Year: 2020

Doxzoo proudly says on its website that your “documents are in safe hands.” But for some time, that wasn’t true.

The U.K. printing company left its customer files on a cloud storage bucket, hosted on Amazon Web Services, without a password. Anyone who knew the easy-to-guess bucket name could access the massive trove of customer files. By the time that the company secured the bucket, it contained more than 250,000 customer-uploaded files.

When reached by email, Paul Bennett, one of the company’s directors, confirmed the exposure.

“The data we store [with Amazon] is solely the files we use for printing their documents and we have a clear privacy policy on our website to cover how this data is held,” said Bennett.

“We frequently review processes and technical architectures to ensure we adhere to current best practices. We are committed to providing the best possible service to our customers and take the security of their personal data very seriously,” he added. “We have already sought guidance from the ICO on our data security and the precautions we take.”

But a spokesperson for the U.K.’s Information Commissioner’s Office (ICO) said it has not received a notification of a security lapse from Doxzoo.

“People have the right to expect that organization’s will handle their personal information securely and responsibly,” the ICO spokesperson said. “Where that doesn’t happen, people can come to the ICO and we will look into the details. When a data incident occurs, we would expect an organization to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects.”

Companies that fall foul of European data protection rules can be fined up to 4% of their annual turnover.

At the time of writing, Doxzoo has made no mention on either its blog or its social platforms about the security lapse.

Doxzoo finds itself in similar company to Rallyhood, a Sprint contractor, the Democratic Senatorial Campaign Committee, FormGet, Mixcloud, and Samsung, all of which have in the past year left sensitive data online by mistake.

Meet Riot, a company participating in Y Combinator’s current batch that wants to help you fight phishing attempts. Riot runs fake phishing campaigns on your employees. For instance, your team members could receive an email saying that their Google account has been deactivated to see if they can spot real email notifications from fake ones.

It has never been easier to secure your products and internal tools thanks to two-factor authentication, single sign-on and access policies. And yet, humans remain the most important vulnerability. Many data breaches start with a compromised account from one of your employees.

In other words, your company’s security is as strong as your least careful employee. That’s why educating your employees about security risks will be key in the coming years.

Riot is currently divided in three different modules. First, you can set up fake phishing campaigns on your employees. You can select a periodicity so that your employees receive a fake phishing attempt at least once every 45 days for instance. You then select between a template library. Right now, Riot can send you fake notifications about a suspended account on Microsoft, Google, Dropbox orSlack, a new shared document on Google or Dropbox and an unbranded voicemail notification.

“With the new voicemail received notification, the person should have noticed that the email came from the noreply.link domain name,” Riot founder and CEO Benjamin Netter told me.

Second, admins get a nice dashboard to check the level of their employees. You can see if they weren’t fooled, if some of them clicked on a link and (worse) if some of them entered a login and a password. This way, you can check progress over time or run frequent campaigns on some employees.

Third, if you failed a test as an employee, your company can assign you a quick security training. It looks like a chat interface with a few questions. It works on desktop and mobile and shouldn’t take more than a few minutes. Short, effortless trainings should be more efficient when it comes to getting the message across instead of boring webinars.

“The next step is CEO fraud training. It’s something I’ve noticed more and more. I’ve talked with a ton of people who said that assistants often receive emails from their managers asking them to buy 10 Amazon gift cards,” Netter said.

But CEO fraud could be even worse than that. Some attackers send invoices to the accounting department asking for a large bank transfer.

Eventually, Riot could offer more modules beyond education. For example, the startup could partner with an insurance company to negotiate better terms for a cybersecurity insurance product based on your Riot data.

Riot’s founder Benjamin Netter was previously the co-founder and CTO of October (formerly known as Lendix), one of the leading crowd-lending platform in Europe. He has experience when it comes to assessing risk.

The company is just getting started and has signed a handful of clients. Plans start at $200 per month for companies up to 50 employees.

Microsoft Teams is down.

Perfect timing, as some might say, given that pretty much everyone who uses Microsoft Teams who can work from home is currently not working at all.

The technology giant left a cryptic message — which at least is more than its users can do right now — on Twitter, stating that it’s “received reports that impact associated with TM206544 is ongoing.”

“We’re investigating the issue,” said Microsoft.

A lot of workers are staying at home because of the ongoing coronavirus pandemic. Countries are shutting borders, entire industries are struggling, the U.S. Federal Reserve has slashed interest rates, and governments are scrambling to protect their populations by asking millions to stay at home.

Suffice to say, a Microsoft Teams outage right now is not exactly helpful.

It’s Microsoft Team’s second outage in as many months after the software giant forgot to renew a TLS (HTTPS) certificate, forcing the service offline and users unable to communicate with colleagues for hours.

