has investments in the online classifieds, education technology, food delivery and payments and fintech markets. The company is the largest shareholder of Tencent Holdings, the Chinese company behind some of the biggest games, including Fortnite, PlayerUnknown’s Battlegrounds, Call of Duty: Mobile and Ring of Elysium.
Prosus appears to be making a major move in the online education market with the acquisition of Stack Overflow. Stack Overflow is one of the top 50 websites in the world, with an extremely active user base. In fact, 85% of the site’s community visits every week to access the 52+ million questions and answers, most about programming and development.
“We are delighted to be welcoming Stack Overflow to the Prosus family as we increasingly focus on the future of workplace learning,” Larry Illg, CEO of EdTech at Prosus, said. “Learning of any kind typically begins with a question and their platform is critically important for global developers when they have questions about their work. There is an opportunity to connect more deeply with their community through our other education platforms to further fulfill their learning needs.
“With enduring skills shortages and ever-evolving needs within technology organizations, technology training has emerged as the largest and fastest growing segment of corporate learning and development,” Illg continued. “As an operator of businesses across 90+ countries, we understand the needs of technologists and developers, particularly in high-growth markets. In addition to further scaling its community in the markets we know well, we want to help Stack Overflow Teams to expand within enterprises to address an underserved opportunity to transform their technology learning and collaboration.”
“We are excited to be joining the Prosus family, which catapults us into a new phase of growth and allows us to expand and accelerate Stack Overflow’s impact around the world,” Stack Overflow’s CEO, Prashanth Chandrasekar, said. “Prosus’s expertise growing and nurturing communities, especially in a global context, will make our public platform even more invaluable in helping developers and technologists learn and grow. Given Prosus’s focus on the future of the workplace, their partnership will allow our market leading SaaS collaboration product, Stack Overflow for Teams, to reach thousands more global enterprises, allowing them to accelerate product innovation and increase productivity by unlocking institutional knowledge.”
Howard University has announced it is collaborating with AWS to help train students and give them a pathway to a cloud-based technical career.
Cloud computing has become one of the most important trends in modern computing. Especially as the pandemic impacted the world, cloud computing became a vital lifeline, helping organizations remain productive.
AWS is currently the leading cloud provider, and the company is working to help train the next generation of cloud experts. Its collaboration with Howard University is a big part of that, with concepts from AWS Educate included in the university’s curriculum. The university is also creating a new master’s degree program with an emphasis on data science, one that will include cloud computing elements.
“Howard’s collaboration with AWS is focused on empowering students at various levels to learn and master the skills needed for a cloud career, exposing them to exciting opportunities throughout their educational experience,” said Provost and Chief Academic Officer Anthony K. Wutoh, Ph.D., R.Ph. “We’re engaging our middle school to introduce concepts early on, and creating advanced courses to give our graduate students a competitive edge when pursuing cloud careers. We are also making sure our educators are skilled-up with the tools and resources required for teaching, learning, and creating entrepreneurial ventures for African American and minority communities.”
“Amazon launched the Howard Entertainment Program in 2019 to build the next generation of entertainment industry executives,” said Director Kim Majerus, US Education, State and Local Government at AWS. “As we expand our collaboration with the university, AWS is excited to support talented and ambitious Howard students on their cloud career journeys. Howard University is a lighthouse institution not far from Amazon’s HQ2 facility, and we are preparing students not just for potential jobs with our company, but in-demand cloud positions across industries and sectors that need skilled technical talent.”
A new Competitive Assessment report puts Microsoft Azure and AWS leading the pack in IoT deployment.
AWS and Microsoft Azure are the two largest cloud platforms, and the two companies play an important role in IoT. According to ABI Research, the two companies are also leading the pack in core IoT deployments.
“Understanding the intricacies of the market is key,” Dimitrios Pavlakis, Senior Analyst of IoT and Digital Security at ABI Research. “Cloud device management alone is not enough to guarantee victory; the importance of critical partnerships is as relevant as ever to increase market reach and not be consumed by the competition. Intelligent solutions and automation are required for a sustainable lifecycle management environment, and even criteria like dev-tools and resource modularity can greatly add to the popularity of certain solutions and shape future IoT-borne revenue streams.”
According to ABI Research, Pelion, Intel, Telit, Device Authority, Thales, and Digicert were in the middle of the pack, with Avsystem and Sequitur Labs following.
