If you enjoy this newsletter, be sure to check out TechCrunch’s venture-focused podcast, Equity. In this week’s episode, available here, Crunchbase News editor-in-chief Alex Wilhelm and I debate dual-class stock, discuss my takeaways from #CodeCon and review the biggest rounds of the week. You can subscribe to Equity here or wherever else you listen to podcasts.
Hello and welcome back to Startups Weekly, a newsletter published every Saturday that dives into the week’s noteworthy venture capital deals, funds and trends. Before I dive into this week’s topic, let’s catch up a bit. Last week, I wrote about Peloton’s upcoming initial public offering. Before that, I noted the proliferation of billion-dollar companies.
Remember, you can send me tips, suggestions and feedback to firstname.lastname@example.org or on Twitter @KateClarkTweets. If you don’t subscribe to Startups Weekly yet, you can do that here.
Now I know this newsletter is supposed to be about startups, but we’re shifting our focus to Big Tech today. Bear with me.
I spent the better part of the week in Scottsdale, Ariz. where temperatures outside soared past 100 and temperatures inside were icy cold. Both because Recode + Vox cranked the AC to ungodly levels but also because every panel, it seemed, veered into a debate around the “techlash” and antitrust.
If you aren’t familiar, the Financial Times defines the techlash as “the growing public animosity toward large Silicon Valley platform technology companies.” Code Conference has in the past been an event that underscores innovation in tech. This year, amid growing tensions between tech’s business practices and the greater good, things felt a little different.
The conference began with Peter Kafka grilling YouTube’s CEO Susan Wojcicki. Unfortunately for her, CodeCon took place the week after an enormous controversy struck YouTube. You can read about that here. Wojcicki wasn’t up to the task of addressing the scandal, at least not honestly. She apologized to the LGBTQ community for YouTube’s actions but was unable to confront the larger issue at hand: YouTube has failed to take necessary action toward eliminating hate speech on its platform, much like other social media hubs.
From there, The Verge’s Casey Newton asked Instagram head Adam Mosseri and Facebook vice president of consumer hardware Andrew Bosworth point blank if Facebook should be broken up. Unsurprisingly, neither of the two men are fond of the idea.
“Personally, if we split [Facebook and Instagram] it might make my life easier but I think it’s a terrible idea,” Mosseri, who was named CEO of Instagram last fall, said. “If you split us up, it would just make it exponentially more difficult to keep people safe. There are more people working on safety and integrity issues at Facebook than all the people that work at Instagram.”
Bosworth, who manages VR projects at Facebook, had this to say: “You take Instagram and Facebook apart, you have the same attack surfaces. They now aren’t able to share and combine data … So this isn’t circular logic. This is an economy of scale.”
Wojcicki, when asked whether YouTube should separate from Google, had a less nuanced and frankly shockingly ill-prepared response:
There’s more where that came from, but this newsletter isn’t about big tech! It’s about startups! Here’s all the startup news you missed this week.
CrowdStrike’s IPO went really well: After pricing its IPO at $34 per share Tuesday evening and raising $612 million in the process (a whole lot more than the planned $378 million), the company’s stock popped 90% Wednesday morning with an initial share price of $63.50. A bona fide success, CrowdStrike boasted an initial market cap of $11.4 billion, nearly four times that of its last private valuation, at market close Wednesday. I chatted with CrowdStrike CEO George Kurtz on listing day. You can read our full conversation here.
Fiverr climbs: The marketplace had a good first day on the NYSE. The company priced its IPO at $21 per share Wednesday night, raising around $111 million. It then started trading Thursday morning at $26 apiece, with shares climbing for most of the day and closing at $39.90 — up 90% from the IPO price. Again, not bad. Read TechCrunch’s Anthony Ha’s conversation with Fiverr CEO Micha Kaufman here.
Get ready for … Slack’s highly-anticipated direct listing next week (June 20). Catch up on direct listings here and learn more about Slack’s journey to the public markets here.
Bird confirmed its acquisition of Scoot
As is usually the case with these things, parties from both Bird and Scoot declined to tell us any details about the deal, so we went and found the details ourselves! First, The Wall Street Journal’s Katie Roof reported the (mostly stock) deal was valued at roughly $25 million. We confirmed with our sources that it was indeed less than $25 million and came after Scoot struggled to raise additional capital from venture capital investors.
Fortnite throws a Houseparty
While we’re on the subject of M&A, Epic Games, the creator of Fortnite, acquired Houseparty, a video chatting mobile app, this week. The deal comes shortly after Epic Games raised a whopping $1.25 billion. Founded in 2015, Houseparty is a social network that delivers video chat across a number of different platforms, including iOS, Android and macOS. Like Fortnite, the offering tends to skew younger. Specifically, the app caters toward teen users, providing a more private and safer space than other, broader platforms.
