Twilio - Experts & Thought Leaders

Drata, the pioneering Trust Management platform, announced it has entered into a definitive agreement to acquire SafeBase, the pioneering Trust Center solution for the enterprise. The acquisition is intended to integrate both companies’ shared vision of being the go-to “trust layer” between companies—driving seamless, transparent relationships with the most comprehensive Trust Management Platform. The acquisition is expected to close later this month. Cloud and AI dependency Maintaining client trust via serial compliance requires a scalable and adaptable approach The surge in market demand for a full-stack Trust Management platform is fueled by a perfect storm of increasing Cloud and AI dependency, stricter regulatory requirements like DORA, ISO 42001, and the EU AI Act, high-profile breaches, and rising security risks. Maintaining customer trust through continuous compliance requires a scalable and adaptable approach to effectively address these challenges. Drata’s acquisition of SafeBase Drata’s acquisition of SafeBase is expected to significantly enhance its ability to streamline security reviews and strengthen vendor risk management, all through AI-driven automation. Together, Drata and SafeBase will create a seamless ecosystem of trust, governance, risk, and compliance (GRC).  Since SafeBase's founding in 2020 by CEO Al Yang and CTO Adar Arnon, over 1,000 organizations like OpenAI, Twilio, Crowdstrike, Hubspot, LinkedIn, T-Mobile, and one-third of the Cloud 100 have used its Trust Centers to drive approximately $15 billion in security-enabled revenue.  Inbound security questionnaires Drata’s meteoric growth in the past four years has also empowered thousands of organizations With SafeBase, organizations can build trust through transparency and reduce time spent on inbound security questionnaires by up to 98%. Drata’s meteoric growth in the past four years has also empowered thousands of organizations to radically transform compliance automation, vendor risk management, and modern GRC. Innovations in automation and AI “As a pioneer of the Trust Center category, SafeBase has always been committed to addressing and solving our customers’ needs through unmatched innovations in automation and AI,” said Al Yang, Co-Founder and CEO of SafeBase. “Joining Drata marks another milestone in that commitment, where two customer-obsessed companies with aligned missions and cultures work together to redefine what’s possible in Trust Management. This union cements our position as the pioneering solution for the enterprise.” Compliance and vendor risk management “Trust is now a competitive advantage that rests on a combination of speed and tangible proof, so there’s never been a more important time for organizations to prioritize compliance and vendor risk management, while eliminating the pain points within their GRC program,” said Adam Markowitz, Drata Co-Founder and CEO. “Together with SafeBase, we are empowering customers to continuously ensure and proactively communicate security, compliance and trust—with unrivaled market advantage.”

Check Point® Software Technologies Ltd., a pioneering AI-powered, cloud-delivered cyber security platform provider, has published its Global Threat Index for July 2024. Despite a significant drop in June, LockBit re-emerged last month to become the second most prevalent ransomware group, while RansomHub retained the top spot. Meanwhile, researchers identified both a campaign distributing Remcos malware following a CrowdStrike update issue, and a series of new FakeUpdates tactics, which once again ranked first on the top malware list for July. An issue in the CrowdStrike Falcon sensor for Windows led to cybercriminals distributing a malicious ZIP file named crowdstrike-hotfix.zip. This file contained HijackLoader, which subsequently activated Remcos malware, which was ranked as the seventh most wanted malware in July. The campaign targeted businesses using Spanish-language instructions and involved the creation of fake domains for phishing attacks. Check Point’s index Researchers found a series of new tactics using FakeUpdates, ended malware ranking for month Meanwhile, researchers uncovered a series of new tactics employing FakeUpdates, which topped the malware ranking for another month. Users visiting compromised websites encountered fake browser update prompts, leading to the installation of Remote Access Trojans (RATs) like AsyncRAT, currently ranked ninth on Check Point’s index. Alarmingly, cybercriminals have now started exploiting BOINC, a platform meant for volunteer computing, to gain remote control over infected systems. Maya Horowitz, VP of Research at Check Point Software, said: “The continued persistence and resurgence of ransomware groups like Lockbit and RansomHub underscores cybercriminals’ continued focus on ransomware, a significant ongoing challenge for organizations with far-reaching implications for their operational continuity and data security."  Security software update "The recent exploitation of a security software update to distribute Remcos malware further highlights the opportunistic nature of cybercriminals to deploy malware, thereby further compromising organizations’ defenses." "To counter these threats, organizations will need to adopt a multi-layered security strategy that includes robust endpoint protection, vigilant monitoring, and user education to reduce the onslaught of these growingly massive cyberattacks,” said Maya Horowitz, VP of Research at Check Point Software. Top malware families The arrows relate to the change in rank compared to the previous month. FakeUpdates was the most prevalent malware last month with an impact of 7% worldwide organizations, followed by Androxgh0st with a global impact of 5%, and AgentTesla with a global impact of 3%. ↔ FakeUpdates – FakeUpdates (AKA SocGholish) is a downloader written in JavaScript. It writes the payloads to disk prior to launching them. FakeUpdates led to further compromise via many additional malware, including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult. ↔ Androxgh0st – Androxgh0st is a botnet that targets