Funding round completed!

Kikimora.io has successfully secured €993K in funding for the development of our innovative vulnerability management software. The resources will be invested in product development, marketing and strategic partnerships.

Market Confidence Soars: Kikimora.io Positioned to Capitalize on $400B Cybersecurity Boom by 2030

The leading investors, Vitosha Venture Partners, provided €350K, and the strategic partner, BGO Software Ltd. (a company specialized in software development for the healthcare and cybersecurity industry), contributed €260K. As Kamen Bankovski, one of the partners at Vitosha Venture Partners says:
“Kikimora.io is excellently positioned to capitalize on the rapidly growing cybersecurity market, expected to reach a size of $400B by 2030. The company has generated significant interest, early confirmation of market demand. The team behind Kikimora has substantial experience and a deep understanding of market challenges. We believe in the company’s growth potential, as well as in the team’s vision and its ability to realize it.”

IMPETUS Capital invested €200K through its fund ‘ImVenture II’. This is a follow-up investment in the company, following the convertible loan of €150K in April 2022. The co-founder and Managing Partner of Impetus Capital, Viktor Manev commented “We continue to support Kikimora io because it adds high value and solves a fundamental problem for businesses – analyzing cybersecurity and vulnerabilities quickly and efficiently, without unnecessary expenses”.

Kikimora.io also raised €103K from angel investors through the crowdfunding platform for technological startups, Seedblink. Their investment is consolidated into a trust managed by Seedblink. Two additional angel investors, Iva Tasheva (co-founder of Cyen, a Belgian consultancy in the cybersecurity industry) and Boytcho Boytchev, directly contributed a total amount of €80K.

Back to the Roots: A Story of Innovation and Growth

Founded in 2018 by Network Security Expert Krasimir Kotsev, SoCyber marked a significant milestone in April 2022 when it secured €150K in funding through a convertible loan from ImVenture II, the risk investment fund of IMPETUS Capital. This financial injection was invested for the MVP of Kikimora.io and the strategic expansion of SoCyber into international markets, encompassing the USA, the UK, and Germany. The year 2023 witnessed the natural evolution of the product business into the newly established parent company, Kikimora.io.

Bolstered by extensive industry expertise in cybersecurity, the unified team of SoCyber and Kikimora.io possesses firsthand knowledge of the challenges they diligently address. Fueled by the proficiency of machine learning experts, the team is primed for the subsequent phase of product development. In the words of the founder and CEO, “With the secured funds, our focus shifts towards advancing the product into the realm of artificial intelligence, empowering our clients to proactively prevent and enhance protection against cyber attacks. Concurrently, we remain steadfast in propelling the company’s growth through strategic marketing initiatives, market expansion endeavors, and the attraction of larger clientele. The gratifying aspect is that the investors supporting us in this round are not just financial backers but collaborative partners, united in our pursuit of achieving the ambitious milestones we’ve set for ourselves.”

Kikimora.io: Shaping the Future of Vulnerability Management

Kikimora is a solution aimed at businesses with over 500 employees. Through machine learning, the platform automates the analysis and prioritization of vulnerabilities. The platform also provides a centralized space for monitoring and managing security gaps. This enables users to quickly address issues, make data-driven decisions, and prevent incidents. Automation assists them in saving up to $10,000 in monthly expenses related to IT security.


Understanding the CVSS Base Score

Introduction:

In the ever-evolving landscape of cybersecurity, staying ahead of potential threats is paramount for businesses. The Common Vulnerability Scoring System (CVSS) emerges as a vital tool, providing a standardized approach to assessing and prioritizing cybersecurity vulnerabilities. This article delves into the significance of CVSS and how it aids businesses in making informed decisions to enhance their security posture.

What is CVSS?

