Year: 2019

Palo Alto Networks surely loves to buy security startups. Today it added to its growing collection when it announced its intent to acquire IoT security startup Zingbox for $75 million.

The company had raised $23.5 million, according to Crunchbase data. The three co-founders, Xu Zou, May Wang and Jianlin Zeng, will be joining Palo Alto after the sale is official.

With Zingbox, the company gets IoT security chops, something that is increasingly important as companies deploy internet-connected smart devices and sensors. While these tools can greatly benefit customers, they also often carry a huge security risk.

Zingbox, which was founded in 2014, gives Palo Alto a modern cloud-based solution built on a subscription model along with engineering talent to help build out the solution further. Nikesh Arora, chairman and CEO of Palo Alto Networks, certainly sees this.

“The proliferation of IoT devices in enterprises has left customers facing an enormous gap in protection against cybersecurity attacks. With the proposed acquisition of Zingbox, we will provide a first-of-its-kind subscription for our Next-Generation Firewall and Cortex platforms that gives customers the ability to gain control, visibility and security of their connected devices at scale,” Arora said in a statement.

This is the fourth security startup the company has purchased this year. It acquired two companies, nabbing PureSec and Twistlock, on the same day last Spring. Earlier this year, it bought Demisto for $560 million. All of these acquisitions are meant to build up the company’s portfolio of modern security offerings without having to build these kinds of tools in-house from scratch.

Reefknot Investments, a joint venture between Temasek, Singapore’s sovereign fund, and global logistics company Kuehne + Nagel, announced today the launch of a $50 million fund for logistics and supply chain startups. The firm is based in Singapore, but will look for companies around the world that are raising their Series A or B rounds.

Managing director Marc Dragon tells TechCrunch that Reefknot will serve as a strategic investor in its portfolio companies, providing them with connections to partners that include EDBI, SGInnovate, Atlantic Bridge, Vertex Ventures, PSA unBoXed, Unilever Foundry and NUS Enterprise, in addition to Temasek and Kuehne + Nagel .

Dragon, a veteran of the supply chain and logistics industry, says Reefknot plans to invest in about six to eight startups. It is especially interested in companies that are using AI or deep mind tech, digital logistics and trade finance to solve problems that range from analyzing supply chain data and making forecasts to managing the risk of financing trade transactions. Data from Gartner shows that about half of global supply chain companies will use AI, advanced analytics or the Internet of Things in their operations by 2023.

“There is a high level of expectation from vendors that because of technology, there will be new methods to do analytics and planning, and greater visibility in terms of information and product, materials and goods flowing throughout the supply chain,” says Dragon.

Reefknot will also establish a think tank that will work with industry experts and government organizations on forums, research and exploring new logistics and supply chain business models that startups can bring into fruition.

There’s an arms race in retail to produce better coffee, and one startup, Bellwether Coffee, thinks it has the solution for retailers to sell the very best beans.

The business, headquartered in Berkeley, is today announcing a $40 million Series B financing led by DBL Partners and SolarCity co-founders Peter and Lyndon Rive. The round brings its total funding to $56 million, including a $10 million Series A last summer.

The hardware and software business manufactures tech-enabled zero-emission commercial coffee roasters designed to sit in cafes, grocery stores, on college campuses and any other place people buy coffee. Purchase of a roaster, which are sold for $75,000 or leased for $1,000 per month, comes with access to an online marketplace for coffee beans. The goal is to give coffee shops the power to roast their own beans, forgoing the middle men that have historically sold wholesale pre-roasted beans at a premium to cafes around the world.

“We want to create this connected coffee experience from the farm in Ethiopia all the way to the roaster at the cafe and the customer,” Bellwether chief executive officer Nathan Gilliland tells TechCrunch.

With roughly 140 customers, Bellwether plans to expand manufacturing capabilities and grow its customer-facing team with the infusion of venture capital funding. After growing revenues 6x in 2019, the startup is also unlocking its global ambitions, with launches in Southeast Asia and Europe scheduled for next year.

Gilliland credits the company’s growth to a larger movement at play: The “premiumization of coffee,” in which consumers are in search of higher quality cups of joe.

