Information Technology

Cowbell Cyber aims to combine data science, monitoring, AI, and cyber insurance for SMEs. 
Cowbell Cyber, an AI-driven cyber insurance provider for small and medium enterprises, said it raised $20 million in Series A funding to expand its underwriting ability.

ZDNet Recommends

The best cyber insurance
The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.
Read More

The Cowbell Cyber funding comes a day after Corvus Insurance raised $100 million. The upshot here is that startups are looking to expand cyber insurance using data science against incumbent providers. The market for cyber insurance is likely to expand given that security incidents aren’t exactly going away.
Also: What is cyber insurance? Everything you need to know | Best cyber insurers | Google Cloud, Allianz, Munich Re team up on cyber insurance program
Brewer Lane Ventures led the round for Cowbell Cyber with participation from Pivot Investment Partners, Avanta Ventures, and Markel Corporation. Cowbell Cyber said it will use the funding for product development, sales and marketing, and expanding its risk engineering.
Cowbell Cyber launched its Prime 250 program in September. Prime 250 enables insurance agents to issue personalized cyber policies in 38 states. Cowbell Cyber currently has a risk pool of 10 million continuously monitored organizations and a network of more than 4,500 agents and brokers. 
On the data science front, Cowbell Cyber aims to automate data collection with its cloud platform, provide observability and monitoring and then combine it with risk scoring, actuarial science, and underwriting.
The company’s portfolio includes cybersecurity awareness training, continuous risk assessment, and pre- and post-breach risk improvement services. Cowbell Cyber also has a free risk assessment service called Cowbell Factors, which adds a freemium element to selling cyber policies.   More

Saturday marks a rather bittersweet anniversary. On March 13, 2020, I walked out of a local store. I haven’t been inside any building other than my house since then. This has been the Year of COVID, and as an “at risk” individual, I’ve followed the advice of my doctor and stayed away from — everything. 
Also: 2021: Now that disruption is business as usual, we must rise above crisis mode

ZDNet Recommends

Home Office Tours
ZDNet contributors welcome you inside their home-based workspaces and show off the tech gear that drives their productivity.
Read More

Many of you know the feeling, but Ellen Cushing of the Atlantic puts it into words I think many of us can identify with:

I have a job that allows me to work from home, an immune system and a set of neurotransmitters that tend to function pretty well, a support network, a savings account, decent Wi-Fi, plenty of hand sanitizer. I have experienced the pandemic from a position of obscene privilege, and on any given day I’d rank my mental health somewhere north of “fine.” And yet I feel like I have spent the past year being pushed through a pasta extruder.

We have experienced an unprecedented year. The 1918 influenza pandemic probably comes the closest, but those folks didn’t have broadband. We, here in the second decade of the 21st century, have had the odd experience of being both incredibly isolated and incredibly connected.
Also: Grandpa, tell me about the days before the Great Distancing
My wife and I haven’t seen our next-door neighbors, who are good friends, for a whole year. Yet I spend a few hours a week, face-to-face on Zoom, with colleagues I’ve only previously known through email conversations. I’m disconnected from friends 50 feet away, yet looking into the kitchens, living rooms, and home offices of friends across the world.
It’s been surreal.

To mark this anniversary, I reached out to my fellow ZDNet editors and writers. I asked them to share with you, in just a few paragraphs, what the Year of COVID has been like from their perspective. I also asked them to share a photo that reflected on that year.
I’ll kick it off with my little story.
David Gewirtz