Checkmarx, an Israeli security company acquired in 2015 by private equity firm Insight Partners with an $84 million investment, was sold today to Hellman & Friedman, another private equity firm at a valuation of $1.15B. Nice little profit there, and the company will continue to hold a minority investment in the firm.

Checkmarx is one of a handful of Israeli security firms held in high regard across the cybersecurity industry. The company made its millions in application testing, helping developers detect and understand bugs, flaws and other compliance issues. But the security firm has raised its name through its research arm, finding and reporting bugs in popular technologies — from smart watches to vacuums.

In total the company has over 1400 customers including 40% of the Fortune 500, according to information supplied by the company. These include SAP, Samsung, and Salesforce.com.

The original executive team, including CEO Emmanuel Benzaque and CTO and founder Maty Siman remain with the company. Private equity investors tend to appreciate that level of continuity in the leadership team. It’s certainly something, along with the company’s core mission, that caught the eye of Tarim Wasim, partner at Hellman & Friedman.

“As cybersecurity threats continue to intensify, we strongly believe that embedding security early in the software development lifecycle is critical,” Wasim said in a statement.

“Only one company – Checkmarx – has the breadth of products, developer-centric DNA, and culture of relentless innovation to serve the entire software security market. We look forward to building on Checkmarx’s tremendous success to date and supporting the company’s rapid growth in the years ahead.”

The company was founded in 2006. Prior to the 2015 Insight investment, it had raised $8 million on a $120 million valuation, according to Pitchbook data. Today the company has over 700 employees.

TechCrunch did a synopsis recently on Africa’s 2019 VC stats. Analyses from investment fund Partech and media outlets Disrupt Africa and WeeTracker came up with varied numbers, but there was a common trend: the top two countries for venture capital to startups across all three studies were Nigeria and Kenya.

TechCrunch covered a number of the major investments in those markets in 2019. Here’s a look at the VC numbers and the companies receiving rounds in Africa’s leading startup countries.

How much VC?

There’s some pretty significant variance in the estimates for annual venture funding in Africa. From high to low, Partech pegged total 2019 VC for African tech companies at $2 billion, compared to WeeTracker’s $1.3 billion estimate and Disrupt Africa’s $496 million.

The deviations come largely from the different methodologies used to define startups and venture funding.

 

There will be no E3 this summer. And quite frankly, the future of just about every conference for the year looks to be in jeopardy, at best. Understandably, Microsoft is releasing most of the Xbox Series X info online in the meantime. A few weeks ago, it offered some key insights into the next-gen console and today it’s because with far and away its deepest dive yet.

A momentary respite, perhaps, from the news of the world, this morning brought four separate blog posts, a hands-on video and a whole lot of information for developers. Bookmark this glossary post in the meantime, if you need to cross reference any of the information referenced here or in the original post.

At very least, it will help you sound a bit smarter when you explain all of this stuff to a loved one.

Okay, let’s start with the spec breakdown:

So, a custom eight-core 8 core AMD Zen 2 CPU and an RDNA 2-class GPU. “Xbox Series X is the biggest generational leap of SOC and API design that we’ve done with Microsoft, and it’s really an honor for AMD to be a trusted Microsoft partner for this endeavor,” says Corporate VP Sebastien Nussbaum in the post.

Per the Digital Foundry deep dive,

[T]he Series X processor is actually capable of running four Xbox One S game sessions simultaneously on the same chip, and contains an new internal video encoder that is six times as fast as the more latent, external encoder used on current xCloud servers.

That’s coupled with the the GPU stuff we already knew about, including the promise of 12  teraflops of processing power, equating to double what the Xbox One X could do and eight times the original Xbox One. There’s Variable Rate Shading (VRS), which allows for the system to focus on given effects on screen and DirectX Raytracing for improved lighting, reflections and other fine touches.

“Without hardware acceleration, this work could have been done in the shaders, but would have consumed over 13 TFLOPs alone,” Xbox system architect Andrew Goossen tells the site. “For the Series X, this work is offloaded onto dedicated hardware and the shader can continue to run in parallel with full performance. In other words, Series X can effectively tap the equivalent of well over 25 TFLOPs of performance while ray tracing.”

Today brought some impressive early gaming demos as well. Gears 5 showcased 60 FPS videos in 4K (double the Xbox One X FPS), improved resolution textures and other details like fog and particles.

