Connect with us

Technology

Autodesk was one of the 18,000 firms breached in SolarWinds attack, firm admits • The Register

Voice Of EU

Published

on

Autodesk, makers of computer-aided design (CAD) software for manufacturing, has told the US stock market it was targeted as part of the the supply chain attack on SolarWinds’ Orion software.

In a filing with the American Stock Exchange Commission, Autodesk said it had identified a compromised server in the wake of public reporting of the SolarWinds breach.

According to the US and UK governments, the attack saw spies from Russia’s SVR agency (the equivalent of Britain’s MI6) compromise systems used to compile new builds of network monitoring software Orion.

While Autodesk went on to say that it found no further disruption on its systems, its mention of the breach in its latest quarterly results reminds the world just how far-reaching the SolarWinds supply chain compromise was. Around 18,000 of its customers were affected, though the malware gang only infiltrated the most important users of Orion – including FireEye.

In its Form 10-Q for Q2 2021, for the quarter ended 31 July, Autodesk said:

We have asked Autodesk for further comment.

The aftermath of the SolarWinds incident saw the UK and America team up to attribute it to the SVR, confirming widely held suspicions that the compromise was carried out by an exceptionally patient state-backed threat actor.

Although the SVR’s infiltration of SolarWinds’ build systems saw it gain access to 18,000 of the firm’s Orion customers, further exploitation of that initial access was very limited in order not to blow the operation. Although initial access to the Orion build server was gained in September 2019, it wasn’t removed until June 2020 – and that removal was done by miscreants itself, four months after the Sunburst malware was deployed through Orion.

A lawsuit was launched against SolarWinds by shareholders saying it failed to prevent the breaches and misled investors about security precautions taken beforehand, to which the company said, perhaps not untruthfully, that it was “the victim of the most sophisticated cyberattack in history”.

On the flip side, an infosec researcher noticed that the company’s password for a publicly accessible server was “solarwinds123”, as allegedly published on GitHub. ®

Source link

Technology

Elon Musk denies he sexually harassed attendant on private jet in 2016 | Elon Musk

Voice Of EU

Published

on

Elon Musk has denied claims in a news report that he sexually harassed a flight attendant on a private jet in 2016, calling the accusations “utterly untrue”.

SpaceX, the rocket company founded by Musk, paid the female attendant $250,000 (£200,000) in a severance settlement after a sexual misconduct claim against the world’s richest person, according to the news website Business Insider.

The attendant was a cabin crew member who was contracted to work for SpaceX’s corporate jet fleet. She accused Musk of exposing his erect penis to her, rubbing her leg without consent and offered to buy her a horse if she performed an erotic massage, according to interviews and documents obtained by Business Insider.

Musk, who is worth $212bn and is also CEO of the electric carmaker Tesla, told his 94.1 million Twitter followers that the allegations were “utterly untrue”. The Guardian has not been able to verify the Business Insider account. SpaceX has been approached for comment.

Shares of the electric carmaker skidded more than 10% on Friday amid concerns that the alleged sexual misconduct and Musk’s previous political comments could threaten to damage Tesla’s brand and sales. The share drop knocked about $66bn off Tesla’s market value and put the stock at its lowest since last August.

And, for the record, those wild accusations are utterly untrue

— Elon Musk (@elonmusk) May 20, 2022

The alleged incident took place in 2016 and the settlement was agreed in 2018. According to a declaration prepared in support of the claim, the attendant said that after taking the job she was encouraged to train as a masseuse so she could give Musk massages. It was during one of those massages, onboard Musk’s Gulfstream jet, that she was propositioned by the SpaceX chief executive.

The attendant, who Insider does not name, told her friend that she was asked to go to Musk’s cabin during a flight to London to give a “full body massage”. Upon entering the room, she found Musk was “completely naked except for a sheet covering the lower half of his body”. The declaration says that during the massage Musk “exposed his genitals” and “touched her and offered to buy her a horse if she would ‘do more’, referring to the performance of sex acts”. The attendant, a horse rider, declined and continued with the massage without any sexual activity.

In an interview with Business Insider about the allegations, the attendant’s friend said Musk’s penis was erect when he propositioned her.

According to the declaration, after the incident the attendant felt she was being marginalised in her job. She felt “she was being pushed out and punished for refusing to prostitute herself”, says the declaration.

The attacks against me should be viewed through a political lens – this is their standard (despicable) playbook – but nothing will deter me from fighting for a good future and your right to free speech

— Elon Musk (@elonmusk) May 20, 2022

The attendant hired a lawyer in 2018 and sent the allegations to SpaceX’s HR department. The complaint was resolved after a session with a mediator attended by Musk, according to Insider. In November of that year, Musk, SpaceX and the attendant entered into a severance agreement that involved a $250,000 payment in exchange for a pledge not to sue over the claims.