All together, twelve criteria were used in the assessment, including encryption and hardware security, dev tools, cloud, software options, IoT connectivity and ecosystem support, strategic partnerships, regulatory policies, FOTA, automation, trusted ID, pricing and monetization.
“Innovation without a clear device-to-cloud roadmap, a flexible monetization strategy, and a solid partnership circle is utterly meaningless in most cases,” Pavlakis concludes.
“We are really seeing the impact of this hybrid work model,” says Cisco CEO Chuck Robbins. “We are seeing the preparation for hybrid work and the return to the office. Customers are absolutely believing this is going to occur and they’re investing in it. Customers are turning to us to help them create the trusted workplace of the future.”
Chuck Robbins, CEO of Cisco, discusses on CNBC and in their quarterly earnings call how customers absolutely believe that the hybrid work model is in their future:
Customers Are Preparing For Hybrid Work Environment
Over the last couple of quarters, we’ve seen significant investment in next-generation wireless infrastructure to be ready for their employees to come to the office. As you load these wireless networks they are going to need campus refresh underneath them, and we’ve seen exactly that. The Catalyst 9000 platform has had four consecutive quarters of increasing growth sequentially.
We are really seeing the impact of this hybrid work model. We are seeing the preparation for hybrid work and the return to the office. Customers are absolutely believing this is going to occur and they’re investing in it.
Trusted Workplace of the Future
Let me now touch on Infrastructure Platforms. We saw strong demand across a majority of our portfolio, led by our next-generation Enterprise Networking and Service Provider solutions, as companies accelerate the modernization of their infrastructure. This modern infrastructure delivers higher performance and faster access to data while offering the best user experience in an increasingly distributed environment.
Customers are turning to us to help them create the trusted workplace of the future, with Wi-Fi access points, video endpoints, cameras and IoT sensors feeding data into DNA Center and DNA spaces. We’re enabling operations teams to remotely monitor workplace conditions for a safe return to office.
We’re also working to provide visibility beyond corporate networks, which is increasingly critical as our customers accelerate their adoption of SaaS and cloud solutions for hybrid work. At Cisco Live, we launched the industry’s first enterprise-wide full stack observability offering by integrating ThousandEyes cloud intelligence with our Catalyst switching portfolio and AppDynamics. This provides IT with visibility and actionable insights across both external and internal networks to provide a seamless digital experience for users. And with users more distributed than ever, it is vital that they have the most efficient and secure connection to the cloud.
Building the Internet of the Future
Our deep partnerships with Google, Amazon, and Microsoft allow native connectivity from our SD-WAN fabric to each of these cloud offerings. With our technology, customers can reduce deployment times and connect branch offices to cloud workloads in minutes. In our Webscale business, we delivered our sixth consecutive quarter of strong order growth, which increased over 25% in the quarter, and over 50% on a trailing 12-month basis.
Our Webscale customers are starting their 400 gig upgrade cycles and aggressively pursuing long-haul build-outs while our Carrier customers are exploring new architectures to realize the full potential of 5G. We are building the internet for the future by creating breakthrough innovation with our routing, optical and automation technologies to deliver significant economic benefits.
Customers Consuming Cisco Technology In New Ways
Recently, we launched a new routed optical networking solution, integrating our scalable, high-performance routers and Acacia’s pluggable optics, which offers significant cost savings. Last week, we announced our intent to acquire Sedona Systems to extend our cross-work automation platform to build on these capabilities. We also expanded our Silicon One platform, from a routing-focused solution to one which addresses the Webscale switching market, offering 10 networking chips ranging from 3.2 terabits to 25.6 terabits per second, making it the highest performance programmable routing and switching silicon on the market. We know our customers increasingly want to consume Cisco’s technology in new and more flexible ways.
At Cisco Live, we launched our new As a Service portfolio, Cisco Plus, and our first offer, Cisco Plus Hybrid Cloud, combining our data center compute, networking and storage portfolio. Cisco Plus includes our plans to deliver networking as a service, which will unify networking, Security, and observability across Access, WAN and Cloud domains to deliver an unparalleled experience for our customers.
