Bite Ninja scoops up pre-seed funding to reimagine restaurant working environments

Will Clem knows all too well about restaurant workers not showing up for a shift. At least one person would have car trouble or need to stay home with sick children, and it became a common occurrence on the weekends for the co-founder of Memphis Meats and owner of Baby Jacks BBQ in Memphis.

Needing to fill a shift one Friday night, Clem decided to prop his laptop in the drive-thru lane of one of his restaurants and took orders from home by remoting into the system. No one noticed that he wasn’t actually taking orders from the kitchen itself. Thus came the idea for Bite Ninja, a remote hiring technology platform for restaurants.

Clem connected with Orin Wilson to start the company in 2020 and worked for a year on the technology before launching it in March. Today, the company announced $675,000 in pre-seed funding led by Y Combinator, AgFunder and Manta Ray.

With many restaurants unable to find workers as a result of the global pandemic, Clem and Wilson wanted to build a technology that would enable restaurants to go back to normal operating hours, or even reopen their stores. At the same time, the workers, or “Ninjas” as they are referred to, can work the drive-thru or counter for a lunch or dinner rush shift from home, but appear on-screen to customers via menu boards, Wilson said.

Bite Ninja drive-thru. Image Credits: Bite Ninja

“When a restaurant is slammed, you need an army of people to work the rush, but it is not reasonable to ask them to get in their uniform and get in their cars, last-minute, to clock in for just an hour or two,” he added. “They have control of their schedule and can pick the right shift for them. It is so popular that we typically have five to 10 people bidding on each shift.”

Bite Ninja is providing a better experience and reaches potential workers that would not necessarily have an interest in performing fast food work. Many of the 3,000 Ninjas already working with the company are stay-at-home moms and retirees with customer service experience, but who can’t physically come into a store, Clem said. In addition, the company is working with the Nurse-Family Partnership to help women get back into the workforce.

The company initially ran three pilot programs and has expanded services to curbside and front cashier stations. The funding will enable Bite Ninja to scale initiatives, hire additional software engineers and prepare for a rollout at national food chains.

Since launching earlier this year, Bite Ninja is already being used in a few thousand stores.

Manuel Gonzalez, partner at AgFunder, said restaurants are a big part of entrepreneurship, but the pandemic forced more than 110,000 of them out of business.

“Bite Ninja’s solution is one that decreases costs to restaurant owners, but increases the income of the worker,” he said. “It also helps entrepreneurs and the community because restaurants are important for economic, cultural, community and social points of view.”

 

E-commerce-as-a-service platform Cart.com picks up $98M to give brands scaling tools

Cart.com, a Houston-based company providing end-to-end e-commerce services, brought in its third funding round this year, this time a $98 million Series B round to bring its total funding to $143 million.

Oak HC/FT led the new round of funding and was joined by PayPal Ventures, Clearco, G9 Ventures, Mercury Fund, Valedor Partners and Arsenal Growth. Strategic investors in the Series B include HeyDay CEO Sebastian Rymarz and Casper CEO Philip Krim. This new round follows a $25 million Series A round, led by Mercury and Arsenal in July, and a $20 million seed round from Bearing Ventures.

Cart.com CEO Omair Tariq, who was previously an executive at Home Depot and COO of Blinds.com, co-founded the company in September 2020 with Jim Jacobson, former CEO of RTIC Outdoors.

Tariq told TechCrunch that the company provides software, services and infrastructure to small businesses so they can scale online. Cart.com is taking the best parts of selling direct-to-consumer on marketplaces like Amazon and Shopify to create value for brands. Tariq said he is pioneering the term “e-commerce-as-a-service” to bring together under one platform a suite of business tools like store software, marketing, fulfillment, payments and customer service.

“We see the power of having an interconnected platform,” Tariq said. “There also needs to be a hybrid between selling direct-to-consumer on Amazon and Shopify for companies that don’t have the money to pay for a percentage of their sales and receive no access to customers or data, and needing 20 different plug-ins that are not connected.”

Cart.com went after the new funding after seeing validation of its idea: brands coming to them wanting more products and services, which led to acquisitions. The company has acquired seven companies so far, including — AmeriCommerce, SpaceCraft Brands and, more recently, Dumont Project and Sauceda Industries. Tariq is planning for another three or four by the end of the year.

In addition, it received inbound interest from strategic investors, like Oak and PayPal, which Tariq said was going to enable the company “to be more successful faster.”