Pixel likes to cuddle and snooze on my shoulder. It does get in the way of work, but in the nicest of all possible ways.
It blows my mind that I haven’t been inside another building since March 13, 2020. As a working couple who have mostly lived off restaurants and delivery for the past 20 years, needing to make our own food has been a challenge. I’ve learned to cook a few things, including an epic grilled cheese. I miss restaurants, visits with friends, and going to Home Depot and Harbor Freight.
But this work style isn’t all that new to me. I’ve worked from home, on and off, for the past 20 years or so. As someone who lived in Florida (and couldn’t stand the heat) for 15 years before moving here to Oregon, I tended to spend the brutally hot summer seasons inside. I like time with close friends, but I’m not a fan of crowds. So the isolation, while difficult, hasn’t been as hard on me as it has on other folks.
I have all my gear (3D printers, workshop tools, gadgets galore), my wonderful wife, and my cuddly little dog for company. The incredible, intrepid Instacart shoppers bring us food each week. Amazon Prime fills in around the edges. I’m undoubtedly stir crazy and have been struggling with some cabin fever, but I’ve closed my rings every day for the past year by exercising for 30 minutes a day, and that’s helped burn off excess energy. 
Unfortunately, we haven’t been able to explain the pandemic to our little dog. He doesn’t understand why he can’t run around the dog park, why he can’t see his friends, and why, when he’s outside, he can’t greet the neighbors. But his Mom and Dad shower him with love and affection, and that seems to help (as does the occasional treat and game of lunge and spaz).
So that’s it for me. Here’s everyone else, presented in the order they sent me their stories.
Steven J. Vaughan-Nichols

Me in my temporary office space with my late lamented editorial assistant Twiggy between selling my one place and building another.
For me, my day-to-day life has been about the same as ever. I was working from home long before it was #workingfromhome. But, I also used to do a lot of business travel. I went from about 100,000 miles to less than 100. That was different. I also had to both sell a house and build a new one during the pandemic. Both jobs went far slower thanks to coronavirus.
Looking ahead, though, if all goes well, I’ll be back in the air again come September, and my new house should be done… well sometime soon!
Also: What’s inside SJVN’s home office after 30 years of working from home?
Tonya Hall

Tonya Hall
I moved to another state during the first week of lockdown. (I wish I would have packed food, water, and bath tissue.) 
Life-threatening health issues with family introduced me to my first real experience with telemedicine. Family members had surgery and advocates were denied access to the patient and to be present in the hospital at all. I immersed myself in learning more about digital health, cooking holistically, and off-earth exploration. 
Zoom enabled me to stay in touch with family, make great friendships and professional relationships whether my colleagues were a few miles away or in low earth orbit. I lived my life to its fullest while wearing a mask and social distancing.

Chris Matyszczyk

Here’s a picture that symbolizes my, er, intensified culinary efforts. I cooked this Jacques Pépin thing and no one died eating it.
I work out more, because I quickly bought a stationary bike that knows how to make me feel guilty. I miss restaurants, but not as much as I thought. The ones I miss, I really miss. With many, I miss the people not the food. I cook a lot more and occasionally it’s edible. Hey, I never thought I’d do a Jacques Pépin recipe and those who ate it would survive. 
I see more of my wife, which is a huge bonus. But I miss the casual encounters, the hugs, the handshakes, the conversations about nothing and everything, the spontaneity of life. The pandemic has tried to make me virtual and I fight that every day. And I almost forgot. I miss traveling most of all. There’s nothing like the fresh air of a foreign land.
Beth Mauder

Beth, fiance, and pup
Like most, 2020 brought a ton of change, although most wasn’t bad. I moved states to be back home at the start of the pandemic to avoid being totally alone during lockdown. I went from working in an office to being remote, living with my parents and siblings again, and feeling incredibly overwhelmed. 
After a couple of months, I moved out and into a house with my then-boyfriend and welcomed home an 8-week-old German Shepherd to accompany our cat. Flash forward a bit and we got engaged and now have an 85-pound, 8-month-old pup who acts as my co-worker, workout partner, and mental health savior. 
Since last March, my dumbbells, kettlebell, and running shoes have carried me through. I miss my CrossFit gym and seeing friends the most. Now, a year into the pandemic, ordering takeout and looking up future vacation destinations has practically become a hobby. As soon as I safely can, I’ll be on a beach somewhere speaking to everyone who will allow it just to make up for lost time.
It’s hard to believe it’s been a year… subtle changes/holidays always hammered the idea home but is still tough to swallow. I know everyone grows up, but not seeing my parents Christmas morning for the first time in my short 23 years of life was weird and sad. Getting engaged and ordering takeout just to FaceTime family to celebrate wasn’t how I envisioned the moment. 2020 was kind to me in many ways, especially compared to so many, but has taken its toll. Here’s to hoping for a brighter 2021.
Teena Maddox

