AMD confirms CTS vulnerabilities, downplaying to avoid the financial implications

Discoveries by CTS Labs’ research into AMD flaws eliminate AMD’s competitive advantage in enterprise server segments and the company’s price competitiveness in retail aspects can no longer be justified.

 

PDF Download Link
The company’s rhetoric is that this is a non-issue hinges on the non-argument that administrator access must be established in order to exploit the vulnerabilities identified by CTS. This is short-sighted as the surrounding statement that most hackers will not have the know-how to exploit these vulnerabilities.
CTS have recently released a video showing the exploitation of AMD’s vulnerabilities to completely circumvent Windows Credential Guard and obtain decrypted passwords. AMD management specifically highlighted Windows Credential Guard as a key obstacle to the execution of CTS Labs’ identified exploits.
The video can be viewed in full here: https://www.youtube.com/watch?v=8YQaWIWbzhI&feature=youtu.be
Viceroy believes the practice of giving AMD discretion as to when, if and how it reports its own vulnerabilities facilitates poor corporate disclosure and keeps stakeholders in the dark. This is not how free financial markets operate for a reason and is validated by the SEC’s most recent statement2 relating to cybersecurity flaws: we would similarly not give fraudulent companies the discretion as to if and when they inform their investors they are a fraud.

  • Ryzen and Epyc processors facilitate tremendous freedom of access to customer’s data –The identified vulnerabilities in AMD’s EPYC and Ryzen processors give hackers the ability to entrench malware at the hardware level, making them virtually undetectable and untouchable by security products. By abusing these vulnerabilities at the Secure Processor level, malware characteristics can give hackers unlimited control over entire networks. None of the vulnerabilities identified by CTS, both firmware and hardware, require physical access to computers to be exploited. The continued sale of these processors puts customers at significant risk.
  • The security protocols that AMD have been promoting put customers at unacceptable risk to vulnerabilities identified by CTS – We expect AMD cloud customers including Microsoft Azure, Baidu, DellEMC and TenCent will flee in the short term given the serious nature of chip flaws. AMD is unlikely to be trusted in this space again.
  • One Ryzen chip could endanger an entire enterprise network – Vulnerabilities identified in the Ryzen chip allow hackers to perform credential dumps on infected Ryzen workstations even if the latest security mitigations are employed. Malware can quickly spread to other workstations throughout enterprise networks, regardless of whether they use a Ryzen chip or Intel. No prudent CISO or CTO will risk their network or their security by buying a Ryzen chip over more secure competitors.

This report expands on the financial impact of the CTS Labs vulnerabilities, specifically the impact of future earnings and possible legal liabilities that Viceroy believes will arise against the company. Viceroy have appointed lawyers to assess the reliability of the security claims made by AMD considering the basic level flaws that have been identified.

The curious case of Mad River Community Hospital

Viceroy present further evidence of MiMedx illegally selling on reimbursement, adding our already extensive evidence of pervasive fraud.

PDF Download Link

Viceroy has obtained documents detailing a legal dispute between MiMedx and Mad River Community Hospital (“Mad River”). The documents clearly outline MiMedx’s fraudulent sales methods including misrepresenting reimbursement rates for products and “marketing the spread”.

This report details the serious misconduct and underhanded sales tactics of MiMedx personnel in California, which executive management were certainly aware of given the ensuing litigation. As we have demonstrated over 20+ reports, these types of improprieties are commonplace throughout the organization. Never before have our legal advisors or consultants come across such gross and serious misconduct.

The Mad River documents also show MiMedx engaged in “selling on reimbursement”, contrary to a several laws and regulations and some alleged MiMedx policies.

  • MiMedx sued Mad River for non-payment of invoices for EpiFix and AmnioFix products. Unfortunately for MiMedx this is where the story becomes compelling for law enforcement and regulators.
  • MiMedx misrepresented to Mad River the reimbursement rates for its EpiFix and AmnioFix products, as well as misrepresenting insurer’s attitudes towards these products. Several insurers considered MiMedx products “experimental and un-reimbursable”.
  • Following Mad River’s failure to pay, MiMedx sent “reimbursement” specialists to Mad River who upheld that MiMedx’s represented reimbursement rates were correct. Mad River believes that this was simply a manner of continuing the ruse while raising further invoices.

The Mad River filings portray (we believe accurately) MiMedx as third-rate con-artists.

Contrary to Parker H. Petite’s rhetoric of ‘Good Business Acumen’ and persistent denials of “marketing the spread”, this report will unlawful practices that MiMedx, including “marketing the spread”. This is the very tip of the iceberg as law enforcement and regulators have been made aware of.

It is Viceroy’s intention to continue the dialogue with MiMedx’s auditors and regulators to bring about the prosecution of Parker H. Petit.

In the wake of mounting evidence of fraud, illegal revenue recognition systems, retaliation against whistleblowers and concealing evidence from investors, we immediately call for Parker H. Petit’s resignation.

As promised: MiMedx’s concealed documents

This post highlights the incriminating testimonies from MiMedx employees, associated entities and attorneys, which have subsequently been sealed by the company to conceal evidence from stakeholders.