The Common Vulnerability Scoring System (CVSS) is a framework that assigns a numerical score to vulnerabilities, helping organizations gauge the severity of potential security risks. Ranging from 0 to 10, this score provides a clear indication of the potential impact and exploitability of a vulnerability.
Today we will explore the Base Score, which reflects the intrinsic qualities of a vulnerability, considering factors such as exploitability, impact, and complexity. A higher base score signifies a more severe vulnerability.

Understanding the CVSS Base Score:

Exploitability Metrics:

  • Attack Vector (AV): Think of this as the “how” of the attack. Is the vulnerability something that can be exploited remotely over the internet, or does an attacker need physical access to your systems?
  • Attack Complexity (AC): Consider this as the level of skill and effort required for the attack. Is it something that anyone can do easily, or does it require a highly skilled and resourceful attacker?
  • Privileges Required (PR): This is about the level of access the attacker needs. Does the attacker need special permissions, or can they exploit the vulnerability with basic access?
  • User Interaction (UI): Does the attacker need someone from your team to unknowingly participate in the attack, or can it happen without any user involvement?
  • Scope (S): Think of this as whether the attack changes something fundamental in your system’s security. Does the exploit alter how your security measures work?

Impact Metrics:

  • Confidentiality (C): How much of your sensitive information could be exposed? Is it just a little or everything?
  • Integrity (I): Consider this as the potential damage to your data. Will it just be altered a bit, or could it be completely compromised?
  • Availability (A): How much could your business operations be disrupted? Is it a minor inconvenience or a major outage?

The CVSS Base Score is then calculated based on these factors, providing you with a numerical value between 0 and 10. A higher score indicates a higher level of risk and potential impact on your business. This score can help you prioritize which vulnerabilities to address first, focusing on those that pose the greatest threat to your business operations and data security.

Why is CVSS Important for Businesses?

  • Prioritization: CVSS enables businesses to prioritize their response to vulnerabilities. By focusing on those with higher scores, organizations address the most critical issues first, minimizing potential damage.
  • Resource Allocation: Businesses can allocate resources more efficiently by concentrating efforts on vulnerabilities that pose the greatest risk. This ensures that cybersecurity measures are implemented where they are needed most.
  • Communication: CVSS provides a standardized language for communicating the severity of vulnerabilities. This facilitates clear and effective communication between security teams, IT personnel, and business stakeholders.
  • Informed Decision-Making: Armed with CVSS scores, business leaders can make informed decisions about cybersecurity investments. It guides the allocation of resources to areas where they will have the most significant impact on overall security.

Conclusion:

In a world where cyber threats are constantly evolving, having a systematic approach to evaluating vulnerabilities is crucial. CVSS serves as a valuable tool for businesses, offering a standardized and objective means of assessing and prioritizing cybersecurity risks. By understanding and leveraging the insights provided by CVSS scores, organizations can proactively strengthen their defenses and navigate the complex landscape of cybersecurity with confidence.


SoCyber raises €1M to automate cybersecurity with machine learning

SoCyber is raising €1M to advance automated cybersecurity solutions via SeedBlink, targeting private investors.

  • The Late Seed round is led by Vitosha Venture Partners.
  • Individuals can participate with as little as €2,500.
  • SoCyber is providing cutting-edge security solutions tailored to the needs of the Critical Infrastructure, Healthcare, FinTech, Banking, and eCommerce sectors.
  • Use of funds: implementing machine learning technology into Kikimora’s software, bolstering its performance and solidifying its position as an industry leader.

Sofia, June 6: SoCyber, a leading Bulgarian startup specializing in Security Testing and Security-as-a-Service, is currently raising a €1 million in a Late Seed funding round. The investment is facilitated through SeedBlink, the renowned co-investment platform for European technology startups. Individuals can participate with as little as €2,500 until June 26, SeedBlink enabling investors to safely co-invest across borders in a thoroughly curated list of tech startups with a European DNA, together with a strong network of venture capital partners.