Teena Maddox getting takeout with her son Nate, 13, who noted, “I was shorter than you when the pandemic began, Mom.”
On March 11, 2020, I walked out of work after saying “bye” to my colleagues. I haven’t seen them again. At least not in person. We are all working remotely and Zoom meetings are our new normal. 
That’s been a huge adjustment, as has my son’s school going online, and offline, and online, and offline. It’s like a cat deciding which side of a closed door is best. Answer: Neither. Cats believe all doors should be open.
The things I’ve learned to appreciate during the pandemic are grocery delivery services and more quality time with my family. We’ve loaded up on the streaming services and we watch TV together at least once a week, which is something since one of the crew is a teenager, and they always know everything. The stress of worrying about the virus and how to keep my elderly parents safe has been by far the worst part. 
Robin Harris

Robin Harris
The pandemic didn’t change my life much. I got the virus back in March and was sick for a few days. Some of the places I like to hang out closed for a while. But last spring was very nice because no one was traveling and did not clog up Sedona’s roads and trails.
I’ve worked remotely for over 15 years. I did miss some of my favorite events such as NAB and the FAST conference. I socially distanced with a convivial group of friends and continued to hike the 10-20 miles a week on local trails. 
Larry Dignan

Larry Dignan
There have been a wide range of things during the COVID-19 pandemic and not all of them bad. 
On the positive side, I was fortunate to have and be on a remote team before the pandemic. My normal became everyone else’s new normal. Remote school is a bear, but I’ve seen my kids more than I would have normally. And I was lucky that exercise has gotten me through every wacky thing in my life and this time was no different. 
The negatives is that I haven’t seen my close friends beyond Zoom for a year. I miss pubs, but not sure I’d even want to go into a crowded one at this point. I just kinda see germs now. I also miss concerts even though the same crowd PTSD would likely be there. Ditto for travel.
Aimee Chanthadavong

Nothing like a fresh loaf of bread.
The pandemic taught me how to be a homebody and enjoy it. It gave me the chance to cook again (and yes, that included getting on the bread baking bandwagon and whipping coffee), appreciate how much free time I had from not commuting to and from the office, so that I could enjoy sleep-ins, hot breakfasts, and exercise before tuning into work; and live comfortably in activewear — you know the whole work-life balance stuff. 
The pandemic also made me realise I needed a bigger place because frankly, working from my dining table after a year, just isn’t functional. While there have been many positives, the pandemic did kind of ruin my wedding and honeymoon plans. I also miss seeing the team regularly, but we make up for it with lunch meetups, home visits, and constant Slack banter.
Asha Barbaschow

This is Boston. He accidentally hit publish on a story last year, typos galore, was great! Hhaahaha.
The last year has given me a certain patriotism I didn’t know I had, as basically all Australians respected science and played their part to essentially prevent mass transmission. 
ZDNet Australia team catchups have been a morale boost and in person tech events are also returning. Not travelling has been hard, but being in my hometown meant spending a lot of time with my parents and my friends — with pubs, restaurants, gyms, and sporting events all back to basically normal here. 
I also rescued a cat and turned into a crazy plant lady. I barely killed any of them so far.
Campbell Kwan