Symphony, a messaging app, gets $165M at a $1.4B valuation
BetterUp raises $103M to fast-track employee development
Neurobehavioral health company BlackThorn pulls in $76M from GV
Against Gravity, maker of the VR hit ‘Rec Room,’ nabs $24M
Simpo secures $4.5M seed round to help drive software adoption
If you’ve been unsure whether to sign up for TechCrunch’s awesome new subscription service, now is the time. Through next Friday, it’s only $2 a month for two months. Seems like a no-brainer. Sign up here. Here are some of my personal favorite EC pieces of the week:
Silicon Valley’s founder fetish infantilizes public companies
Verizon has been leaking customers’ personal information for days (at least)
Verizon is struggling to fix a glitch that has been leaking customers’ addresses, phone numbers, account numbers, and other personal information through a chat system that helps prospective subscribers figure out if Fios services are available in their location.
The personal details appear when people click on a link to chat with a Verizon representative. When the chat window opens, it contains transcripts of conversations that other customers, either prospective or current, have had. The transcripts include full names, addresses, phone numbers, account numbers (in the event they already have an account), and various other information. Some of the transcripts viewed by Ars date back to June. A separate Window included customers’ addresses, although it wasn’t clear who those addresses belonged to.
“Hi—I’m looking to get the teacher discount for Fios,” one person wrote on November 29. Below are redacted screenshots of some of what has been available.
Ars learned of the leak on Monday afternoon and alerted Verizon representatives immediately. The plan was to report the leak only after it had been fixed. As this post went live, the leak was still occurring, although the number of exposed chats had lessened. Ars decided to report the leak to alert people who may use the service that this data is being exposed. It’s not clear when Verizon began leaking the data. With some of the chats dating back to June, it’s possible that the leak has been occurring for months.
In a statement issued Thursday morning, Verizon said:
We’re looking into an issue involving our online chat system that assists individuals who are checking on the availability of Fios services. We believe a small number of users may have seen a name, phone number, and/or a home or building address from an unrelated individual who had previously used this chat system to enter that information. Since the issue was brought to our attention, we’ve identified and isolated the problem and are working to have it resolved as quickly as possible.
It’s not the first time Verizon has spilled customer information. In 2016, a database of more than 1.5 million Verizon Enterprise Solutions customers was put up for sale on an online crime forum. Verizon said at the time that a “security flaw in its site [had] permitted hackers to steal customer contact information,” according to KrebsOnSecurity, which broke the news.
Verizon was also one of four US cellphone carriers caught selling customers’ real-time locations to services that catered to law enforcement. One of the services made subscriber locations available to anyone who took the time to exploit an easily spotted bug in a free trial feature.
For the time being, it makes sense to avoid using Verizon’s Fios availability chat feature. This post will be updated once Verizon says the glitch has been fully fixed.
Amazon to roll out tools to monitor factory workers and machines
Amazon is rolling out cheap new tools that will allow factories everywhere to monitor their workers and machines, as the tech giant looks to boost its presence in the industrial sector.
Launched by Amazon’s cloud arm AWS, the new machine-learning-based services include hardware to monitor the health of heavy machinery and computer vision capable of detecting whether workers are complying with social distancing.
Amazon said it had created a two-inch, low-cost sensor—Monitron—that can be attached to equipment to monitor abnormal vibrations or temperatures and predict future faults.
AWS Panorama, meanwhile, is a service that uses computer vision to analyze footage gathered by cameras within facilities, automatically detecting safety and compliance issues such as workers not wearing PPE or vehicles being driven in unauthorized areas.
The new services, announced on Tuesday during the company’s annual cloud computing conference, represent a step up in the tech giant’s efforts to gather and crunch real-world data in areas it currently feels are underserved.
“If you look at manufacturing and industrial generally, it’s a space that has seen some innovations, but there’s a lot of pieces that haven’t been digitized and modernized,” said Matt Garman, AWS’s head of sales and marketing, speaking to the FT.
“Locked up in machines”
“There’s a ton of data in a factory, or manufacturing facility, or a supply chain. It’s just locked up in sensors, locked up in machines that a lot of companies could get a lot of value from.”
Amazon said it had installed 1,000 Monitron sensors at its fulfillment centers near the German city of Mönchengladbach, where they are used to monitor conveyor belts handling packages.
If successful, said analyst Brent Thill from Jefferies, the move would help Amazon cement its position as the dominant player in cloud computing, in the face of growing competition from Microsoft’s Azure and Google Cloud as well as a prolonged run of slowed segment growth.