With cyberattacks occurring every 14 seconds and posing a significant threat to businesses worldwide, the need for robust cybersecurity measures has become paramount. SoCyber, founded in 2018, addresses this challenge by providing cutting-edge security solutions tailored to the needs of the Critical Infrastructure, Healthcare, FinTech, Banking, and eCommerce sectors.

At the forefront of SoCyber’s offerings is Kikimora, a groundbreaking software powered by machine learning. Kikimora automates vulnerability data analysis, enabling companies to identify and address security gaps promptly. By centralizing security monitoring and analysis, Kikimora empowers organizations to proactively prevent security incidents and safeguard sensitive data.

Key Highlights of SoCyber

  • Impressive Traction: SoCyber achieved €640,000 in revenue in FY2022 and successfully completed over 200 projects across the United States, Europe, and the United Kingdom.
  • Advanced Technology: SoCyber leverages automatic machine learning analysis to comprehensively assess vulnerabilities and provide actionable insights to enhance cybersecurity defenses.
  • Lucrative Business Model: SoCyber primarily caters to B2B clients, focusing on companies with over 500 employees. Its monthly subscription plans range from $199 to $1,960, delivering cost-effective and scalable solutions. By utilizing Kikimora, enterprises can potentially save up to $10,000 per month in labor costs and millions of dollars from prevented breaches.
  • Expert Founding Team: SoCyber’s founding team comprises cybersecurity experts with extensive experience in security testing, scaling companies, and audit, ensuring the highest level of expertise and innovation.
  • Expansive Market Potential: The security and vulnerability market’s Serviceable Available Market (SAM) is estimated to be worth $23 billion, indicating substantial growth opportunities for SoCyber.

The Late Seed funding round is led by Vitosha Venture Partners, a prominent Bulgarian venture capital firm specializing in early-stage and growth-stage companies. Vitosha Venture Partners boasts an extensive portfolio of over 60 investments and plays a pivotal role in Bulgaria’s thriving startup ecosystem.

SoCyber’s CEO & Founder, Krasimir Kotsev, expressed excitement about the funding and stated, “This financing round marks a significant milestone for SoCyber as we continue to revolutionize the cybersecurity landscape. With the support of Vitosha Venture Partners and SeedBlink, we are well-positioned to accelerate the development of our machine-learning-driven solutions, ensuring that businesses can effectively protect themselves from evolving cyber threats. We’d love having cyber-security afficionados on board, as well as industry-agnostic investors that would like to have a balanced diversified portfolio.”

Angel Hadjiev, Country Director for SeedBlink Bulgaria shared his enthusiasm, stating, “SoCyber’s innovative approach to automating cybersecurity aligns perfectly with the mission of SeedBlink to support cutting-edge European technology startups. This funding round showcases our commitment to fostering growth and enabling the development of impactful solutions in the cybersecurity industry.”

The investment through SeedBlink reflects the dedication to building an efficient investment infrastructure that facilitates collaboration between private and institutional investors to support innovative European technology companies.

About SeedBlink  

SeedBlink is a technology-specialized investment platform that enables funding of top-tier technology startups and scale-ups, with the help of individual and institutional investors. SeedBlink’s mission is to build an efficient investment infrastructure for private and institutional investors to work together to finance innovative European technology companies.

SeedBlink Crowd SA has been registered with the Financial Supervision Authority Register since 03/11/2022 under the number PJR28FSFPR/400001. Contact at [email protected] . Read the essential information at project or platform level before investing on the platform, available in Dutch on the official website www.seedblink.com

About Kikimora.io

Kikimora.io is an innovative vulnerability management platform developed by SoCyber. By introducing machine learning analysis of vulnerability data, Kikimora.io brings a fresh perspective to the cybersecurity sector. Multiple data sources are the foundation of the proprietary model. We at Kikimora.io are aware of the value of accurate data analysis. Security flaws must be evaluated right away after being discovered in order to prevent cybersecurity incidents. With respect to the oversaturated vulnerability discovery and incident response market, Kikimora.io is positioned in the vulnerability intelligence and analysis domain, which is relatively unexploited. www.kikimora.io


Pulse Connect Secure – Critical 0-DAY Vulnerability

Pulse Connect Secure – Critical 0-DAY Vulnerability

Vulnerability Title:

Pulse Secure Pulse Connect Secure: CVE-2021-22893: Pulse Connect Secure RCE Vulnerability (SA44784)

Vulnerability Description:

An authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway was discovered.