In a region called the Southern Highlands, two hours south of Sydney

Living relatively far from family and friends during the pandemic forced me to slow things down. It forced me to acknowledge that it’s not always the proverbial “summer”, which is what our world pushes, but in fact, there are times where we should rest and preserve energy as if it were “winter.” 
Accepting that it was more or less “winter” for all of last year, this meant I was reading more, forcing myself to find time to sit with my thoughts, and leaning on nature rather than urban areas for fun. This flowed into my work, where I prioritised patience when work was slow and when communication was not as easy when compared to doing it face to face.
But with Australia almost back to normal, and it being the proverbial summer once more, rather than diving into the rapid currents of the hustle and bustle, I hope to keep the foresight of using the energy I have stored with more intention, such as approaching work with a more tangible gratefulness of how it serves readers and how it provides for me. 
Now it’s your turn
Now it’s your turn to share with us and the rest of the ZDNet community. In the comments below, please share your year-of-pandemic experiences. Please share a paragraph or so that touches on how you’ve experienced the pandemic, things you learned, things you changed, high points, low points, and more. All I ask is that you keep it friendly.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Home Office Tours More

Trickbot malware has risen to fill the gap left by the takedown of the Emotet botnet, with a higher number of criminals shifting towards it to distribute malware attacks.
Emotet was the world’s most prolific and dangerous malware botnet before it was disrupted by an international law enforcement operation in January this year.

More on privacy

What initially emerged as a banking trojan in 2014 went on to become much more, establishing backdoors on compromised Windows machines which were leased out to other cyber-criminal groups to conduct their own malware or ransomware campaigns.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
While the disruption of Emotet represented a blow for cyber criminals, they’ve quickly adapted and now Trickbot has become the most prevalent form of malware.
Trickbot offers many of the same capabilities as Emotet, providing cyber criminals with a means of delivering additional malware onto compromised machines – and according to analysis of malware campaigns by cybersecurity researchers at Check Point, it’s now become the most commonly distributed malware in the world.
First distributed in 2016, Trickbot has long been up there with the most prolific forms of malware, but with the crackdown on Emotet, has quickly become an even more popular way for criminals to widely distribute their chosen cyberattack campaigns.

“Criminals will continue using the existing threats and tools they have available, and Trickbot is popular because of its versatility and its track record of success in previous attacks,” said Maya Horowitz, director of threat intelligence and research at Check Point.
“As we suspected, even when a major threat is removed, there are many others that continue to pose a high risk on networks worldwide, so organizations must ensure they have robust security systems in place to prevent their networks being compromised and minimise risks,” she added.
But Trickbot is far from the only malware threat to organisations and other cyber-criminal campaigns have also helped fill the gap left by the disruption of Emotet.
XMRig, an open-source form of cryptocurrency-mining malware, has risen to become the second most common malware family, as cyber criminals continue to exploit the processing power of compromised systems in an effort to generate Monero cryptocurrency for themselves.
The third most commonly distributed malware family during Feburary was Qbot, a banking trojan that has been in existence since 2008. Qbot is designed to steal usernames and passwords for bank accounts by secretly logging keystrokes made by the user and uses several anti-debugging and anti-sandbox techniques to evade detection. Like Trickbot, Qbot is commonly distributed via phishing emails.
Other banking trojans and botnets that have become more prolific since the takedown of Emotet include Formbook, Glupteba and Ramnit.
SEE: Cybercrime groups are selling their hacking skills. Some countries are buying
One way organisations can help protect their networks from malware threats is to ensure the latest security patches are applied as soon as possible after they’re released, because that will prevent cyber criminals exploiting known vulnerabilities to run malware on networks.
And with phishing still such a common method for distributing cyberattacks, it’s important that organisations take the time to educate employees on how to detect potential threats.
“Comprehensive training for all employees is crucial, so they are equipped with the skills needed to identify the types of malicious emails which spread Trickbot and other malware,” said Horowitz.

MORE ON CYBERSECURITY More

When a security vulnerability in the Cellmate chastity cage brought a new meaning to being locked up last year, you would have hoped other sex toy vendors would have heeded the warning.