Allen Miller, principal at Oak HC/FT, said after spending time with Tariq to understand his vision about Cart.com’s software, payments and services, he felt that the company was doing something that didn’t exist in today’s commerce infrastructure.

He said that Cart.com is well positioned to help companies, like those with $1 million in sales, stay focused on growing the business while Cart.com stitches together all of the tools for them to operate in the background.

“It’s a unique offering to merchants that has a high value proposition,” Miller said. “The vision and drive that Omair and Jim have, along with an inspiring mission they want to achieve — to be brand-centric and help the next generation of merchants. These guys also have a good playbook on finding companies and teams to acquire, as well as handling the post M&A to have everyone on one platform.”

The new financing will enable Cart.com to further invest in technology development and to increase headcount by at least 15 times, with plans to go from fewer than two dozen employees to more than 300 team members by the end of the year. The company has nearly 70 jobs posted on its website for positions in engineering, technology, digital marketing and e-commerce. Tariq also expects half of the funds to go toward more acquisitions.

Cart.com currently serves over 2,000 e-commerce brands, including GNC, Haymaker Coffee, KeHE and Gravatiq, and processes more than $700 million in gross merchandise value per year. The company saw revenue increase 400% since the platform’s launch in November.

In addition, the company has nine fulfillment centers across the country, and is increasing its access to reach 80% of the U.S. population with two-day shipping, Tariq added.

“We are giving the power back to brands by giving them what they need to operate e-commerce,” he said. “There are still a few pieces to fill in so brands have a unified experience, but with us, they can add fulfilment, marketing or customer conversion tools with the click of a couple of buttons.”

 

Former Snap employees raise $9M for Trust, emerging from beta to level marketing playing field

Trust wants to give smaller businesses the same advantages that large enterprises have when marketing on digital and social media platforms. It came out of beta with $9 million in seed funding from Lerer Hippeau, Lightspeed Venture Partners, Upfront Ventures and Upper90.

The Los Angeles-based company was started in 2019 by a group of five Snap alums working in various roles within Snap’s revenue product strategy business. They were building tools for businesses to fund success with digital marketing, but kept hearing from customers about the advantage big advertisers had over smaller ones — the ability to receive good payment terms, credit lines, as well as data and advice.

Aiming to flip the script on that, the group created Trust, which is a card and business community to help digital businesses navigate the ever-changing pricing models to market online, receive the same incentives larger advertisers get and make the best decision of where their marketing dollars will reach the furthest.

Trust dashboard

Trust does this in a few ways: Its card, built in partnership with Stripe, enables businesses to increase their buying power by up to 20 times and have 45 days to make payments on their marketing investments, CEO James Borow told TechCrunch. Then as part of its community, companies share knowledge of marketing buys and data insights typically reserved for larger advertisers. Users even receive news via their dashboard around their specific marketing strategy, he added.

“The ad platforms are a wall of gardens, and most people don’t know what is going on inside, so our customers work together to see what is going on,” Borow said.

The growth of e-commerce is pushing more digital marketing investments, providing opportunity for Trust to be a huge business, Borow said. E-commerce sales in the U.S. grew by 39% in the first quarter, while digital advertising spend is forecasted to increase 25% this year to $191 billion. Meanwhile, Google, Facebook, Snapchat and Twitter all recently reported rapid growth in their year-over-year advertising revenues, Borow said.

The new funding will go toward increasing the company’s headcount.

“We have active customers on the platform, so we wanted to ramp up hiring as soon as we went into general release,” he added. “We are leaving beta with 25 businesses and a few hundred on our waitlist.”

That list will soon grow. In addition to the funding round, Trust announced a strategic partnership with social shopping e-commerce platform Verishop. The company’s 3,500 merchants will receive priority access to the Trust card and community, Borow said.

Andrea Hippeau, partner at Lerer Hippeau, said she knew Borow from being an investor in his previous advertising company Shift, which was acquired by Brand Networks in 2015.

When Borow contacted Lerer about Trust, Hippeau said this was the kind of offering that would be applicable to the firm’s portfolio, which has many direct-to-consumer brands, and knew marketing was a huge pain point for them.

