Nederlands
Privacy Policy
At New Day at Work B.V., we truly value your trust and privacy, which is why we handle only the necessary personal data.
However, to provide you with our outstanding service and ensure its delivery, improvement, and security, it is essential for New Day at Work B.V. to process certain personal information directly or indirectly associated with you.
By agreeing to our terms and using our service, you consent to be governed by the Privacy Policy for New Day at Work B.V. We believe that this comprehensive understanding will help you grasp the exceptional offerings we provide and what you can expect from us, as well as what we expect from you.
About New Day at Work B.V.
New Day at Work B.V. has its statutory seat at and headquarters office at
Berencamperweg 6D
3861 MC, Nijkerk
The Netherlands.
It is registered at the Dutch Chamber of Commerce (Kamer van Koophandel) under number 55440215.
Purposes
In order for a Client to properly use the Service of https://workspace365.net (“New Day at Work”, “we”, “us” and “our” to be construed accordingly) we need to process data that is of a personal nature. We do not process data like: IP-addresses, email addresses of both the Client and the recipients or any personal messages. We only store metadata (file size and file name) of the files that are sent or received. The metadata will be erased when the Client deletes the files from the server. By using our Service the Client agrees to be bound by this Privacy Policy. New Day at Work B.V. may also use your data insofar necessary under its NTD Policy, any other notification of (presumed) illegal activity, or to defend itself against legal actions, in relation to or as a result of your use of New Day at Work B.V..
In order for a Client to start a demo, we need to process personal data. We need this information to contact the Client. By using our forms the Client agrees to be contacted after entering their information. This data consists of a name, an email address and a telephone number. We will not sell or transfer any personal data to third or affiliated parties.
Security
New Day at Work B.V. takes appropriate technical and organisational measures to protect your data against loss or other forms of unlawful processing. New Day at Work B.V. only uses servers in the EU so the European data protection rules apply. Privacy regulations outside the EU might not provide the same high level of protection. By using our Service and/or Website You acknowledge and agree that New Day at Work B.V. transfers your data through servers that are inside the EU.
Cookies
This Cookie Policy explains what cookies are and how we use them. You should read this policy to understand what cookies are, how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used and how to control the cookie preferences. For further information on how we use, store and keep your personal data secure, see our Privacy Policy.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.
Your consent applies to the following domains: workspace365.net
What are cookies?
Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.
How do we use cookies?
As most of the online services, our website uses cookies first-party and third-party cookies for a number of purposes. The first-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
What cookies do we use?
The cookies used on our website are grouped into the following categories.
Necessary, functionality, analytics and advertisement cookies.
The below list details the cookies used in our website.
| COOKIE NAME | PROVIDER | CATEGORY | EXPIRY | DESCRIPTION | COOKIE FOUND |
|---|---|---|---|---|---|
| __hs_cookie_cat_pref | workspace365.net | necessary | 180 days | The HubSpot Cookie Banner's consent preferences cookie. | 2023-11-09 |
| __cfruid | workspace365.net | necessary | session | Used by the content network, Cloudflare, to identify trusted web traffic. | 2023-11-09 |
| __cf_bm | hubspot.com, workspace365.net | necessary | 29 minutes | Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions. | 2023-11-09 |
| __hs_do_not_track | workspace365.net | necessary | 179 days | Prevents the tracking code from sending any information to HubSpot | 2023-11-09 |
| test_cookie | doubleclick.net | functionality | 14 minutes | This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies. | 2023-11-09 |
| AnalyticsSyncHistory | linkedin.com | functionality | 29 days | Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries | 2023-11-09 |
| li_gc | linkedin.com | functionality | 180 days | Used to store guest consent to the use of cookies for non-essential purposes | 2023-11-09 |
| __hstc | workspace365.net | analytics | 179 days | Analytics tracking cookie | 2023-11-09 |
| __hssc | workspace365.net | analytics | 29 minutes | Analytics session cookie | 2023-11-09 |
| __hssrc | workspace365.net | analytics | session | Used to determine if a session is a new session | 2023-11-09 |
| hubspotutk | workspace365.net | analytics | 179 days | Contains visitor's identity | 2023-11-09 |
| _ga | workspace365.net | analytics | 399 days | ID used to identify users | 2023-11-09 |
| li_sugr | linkedin.com | analytics | 89 days | Used to make a probabilistic match of a user's identity outside the Designated Countries | 2023-11-09 |
| _ga_NB0Z1RWKCF | workspace365.net | analytics | 399 days | Used to persist session state | 2023-11-09 |
| _uetsid | workspace365.net | advertisement | 1439 minutes | This cookie is used by Bing to determine what ads should be shown that may be relevant to the end user perusing the site. | 2023-11-09 |
| bcookie | linkedin.com | advertisement | 364 days | Used by LinkedIn to track the use of embedded services. | 2023-11-09 |
| _uetvid | workspace365.net | advertisement | 389 days | This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. | 2023-11-09 |
| lidc | linkedin.com | advertisement | 1 days | Used by the social networking service, LinkedIn, for tracking the use of embedded services. | 2023-11-09 |
| IDE | doubleclick.net | advertisement | 390 days | This cookie is used for targeting, analysing and optimisation of ad campaigns in DoubleClick/Google Marketing Suite | 2023-11-09 |
| UserMatchHistory | linkedin.com | advertisement | 29 days | These cookies are set by LinkedIn for advertising purposes, including: tracking visitors so that more relevant ads can be presented, allowing users to use the 'Apply with LinkedIn' or the 'Sign-in with LinkedIn' functions, collecting information about how visitors use the site, etc. | 2023-11-09 |
| bscookie | linkedin.com | advertisement | 365 days | Used by LinkedIn to track the use of embedded services. | 2023-11-09 |
| _gcl_au | workspace365.net | advertisement | 89 days | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. | 2023-11-09 |
| MUID | bing.com | advertisement | 389 days | Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. | 2023-11-09 |
We use the following tools and services to collect anonymous web analytics:
- Google Analytics: https://privacy.google.com/businesses/compliance/
- Hotjar: https://www.hotjar.com/
Based on visiting our website, we may target advertisements to you when you visit other websites. We have embedded the following tools on our website which may install cookies:
- Facebook Pixel: https://www.facebook.com/business/a/facebook-pixel
- LinkedIn Insight Tag: https://www.linkedin.com/legal/cookie-policy
- Google Remarketing: https://support.google.com/adwords/answer/2453998?hl=en
We also collect personally identifiable information based on calls, events, webinars and other situations where people have given their consent to being contacted by us.