“You saw it happen with wine, you saw it in craft beer,” he said. “You were drinking Bud Light and now you’re drinking craft beer. You see it in higher-end grocery stores pushing out these products; it’s the premiumization of the category.”

“Thirty years ago, everyone drank Folgers, then Starbucks changed how everyone thought about coffee in the 80s, then Blue Bottle took it to the next step and that’s the backdrop,” he added.

Bellwether was founded in 2013 by Ricardo Lopez. The company is also backed by FusionX, Congruent Ventures, Coffee Bell, Tandem Capital, Spindrift Equities, XN Ventures, Balius Partners and Hardware Club.

Nintendo Switch Online, the subscription-based online services component of Nintendo’s Switch console, will get SNES games starting on September 5 – yes, that’s right, the first game are available to play tomorrow. There are 20 games available initially, with more planned in future.

Alongside the new software, there’s also the new SNES system wireless controller for Switch, which charges via USB-C and retails for $29.99 directly from Nintendo.

The launch lineup for the SNES portion of Nintendo Switch Online looks pretty promising, and includes highlight favourites like Star Fox, Breah of Fire, F-Zero, Super Mario World and Super Metroid (you can see full list below).

We got a strong indication that this was happening earlier this month, thanks to an FCC fiing that detailed the SNES controller hardware. Nintendo likewise released an NES controller alongside its launch of the Nintendo Online Service when it debuted last year.

The best part about this surprise drop is that it’s available basically right now – check your Nintendo Online app on your Switch tomorrow to begin playing these nostalgic gaming classics.

The Interactive Advertising Bureau’s Tech Lab is calling for a new approach to online tracking, one that would replace the long-lived cookie.

In a lengthy post, the IAB Tech Lab’s Jordan Mitchell runs through the history of tracking, describing the cookie as “a boon to the internet” that allowed websites to tailor their ads and content to each visitor, while acknowledging that this approach has some shortfalls:

Proprietary HTTP cookies were (and remain) the core mechanism for distinguishing one consumer from another, and each cookie may only be read by the party that sets it. There is no standardized, centralized mechanism for consumers to convey their interests or privacy preferences, which can then travel with them and be reliably broadcast to the right parties as consumers surf the web or hop from app to app on their mobile devices.

He suggested that this “fragmented and privatized” approach to privacy has led to “the data and privacy crises that we see today.”

Those crises are probably why the IAB — a trade group of advertisers and media companies, which sets a number of digital advertising standards — is taking action on this now, as government scrutiny of online privacy practices is on the rise, while companies like Apple, Google and Mozilla are all strengthening their browser privacy controls in ways that will make cookies less effective.

In response, the IAB is calling for new “standardized privacy settings and consumer controls tied to a neutral, standardized identifier.”

In other words, instead of one-off cookies, consumers would be tracked by a single identifier across the web. In order to get access to that identifier, Mitchell said companies would have to “consistently demonstrate compliance to the privacy preferences attached.” And Mitchell said the IAB is also proposing that “these standards be set up as public utilities, subject to regulations promulgated by government entities, with the digital media and marketing industries jointly governing the standards with the browser providers.”

You might be leery of an ad industry trade group creating a new identifier that can track users so broadly, and you wouldn’t be the only one: In response to the proposal, Brendan Eich, CEO of ad-blocking browser company Brave, tweeted, “Who’re they kidding? A single ‘token’ will uniquely identify you & be linked to your name & personal data in a trice among sites sharing info w/ their 3rd parties.”

Mitchell acknowledged the likelihood of skepticism in an interview with CNET, where he said, “Who’s going to trust the industry come save the day? No one. We recognize we need to show accountability and reliability to the preferences set by consumer.”

Four years ago, Porsche showed off a concept that would mark a turning point — in investment, R&D and product trajectory — for the German automaker. The reaction to the Mission E, as it was called then, prompted Porsche AG to push forward with a plan to not only develop one electric car, but commit billions of dollars towards electrification.

On Wednesday, in a debut held in three countries simultaneously, the world finally got to see the first fruits of its strategy.