The order to seal these documents came only after Viceroy’s highlighted that AvKare “didn’t do anything”, according to Mike Carlton (MiMedx VP of Global Sales), but only served to facilitate MiMedx’s channel stuffing & other suspicious activities. Parker H. Petit, knew investors would quickly realize he was misleading them – the information was incriminating MiMedx if left unsealed.

Parker H. Petit & MiMedx continuously attempt to sweep criminal actions and contradictory statements under the rug – in this instance, they sealed incriminating deposition transcripts. Fortunately, Viceroy had already obtained these records prior to the motion to seal bring filed with the court.

We are disclosing the documents in the public interest:

43-main

43-1

43-2

43-3

43-4

Viceroy activates ‘The Honeypot’ – Parker H. Petit & MiMedx caught red-handed

New insights on MiMedx instructions to physicians on how to fraudulently increase compensation.

Following the release of our previous report titled “Viceroy release MiMedx EOB emails”, Viceroy Research has been contacted by physicians corroborating MiMedx’s role in distributing EOB to fraudulently increase Medicare reimbursement. This occurs through the reclassification of AmnioFix products as EpiFix products in order to obtain Medicare reimbursements.

PDF Download Link

MiMedx’s recent nonsensical responses to our research have been evasive and does not acknowledge that at its core, the practice construes Medicare fraud. In order to demonstrate this, Viceroy set a Honeypot. MiMedx in their desperation to mislead investors, have taken our bait.

While the issue of reclassifying MiMedx product to exploit federal billing facilities was a major issue, there was another underlying element to the EOB.

Consider the following: in principle, Medicare reimbursements cover 80% of the cost of any treatment used as well as 80% of the Medicare application fee. Typically, this means a reduced payment for the patient, however by utilizing a larger graft than is necessary a physician can be reimbursed more than the cost of treatment.

Per the Rosenberger email, how can MiMedx justify physicians PROFITING from Medicare when system is intended to cover a PORTION of costs?

Viceroy yesterday showed MiMedx has zero credibility regarding their statements. Previously MiMedx had state to investors AvKare wasn’t an intermediary, controlled sales and it was all lies. MiMedx know full well what the implications of Mike Carlton’s deposition under oath means. There is no commentary, statements issued by MiMedx are purely intended to manipulate a situation where blind and naive analysts continue to promote the stock.

MiMedx continue to consciously mislead investors, defame Viceroy and Marc Cohodes

AvKare just “made it easier” for former Advanced BioHealing agents to stuff federal customers with MiMedx product

PDF Download Link

Viceroy present indisputable proof that Parker H. Petit has been misleading investors and defaming Marc Cohodes & Viceroy.

Mike Carlton, VP of Global Sales, was under oath giving a deposition about MiMedx’s relationship with Mid-South Biologics, who are suing MiMedx regarding contractual issues. Parker H. Petit and MiMedx attorneys would have known that during the deposition, Mike Carlton said this:

 

“AvKare didn’t sell the product. They didn’t do anything. They just made it easier to sell.”

Interestingly, when Viceroy and Marc Cohodes echoed this statement, we were met by a barrage of lies and a law suit from MiMedx who want to falsely asset our reports are factually inaccurate.

For the analysts that can find ‘no credible evidence of wrong-doing’, we recommend they review filings for all cases MiMedx are involved in.

Today’s focus is on case is Mid-South Biologics LLC (Pla) Vs. MiMedx Group Inc (Def) – Reference: Case 2:17-cv-02028-JTF-egb   Document 43-3   Filed 12/04/17. The deposition was taken on the 13th Day of October 2017.

Parker H. Petit and Mike Carlton are advised that we have forwarded this information to the SEC. Investors should be aware of the lengths MiMedx will go to mislead and misinform its shareholders

As a recap:

Analysts who can blindly find no credible evidence of wrong-doing should seriously review Viceroy’s reports and MiMedx’s own documentation showing channel-stuffing, fake revenue recognition, ‘free evaluation products’, breaches to anti-kickback statutes and many more violations.

As previously reported, MiMedx is being investigated by Regulators, it would be prudent for the sellside to conduct their own investigation instead of relying on a “binary outcome” in relation to allegations of fraud.

Viceroy release MiMedx EOB emails

Viceroy has obtained emails instructing physicians how to falsify MiMedx Q-codes to fraudulently increase reimbursement.

PDF Download Link

Viceroy have obtained printouts of emails sent from MiMedx employees specifically instructing physicians on how to fraudulently increase Medicare reimbursement.

An EOB document titled “EpiFix – Made Easy” has been sent to Viceroy, which appears to be advice from MiMedx to physicians on how to receive Medicare reimbursements for their product.

One problem: this advice was provided to surgical clients; whose products are ineligible for Medicare reimbursement.

MiMedx now under investigation by DOJ enforcement & VA

Viceroy has received responses to two Freedom of Information Act (FOIA) requests lodged after the publication of our initial report, one from the Department of Veterans Affairs and the other to the Department of Justice.

PDF Download Link
Both agencies withheld all requested documents under 5 U.S. Code § 552 5(b)(7)(A), which provides an exemption for agencies to make available public documents as it could “reasonably be expected to interfere with enforcement proceedings.”

Viceroy now believe MiMedx is under formal investigation by the DOJ, the DVA and the SEC.