Zerify Inc (ZRFY)

[FlipFlopopotamus]

Anyone looking into these Microsoft hacks?

Disclosure: I am not a cyber security professional and everything below is an attempt at connecting a few potentially interesting dots

What caught my eye was this quote from a zdnet article, "Microsoft issued emergency, out-of-band patches to tackle the security flaws -- which can be exploited for data theft and server compromise"

Some interesting quotes from one of the Patches: CVE-2021-27065

"Mitigations The initial attack requires the ability to make an untrusted connection to Exchange server port 443. This can be protected against by restricting untrusted connections, or by setting up a VPN to separate the Exchange server from external access."

"What is the target for this attack? The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source."

So why might this be interesting/important to customers/investors?

In CTO Ram Pemmaraju's January blog on SafeVChat, he basically states that he built SafeVChat specifically to address these types of security flaws:

"Second, you need to authenticate every user. Currently, when you get a meeting link (from Zoom, Teams or any one else) and you click on it, you are taken into the meeting. At most you are challenged for a meeting password. There is no user authentication unless your company has setup Single Sign On (SSO), in which case, you will be directed to a SSO page to authenticate (typically via 2FA or AD/LDAP) prior to proceeding to the meeting page. The problem with this is that all the meeting participants should be enrolled in the same authentication system. This does not work for meetings among participants who belong to diverse organizations. The challenge is to authenticate all users, even those who are not enrolled in the authentication system."

These attacks aren't necessarily directed at Teams; however, the exchange and SSO components bring Teams into play.

MSFT solution from the Mitigations quote above is to set up a "VPN to separate the Exchange server from external access"

SFOR solution > SafeVchat?

Again, these are my "not a cyber security professional" conclusions and are obviously rooted with confirmation bias as I am an investor, but I'd imagine there's at least some merit to what I posted given Ram's description of the way SafeVChat was built.

I have more examples/ideas and will post if anyone is interested.