However, it seems that smart sex toys are still anything but intelligent when it comes to personal privacy, with some of the most popular toys on the market still lagging behind when it comes to basic security measures. 
Smart sex toys are equipped with a variety of features: internet connectivity, remote control, Bluetooth links, video, messaging, apps for measuring and monitoring responses, and more. 
However, there are concerns that in the rush to offer more and more connectivity options, sex toys could be leaving users open to “data breaches and attacks, both cyber and physical.”
On Thursday, researchers from ESET published a whitepaper exploring the security posture of these devices: in particular, two popular products from WOW Tech Group and Lovense.
The first subject is We-Vibe Jive, a Bluetooth-enabled female vibrator that can be connected to the We-Connect mobile app for controlling vibrations and handing over control to a partner. 
The second product examined was the Lovense Max, a male masturbation sleeve. This device, too, is able to connect to a mobile app, the Lovense Remote, which is described as having features including “local remote control, long-distance control, music-based vibrations, creating and sharing patterns, sending patterns syncing two toys together, [and] sound-activated vibrations.”

For both the Jive and Max, the researchers examined the security between the devices and Google Play Store apps. Both devices use Bluetooth Low Energy (BLE) technologies, which while useful to keep power consumption low, are not necessarily very secure. 
The We-Vibe Jive keeps user data collection to a minimum but used the least secure of BLE pairing options — a temporary code used to link up the Jive is set to zero. As a result, the device was subject to Man-in-The-Middle (MitM) attacks, in which any unauthenticated smartphone or PC could connect to a physical device.
As a wearable product, it is possible that users will wear it while out-and-about — and the Jive broadcasted its presence “continually” to establish a connection, ESET says. 
“Anyone can use a simple Bluetooth scanner to find any such devices in their vicinity,” the researchers say. “[Jive] is designed for the user to be able to wear it as they go about their day — at restaurants, parties, hotels, or in any other public location. In these situations, an attacker could identify the device and use the device’s signal strength as a compass to guide them and gradually get closer until they find the exact person wearing it.”
ESET
Multimedia files can be shared between We-Connect users during chat sessions and while they are deleted as soon as messaging ends — an effort to protect what is likely to be intimate content — the metadata remained. In other words, whenever a file is sent, so is a user’s device data and geolocation, which did not vanish. 
Another privacy issue of note was a lack of brute-force protection on app PIN access attempts.
The Lovense Max contained a number of “controversial” design choices, ESET says, which could compromise the “confidentiality of intimate images one user shares with another.” 
Among these was the option to download and forward on images to third-parties without the knowledge or consent of the original owner, as well as reliance on just HTTPS and not end-to-end encryption in image transfers. 
In addition, while users often create fantasy names, the Lovense Max app used their email addresses — stored in plaintext — to facilitate messaging. Tokens, which can be shared publicly, were also generated using few numbers and were active longer than claimed, and, therefore, could be susceptible to brute-force attacks leading to information disclosure. 
Lovense Max also did not authenticate BLE connections and so was vulnerable to the same MiTM attacks as Jive. A lack of certificate pinning in firmware updates was also noted in the report. 
“The consequences of data breaches in this sphere can be particularly disastrous when the information leaked concerns sexual orientation, sexual behaviors, and intimate photos,” ESET says. “As the sex toy market advances, manufacturers must keep cybersecurity top of mind, as everyone has a right to use safe and secure technology.”
ESET disclosed the vulnerabilities to WOW Tech Group and Lovense in June 2020 and the security issues were acknowledged within several weeks. Lovense patched all of the bugs reported by July 27, whereas We-Connect version 4.4.1, pushed in August, has resolved the PIN and metadata issues. Lovense is now working on enhanced privacy features. 
“We take reports and findings by external sources about possible vulnerabilities very seriously,” WOW Tech Group said in a statement. “We had the opportunity to patch the vulnerabilities before the presentation and the publication of this report and have since updated the We-Connect App to fix the problems that are described in this report.” “Putting the health and safety of our users first, Lovense works tirelessly to improve the cybersecurity of its products and software solutions,” Lovense commented. “Thanks to productive cooperation with ESET Research Lab, we were able to detect some vulnerabilities which have been successfully eliminated. Lovense will continue to cooperate with cybersecurity testers to ensure maximum security for all users of Lovense products.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

F5 Networks has pushed out patches to tackle four critical vulnerabilities in BIG-IP, one of which can be exploited for unauthenticated remote code execution (RCE) attacks. 