“Digital marketing is important to all brands, but it is also a black box that you put marketing dollars into, but don’t know what you get,” she said. “We hear this across our portfolio — they spend a lot of money on ad platforms, yet are treated like mom-and-pop companies in terms of credit. When in reality Casper is outspending other companies by five times. Trust understands how important marketing dollars are and gives them terms that are financially better.”

 

Microsoft Patch Tuesday, August 2021 Edition

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines.

Microsoft said attackers have seized upon CVE-2021-36948, which is a weakness in the Windows Update Medic service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.

Redmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an “elevation of privilege” vulnerability that affects Windows 10 and Windows Server 2019, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system.

“CVE-2021-36948 is a privilege escalation vulnerability – the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts,” said Kevin Breen of Immersive Labs. “In the case of ransomware attacks, they have also been used to ensure maximum damage.”

According to Microsoft, critical flaws are those that can be exploited remotely by malware or malcontents to take complete control over a vulnerable Windows computer — and with little to no help from users. Top of the heap again this month: Microsoft also took another stab at fixing a broad class of weaknesses in its printing software.

Last month, the company rushed out an emergency update to patch “PrintNightmare” — a critical hole in its Windows Print Spooler software that was being attacked in the wild. Since then, a number of researchers have discovered holes in that patch, allowing them to circumvent its protections.

Today’s Patch Tuesday fixes another critical Print Spooler flaw (CVE-2021-36936), but it’s not clear if this bug is a variant of PrintNightmare or a unique vulnerability all on its own, said Dustin Childs at Trend Micro’s Zero Day Initiative.

“Microsoft does state low privileges are required, so that should put this in the non-wormable category, but you should still prioritize testing and deployment of this Critical-rated bug,” Childs said.

Microsoft said the Print Spooler patch it is pushing today should address all publicly documented security problems with the service.

“Today we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges,” Microsoft said in a blog post. “This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies the change. This change will take effect with the installation of the security updates released on August 10, 2021 for all versions of Windows, and is documented as CVE-2021-34481.

August brings yet another critical patch (CVE-2021-34535) for the Windows Remote Desktop service, and this time the flaw is in the Remote Desktop client instead of the server.

CVE-2021-26424 — a scary, critical bug in the Windows TCP/IP component — earned a CVSS score of 9.9 (10 is the worst), and is present in Windows 7 through Windows 10, and Windows Server 2008 through 2019 (Windows 7 is no longer being supported with security updates).

Microsoft said it was not aware of anyone exploiting this bug yet, although the company assigned it the label “exploitation more likely,” meaning it may not be difficult for attackers to figure out. CVE-2021-26424 could be exploited by sending a single malicious data packet to a vulnerable system.

For a complete rundown of all patches released today and indexed by severity, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that are causing problems for Windows users.

On that note, before you update please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

Black Hat USA 2021: The Era of Covid-19 And A Cybersecurity Renaissance

So many aspects of our lives have changed since the last time we met. Significantly, the way we work has changed: we spend more time at home, connecting remotely to what used to be our offices. We’ve saved time on commuting, postponed work trips, and adopted an entirely new working environment.

The trend of gradually digitizing our lives went into overdrive in the last 18 months. We shop online, chat online, and store our most personal and private information in the cloud. We trust more enterprises and supply chains than ever before to keep all this safe.

In parallel, cybercrime and nation state attacks have become a staple of daily news. We’ve seen the democratization of ransomware, bringing more criminals into the dance of cybercrime. The explosion of the dark web and cryptocurrency has made it easier to get away with ransomware and extortion. Prior to the pandemic, organizations thought they just needed better backups, but criminals have changed their tactics and payouts have increased to the point of forcing market changes. Organizations are now realizing they need better cybersecurity.

We’ve also seen how supply chain attacks are capable of exploiting software widely used in the public and the private sectors. Threat actors utilize zero days to penetrate organizations en masse, including energy pipelines, food supply chains and other critical infrastructure. And for the most part, cybercriminals are getting away with it.

Black Hat USA 2021 – Exactly What You Would Expect

Despite all that, BlackHat was the 1st in-person event since RSA 2019. It’s hard to believe, but it was. With all that is still going on and with so many of us still at different points in our journey to put Covid-19 behind us, it’s no surprise that we didn’t see the kind of attendance rates typical of the past.

However, it was a joy to see how the energy of this community remained undiminished. There was so much action on the floor, in the meeting rooms, and everywhere else: passionate, masked, and mingling. The brainstorming, security talk and, of course, fun were just what we have all come to expect from such an event.