“This idea of predictive analytics can go beyond a factory floor,” Mr. Thill said. “It can go into a car, on to a bridge, or on to an oil rig. It can cross fertilize a lot of different industries.”
A number of companies are already trialling AWS Panorama. Siemens Mobility said it would use the tech to monitor traffic flow in cities, though would not specify which. Deloitte said it was working with a major North America seaport to use the tool to monitor the movement of shipments.
“Easy for us to get worried”
However, Amazon’s own use of tools to monitor the productivity of employees has raised concerns among critics. Throughout the pandemic, the company has used computer vision to ensure employee compliance with social distancing guidelines.
Swami Sivasubramanian, AWS’s head of machine learning and AI, said none of the services announced would include “pre-packaged” facial recognition capabilities, and he said AWS would block clients who abused its terms of service on data privacy and surveillance.
“When you look at this technology, sometimes it’s very easy for us to get worried about how they can be abused,” he told the FT.
“But the same technology can be used to ensure worker safety. Are people walking in spaces where they shouldn’t be? Is there an oil spill? Are they not wearing hard hats? These are real-world problems.”
© 2020 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.
Oracle vulnerability that executes malicious code is under active attack
Attackers are targeting a recently patched Oracle WebLogic vulnerability that allows them to execute code of their choice, including malware that makes servers part of a botnet that steals passwords and other sensitive information.
WebLogic is a Java enterprise application that supports a variety of databases. WebLogic servers are a coveted prize for hackers, who often use them to mine cryptocurrency, install ransomware, or as an inroad to access other parts of a corporate network. Shodan, a service that scans the Internet for various hardware or software platforms, found about 3,000 servers running the middleware application.
CVE-2020-14882, as the vulnerability is tracked, is a critical vulnerability that Oracle patched in October. It allows attackers to execute malicious code over the Internet with little effort or skill and no authentication. Working exploit code became publicly available eight days after Oracle issued the patch.
According to Paul Kimayong, a researcher at Juniper Networks, hackers are actively using five different attack variations to exploit servers that remain vulnerable to CVE-2020-14882. Among the variations is one that installs the DarkIRC bot. Once infected, servers become part of a botnet that can install malware of its choice, mine cryptocurrency, steal passwords, and perform denial-of-service attacks. DarkIRC malware was available for purchase in underground markets for $75 in October, and it is likely still being sold now.
Other exploit variants install the following other payloads:
- Cobalt Strike
The attacks are only the latest to target this easy-to-exploit vulnerability. A day after the exploit code was posted online, researchers from Sans and Rapid 7 said they were seeing hackers attempting to opportunistically exploit CVE-2020-14882. At the time, however, the attackers weren’t actually trying to exploit the vulnerability to install malware but instead only to test if a server was vulnerable.
CVE-2020-14882 affects WebLogic versions 10.3.6.0.0, 126.96.36.199.0, 188.8.131.52.0, 184.108.40.206.0, and 220.127.116.11.0. Anyone using one of these versions should immediately install the patch Oracle issued in October. People should also patch CVE-2020-14750, a separate but related vulnerability that Oracle fixed in an emergency update two weeks after issuing a patch for CVE-2020-14882.
Watch a computer hack 2-dozen iPhones with 1 code – is anything sacred?
Earlier this year, a security researcher discovered a way to remotely hack any iOS device and steal all the data...
Twitter finally shuts down its abandoned prototype app twttr – TechCrunch
Twitter is shutting down its experimental app twttr, which the company had used publicly prototype new features back in 2019....
Microsoft Holiday 2020 ad spot delivers free Minecraft, Flight Simulator goodies
This week Microsoft released an ad spot video with a daydreaming dog. The dog dreams, and the dreams are a...
Verizon has been leaking customers’ personal information for days (at least)
Enlarge / A Verizon FiOS truck in Manhattan on September 15, 2017. Verizon is struggling to fix a glitch that...
Disney Vodafone Neo sorta turns Grogu into a Tamagotchi
The Neo is a smartwatch made in a collaboration between Disney and Vodafone. This watch utilizes technology developed or licensed...
Social10 months ago
CrashPlan for Small Business Review
Gadgets2 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Mobile2 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Social2 years ago
iPhone XS priciest yet in South Korea
Cars2 years ago
What’s the best cloud storage for you?
Security2 years ago
Google latest cloud to be Australian government certified
Cars2 years ago
Some internet outages predicted for the coming month as ‘768k Day’ approaches
Social2 years ago
Apple’s new iPad Pro aims to keep enterprise momentum