There’s a solid state drive on board with 1TB of storage, coupled with 16GB of RAM and a 4K Blu-ray drive. Around back, there’s what appears to be an HDMI port, Ethernet port, two standard USB ports and an expansion slot. Here’s the Seagate storage expansion module from the aforementioned hands on video:

The controller, too, is getting an overhaul. It ships with a pair of AA batteries (though you can upgrade to rechargeable). Senior Designer Ryan Whitaker says inclusion was a big part of some of the design changes here, as gaming continues to grow with a mainstream audience,

One key area we’re improving is fitting a wider range of hand sizes, especially smaller hands. By accommodating hands similar to those of an average 8-year-old, we found we could improve accessibility and comfort for hundreds of millions more people without negatively affecting the experience for those with larger hands. We did that by rounding the bumpers, slightly reducing and rounding parts around the triggers, and carefully sculpting the grips.

There’s a Share button on board, in an attempt to make it a more social experience, along with design changes focused on making it easier to play older games via xCloud. Microsoft clearly wants to make game play more platform agnostic, as it moves to more cloud-based experiences.

The Xbox Series X is due out at the end of the year and will go head to head with Sony’s latest offering.

The morning after the Federal Reserve cut its interest rates to near zero at the urging of the President (a move meant to stabilize jittery markets worried about the economic fallout from the global response to the novel coronavirus pandemic), all of the indexes posted major losses. For the third time in the past two weeks, the Dow hit its emergency circuit breaker as the market opened; the S&P also halted trades.

• The Dow Jones Industrial Average was down nearly 10% at the open, falling by 2,250 points to 20,935
• The Nasdaq was off by 6.12%, falling 7,392.73
• The S&P 500 fell by 8.14%, or 220.55, to open at 2,490.47

The huge drop mirrored movements in international markets — which were all thrown into turmoil by the Fed’s drastic rate cuts. Hong Kong’s Hang Seng Index, Japan’s Nikkei, London’s FTSE, and the Shanghai Exchange all saw losses for the day (London is still trading).

The Monday morning selloff all but erased the “biggest stock market rise in history” touted by President Donald Trump on Friday after an announcement in the Rose Garden detailing the steps America’s corporations were taking to halt the spread of the COVID-19 outbreak.

That meeting was followed by a weekend full of pronouncements from cities and states across the U.S. urging Americans to self-quarantine and shuttering non-essential businesses like bars, restaurants, and entertainment venues in an effort to enforce social distancing, amid an ongoing rise in cases.

Meanwhile, the government is beginning to roll out large scale testing for COVID-19 to finally determine exactly how widely the disease has spread. The latest number, tallied by Johns Hopkins, is nearly 170,000 cases globally, with nearly 3,800 in the U.S.

The see-saw of the markets puts everything into unforeseen territory and not even the supposed digital safe haven of bitcoin is immune. Prices of the digital currency fell to $4,644.53 compared to one month ago, when it was hovering around $10,000.

This is the third time that so-called circuit breakers (trading curbs) have tripped in the last few days. We had a Level 1 circuit breaker trip on March 9 and another one on March 12 as markets recoiled from growing concerns over the global outbreak of coronavirus. While markets have also had their up days — this past Friday the Dow surged more than 5% — the persistent expansion of restrictions on consumers and travel continues to ripple through the markets.

For a Level 1 pause to be triggered, the S&P 500 has to see a 7% drop from the previous trading day’s close. Additional circuit breaker levels exist if the markets decline by higher percentages. These circuit breakers were put in place by the Securities and Exchange Commission, and are standardized across major U.S. exchanges since 2012.

Circuit breaker trips are more common on individual stocks (where similar rules apply), but market-wide trading halts are relatively rare. Three in just a matter of a bit more than a week is unprecedented in the history of the U.S. markets, barring the exception of the 9/11 terrorist attacks, in which the New York Stock Exchange and other markets were closed for roughly a week.

Global ticketing and events business Eventbrite announced this morning its business outlook will be materially impacted by the COVD-19 pandemic, as many have already suspected. Specifically, the company says it’s withdrawing its outlook for the first quarter of 2020 as a result of the “growing impact” the outbreak is having on global live events.

The announcement comes at a time when many places around the world have banned large gatherings —including U.S. states like California, New York and Washington — making events like meetups, conferences, concerts, and more not just ill-advised but illegal. Local governments are also telling residents to practice social distancing in order to reduce the virus’s spread. And on Sunday, the CDC recommended that no gatherings of more than 50 people should take place over the next eight weeks to slow the spread of the novel coronavirus across the U.S.

This would include conferences, festivals, parades, concerts, sporting events, and other assemblies — the sorts of events that flow through Eventbrite’s ticketing platform and live events management systems.

“The global pandemic and the impact on the live events industry is unprecedented,” said Julia Hartz, Eventbrite’s Chief Executive Officer, in a statement released this morning. “We are working diligently to ensure the wellbeing of our global workforce and support our customers as they make important decisions about their events through this period of time. The year started off strong across the board and we are now seeing a material impact to our business from the virus. While the ultimate magnitude of this near-term impact is unclear at this time, we remain confident in our go forward strategy, our market position and the long-term demand for live experiences,” she added.