How can I manage my cookies preferences?
You can manage your cookies preferences by clicking on the “Settings” button and enabling or disabling the cookie categories on the popup according to your preferences.
Should you decide to change your preferences later through your browsing session, you can click on the “Privacy & Cookie Policy” tab on your screen. This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely.
In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more out more on how to manage and delete cookies, visit wikipedia.org, www.allaboutcookies.org.
New Day at Work B.V. Terms of Service for Workspace365.net
1. Terms
By accessing the website at https://workspace365.net, you are agreeing to be bound by these terms of service, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.
2. License
Permission is granted to temporarily download one copy of the materials (information or software) on New Day at Work B.V.’s website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license, you may not:
- modify or copy the materials;
- use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
- attempt to decompile or reverse engineer any software contained on New Day at Work B.V.’s website;
- remove any copyright or other proprietary notations from the materials; or
- transfer the materials to another person or “mirror” the materials on any other server.
This license shall automatically terminate if you violate any of these restrictions and may be terminated by New Day at Work B.V. at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.
3. Disclaimer
The materials on New Day at Work B.V.’s website are provided on an ‘as is’ basis. New Day at Work B.V. makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.
Further, New Day at Work B.V. does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.
4. Limitations
In no event shall New Day at Work B.V. or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on New Day at Work B.V.’s website, even if New Day at Work B.V. or a New Day at Work B.V. authorised representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
5. Accuracy of materials
The materials appearing on New Day at Work B.V.’s website could include technical, typographical, or photographic errors. New Day at Work B.V. does not warrant that any of the materials on its website are accurate, complete or current. New Day at Work B.V. may make changes to the materials contained on its website at any time without notice. However, New Day at Work B.V. does not make any commitment to update the materials.
6. Links
New Day at Work B.V. has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by New Day at Work B.V. of the site. Use of any such linked website is at the user’s own risk.
7. Modifications
New Day at Work B.V. may revise these terms of service for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these terms of service.
8. Governing Law
These terms and conditions are governed by and construed in accordance with the laws of Netherlands and you irrevocably submit to the exclusive jurisdiction of the courts in that State or location.
| Tactic | Technique | Finding | Observed by Hunt & Hackett | Observed by PwC |
|
Reconnaissance The threat actor is trying to gather information they can use to plan future operations |
There are no findings related to this phase of the attack. |
|||
|
Resource development The threat actor is trying to establish resources they can use to support operations |
T1588.001 | Sea Turtle used the malware SnappyTCP from which the source code is available on GitHub. | ||
|
Initial access The threat actor is trying to obtain access to your network. |
T1133 T1078.004 |
Sea Turtle compromised cPanel accounts and used SSH to get into the IT-infrastructure. | ||
|
Execution The threat actor is trying to run malicious code. |
T1059.004 | Sea Turtle used the Unix shell Bash to execute malicious commands and the malware SnappyTCP. | ||
|
Persistence The threat actor is trying to maintain their foothold. |
T1505.003 | Sea Turtle executed SnappyTCP using the tool NoHup, which keeps the malware running on a system after exiting the shell or terminal, and installed Adminer in the public web directory of a cPanel account. | ||
|
Privilege Escalation The threat actor is trying to gain higher-level permissions. |
There are no findings related to this phase of the attack. | |||
|
Defense Evasion The threat actor is trying to avoid being detected. |
T1070.003
T1070.002 |
Sea Turtle unsets the command (Bash) and MySQL history file and has overwritten Linux system logs. | ||
|
Credential Access The threat actor is trying to steal account names and passwords. |
There are no findings related to this phase of the attack. | |||
|
Discovery The threat actor is trying to figure out your environment. |
There are no findings related to this phase of the attack. | |||
|
Lateral Movement The threat actor is trying to move through your environment. |
There are no findings related to this phase of the attack. | |||
|
Collection The threat actor is trying to gather data of interest to their goal.
|
T1114.001 | Sea Turtle created a copy of the e-mail archive of a compromised cPanel account in the public web directory of a website that was accessible from the internet. | ||
|
Command and Control The threat actor is trying to communicate with compromised systems to control them. |
T1071.001
T1095 |
Sea Turtle configured SnappyTCP to establish a command-and-control channel to the domain name forward.boord[.]info on port 443 using the protocols TCP and HTTP. | ||
|
Exfiltration The threat actor is trying to steal data. |
T1567 | Sea Turtle created a copy of the e-mail archive of a compromised cPanel account in the public web directory of a website that was accessible from the internet. It is highly likely that Sea Turtle exfiltrated the e-mail archive by downloading the file from the website. | ||
|
Impact The threat actor is trying to manipulate, interrupt or destroy your systems and data |
There are no findings related to this phase of the attack. | |||