This vulnerability has a critical CVSS score and poses a significant risk to your deployment.

CVE CVSS Score (V3.1) Summary Product Affected
CVE-2021-22893 10 Critical

3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability in Pulse Connect Secure allows a remote unauthenticated attacker to execute arbitrary code via unspecified vectors PCS 9.0R3 and Higher

Solution:

The solution for these vulnerabilities is to upgrade the Pulse Connect Secure server software version to the 9.1R.11.4. We will update the advisory once the timelines are available.

If the PCS/PPS version is installed: Then deploy this version (or later) to resolve the issue: Expected Release Notes (if any)
Pulse Connect Secure 9.1RX TBD TBD
Pulse Connect Secure 9.0RX TBD TBD

Workaround:

CVE-2021-22893 can be mitigated by importing the Workaround-2104.xml file.

Impact:

XML File disables the following features under PCS appliance.

  • Windows File Share Browser
  • Pulse Secure Collaboration

Note:  XML file is the zipped format, please unzip and then import the XML file.

Pulse Connect Secure – Critical 0-DAY Vulnerability

Customers can download and import the file under the following location:

Go to Maintenance > Import/Export > Import XML. Import the file.

  • This disables the Pulse Collaboration.
  • If there is a load balancer in front of the PCS, this may affect the Load Balancer.
  • If your load balancer is using round robin or using HealthCheck.cgi or advanced healthcheck.cgi, it will not be affected.

Disable the Windows File Browser:

  • Navigate to User > User Role > Click Default Option >> Click on General
  • Under the Access Feature, make sure the “Files, Window” option is not checked.
  • Go to Users > User Roles
  • Click on each role in turn and ensure under the Access Feature of each role, the File, Windows option is not enabled.

NOTE: When you apply the upcoming release fix, please remove the workaround with the following steps:

  • Importing the attached file remove-workaround-2104.xml (found in the same download location as the Workaround-2104.xml Download (Download Center at https://my.pulsesecure.net))
  • Restore the previous settings for “Files, Windows”

This vulnerability is only affecting 9.0r3 and higher (i.e. versions below 9.0r3 are NOT affected), so the XML patch is not required.


Security awareness issues for remote workers

Work from home is not a new phenomenon in today’s digital world, but this month it has become a necessity for many more people.
The pandemic situation around the world forced a number of employers to send their employees home. The challenges begin with maintaining our productivity at home conditions to assuring our cybersecurity which is threatened by our remote access. But how do we become an easier target by working from home using our personal devices?
Here are two different aspects – our own security as a user and the risk we pose for our organization, on the other hand. The end-user impact is dependent on the Security Awareness of the person. When we know the basic cybersecurity principles including:

  • Passwords & Strong Authentication
  • Incident Response
  • Awareness of Phishing scams (emails, attached files, fake websites)
  • Awareness of Secure Data Processing and Storage
  • Password securing & encryption of confidential information

 

then the risk is much lower.

On the other hand, in case the person is an employee in a company who is required to work remotely, then he might be a potential risk for the company.

In that case, it’s up to the company how well they secured their information.

SCENARIO 1

The employee is using a personal laptop or a corporate one, but without the presence of Security Policies, Active Directory with specific technical limitations for the systems, Encrypted Communication, Network Traffic Monitoring, Phishing prevention solution, Malware Protection, Up-to-date software, Network Segmentation and etc. In that case, we consider the risk as High.

