Privacy Policy

At New Day at Work B.V., we truly value your trust and privacy, which is why we handle only the necessary personal data.

However, to provide you with our outstanding service and ensure its delivery, improvement, and security, it is essential for New Day at Work B.V. to process certain personal information directly or indirectly associated with you.

By agreeing to our terms and using our service, you consent to be governed by the Privacy Policy for New Day at Work B.V. We believe that this comprehensive understanding will help you grasp the exceptional offerings we provide and what you can expect from us, as well as what we expect from you.

Beanbag duo

About New Day at Work B.V.

New Day at Work B.V. has its statutory seat at and headquarters office at
Berencamperweg 6D
3861 MC, Nijkerk
The Netherlands.

It is registered at the Dutch Chamber of Commerce (Kamer van Koophandel) under number 55440215.

Purposes

In order for a Client to properly use the Service of https://workspace365.net (“New Day at Work”, “we”, “us” and “our” to be construed accordingly) we need to process data that is of a personal nature. We do not process data like: IP-addresses, email addresses of both the Client and the recipients or any personal messages. We only store metadata (file size and file name) of the files that are sent or received. The metadata will be erased when the Client deletes the files from the server. By using our Service the Client agrees to be bound by this Privacy Policy. New Day at Work B.V. may also use your data insofar necessary under its NTD Policy, any other notification of (presumed) illegal activity, or to defend itself against legal actions, in relation to or as a result of your use of New Day at Work B.V..
In order for a Client to start a demo, we need to process personal data. We need this information to contact the Client. By using our forms the Client agrees to be contacted after entering their information. This data consists of a name, an email address and a telephone number. We will not sell or transfer any personal data to third or affiliated parties.

Security

New Day at Work B.V. takes appropriate technical and organisational measures to protect your data against loss or other forms of unlawful processing. New Day at Work B.V. only uses servers in the EU so the European data protection rules apply. Privacy regulations outside the EU might not provide the same high level of protection. By using our Service and/or Website You acknowledge and agree that New Day at Work B.V. transfers your data through servers that are inside the EU.


Cookies 

This Cookie Policy explains what cookies are and how we use them. You should read this policy to understand what cookies are, how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used and how to control the cookie preferences. For further information on how we use, store and keep your personal data secure, see our Privacy Policy.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Your consent applies to the following domains: workspace365.net

What are cookies?

Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.

How do we use cookies?

As most of the online services, our website uses cookies first-party and third-party cookies for a number of purposes. The first-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

What cookies do we use?

The cookies used on our website are grouped into the following categories.

Necessary, functionality, analytics and advertisement cookies.

The below list details the cookies used in our website.

Cookie name

Provider

Category

Expiry

Description

Cookie found

__hs_cookie_cat_pref

workspace365.net

necessary

180 days

The HubSpot Cookie Banner's consent preferences cookie.

2023-11-09

__cfruid

workspace365.net

necessary

session

Used by the content network, Cloudflare, to identify trusted web traffic.

2023-11-09

__cf_bm

hubspot.com, workspace365.net

necessary

29 minutes

Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions.

2023-11-09

__hs_do_not_track

workspace365.net

necessary

179 days

Prevents the tracking code from sending any information to HubSpot

2023-11-09

test_cookie

doubleclick.net

functionality

14 minutes

This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.

2023-11-09

AnalyticsSyncHistory

linkedin.com

functionality

29 days

Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries

2023-11-09

li_gc

linkedin.com

functionality

180 days

Used to store guest consent to the use of cookies for non-essential purposes

2023-11-09

__hstc

workspace365.net

analytics

179 days

Analytics tracking cookie

2023-11-09

__hssc

workspace365.net

analytics

29 minutes

Analytics session cookie

2023-11-09

__hssrc

workspace365.net

analytics

session

Used to determine if a session is a new session

2023-11-09

hubspotutk

workspace365.net

analytics

179 days

Contains visitor's identity

2023-11-09

_ga

workspace365.net

analytics

399 days

ID used to identify users

2023-11-09

li_sugr

linkedin.com

analytics

89 days

Used to make a probabilistic match of a user's identity outside the Designated Countries

2023-11-09

_ga_NB0Z1RWKCF

workspace365.net

analytics

399 days

Used to persist session state

2023-11-09

_uetsid

workspace365.net

advertisement

1439 minutes

This cookie is used by Bing to determine what ads should be shown that may be relevant to the end user perusing the site.

2023-11-09

bcookie

linkedin.com

advertisement

364 days

Used by LinkedIn to track the use of embedded services.

2023-11-09

_uetvid

workspace365.net

advertisement

389 days

This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website.

2023-11-09

lidc

linkedin.com

advertisement

1 days

Used by the social networking service, LinkedIn, for tracking the use of embedded services.

2023-11-09

IDE

doubleclick.net

advertisement

390 days

This cookie is used for targeting, analysing and optimisation of ad campaigns in DoubleClick/Google Marketing Suite

2023-11-09

UserMatchHistory

linkedin.com

advertisement

29 days

These cookies are set by LinkedIn for advertising purposes, including: tracking visitors so that more relevant ads can be presented, allowing users to use the 'Apply with LinkedIn' or the 'Sign-in with LinkedIn' functions, collecting information about how visitors use the site, etc.