TechCrunch was in Niagara Falls for the splashy reveal. We have all the details of the two Taycan models introduced Wednesday including the pricing, power and performance stats. And of course, we have a side-by-side comparison of the Taycan versus a Tesla Model S. We even provided a timeline (along with photos) of Porsche’s development  of the Taycan.

Now here are more photos of the Taycan Turbo S on stage in Canada.

[gallery ids="1877459,1877460,1877467,1877481,1877461,1877480,1877477,1877462,1877463,1877464,1877466,1877468,1877469,1877470,1877471,1877473,1877476,1877478,1877479,1877485,1877488"]

Fourteen women today filed a lawsuit against Lyft alleging the company has not addressed complaints pertaining to sexual assault, including rape. The suit, filed today in the Superior Court of San Francisco, seeks special, general and punitive damages, among other types of relief.

In one case, a woman describes a Lyft driver who ended the ride more than one mile away from her house, locked the doors, told her, “I love you” and took her phone, the suit claims. It goes on to describe how he eventually pulled over the car so he could climb into the back seat, the suit alleges. That’s when he “grabbed her face to forcefully kiss her, at which time she slapped him, breaking a finger; then eventually driving her to a beach – where he raped her.”

Calling it a “sexual predator crisis,” the lawsuit claims Lyft has known of sexual assaults since 2015 and has had an “appallingly inadequate” response. Specifically, the lawsuit claims Lyft continues to let “culpable drivers who have complaints of rape and sexual assaults lodged against them” continue driving for Lyft.

The suit alleges Lyft also does not cooperate with the police when a driver sexual assaults a passenger nor does it require any sexual harassment training of its drivers. Additionally, Lyft allowed drivers accused of rape to continue driving for the service, the suit alleges.

To help address and ideally eliminate sexual assaults, the lawsuit recommends Lyft adopt a zero-tolerance policy for improper conduct, add a surveillance camera to the app that can record audio and video of all rides and require drivers to have it on at all times, adopt a policy for the mandatory reporting of sexual assault, as well as take other steps to increase safety.

Competitor Uber has also faced a number of sexual assault and abuse lawsuits. Between 2014 – 2018, CNN found 103 Uber drivers who had been accused of sexual assault or abuse of passengers.

Over the years, both companies have made steps to ramp up their respective safety procedures. In April, Uber launched a campus safety initiative while Lyft implemented continuous background checks and enhanced its identity verification process for drivers. Uber, however, implemented continuous background checks about a full year before Lyft. Unlike Uber, Lyft lacks an easy way for riders to call 911 within the app. In May 2018, Uber added an in-app 911 calling feature.

I’ve reached out to Lyft and will update this story if I hear back.

Fourteen women today filed a lawsuit against Lyft alleging the company has not addressed complaints pertaining to sexual assault, including rape. The suit, filed today in the Superior Court of San Francisco, seeks special, general and punitive damages, among other types of relief.

In one case, a woman describes a Lyft driver who ended the ride more than one mile away from her house, locked the doors, told her, “I love you” and took her phone, the suit claims. It goes on to describe how he eventually pulled over the car so he could climb into the back seat, the suit alleges. That’s when he “grabbed her face to forcefully kiss her, at which time she slapped him, breaking a finger; then eventually driving her to a beach – where he raped her.”

Calling it a “sexual predator crisis,” the lawsuit claims Lyft has known of sexual assaults since 2015 and has had an “appallingly inadequate” response. Specifically, the lawsuit claims Lyft continues to let “culpable drivers who have complaints of rape and sexual assaults lodged against them” continue driving for Lyft.

The suit alleges Lyft also does not cooperate with the police when a driver sexual assaults a passenger nor does it require any sexual harassment training of its drivers. Additionally, Lyft allowed drivers accused of rape to continue driving for the service, the suit alleges.

To help address and ideally eliminate sexual assaults, the lawsuit recommends Lyft adopt a zero-tolerance policy for improper conduct, add a surveillance camera to the app that can record audio and video of all rides and require drivers to have it on at all times, adopt a policy for the mandatory reporting of sexual assault, as well as take other steps to increase safety.