SentinelOne Team at Black Hat USA 2021

At SentinelOne, we were determined to give back to the community and our team created a stunning, unique booth to delight our visitors. It seems our efforts didn’t go unnoticed either by those that could only attend virtually or follow on social media.

This Year, All The Big Talk Is About Big Data

There are always themes and trends in cybersecurity as our industry responds to attacks and innovations, striving always to be a step ahead and keep our organizations safe. In the past, we have seen how topics like SIEM and Data competition around Splunk came to the forefront. This year, without a doubt, everyone’s thoughts are turning towards big data and the ability to scale XDR data.

Organizations today face a challenging situation, where the traditional network no longer exists. Threats exist exactly where your data resides, which is where your users reside, which is everywhere. You can’t assume anything about the networks your endpoints are connected to. The only defence you can rely on is on the edges of your network, the endpoints themselves. This change, which started long before COVID, is still something most organizations are struggling with.

This new reality brings a set of new problems for organizations: the amount of data that needs to be collected, stored and analyzed is beyond the capabilities of humans to scale. This is why SentinelOne led by selecting Scalyr, and CrowdStrike followed by acquiring Humio to replace their expensive and inefficient Splunk integration.

The challenge is three-fold:

  • How to get all the data
  • How to make automated security detections out of it
  • How to automate and scale the response in real time, not in minutes or hours, as some claim is good enough.

As a defence industry, we need to put behavioral analysis on all edges of our network, to be able to automate responses when anomalies accrue. There is no legitimate reason for non-admin processes to access shadow copies, or to scrub passwords from Windows hive. This is one of many examples that we learned this year: the concept of trust is not what we had thought.

Most companies presenting at Black Hat were focused on data, the growing pains of ransomware, bringing a whole new set of ideas to solve the problem that has been evolving over the last 5 years. While criminals continue to use the tried and tested tactics of the past where they still work, a much larger and dangerous threat has come to loom over us.

Just as the forces of ‘good’ have reaped the benefits of our interconnected world, machine learning and data-at-scale, so cybercriminals have created a growing operation that can scale, with Ransomware as a Service and other tools that make it easy for more players to operate extortion and ransomware operations. On top of that, we see nation states sponsoring and hiding behind the operations of financially-motivated cybercriminals, as SentinelLabs first revealed with TrickBot operations in 2019.

A Defender’s Perspective

From a defender’s point of view, all this is not a pretty sight. Too many organizations still use old technology that cannot cope with the level of sophistication that everyday threat actors are throwing at them. We see governments conducting attacks for monetary gain, to influence elections, to further agendas, and to create damage without the need to fire a single shot. We have not so much slipped as dived head first into the age of ‘Warfare in the Fifth Domain’.

Where Do We Go From Here?

But it wasn’t all doom and gloom at Black Hat USA 2021, far from it. The sessions and presentations were novel, innovative, and encouraging, with more exploit research and more tools that can help defend against attacks.

And if there was one thing we saw and heard at Black Hat this year, it was that there are a number of things that can be done to swing the pendulum back in favor of the defenders.

  • Stop considering security as a liability, but as part of business operations  – cybersecurity is now an asset and should be viewed as a competitive advantage for any firm in any industry in any geography.
  • Do not wait. The cost of a security breach is much higher than the cost of deploying the right technology.
  • Involve C-Suite decision makers in the dilemmas of securing your business. Educated leaders can take a more security-minded approach to every decision they are involved with. Knowledge is power and too many cybersecurity professionals are left to fight alone.
  • Being “Better today” is much better than “Perfect in the far future”. Every house can be broken into. With that said, malicious actors tend to look for the easy way in (some would call it laziness). Don’t be that weak point. If you are better than most organizations, you are increasing your chances of staying out of the news and defending your organization’s data.
SentinelOne Singularity XDR
See how SentinelOne XDR provides end-to-end enterprise visibility, powerful analytics, and automated response across your complete technology stack.

Conclusion

We went to Black Hat USA 2021 excited to see our friends, peers and customers for the first time in two years. It was an experience that reminded us all of the energy and passion in this community. Above all, it reminded us of just how many people are out there working hard to keep cyber attacks at bay. The bad guys often get the headlines, but when the good guys come out into the light at events like this, you realize that we are legion, and we are resilient.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Upscribe, raising $4M, wants to drive subscription-first DTC brand growth

Upscribe founder and CEO Dileepan Siva watched the retail industry make a massive shift to subscription e-commerce for physical products over the past decade, and decided to get in it himself in 2019.