The enterprise networking provider’s BIG-IP applications are enterprise-grade, modular software suites designed for data and app delivery, load balancing, traffic management, and other business functions. 
F5 says that 48 out of Fortune 50 companies are F5 customers. Governments, telecoms firms, financial services, and healthcare providers are counted among clients. 
F5’s security advisory, published on Wednesday, describes seven security flaws impacting BIG-IP and BIG-IQ deployments. 
The worst are CVE-2021-22986 and CVE-2021-22987 which have been issued CVSS severity scores of 9.8 and 9.9, respectively. 
CVE-2021-22986 is an unauthenticated RCE impacting the BIG-IP management interface. 
“The vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services,” F5 says. “This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.”

CVE-2021-22987 also impacts Appliance mode while BIG-IP’s Traffic Management User Interface (TMUI) is running. Authenticated users able to access TMUI can exploit the bug to execute arbitrary commands, tamper with files, and disable services. 
“Exploitation can lead to complete system compromise and breakout of Appliance mode,” F5 added. 
Alongside these security flaws, F5 has also tackled CVE-2021-22991 and CVE-2021-22992, critical buffer overflow bugs impacting the Traffic Management Microkernel (TMM) and Advanced WAF/ASM virtual servers. The vulnerabilities have both been awarded a severity score of 9.0.
Three other vulnerabilities have also been resolved; CVE-2021-22988, CVE-2021-22989, and CVE-2021-22990 — issued CVSS scores of 8.8, 8.0, and 6.6 — which could be exploited for the purposes of remote command execution in TMUI components. 
Kara Sprague, senior VP of F5’s Application Delivery Controller (ADC) business unit, said “the bottom line is that [the vulnerabilities] affect all BIG-IP and BIG-IQ customers and instances.”
“We urge all customers to update their BIG-IP and BIG-IQ deployments to the fixed versions as soon as possible,” the executive added. 
The vulnerabilities have been patched in BIG-IP versions 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, and 11.6.5.3. CVE-2021-22986 also impacts BIG-IQ and is fixed in versions 8.0.0, 7.1.0.3, and 7.0.0.2.
14 unrelated CVEs were also announced. 
The US Cybersecurity and Infrastructure Security Agency (CISA), which issued an emergency directive last week commanding federal agencies to tackle actively-exploited Microsoft Exchange Server vulnerabilities, recommended that these security issues are dealt with promptly. 
In July 2020, F5 patched a remote code execution vulnerability in BIG-IP, tracked as CVE-2020-5902, which was awarded a rare CVSS severity score of 10.0. 
Discovered by Mikhail Klyuchnikov, a researcher with Positive Technologies, the bug impacted BIG-IP’s TMUI and allowed unauthenticated attackers to remotely compromise TMUI interfaces. 
Only a few days after disclosure, threat actors began launching attacks against internet-facing BIG-IP builds. F5 warned at the time that “if TMUI [is] exposed to the internet and it does not have a fixed version of software installed, there is a high probability that it has been compromised and you should follow your internal incident response procedures.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Hacking and cyber-espionage groups around the world are attempting to exploit recently disclosed zero-day vulnerabilities in Microsoft Exchange Server, before the window of opportunity closes as organisations apply updates to protect against attacks.
Microsoft first became aware of the vulnerabilities in January and security patches were released on March 2 to tackle them, with organisations urged to apply them as soon as possible.

More Coverage

Tens of thousands of organisations around the world are thought to have been affected by cyberattacks targeting Microsoft Exchange, which Microsoft cybersecurity researchers have attributed to to a state-sponsored advanced persistent threat (APT) hacking group working out of China, dubbed Hafnium.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
But Hafnium isn’t the only APT group looking to exploit unpatched Exchange vulnerabilities: researchers at cybersecurity company ESET have detected at least 10 hacking groups attempting to compromise email servers around the world.
Winniti Group, Calypso, Tick, LuckyMouse (APT27) and others have been spotted scanning for vulnerable servers with intent to compromise.
ESET’s analysis has flagged the presence of webshells – malicious scripts that allow remote control of a server by a web browser – on over 5,000 unique servers in more than 115 countries.