Eventbrite in 2019 had grown its business to reach a community of nearly 1 million creators who organized 4.7 million live events across 180 countries. Its revenue for the year was up 12% on an annual basis to reach $327 million. Going into 2020, Eventbrite expected to expand those numbers.

In February, the company had said it anticipated first-quarter revenue of $84 million to $88 million, and 2020 revenue of $342 million to $359 million. Its business outlook also anticipated 3% to 8% revenue growth for the first quarter of 2020 and 5% to 10% for the full year of 2020, with stronger revenue in the second half of the year.

In addition to the loss of revenue from events that aren’t even being planned, the company is likely also impacted by cancellations which lead to chargebacks.

Eventbrite had previously hinted at the novel coronavirus’s potential to impact aspects of its business during its Q4 2019 earnings call, noting that 10% of its events on the platform drew attendees from over 100 miles away, where travel restrictions could lead to lower attendance. In addition, 10% of tickets of paid tickets came from events with over 5,000 attendees, where the cancellations of large-scale events could impact the business outlook.

But Eventbrite had also spoken with a sense optimism at the time, adding that many events it serves are smaller, local gatherings and that it had so far seen only a limited number of cancellations.

Of course, much has changed between February and now.

The company did not offer revised projections at this time, as much is still unknown about how long before the outbreak is under control.

Despite indications just a few days ago that launches as soon as later this month were on track as planned, Arianespace announced on Monday that they made the tough call to suspend operations at the Guiana Space Center, Europe’s spaceport located in French Guiana. This includes suspending any launch campaigns currently on the calendar in the immediate future, like the Vega rocket mission carrying multiple satellites set for March 24 and the Soyuz rocket Falcon Eye mission set for April 14.

Arianespace says that the “need to fully implement the measures decided by the French Government” is the primary reason behind its decision to suspend launch campaign operations. The company also says that it is taking this action in order “to protect the health of employees and the local population, while also maintaining the security needed to prepare for scheduled launches.”

In order to facilitate the shut down and make sure that things are ready to go whenever conditions allow things to resume safely, the French space agency is working with Arianespace and all the companies involved on both the launch vehicle and payload side to secure the spacecraft and cargo in ‘standby’ mode. There’s no information on when things might resume, but that’s understandable given the circumstances.

Launch activities from other international space agencies and launch providers don’t appear to be specifically impacted yet – SpaceX attempted a launch on Sunday, which was aborted for technical reasons, but that could be rescheduled for as early as mid-week. Meanwhile, a Chinese Long March rocket looks to be readying for take-off today, and ULA still seems to be tracking towards a March 26 launch of a Space Force communications satellite.

Huboo, the U.K. startup that operates a multi-channel fulfilment service for e-commerce businesses of varying sizes, has picked up an undisclosed amount of investment from Maersk Growth, the venture arm of Danish container logistics giant A.P. Moller – Maersk.

The funding is described as a bridge round designed to see Huboo through to a future Series A. It follows the disclosure of £1 million in seed backing in September 2019 led by London venture capital firm Episode 1, alongside a number of unnamed private individual investors. The startup is also backed by True Capital and Ada Ventures.

Launched in November 2017 by Martin Bysh and Paul Dodd after the pair had run a number e-commerce experiments, Huboo aims to solve the fulfillment pain point that most online stores face. The service promises to store your stock, and then “pick, pack and deliver it” automatically as customer orders are placed.

The idea is that by outsourcing fulfillment, online shops can focus on the parts of the business where most value is added, such as customer service and choosing which products to develop and/or sell.

The Huboo dashboard provides stock control, order tracking and billing information. Meanwhile, the startup’s “core operational technology” integrates with popular sales channels and marketplaces, such as Amazon, eBay and Shopify. The enables Huboo to directly receive and process its customers’ orders in real-time.

Comments Oliver Finch, Investor at Maersk Growth: “Fulfillment is a surprisingly complex and time-consuming aspect of e-commerce, particularly for smaller and mid-size companies that are the meaningful engines of global economic growth. Huboo offers a breakthrough to this underserved market, using advanced automation software to provide an effective and scalable solution. There’s clear alignment with Maersk Growth’s focus on driving innovation in the transport and logistics value chain and we are incredibly excited to be part of Huboo’s onward success”.

Since we last covered Huboo, it has opened a second purpose built warehouse, and expanded its full-time employees to 52. I’m also told clients have grown from 80 to 250, and that over 50% of revenues come from U.K. manufactured items and “re-commerce” clients.