The Los Angeles-based company, developing subscription software for direct-to-consumer e-commerce merchants, is Siva’s fourth startup experience and first time as founder. He closed a $4 million seed round to go after two macro trends he is seeing: buying physical products, like consumer-packaged goods, on a recurring basis, and new industries offering subscriptions, like car and fashion companies.

Merchants use Upscribe’s technology to drive subscriber growth, reduce churn and enable their customers to personalize a subscription experience, like skipping shipments, swapping out products and changing the order frequency. Brands can also feature products for upsell purposes throughout the subscriber lifecycle, from checkout to post-purchase.

Upscribe also offers APIs for merchants to integrate tools like Klaviyo, Segment and Shopify — a new subscription offering for checkouts.

Uncork Capital led the seed round and was joined by Leaders Fund, The House Fund, Roach Capitals’ Fahd Ananta and Shippo CEO Laura Behrens Wu.

“As the market for D2C subscriptions booms, there is a need for subscription-first brands to grow and scale their businesses,” said Jeff Clavier, founder and managing partner of Uncork Capital, in a written statement. “We have spent a long time in the e-commerce space, working with D2C brands and companies who are solving common industry pain points, and Upscribe’s merchant-centric approach raised the bar for subscription services, addressing the friction in customer experiences and enabling merchants to engage subscribers and scale recurring revenue growth.”

Siva bootstrapped the company, but decided to go after venture capital dollars when Upscribe wanted to create a more merchant-centric approach, which required scaling with a bigger team. The “real gems are in the data layer and how to make the experience exceptional,” he added.

The company is growing 43% quarter over quarter and is close to profitable, with much of its business stemming from referrals, Siva said. It is already working with customers like Athletic Greens, Four Sigmatic and True Botanicals and across multiple verticals, including food and beverage, health and wellness, beauty and cosmetics and home care.

The new funding will be used to “capture the next wave of brands that are going to grow,” he added. Siva cites the growth will come as the DTC subscription market is forecasted to reach $478 billion by 2025, and 75% of those brands are expected to offer subscriptions in the next two years. As such, the majority of the funding will be used to bring on more employees, especially in the product, customer success and go-to-market functions.

Though there is competition in the space, many of those are focused on processing transactions, while Siva said Upscribe’s approach is customer relationships. The cost of acquiring new customers is going up, and subscription services will be the key to converting one-time buyers into loyal customers.

“It is really about customer relationships and the ongoing engagement between merchants and subscribers,” he added. “We are in a different world now. The first wave could play the Facebook game, advertising on social media with super low acquisition and scale. That is no longer the case anymore.”

 

OwnBackup reels in $240M Series E on $3.35B valuation, up from $1.4B in January

OwnBackup, the late stage startup that helps companies in the Salesforce ecosystem back up their data, announced a $240 million Series E today at a $3.35 billion valuation. The latter is up from $1.4 billion in January when the company announced a $167.5 million Series D.

Alkeon Capital and B Capital Group co-led today’s investment, which also included BlackRock Private Equity Partners and Tiger Global along with existing investors Insight Partners, Salesforce Ventures, Sapphire Ventures and Vertex Ventures. The company has now raised close to $500 million, over $455 million coming since last July.

That’s a lot of capital, but OwnBackup CEO Sam Gutmann says that as the Salesforce ecosystem has grown, which includes not only Salesforce itself, but companies like Veeva and nCino, business has been booming, growing 100% year-over-year since 2018. That kind of growth gets investor attention and Gutmann reported a lot of inbound investor interest in this round.

What’s more, the company announced that it will now support the same type of backup for Microsoft Dynamics 365 customers, thereby greatly expanding its potential market. “We’re also announcing that we are expanding into the Microsoft ecosystem specifically around Microsoft Dynamics 365’s huge ecosystem. I think it’s the second largest B2B SaaS ecosystem beyond Salesforce. We’re just getting started there, but super excited about the opportunity,” he said.