Responding to Insider’s story, Musk told the news site that there was “a lot more to this story”. He wrote: “If I were inclined to engage in sexual harassment, this is unlikely to be the first time in my entire 30-year career that it comes to light,” adding that the story was a “politically motivated hit piece”.

Without referring directly to the article, Musk tweeted on Friday that attacks against him should be “viewed through a political lens” and that he would continue to fight for “your right to free speech”. Musk said on Wednesday that he would vote Republican instead of Democratic, predicting a “dirty tricks campaign against me” would follow.

Musk has agreed to buy Twitter, the social media company with 229 million users, for $44bn but has said the deal is “on hold” until he receives further details of the number of fake and spam accounts on the platform.

Reuters contributed to this report



Source link

Continue Reading

Technology

China-linked Twisted Panda caught spying on Russian R&D orgs • The Register

Voice Of EU

Published

on

Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

Check Point Research also noted that around the same time that they observed the Twisted Panda attacks, another Chinese advanced persistent threat (APT) group Mustang Panda was observed exploiting the invasion of Ukraine to target Russian organizations.

In fact, Twisted Panda may have connections to Mustang Panda or another Beijing-backed spy ring called Stone Panda, aka APT10, according to the security researchers.

In addition to the timing of the attacks, other tools and techniques used in the new campaign overlap with China-based APT groups, they wrote. Because of this, the researchers attributed the new cyberspying operation “with high confidence to a Chinese threat actor.”

During the the course of the research, the security shop also uncovered a similar loader that contained that looked like an easier variant of the same backdoor. And based on this, the researchers say they expect Twisted Panda has been active since June 2021.

Phishing for defense R&D

The new campaign started on March 23 with phishing emails sent to defense research institutes in Russia. All of them had the same subject: “List of [target institute name] persons under US sanctions for invading Ukraine”, a malicious document attached, and contained a link to an attacker-controlled site designed to look like the Health Ministry of Russia.

An email went out to an organization in Minsk, Belarus, on the same day with the subject: “US Spread of Deadly Pathogens in Belarus”. 

Additionally, all of the attached documents looked like official Russian Ministry of Health documents with the official emblem and title.

Downloading the malicious document drops a sophisticated loader that not only hides its functionality, but also avoids detection of suspicious API calls by dynamically resolving them with name hashing. 

By using DLL sideloading, which Check Point noted is “a favorite evasion technique used by multiple Chinese actors,” the malware evades anit-virus tools. The researchers cited PlugX malware, used by Mustang Panda, and a more recent APT10 global espionage campaign that used the VLC player for side-loading.

In this case of the Twisted Panda campaign, “the actual running process is valid and signed by Microsoft,” according to the analysis.

According to the security researchers, the loader contains two shellcodes. The first one runs the persistence and cleanup script. And the second is a multi-layer loader. “The goal is to consecutively decrypt the other three fileless loader layers and eventually load the main payload in memory,” Check Point Research explained.

New Spinner backdoor detected

The main payload is a previously undocumented Spinner backdoor, which uses two types of obfuscations. And while the backdoor is new, the researchers noted that the obfuscation methods have been used together in earlier samples attributed to Stone Panda and Mustang Panda. These are control-flow flattening, which makes the code flow non-linear, and opaque predicates, which ultimately causes the binary to perform needless calculations. 

“Both methods make it difficult to analyze the payload, but together, they make the analysis painful, time-consuming, and tedious,” the security shop said.

The Spinner backdoor’s main purpose is to run additional payloads sent from a command-and-control server, although the researchers say they didn’t intercept any of these other payloads. However, “we believe that selected victims likely received the full backdoor with additional capabilities,” they noted.

Tied to China’s five-year plan?

The victims — research institutes that focus on developing electronic warfare systems, military-specialized onboard radio-electronic equipment, avionics systems for civil aviation, and medical equipment and control systems for energy, transportation, and engineering industries — also tie the Twisted Panda campaign to China’s five-year plan, which aims to expand the country’s scientific and technical capabilities. 

And, as the FBI has warned [PDF], the Chinese government isn’t above using cyberespionage and IP theft to accomplish these goals.