SCENARIO 2

The company has in place some security measures. There is a VPN communication to the office environment, where the information is held in a secure and well-segmented place in the network. Employees are using corporate laptops, part of the Active Directory with the appropriate security measures. Passwords for VPN communication and other portals are not auto-saved. The risk here is Medium due to the lower possibility for the user’s computer to be compromised and the low impact from potential attack, due to the system being disconnected from the VPN when not used. Of course, if you spot something strange better get disconnected until you figure out if everything is fine.

SCENARIO 3

All of the above in Scenario 1 is applied. The risk for both the employee and the employer might be considered Low.

In case our system is well-protected our security can be considered equal with the one in the office.

Can we expect an increase in specific types of attacks?
Unfortunately during the past days, there was pandemic with Phishing attacks, together with the one for Corona. Malicious hackers rely on the fact that everybody is opening all kinds of COVID-19 related information without looking in the email headers or in the legitimacy of the website. Panic is catching everybody unprepared. There is even a map which is providing infection rates around the world, but behind the map a Malware is waiting to steal your passwords
(www.Corona-Virus-MapDOTcom).

Many phishing emails promise the latest news on the topic but are aiming for your identity instead.

Every company has different critical information points, but in general, those are:

  • Spaces for file sharing (sharepoints, file transfer servers)
  • Knowledge bases
  • CRM Systems
  • ERP Systems
  • Payroll and HR Systems
  • Financial and Accounting Software
  • Databases with corporate and user data
  • Email Servers

Each one of those points should be well isolated in the network and well protected, by use of secure authentication methods (where possible with Multi-Factor Authentication in place), different user groups with access rights, encryption of the information, presence of logs and more.

The more secure the system is, the smaller the risk and the impact on the company.

What measures and technical solutions can an individual take, in order to improve the security? What should the company do?

The user can do a few simple, but effective steps:

  • Keep all passwords in Password Management software (KeePass, Password Safe, Keeper, Last Pass and more).
  • To protect all sensitive information by use of encrypted storage (hard drive, portable hard drive, USB Flash Drive). This can be achieved with BitLocker or VeraCrypt/TrueCrypt and others.
  • To carefully inspect the origin of the emails and to analyze if the domain in the hyperlink is correct, before visiting the website.
  • To be careful when opening attached files, if not sure of the sender’s legitimacy.
  • To use 2nd factor of authentication where possible.
  • To lock his computer when not active.
  • To get better awareness by watching the “Security Awareness” trainings in the company, if such are present.

The company, on the other hand, should often assess the security of the assets and to implement all measures (at least), described in Scenario 1 above. It is a company’s responsibility that the employee is aware of the risks, how to process data in a secure way and what to do in case of an incident. It is the employee’s responsibility to follow the procedures and policies of the company.

Shall we share confidential information and what is the best way to do it?

The situation with the Coronavirus is providing us with the opportunity to get to know our families better. But it is also teaching us how to be modern and use the technologies from the current century.

Working from home doesn’t mean that confidential information should not be shared.

Nowadays there are secure means for remote connection and communication over VPN, secure methods to transfer files over SFTP, remote control to the systems through the Active Directory, DLP solutions to prevent data leakage and more. We can also use encrypted containers when data is to be transferred securely (VeraCrypt), we can send encrypted emails using S/MIME, Office 365 Message Encryption and more.

It is important for the password to be transferred over an alternative communications channel. Many companies might also realize that “working from home” is not so scary and this could lead to optimization of the working time, fewer expenses, in the long run, fewer CO2 emissions, optimization of office space and more benefits.

By looking in the company structure, which is the most risky group of employees?