The company also sees the opportunity to grow the business through acquisition. Over the last year, it bought two small companies, but he says that was more focussed on acquiring specific talent to develop the platform, while future acquisitions could be more focussed on expanding the business itself. He certainl

As the company takes on this kind of investment, Gutmann sees an IPO possibility at some point in the future, but for now he’s concentrating on growth. “We’re not focused on exiting. We’ve really focused on developing what is already a huge market and growing into an even bigger market, continuing to expand with a business that has great unit economics and continues to grow nicely,” he said.

The company has ballooned to 500 employees this year with plans to double that number in the next year. As he does that, Gutmann says that hiring in general is challenging, but he is always looking to find ways to diversify his workforce. “It’s really, really hard. Our hiring managers definitely focus on [diversity], but at the end of the day, we want the best employees for the job. I think we’ve made a lot of strides. We’re working with one of our largest investors Insight, who is co-sponsoring a program to train, more on the junior side, some underrepresented minorities in technical fields and bring them on as full time employees after that program,” Gutmann said.

Gutmann says his offices have remained open throughout the pandemic, but nobody was required to come in. In fact, he says that his company is one of the few that has actually added office space to make it easier to distance. The company, which is located in New Jersey, has also expanded space outdoors for working outside when the weather permits.

Salesforce’s Kathy Baxter is coming to TC Sessions: SaaS to talk AI

As the use of AI has grown and developed over the last several years, companies like Salesforce have tried to tap into it to improve their software and help customers operate faster and more efficiently. Kathy Baxter, principal architect for the ethical AI practice at Salesforce will be joining us at TechCrunch Sessions: SaaS on October 27th to talk about the impact of AI on SaaS.

Baxter, who has more than 20 years of experience as a software architect, joined Salesforce in 2017 after more than a decade at Google in a similar role. We’re going to tap into her expertise on a panel discussing AI’s growing role in software.

Salesforce was one of the earlier SaaS adherents to AI, announcing its artificial intelligence tooling, which the company dubbed Einstein, in 2016. While the positioning makes it sound like a product, it’s actually much more than a single entity. It’s a platform component, which the various pieces of the Salesforce platform can tap into to take advantage of various types of AI to help improve the user experience.

That could involve feeding information to customer service reps on Service Cloud to make the call move along more efficiently, helping salespeople find the customers most likely to close a deal soon in the Sales Cloud or helping marketing understand the optimal time to send an email in the Marketing Cloud.

The company began building out its AI tooling early on with the help of 175 data scientists and has been expanding on that initial idea since. Other companies, both startups and established companies like SAP, Oracle and Microsoft have continued to build AI into their platforms as Salesforce has. Today, many SaaS companies have some underlying AI built into their service.

Baxter will join us to discuss the role of AI in software today and how that helps improve the operations of the service itself, and what the implications are of using AI in your software service as it becomes a mainstream part of the SaaS development process.

In addition to our discussion with Baxter, the conference will also include Databricks’ Ali Ghodsi, UiPath’s Daniel Dines, Puppet’s Abby Kearns, and investors Casey Aylward and Sarah Guo, among others. We hope you’ll join us. It’s going to be a stimulating day.

Buy your pass now to save up to $100, and use CrunchMatch to make expanding your empire quick, easy and efficient. We can’t wait to see you in October!

Is your company interested in sponsoring or exhibiting at TC Sessions: SaaS 2021? Contact our sponsorship sales team by filling out this form.

( function() {
var func = function() {
var iframe = document.getElementById(‘wpcom-iframe-2f083db94b8f5e8250b262cd4659d929’)
if ( iframe ) {
iframe.onload = function() {
iframe.contentWindow.postMessage( {
‘msg_type’: ‘poll_size’,
‘frame_id’: ‘wpcom-iframe-2f083db94b8f5e8250b262cd4659d929’
}, “https://tcprotectedembed.com” );
}
}

// Autosize iframe
var funcSizeResponse = function( e ) {

var origin = document.createElement( ‘a’ );
origin.href = e.origin;

// Verify message origin
if ( ‘tcprotectedembed.com’ !== origin.host )
return;