2023-11-09

bscookie

linkedin.com

advertisement

365 days

Used by LinkedIn to track the use of embedded services.

2023-11-09

_gcl_au

workspace365.net

advertisement

89 days

Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.

2023-11-09

MUID

bing.com

advertisement

389 days

Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.

2023-11-09

We use the following tools and services to collect anonymous web analytics:

Based on visiting our website, we may target advertisements to you when you visit other websites. We have embedded the following tools on our website which may install cookies:

We also collect personally identifiable information based on calls, events, webinars and other situations where people have given their consent to being contacted by us.

How can I manage my cookies preferences?

You can manage your cookies preferences by clicking on the “Settings” button and enabling or disabling the cookie categories on the popup according to your preferences.

Should you decide to change your preferences later through your browsing session, you can click on the “Privacy & Cookie Policy” tab on your screen. This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely.

In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more on how to manage and delete cookies, visit wikipedia.orgwww.allaboutcookies.org.

 

New Day at Work B.V. Terms of Service for Workspace365.net

1. Terms
By accessing the website at https://workspace365.net, you are agreeing to be bound by these terms of service, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.

2. License
Permission is granted to temporarily download one copy of the materials (information or software) on New Day at Work B.V.’s website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license, you may not:

  • modify or copy the materials;
  • use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
  • attempt to decompile or reverse engineer any software contained on New Day at Work B.V.’s website;
  • remove any copyright or other proprietary notations from the materials; or
  • transfer the materials to another person or “mirror” the materials on any other server.

This license shall automatically terminate if you violate any of these restrictions and may be terminated by New Day at Work B.V. at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.

3. Disclaimer
The materials on New Day at Work B.V.’s website are provided on an ‘as is’ basis. New Day at Work B.V. makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.
Further, New Day at Work B.V. does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.

4. Limitations
In no event shall New Day at Work B.V. or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on New Day at Work B.V.’s website, even if New Day at Work B.V. or a New Day at Work B.V. authorised representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

5. Accuracy of materials
The materials appearing on New Day at Work B.V.’s website could include technical, typographical, or photographic errors. New Day at Work B.V. does not warrant that any of the materials on its website are accurate, complete or current. New Day at Work B.V. may make changes to the materials contained on its website at any time without notice. However, New Day at Work B.V. does not make any commitment to update the materials.

6. Links
New Day at Work B.V. has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by New Day at Work B.V. of the site. Use of any such linked website is at the user’s own risk.

7. Modifications
New Day at Work B.V. may revise these terms of service for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these terms of service.

8. Governing Law
These terms and conditions are governed by and construed in accordance with the laws of Netherlands and you irrevocably submit to the exclusive jurisdiction of the courts in that State or location.

Tactic

Technique

Finding

Observed by Hunt & Hackett

Observed by PwC

Reconnaissance  

The threat actor is trying to gather information they can use to plan future operations 

There are no findings related to this phase of the attack. 

Resource development  

The threat actor is trying to establish resources they can use to support operations 

T1588.001 

Sea Turtle used the malware SnappyTCP from which the source code is available on GitHub.  

Initial access 

The threat actor is trying to obtain access to your network. 

T1133 
T1078.004

Sea Turtle compromised cPanel accounts and used SSH to get into the IT-infrastructure.  

 

Execution

The threat actor is trying to run malicious code. 

T1059.004 

Sea Turtle used the Unix shell Bash to execute malicious commands and the malware SnappyTCP. 

Persistence  

The threat actor is trying to maintain their foothold.

T1505.003

Sea Turtle executed SnappyTCP using the tool NoHup, which keeps the malware running on a system after exiting the shell or terminal, and installed Adminer in the public web directory of  a cPanel account. 

Privilege Escalation  

The threat actor is trying to gain higher-level permissions.

There are no findings related to this phase of the attack. 

Defense Evasion  

The threat actor is trying to avoid being detected.

T1070.003 

T1070.002 

Sea Turtle unsets the command (Bash) and MySQL history file and has overwritten Linux system logs. 

 

Credential Access  

The threat actor is trying to steal account names and passwords. 

There are no findings related to this phase of the attack. 

Discovery  

The threat actor is trying to figure out your environment.

There are no findings related to this phase of the attack. 

Lateral Movement  

The threat actor is trying to move through your environment.

There are no findings related to this phase of the attack. 

Collection

The threat actor is trying to gather data of interest to their goal. 

 

T1114.001

Sea Turtle created a copy of the e-mail archive of a compromised cPanel account in the public web directory of a website that was accessible from the internet.

 

Command and Control

The threat actor is trying to communicate with compromised systems to control them.  

T1071.001 

T1095 

Sea Turtle configured SnappyTCP to establish a command-and-control channel to the domain name forward.boord[.]info on port 443 using the protocols TCP and HTTP.

Exfiltration 

The threat actor is trying to steal data. 

T1567

Sea Turtle created a copy of the e-mail archive of a compromised cPanel account in the public web directory of a website that was accessible from the internet. It is highly likely that Sea Turtle exfiltrated the e-mail archive by downloading the file from the website.

 

Impact 

The threat actor is trying to manipulate, interrupt or destroy your systems and data 

There are no findings related to this phase of the attack.