Many of these webshells have only been detected over the past week, as cyber attackers stepped up their operations before many organisations fully applied the patch to their networks.
“After the patch, we’ve seen a big uptick and believe that several attackers started doing mass scanning. They probably wanted to compromise as many servers as possible before the patches are deployed on the mail servers that are most interesting for them,” Matthieu Faou, malware researcher at ESET, told ZDNet.
Most of the hacking groups identified by the researchers are cyber-espionage operations, while one is a cryptocurrency-mining malware operation.
The groups identified by ESET are unlikely to be the only cyber attackers seeking to exploit the zero days before patches are fully applied, so it’s vital that organisations apply the Exchange Server updates to protect their networks from being exploited by hackers.
“First, organisations should patch. Then they should carefully check for any trace of compromise by reviewing logs and making sure that no webshell is installed on their servers,” said Fauo.
SEE: Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
It’s also recommended that organisations consider restricting access to their networks from the open internet, providing an additional hurdle for unwanted intruders.
“They should also consider making their Exchange server accessible only to their users and not to the whole internet – via the use of a VPN, for example. Microsoft Exchange is a very complex application. As such, it is possible that other flaws will be discovered in the next years, and protecting it behind a VPN allows time to patch the application before it’s actually exploited,” Fauo added.
MORE ON CYBERSECURITY More

Sky ECC has denied that the encrypted messaging platform has been compromised by European law enforcement. 

Sky ECC advertises itself as a secure, end-to-end encrypted service and the “most secure messaging platform you can buy.” The vendor offers a subscription and either Android and iOS handsets that are paid for in Bitcoin (BTC) and shipped worldwide. 
According to Europol, there are approximately 170,000 Sky ECC users and roughly three million messages are sent via the platform on a daily basis. In total, over 20% of the Sky ECC user base is said to be located in Belgium and the Netherlands. 
On March 10, Europol announced that together with various law enforcement agencies in Belgium, France, and the Netherlands, it has been possible to “unlock the encryption” of Sky ECC. 
The law enforcement agency said that since roughly mid-February, chat sessions established between approximately 70,000 users have been monitored, leading to a “large number of arrests” in a crackdown on March 9. House searches and seizures took place across Belgium and the Netherlands and the mobile phones of suspects were seized.
“The continuous monitoring of the illegal Sky ECC communication service tool by investigators in the three countries involved has provided invaluable insights into hundreds of millions of messages exchanged between criminals,” Europol says. “This has resulted in the collection of crucial information on over a hundred planned large-scale criminal operations, preventing potential life-threatening situations and possible victims.”
In July 2020, the UK’s National Crime Agency (NCA) seized the servers of EncroChat, an encrypted platform that the NCA says was used to coordinate criminal activity. 