// Verify message is in a format we expect
if ( ‘object’ !== typeof e.data || undefined === e.data.msg_type )
return;

switch ( e.data.msg_type ) {
case ‘poll_size:response’:
var iframe = document.getElementById( e.data._request.frame_id );

if ( iframe && ” === iframe.width )
iframe.width = ‘100%’;
if ( iframe && ” === iframe.height )
iframe.height = parseInt( e.data.height );

return;
default:
return;
}
}

if ( ‘function’ === typeof window.addEventListener ) {
window.addEventListener( ‘message’, funcSizeResponse, false );
} else if ( ‘function’ === typeof window.attachEvent ) {
window.attachEvent( ‘onmessage’, funcSizeResponse );
}
}
if (document.readyState === ‘complete’) { func.apply(); /* compat for infinite scroll */ }
else if ( document.addEventListener ) { document.addEventListener( ‘DOMContentLoaded’, func, false ); }
else if ( document.attachEvent ) { document.attachEvent( ‘onreadystatechange’, func ); }
} )();

Phishing Sites Targeting Scammers and Thieves

I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site:

“Hello I go by the username Nuclear27 on your site Briansclub[.]com,” wrote “Mitch,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.”

The real BriansClub login page.

Several things stood out in Mitch’s message. For starters, that is not the actual domain for BriansClub. And it’s easy to see why Mitch got snookered: The real BriansClub site is currently not at the top of search results when one queries that shop name at Google.

Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. In those ads, a crab with my head on it zigs and zags on the sand. This is all meant to be a big joke: Krebs means “crab” or “cancer” in German, but a “crab” is sometimes used in Russian hacker slang to refer to a “carder,” or a person who regularly engages in street-level credit card fraud. Like Mitch.

In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information. That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts. The hacked BriansClub database had an estimated collective street value of $566 million, and that data was subsequently shared with thousands of financial institutions.

Mitch said he’d just made a deposit of $240 worth of bitcoin at BriansClub[.]com, and was wondering when the funds would be reflected in the balance of his account on the shop.

Playing along, I said I was sorry to hear about his ordeal, and asked Mitch if there were any stolen cards issued by a particular bank or to a specific region that he was seeking.

Mitch didn’t bite, but neither would he be dissuaded that I was at fault for his wayward funds. He shared a picture showing funds he’d sent to the bitcoin address instructed by BriansClub[.]com — 1PLALmM5rrmLTGGVRHHTnB6VnZd3FFwh1Zusing a Bitcoin ATM in Canada.

The real BriansClub uses a dodgy virtual currency exchange service based in St. Petersburg, Russia called PinPays. The company’s website has long featured little more than a brand icon and an instant messenger address to reach the proprietor. The fake BriansClub told Mitch the Bitcoin address he was asked to pay was a PinPays address that would change with each transaction.

The payment message displayed by the carding site phishing domain BriansClub[.]com.

However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid. Also, the site wasn’t using PinPays; it was just claiming to do so to further mimic the real BriansClub.

According to the Blockchain, that Bitcoin address Mitch paid has received more than a thousand payments over the past five months totaling more than USD $40,000 worth of Bitcoin. Most are relatively small payments like Mitch’s.

The screenshot Mitch sent of his deposit.

Unwary scammers like Mitch are a dime a dozen, as are phishing sites that spoof criminal services online. Shortly after it came online as a phishing site last year, BriansClub[.]com was hosted at a company in Moscow with just a handful of other domains phishing popular cybercrime stores, including Jstashbazar[.]com, vclub[.]cards, vclubb[.]com and vclub[.]credit.

Whoever’s behind these sites is making a decent income fleecing clueless crooks. A review of the Bitcoin wallet listed as the payment address for BriansClub[.]org, for example, shows a similar haul: 704 transactions totaling $38,000 in Bitcoin over the past 10 months.

“Wow, thanks for ripping me off,” Mitch wrote, after I’d dozed off for the evening without responding to his increasingly strident emails. “Should have spent the last money on my bills I’m trying to pay off. Should have known you were nothing but a thief.”

Deciding the ruse had gone too far, I confessed to Mitch that I wasn’t really the administrator of BriansClub, and that the person he’d reached out to was an independent journalist who writes about cybercrime. I told him not to feel bad, as more than a thousand people had been similarly duped by the carding shop.

But Mitch did not appear to accept my confession.

“If that’s the case then why is your name all over it including in the window that opens up when you go to make a deposit?,” Mitch demanded, referring to the phishing site.

Clearly, nothing I said was going to deter Mitch at this point. He asked in a follow-up email if a link he included in the message was indeed the “legitimate” BriansClub address. My only reply was that he should maybe consider another line of work before he got ripped off yet again, or the Royal Canadian Mounted Police showed up at his doorstep.