Windows, Mac, and Linux platforms. For initial infection, Androxgh0st exploits multiple vulnerabilities, specifically targeting-the PHPUnit, Laravel Framework, and Apache Web Server. The malware steals sensitive information such as Twilio account information, SMTP credentials, AWS key, etc. It uses Laravel files to collect the required information. It has different variants which scan for different information. ↔ AgentTesla – AgentTesla is an advanced RAT functioning as a keylogger and information stealer, which is capable of monitoring and collecting the victim’s keyboard input, system keyboard, taking screenshots, and exfiltrating credentials to a variety of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox and the Microsoft Outlook email client). ↑ Formbook – Formbook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C. ↓ Qbot – Qbot AKA Qakbot is a multipurpose malware that first appeared in 2008. It was designed to steal a user’s credentials, record keystrokes, steal cookies from browsers, spy on banking activities, and deploy additional malware. Often distributed via spam email, Qbot employs several anti-VM, anti-debugging, and anti-sandbox techniques to hinder analysis and evade detection. Commencing in 2022, it emerged as one of the most prevalent Trojans. ↔ Remcos – Remcos is a RAT that first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents, which are attached to SPAM emails, and is designed to bypass Microsoft Windows UAC security and execute malware with high-level privileges. ↔ Phorpiex – Phorpiex is a botnet known for distributing other malware families via spam campaigns as well as fueling large-scale Sextortion campaigns. ↑ Vidar – Vidar is an infostealer malware operating as malware-as-a-service that was first discovered in the wild in late 2018. The malware runs on Windows and can collect a wide range of sensitive data from browsers and digital wallets. Additionally, malware is used as a downloader for ransomware. ↓ AsyncRat – Asyncrat is a Trojan that targets the Windows platform. This malware sends out system information about the targeted system to a remote server. It receives commands from the server to download and execute plugins, kill processes, uninstall/update itself, and capture screenshots of the infected system. ↓ NJRat – NJRat is a remote access Trojan, targeting mainly government agencies and organizations in the Middle East. The Trojan has first emerged on 2012 and has multiple capabilities: capturing keystrokes, accessing the victim's camera, stealing credentials stored in browsers, uploading and downloading files, performing process and file manipulations, and viewing the victim's desktop. NJRat infects victims via phishing attacks and drive-by downloads, and propagates through infected USB keys or networked drives, with the support of Command & Control server software. Top exploited vulnerabilities  ↑ Command Injection Over HTTP (CVE-2021-43936, CVE-2022-24086) – A command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine.  ↑ Zyxel ZyWALL Command Injection (CVE-2023-28771) – A command injection vulnerability exists in Zyxel ZyWALL. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary OS commands in the effected system. ↔ HTTP Headers Remote Code Execution (CVE-2020-10826, CVE-2020-10827, CVE-2020-10828, CVE-2020-1375) – HTTP headers let the client and the server pass additional information with an HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim machine.  ↔ Apache HTTP Server Directory Traversal (CVE-2021-41773) – A directory traversal vulnerability exists in the Apache HTTP Server. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system. ↓ Web Servers Malicious URL Directory Traversal (CVE-2010-4598, CVE-2011-2474, CVE-2014-0130, CVE-2014-0780, CVE-2015-0666, CVE-2015-4068, CVE-2015-7254, CVE-2016-4523, CVE-2016-8530, CVE-2017-11512, CVE-2018-3948, CVE-2018-3949, CVE-2019-18952, CVE-2020-5410, CVE-2020-8260) – There exists a directory traversal vulnerability on different web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitize the URI for the directory traversal patterns. Successful exploitation allows unauthenticated remote attackers to disclose or access arbitrary files on the vulnerable server. ↓ TP-Link Archer AX21 Command Injection (CVE-2023-1389) – A command injection vulnerability exists in TP-Link Archer AX21. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system. ↑ MVPower CCTV DVR Remote Code Execution (CVE-2016-20016) – A remote code execution vulnerability exists in MVPower CCTV DVR. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. ↓ Dasan GPON Router Authentication Bypass (CVE-2024-3273) – A command injection vulnerability exists in PHPUnit. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands in the affected system. ↔ PHP Easter Egg Information Disclosure (CVE-2015-2051) – An information disclosure vulnerability has been reported in the PHP pages. The vulnerability is due to incorrect web server configuration. A remote attacker can exploit this vulnerability by sending a specially crafted URL to an affected PHP page. ↑ NETGEAR DGN Command Injection – A command injection vulnerability exists in NETGEAR DGN. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. Top mobile malware Last month Joker was in first place in the most prevalent mobile malware, followed by Anubis and AhMyth. ↔ Joker – An Android Spyware in Google Play, designed to steal SMS messages, contact lists, and device information. Furthermore, the malware signs the victim silently for premium services in advertisement websites. ↔ Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger, audio recording capabilities, and various ransomware features. It has been detected on hundreds of different applications available in the Google Store. ↔ AhMyth – AhMyth is a Remote Access Trojan (RAT) discovered in 2017. It is distributed through Android apps that can be found on app stores and various websites. When a user installs one of these infected apps, the malware can collect sensitive information from the device and perform actions such as keylogging, taking screenshots, sending SMS messages, and activating the