Over 700 arrests were made at the time. According to Europol, following the seizure, many EncroChat users then moved over to Sky ECC. 
Sky ECC has pushed back against Europol’s claims, referring to a Dutch police press release that is accompanied by a photo allegedly showing the app in use on a mobile device. 
The vendor claims that the image — which appears to relate to a device advertised on the skyecc.eu domain, rather than .com — is the work of an “imposter” and a “disgruntled” former reseller. 
Sky ECC says that the “crack or hack” of its encrypted communication software are “false allegations.” 
Furthermore, Sky ECC CEO Jean-François Eap said in a statement that the company has not been contacted by the authorities “in connection with any investigations currently being reported,” and “the confusing references to Sky ECC instead of skyecc.eu are very damaging.”
“We know that someone has been passing themselves off as an official reseller of Sky ECC for some time and we have been trying to shut it down through legal channels for almost two years,” Eap commented.
Instead, the vendor claims a malicious phishing application is being distributed under the Sky ECC name, with the implication being that law enforcement has been able to monitor messages sent via the unauthorized app, rather than the official version. Sky ECC claims this app has been illegally created, modified, and side-loaded onto devices.  
However, the company also noted “temporary interruptions in connection with its servers” on March 8.
“All Sky ECC phones purchased directly from Sky ECC or its authorized distributors remain secure,” the vendor added. “We continue to stand by our promise of secure devices, secure networks and secure communications.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Senators are concerned that they are yet to hear a convincing argument as to why the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 has omitted definitions for the categories of offences it would be used for by two of Australia’s law enforcement bodies.
The Bill, if passed, would hand the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) three new computer warrants for dealing with online crime.
The first of the warrants is a data disruption one; the second is a network activity warrant; and the third is an account takeover warrant.
With representatives from the Department of Home Affairs, the AFP, ACIC, and Australian Signals Directorate facing the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its review of the Bill, Labor Senator Kristina Keneally on Wednesday sought to confirm whether the Bill would not be used to target low-level offences.
“What I’m seeking to understand here … the Bill outlines a number of crimes — child abuse and exploitation, terrorism, the sale of illicit drugs, human trafficking, identity theft, and fraud, assassinations, and the distributions of weapons — as the examples of the crimes that would be prosecuted,” she asked.
“What safeguards beyond just pointing to capacity constraints or the good intentions of government can you point to that would assure this committee that these three warrants would not be used for other types of crime, other categories of crime … considered by the community to be lower level offences?”
Keneally pointed to previous legislation, such as the Telecommunications (Interception and Access) Act 1979 (TIA Act), and noted the PJCIS has yet again been asked to take at face value that the latest legislation under consideration would not extend to minor offences despite hearing similar arguments in the past in relation to the TIA Act.

It was previously revealed that three councils in NSW, one in Queensland, the RSPCA, the Environment Protection Authority, and state coroners, to name a few, accessed metadata under Section 280 of the Telecommunications Act 1997.
The Communications Alliance previously labelled this as “examples of entities that have managed to subvert the intended scope of the legislation”.
“There’s the safeguards built into the legislation. If you look at data disruption warrant for example, the issuing officer has to be satisfied that the activities authorised for the warrant are justified and proportionate with regard to the offences being targeted,” AFP deputy commissioner Ian McCartney said.
Keneally was not convinced that in a few years’ time it wouldn’t emerge that the warrants were issued for a range of other offences, like they were with the data retention legislation, simply because they attract a three-year threshold.
Pointing to the scenario of an outlaw motorcycle gang, Police commissioner Reece Kershaw said in such a situation, with the peripheral and crime-adjacent activities, it makes it very difficult “if you’re going to attack the outer perimeter of these organised crime networks” to narrow down or define the scope.
“These powers will assist us to dismantle those networks, especially now,” he said.
Home Affairs Electronic Surveillance Reform Taskforce acting first assistant secretary Andrew Warnes said one of the first considerations of the ATT member or eligible judge when granting a warrant would be the nature and gravity of the conduct constituting the kinds of offences in relation to which the information would be obtained.
“We’ve then also added additional safeguards to say, ‘That’s not enough just to go and get a warrant because an offence is three years’, it has to be of such the nature and gravity in terms of the conduct constituting those offences, that information can be sought,” Warnes explained.
“And then they have to give consideration to whether the access to that data will assist in the collection of intelligence, that is actually then relevant to the protection, detection, frustration of those offences and the intelligence value of that.”
The approver, Warnes said, would also have to make sure that what is authorised by the warrant is proportionate to the likely intelligence value of any information sought to be obtained. They would also have to consider whether the information could be garnered using alternative or less intrusive means.
“All of that together makes it very difficult to envisage a circumstance where you could have an offence that is subjectively considered not serious three-year offence,” he continued.
Keneally said she heard similar assurances when the TIA Act was being probed.
“It does raise a question to me as to why the government is not willing, if they are, if you are upfront in saying we are not going to use these powers to investigate subjectively low-level offending, why that can’t be prescribed in legislation to give the community that assurance,” she said.
MORE ON THE ‘HACKING’ BILL More