Turning to Security, we had a record quarter, surpassing $875 million in revenue, up 13% as we expanded our reach with customers around the world. Our Security strategy is focused on delivering a simple and secure experience. We have an unrivaled ability to provide end-to-end Security capabilities across users, devices, applications and data, on any network or any cloud.
Powering Business Transformation
Wellbeing is top of mind for so many right now as we face a new way of working. This is why we launched People Insights to help people monitor and manage their wellbeing. These new features, devices and capabilities combined with Cloud Calling and Cloud Contact Center provide our customers with the most comprehensive and inclusive hybrid work platform.
Last week, we announced our intent to acquire Socio Labs. By integrating Slido and Socio Labs into our WebEx platform, we will also be able to provide the most comprehensive internal and external event management solution on the market. In summary, we had a very good quarter. I’m so proud of the continued success of the business transformation our teams are driving.
Cisco CEO Chuck Robbins: Customers Preparing For Hybrid Work Model
IBM is continuing its breakneck pace of acquiring companies, with Turbonomic the latest acquisition.
IBM is working to reinvent itself as a hybrid cloud provider, with plans to spin off its legacy business. To aid in that endeavor, the company has been snapping up startups left and right to help it round out its portfolio of services and abilities.
The latest acquisition is Turbonomic, “an Application Resource Management (ARM) and Network Performance Management (NPM) software provider.” The company specializes in using AI to help automate ARM.
The acquisition of Turbonomic builds on the company’s purchase of Instanta and will position it to be the only company able to offer the entire range AI-powered automation capabilities.
“IBM continues to reshape its future as a hybrid cloud and AI company,” said Rob Thomas, Senior Vice President, IBM Cloud and Data Platform. “The Turbonomic acquisition is yet another example of our commitment to making the most impactful investments to advance this strategy and ensure customers find the most innovative ways to fuel their digital transformations.”
“We believe that AI-powered automation has become inevitable, helping to make all information-centric jobs more productive,” said Dinesh Nirmal, General Manager, IBM Automation. “That’s why IBM continues to invest in providing our customers with a one-stop shop of AI-powered automation capabilities that spans business processes and IT. The addition of Turbonomic now takes our portfolio another major step forward by ensuring customers will have full visibility into what is going on throughout their hybrid cloud infrastructure, and across their entire enterprise.”
Microsoft Teams has hit a major new milestone, boasting some 145 million daily users.
Microsoft Teams has become one of the most widely used programs in the pandemic, as business have relied on it for communication, collaboration and remote work. The software has benefited from being bundled with Microsoft 365, and has become an increasingly important part of Microsoft’s overall strategy.
Thanks to the pandemic, Teams has experienced meteoric growth. In March 2020, Teams had 44 million users, and by October the platform had passed 115 million users. According to Microsoft Corporate Vice President Jeff Teper, Teams has now hit 145 million daily users.
#MicrosoftTeams now 145 million daily active users 🙏💜 – thank you to customers, partners, and team
TSMC has delivered further bad news on the semiconductor shortage, predicting supplies chain tightness won’t completely ease until 2023.
The world is experiencing a significant shortage of semiconductors, with multiple industries currently being impacted. Intel CEO Pat Gelsinger has warned the shortage could last a couple of years, and now TSMC has issued a similar assessment.
TSMC specializes in manufacturing semiconductors for partner companies, and is the premier chipmaker for Apple. The company also makes chips for Qualcomm, Alphabet, AMD, NVIDIA and Huawei, and will make the i3 for Intel.
According to Bloomberg, TSMC believes shortages will begin to ease for the auto industry next quarter, but the overall industry will continue to experience shortages throughout the rest of the year and into next.
“We see the demand continue to be high,” CEO C.C. Wei said. “In 2023, I hope we can offer more capacity to support our customers. At that time, we’ll start to see the supply chain tightness release a little bit.”
The Federal Communications Commission (FCC) has released its own internet speed test app in an effort improve its data on the state of US broadband.
The FCC has made eliminating the digital divide a major priority. For decades, there has been a huge disparity between the speed and quality of internet options available in urban vs rural areas. With the pandemic leading to record numbers of people working and learning from home, the real-world impact of the digital divide is more apparent than ever.
A major step in close the gap is understanding where the gap is, identifying communities and regions with subpar broadband service. The FCC’s new app will help the agency gain a clearer picture of the issues, and what is needed to address them.