As Check Point Research concluded: “Together with the previous reports of Chinese APT groups conducting their espionage operations against the Russian defense and governmental sector, the Twisted Panda campaign described in this research might serve as more evidence of the use of espionage in a systematic and long-term effort to achieve Chinese strategic objectives in technological superiority and military power.” ®

Source link

Continue Reading

Technology

How to scale your B2B marketing across Europe

Voice Of EU

Published

on

Katie Mannion of unicorn start-up Pleo explains some dos and don’ts for businesses looking to boost their brand.

Alongside a strong vision, and an even stronger team to implement it, successful B2B marketing is integral to company growth.

But how do businesses achieve it, especially across numerous regions?

Prime positioning

Future Human

Building a strong B2B marketing operation is like building a house. If the foundations aren’t strong enough, the walls will crack and the message you work so hard to convey will be ignored or misinterpreted.

With strong positioning, you can avoid cracks in your marketing. Focusing on your brand positioning and the pillars built around this can make a huge difference and give your strategy the direction it needs.

So what makes a strong positioning? The best I’ve seen are clear, ownable and memorable.

Try to avoid overcomplicating your message. If potential customers can’t understand what you’re trying to say, they’ll look elsewhere.

Understanding how your messaging will be received in different countries or regions is really important, too. For various reasons and cultural differences, your message will land differently in the UK versus Ireland, or Germany versus France.

The positioning you take needs to be aligned to the market that your brand is going to own. It’s what makes you unique and why you should be chosen above the competition.

Test your messaging and campaigns with different audiences and prospects to know if you’re going in the right direction, and never be afraid to tear up what you perceive to be a great idea if the feedback and data says so.

Bold moves

For many start-ups or SMEs, it’s hard to compete with businesses with large budgets and access to dedicated marketing agencies. In order to cut through the noise, you need to focus on marketing activities that will get you noticed.

Building a meaningful brand takes time and money and many young companies don’t have either of these resources in abundance. The solution? Build a brand that stands out in its messaging and creates a platform for unique and eye-catching ideas.

Sometimes going big and bold is your only opportunity to ‘earn’ attention (as opposed to paying substantial amounts for it). My favourite example of this includes the ‘We’re OK Hun’ campaign from Hun Wines during the 2020 lockdown in London. They had an opportunity to buy cheap ad space in prime areas such as Oxford Circus to create a stir with this clever viral campaign.

Do more than build it

Lots of brands seem to think: ‘build and they will come’. In B2B marketing nothing could be further from this.

What happens when you’ve launched your product, the doors are open for business and the customers don’t come?

What are you going to do to build around the launch? Have you briefed your sales team? Devised a PR plan? Forged partnerships? Worked on creative content and events to support?

To move the needle, marketers need to be making moves across multiple channels and pull a number of levers synchronously and strategically. Focus on the activities you can build around business announcements or product launches to really elevate the comms around your brand.

Invest in your tools

The less manual work you have to do the better. A huge consideration as a marketer is your martech stack.

It is important that you build a marketing tech stack that can be with you for the long haul. Be sure to pick tools that don’t just help you scale, but still serve their purpose when you have scaled.

Replacing a critical tool you’ve outgrown can slow your company’s growth momentum. New systems can take months or even years to integrate fully, and the bigger you are, the more expensive they are to introduce.

Align your teams

Marketing and sales departments often set their strategies and goals separately from each other. But when they aren’t aligned, both teams suffer.

Ultimately, it’s crucial that your head of marketing and head of sales are on the same page and reaching for the same goals together. Sales and marketing alignment starts with sharing the same objectives and KPIs. This means setting common goals for both departments to work towards together.

Carefully planned campaigns will bring salespeople’s intimate knowledge of your customers into the company’s core. These insights will also help build better products for the future.

The bottom line is that nurturing your relationship with sales across the business is key for marketing efficiency and revenue growth of the business.

Broaden your perspective

Diversity of people inspires a diversity of thought. Diversity of thought fosters a creative environment that allows ideas to flourish.

I don’t always hire on B2B experience but, rather, a passion for storytelling, creativity and bringing a brand to life through various activities.

When you work in marketing there is a real opportunity to lead meaningful change in how your brand is perceived by the world. To do this effectively, you need a team of different perspectives which is unified in its ambition to do things differently.

Take it step by step

Marketing can be overwhelming. Focus on small incremental changes that make a huge difference over time.

Automate the tasks you find yourself short on time to complete.

Clearly define your niche and category and stick to it.

Involve your customers, always.

Keep a positive and open relationship between sales and marketing to scale your B2B marketing the best way possible.

By Katie Mannion

Katie Mannion is the senior marketing manager at Pleo, a workplace spend management platform. An experienced B2B marketer, she helps drive strategy, teams and creativity for the fintech unicorn.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!