camera, which is usually used to steal sensitive information. Top-attacked industries Last month Education/Research remained in first place in the attacked industries globally, followed by Government/Military and Communications. Education/Research Government/Military Communications Top ransomware groups  The data is based on insights from ransomware "shame sites" run by double-extortion ransomware groups that posted victim information. RansomHub is the most prevalent ransomware group this month, responsible for 11% of the published attacks, followed by Lockbit3 with 8% and Akira with 6%. RansomHub – RansomHub is a Ransomware-as-a-Service (RaaS) operation that emerged as a rebranded version of the previously known Knight ransomware. Surfacing prominently in early 2024 in underground cybercrime forums, RansomHub has quickly gained notoriety for its aggressive campaigns targeting various systems including Windows, macOS, Linux, and particularly VMware ESXi environments. This malware is known for employing sophisticated encryption methods. Lockbit3 – LockBit is a ransomware, operating in a RaaS model, first reported in September 2019. LockBit targets large enterprises and government entities from various countries and does not target individuals in Russia or the Commonwealth of Independent States. Akira – Akira Ransomware, first reported in the beginning of 2023, targets both Windows and Linux systems. It uses symmetric encryption with CryptGenRandom() and Chacha 2008 for file encryption and is similar to the leaked Conti v2 ransomware. Akira is distributed through various means, including infected email attachments and exploits in VPN endpoints. Upon infection, it encrypts data and appends a ".akira" extension to file names, then presents a ransom note demanding payment for decryption.

Twilio (TWLO), the customer engagement platform that drives real-time, personalized experiences for major brands, has announced that Charlie Bell has been appointed to the Twilio Board of Directors, effective March 28, 2023. Charlie Bell is a member of Microsoft’s Senior Leadership Team, where he serves as Executive Vice President of Security, Compliance Identity, and Management. Vast technology industry experience Charlie is one of the most well-respected and admired technologists in the world Charlie brings decades of experience in the technology industry that will enable him to provide unique insights, as Twilio builds the world’s leading Customer Engagement Platform. “Charlie is one of the most well-respected and admired technologists in the world, with a historic career building AWS from the ground up for more than two decades and now running cyber security at the world’s largest software company, Microsoft,” said Jeff Lawson. Development of Twilio’s Customer Engagement Platform Jeff Lawson adds, “Charlie’s expertise in both cyber security and running infrastructure technology businesses at scale brings an invaluable skill set to the Twilio board. I look forward to Charlie’s contributions to Twilio, as we continue to build the leading customer engagement platform serving hundreds of thousands of businesses and millions of developers each year.” “Twilio is committed to maintaining a strong, engaged Board, and evaluates its composition on an ongoing basis, to ensure our Board reflects the appropriate diversity of viewpoints, experiences and backgrounds to oversee the company’s evolving business needs,” said Jeff Epstein, Lead Independent Director of the Board. Renowned expert on cyber security Jeff Epstein adds, “Charlie’s experience as a leading expert on cyber security, as well as his impressive track record of elevating the execution and operations of businesses he’s supported, make him the ideal addition to the Board, as we continue to bolster the depth of our security expertise and focus on realizing Twilio’s growth potential.” Charlie Bell currently leads Microsoft’s Security, Compliance, Identity, and Management organization, which aims to develop the protections necessary to stay ahead of threats. Extensive industry expertise Prior to joining Microsoft, Charlie Bell was Senior Vice President of Amazon Web Services Prior to joining Microsoft, Charlie Bell was Senior Vice President of Amazon Web Services and a member of Amazon’s S-Team, where he led the general management of AWS services, including product definition, pricing, P&Ls, software development and service operations. It was under his leadership that the AWS business grew to what it is today – the broadest cloud services offering in the world. Prior to AWS, Charlie Bell held positions at Oracle and Boeing, including Director of Professional Services and Space Shuttle Flight Interface Engineer, respectively. “I have had the privilege of working with companies that have redefined the tech sector as we know it,” said Charlie Bell, adding “I know bold innovation is possible, and as companies of all sizes look for smarter, better and more effective solutions to reach their customers, Twilio are building the infrastructure to meet their needs.” Twilio’s 2023 Annual Meeting Charlie Bell continues, “I look forward to working with the rest of the Twilio Board and its Management Team, to create the leading customer engagement platform in a world that’s more engaged than ever before.” In addition, Richard Dalzell has notified the Board that he does not intend to stand for re-election at Twilio’s 2023 Annual Meeting. Following the Annual Meeting, Twilio’s Board will continue to comprise nine Directors, eight of whom are independent. Since 2018, Twilio has appointed five new Independent Directors to the Board. Evolving to meet the needs of the customers Jeff Lawson concluded, “On behalf of our entire Board and Management, I want to thank Rick for his leadership and dedicated service on the Twilio Board.” He adds, “Drawing on his deep experience in the internet informational technology space, Rick provided invaluable guidance to our company, as we have continued to evolve to meet the needs of our customers in an increasingly digital landscape. We are grateful for what he’s helped us accomplish and wish him well in his future endeavors.”