Competitor Uber has also faced a number of sexual assault and abuse lawsuits. Between 2014 – 2018, CNN found 103 Uber drivers who had been accused of sexual assault or abuse of passengers.

Over the years, both companies have made steps to ramp up their respective safety procedures. In April, Uber launched a campus safety initiative while Lyft implemented continuous background checks and enhanced its identity verification process for drivers. Uber, however, implemented continuous background checks about a full year before Lyft. Unlike Uber, Lyft lacks an easy way for riders to call 911 within the app. In May 2018, Uber added an in-app 911 calling feature.

I’ve reached out to Lyft and will update this story if I hear back.

MGM and Hulu announced today that they will be adapting “The Testaments,” Margaret Atwood’s sequel to her novel “The Handmaid’s Tale.”

The series has been key in establishing Hulu’s reputation as a home for original content. It was the first streaming original to win an Emmy for Best Drama, and was recently renewed for a fourth season.

The novel, meanwhile, was published back in 1985. The show followed its blueprint during its first season, telling the story of a woman named June (played by Elisabeth Moss), trapped in a dystopian, patriarchal society called Gilead.

Then, without additional source material to draw on, the show’s creative team came up with their own plot for seasons two and three. It sounds like Atwood’s sequel (scheduled for publication on September 10) avoids covering the same ground by jumping 15 years into the future.

It’s not clear whether “The Testaments” will become a spinoff series on Hulu, or if story elements will simply be incorporated into later seasons of “The Handmaid’s Tale.” The official announcement simply says the studios are talking to series showrunner Bruce Miller about “how the upcoming novel can become an important extension to the immensely popular award-winning series ‘The Handmaid’s Tale.'”

“Margaret Atwood is one of the visionary storytellers of her generation,” said Hulu’s senior vice president of originals Craig Erwich in a statement. “From her award-winning poetry, short-stories and novels, Margaret has continually pushed boundaries and broken barriers to bring innovative stories to life.”

Hundreds of millions of phone numbers linked to Facebook accounts have been found online.

The exposed server contained over 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

But because the server wasn’t protected with a password, anyone could find and access the database.

Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username.

But phone numbers have not been public in more than a year since Facebook restricted access to users’ phone numbers.

TechCrunch verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook’s own password reset feature, which can be used to partially reveal a user’s phone number linked to their account.

Some of the records also had the user’s name, gender, and location by country.

A redacted set of records from the U.K. database. The “44” indicates +44, the U.K.’s country code and the “7” indicates a cell phone number.

This is the latest security lapse involving Facebook data after a string of incidents since the Cambridge Analytica scandal, which saw more than 80 million profiles scraped to help identify swing voters in the 2016 U.S. presidential election.

Since then the company has seen several high-profile scraping incidents, including at Instagram, which recently admitted to having profile data scraped in bulk.

This latest incident exposed millions of users’ phone numbers just from their Facebook IDs, putting them at risk of spam calls and SIM-swapping attacks, which relies on tricking cell carriers into giving a person’s phone number to an attacker. With someone else’s phone number, an attacker can force-reset the password on any internet account associated with that number.

Security researcher Sanyam Jain found the database and contacted TechCrunch after he was unable to find the owner. After a review of the data, neither could we. But after we contacted the web host, the database was pulled offline.

Jain said he found profiles with phone numbers associated with several celebrities.

Facebook spokesperson Jay Nancarrow said the data had been scraped before Facebook cut off access to user phone numbers.

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”

But questions remain as to exactly who scraped the data, when it was scraped from Facebook, and why.

Facebook has long restricted developers access to user phone numbers. The company also made it more difficult to search for friends’ phone numbers. But the data appeared to be loaded into the exposed database at the end of last month — though that doesn’t necessarily mean the data is new.

This latest data exposure is the most recent example of data stored online and publicly without a password. Although often tied to human error rather than a malicious breach, data exposures nevertheless represent an emerging security problem.

In recent months, financial giant First American left data exposed, as did MoviePass and the Senate Democrats.

Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.