“To close the gap between digital haves and have nots, we are working to build a comprehensive, user-friendly dataset on broadband availability. Expanding the base of consumers who use the FCC Speed Test app will enable us to provide improved coverage information to the public and add to the measurement tools we’re developing to show where broadband is truly available throughout the United States,” said Acting Chairwoman Rosenworcel.
More information is available on the FCC website, and the app is available in the Apple App Store and Google Play Store.
Parallels has released the latest version of Parallels Desktop, boasting up to 30% faster performance running Arm Windows 10 on M1 Macs.
Parallels is one of the premier virtualization programs for the Mac. It has been a mainstay for Mac users looking to run Windows on Intel-based Macs for years. With Apple’s transition to its custom silicon, virtualization was one of the few types of software that didn’t automatically work in Rosetta 2, Apple’s translation layer that allows Intel-based software to run on the new machines.
Fortunately, Parallels has updated its software to fully support the M1, as well as the older Intel machines. When running Windows 10 on Intel machines, Parallels offers native speeds, comparable to what would be achieved on a dedicated Wintel machine.
When running on the M1 Macs, however, Parallels achieves significantly better performance. Running on the M1 requires a copy of Windows 10 on Arm Insider Preview. However, when paired with Parallels Desktop 16.5, users can see performance “up to 30 percent better than a Windows 10 VM running on Intel-based MacBook Pro with Intel Core i9 processor.”
Licensed users of parallels 16 can update to the new version at no cost.
A National Security Agency (NSA) hacking tool was stolen by Chinese hackers in 2014 and used against US targets, according to researchers.
The NSA is tasked with protecting US digital communications and resources, as well as trying to crack the communications of entities the US considers hostile. The agency also engages in signal intelligence gathering, both foreign and domestic. As part of its activities, the NSA develops tools to help it crack encryption and hack into systems. The Tailored Access Operations (TAO) NSA unit, also known as the “Equation Group,” is primarily responsible for the latter realm of operations.
According to researchers at Check Point Research, it appears that one of the Equation Group’s tools was stolen by Chinese hackers in 2014. The group, APT31, is a state-sponsored hacking group.
This isn’t the first time NSA tools have been suspected of being stolen and used. In 2017, a group called the “Shadow Brokers” managed to gain access to and leak Equation Group tools. What makes this latest revelation so interesting, and disturbing, is that it predates the Shadow Brokers leak by more than two years.
APT31 used the NSA’s code and modified it to create their own version of the exploit called “Jian.”
We began with analyzing “Jian”, the Chinese (APT31 / Zirconium) exploit for CVE-2017-0005, which was reported by Lockheed Martin’s Computer Incident Response Team. To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called “EpMe”. This means that an Equation Group exploit was eventually used by a Chinese-affiliated group, probably against American targets.
Check Point Research came to some disturbing conclusions regarding exactly how APT31 gained access to the NSA code.
The case of EpMe / Jian is different, as we clearly showed that Jian was constructed from the actual 32-bits and 64-bits versions of the Equation Group exploit. This means that in this scenario, the Chinese APT acquired the exploit samples themselves, in all of their supported versions. Having dated APT31’s samples to 3 years prior to the Shadow Broker’s “Lost in Translation” leak, our estimate is that these Equation Group exploit samples could have been acquired by the Chinese APT in one of these ways:
Captured during an Equation Group network operation on a Chinese target.
Captured during an Equation Group operation on a 3rd-party network which was also monitored by the Chinese APT.
Captured by the Chinese APT during an attack on Equation Group infrastructure.
Needless to say, it’s disconcerting that an agency with the goal of protecting US communications seems to have such an issue keeping its most dangerous tools secure — tools that end up being used against the very targets its tasked with protecting.
In a strange turn of events, some Twitter users found themselves locked out of their accounts for tweeting the word “Memphis.”
Twitter, like most social media platforms, has been under fire for its moderation policies. Some criticize the company for not moderating enough, while others accuse it of censorship.
Whatever one’s views of Twitter’s moderation, no one expected to be locked out for tweeting the word “Memphis.” Fortunately, it appears to have been a simple bug that Twitter has since fixed.
A number of accounts that Tweeted the word “Memphis” were temporarily limited due to a bug. It’s been fixed and the accounts have now been restored. We’re sorry this happened.