Based on our experience usually, those are:

  • Customer Support / Call Center staff – due to the high amount of people they communicate with, the large number of emails transferred, frequent work with attached files and more.
  • Sales Representatives – due to the frequent communication with clients and frequent emails.
  • Finance and Accounting – due to the financial information they possess.
  • Management – due to the confidential information they have on the systems. CEO Fraud is often used, when a malicious user tries to spoof a message so that it appears to be from high management. In that case, employees are usually in a hurry to provide the necessary information, without realizing that there is a malicious hacker behind the email, or they leak their credentials, by visiting a link in the email.

Be aware, not scared. Your cybersecurity matters.


Risks from a cyber attack

Lately, a lot of people ask me about the risks from a cyber attack, and should they worry about being a victim of a malicious hacker attack. In this paper I will present some of the most commonly used attacks and how they could affect you.


One of the oldest but still one of the most commonly used techniques is SQL Injection. It uses a vulnerable form or other field in a web application that directly communicates with the database. Attack is performed by injecting SQL code into queries sent to the database. In case of invalid filtering of the input, the database executes the SQL statement and provides the hacker with the ability to retrieve, replace, or delete all data. This attack could affect any web application / site that works with a database and is incorrectly configured. The attack could seriously harm you, especially in the context of the new GDPR requirements. If your information is leaked publicly and is not protected by encryption methods or other mechanisms, hackers can access sensitive information, accounts, passwords, and more. This type of attack can be detected by running a web application security test, and security can be achieved by correcting the programming code or using security products for protection (IPS, WAF, etc.).

Attacks through social engineering and malware are common. Probably everyone has encountered emails that ask the victim to visit a fake copy of a legitimate website to enter our authentication data or open an app without knowing its origin. Typically, by opening the attachment, we install malware on our machine, which in most cases gives the attacker access to our system or the ability to track our activity (including passwords used). It can often happen that our machine is used as a pivot point from which an attack to other systems is launched. Using email is just one of the options for doing this type of attack. The risk consists of loss of access to accounts, malicious use of financial assets, and complete compromise of our personal information. Protection is made by better awareness of how to detect similar attacks and by using security solutions (including anti-virus software).

Ransomware attacks are part of our everyday life. The attacker manages to encrypt the information of our systems, usually requiring a ransom to decrypt it. These types of attacks are difficult to prevent, and are usually dictated by people’s poor awareness of how to recognize similar attacks. It is extremely important to always back up the information in order for it to be easily restored. In the event that we become a victim of such an attack and we do not have a backup, our salvation is to turn to specialists to look for part of the encryption key in the system memory immediately after the attack is detected or to attempt to search for a key , published on the Internet by another victim.

DDoS – In these attacks, the purpose of hackers is not to steal information, but to make your systems inaccessible to your customers, thus stopping your business from running. They are usually done by overflowing the resources of your systems with unnecessary traffic or requests. Fortunately, there are affordable market solutions that provide a high level of protection against such attacks. Free solutions are also available for companies with few systems that are not critical.

MITM (Man In The Middle) – Man-In-The-Middle attacks typically occur when data is not transferred in encrypted form. Most often, they are conducted by publicly accessible networks, the purpose of hackers being to capture traffic with sensitive information, including usernames and passwords. Often, such attacks are performed to falsifie invoices and make a payment to the hacker’s bank account instead of the legitimate provider. In order to prevent such attacks, it is necessary to use encryption mechanisms in the transmission of information and, in GDPR aspect it is a good practice to encrypt the information even when it is stored in databases, log files, backups, transfer to file servers, sending email communication, working with web applications, and more.


Another serious problem is the use of weak authentication policies. Most people use the same passwords for most websites they visit. If any of the websites are compromised and hackers get access to the passwords in your site, they will also have your password for all other websites. On the other hand, people often use easy-to-guess passwords, which allows them to be easily broken using brute-force and dictionary attacks. This is quite dangerous in corporate conditions, as it could provide malicious users with access to ERP, CRM, HR, CMS, MAP, PIM, and other systems. Fortunately, solutions are available that allow us to easily create and manage complex passwords for access to various systems.