Scammers who fall for fake carding sites can expect to have their accounts taken over at the real shop, which usually means someone spends your balance on stolen cards. But mostly, these imposter carding sites are asking new members to fund their accounts by making deposits in virtual currency like Bitcoin.

In 2018, KrebsOnSecurity examined a huge network of phishing sites masquerading as the top carding stores which all traced back to a web development group in Pakistan that’s apparently been stealing from thieves for years.

As I noted in that piece, creating a network of fake carding sites is the perfect cybercrime. After all, nobody who gets phished or scammed is going to report the crime to the authorities. Nor will anyone help the poor sucker who gets snookered by one of these fake carding sites. Caveat Emptor!

The most one can hope for is that the occasional enterprising phisher is brought to justice. While it may be hard to believe that authorities would go after crooks stealing from one another, in 2017 a Connecticut man pleaded guilty to charges of phishing several criminal dark web markets in a scheme that eventually netted over $365,000 and more than 10,000 stolen user credentials.

And what about the provenance of the phishing domain briansclub[.]com? Looking closer at the original WHOIS registration records for briansclub[.]com via DomainTools (an advertiser on this site), we can see it was registered in November 2015 — several months after the real BriansClub came online. It was registered to a “Brian Billionaire,” a.k.a. Brian O’Connor, an apparently accomplished music deejay, rapper and rap music producer in Florida.

Brian Billionaire.

For several years after it came online, BriansClub[.]com and other domains apparently registered to Mr. Billionaire redirected to his main site — newhotmusic.com, which predates the carding shop BriansClub and also has a members-only section of the site called Brian’s Club.

Mr. Billionaire did not respond to multiple requests for comment, but it looks like his only crime is being a somewhat cringeworthy DJ. DomainTools’ record for briansclub[.]com says the domain was abandoned or dormant for a period in 2019, only to be scooped up again by someone in May 2020 when it became a phishing site spoofing the real BriansClub.

CommandBar raises $4.8M to make web-based apps searchable

James Evans and his co-founders at CommandBar were working on a software product when they hit a wall while trying to access certain functionalities within the software.

That’s when the lightbulb moment happened and, in 2020, the team shifted to building a product search engine add-on to make software easier to use.

“We thought this paradigm feels like it could be useful, but it is hard to build well, so we built it,” Evans told TechCrunch.

On Monday, CommandBar emerged from beta and announced its $4.8 million seed round, led by Thrive Capital, with participation from Y Combinator, BoxGroup and a group of angel investors including, AngelList’s Naval Ravikant, Worklife Ventures’ Brianne Kimmel, StitchFix president Mike Smith and others.

CommandBar’s business-to-business tool, referred to as “command k,” was designed to make software simpler and faster to use. The technology is a search interface that sits on top of web-based apps so that users can access functionalities by searching simple keywords. It can also be used to boost new users with recommended prompts like referrals.

CommandBar in Clubhouse. Image Credits: CommandBar

Companies integrate CommandBar by pasting in a line of code and using configuration tools to quickly add commands relevant to their apps. The product was purposefully designed as low-code so that product and customer success teams can add configurations without relying on engineering support, Evans said.

Initially, it was a difficult sell: One of the more challenging parts in the early days of the company was helping customers and investors understand what CommandBar was doing.

“It was hard to describe over the phone, we had to try to get people on Zoom so they could see it,” he said. “It is easier now to sell the product because they can see it being used in an app. That is where many new users come from.”

CommandBar is already being used by companies like Clubhouse.io, Canix and Stacker that are serving hundreds of thousands of users. The most common use case for CommandBar so far is onboarding new software users.

He intends to use the new funding to grow the team, hiring across engineering, sales and marketing. The beta testing was successful in receiving good feedback from the early customers, and Evans wants to reflect that in new products and functionalities that will come out later this year.

Vince Hankes, an investor at Thrive Capital, was introduced to CommandBar through one of its pre-seed investors.

His interest is in B2B software companies and applications, and one of the things that became obvious to him while looking into the space was the natural tension between the simplicity and functionality of apps.

Apps are sometimes hard for even a power user to navigate, he said, but CommandBar makes something as simple as resetting a password easier by being able to search for that term and go right to that page if it is configured that way by the company.

“The types of companies interested in their product are impressive,” Hankes said. “We began to see demand from a broad range of companies that weren’t obvious. In fact, they are using CommandBar as a tool for deeper customer engagement.”