Customer Care Giant TTEC Hit By Ransomware

TTEC, [NASDAQ: TTEC], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

While many companies have been laying off or furloughing workers in response to the Coronavirus pandemic, TTEC has been massively hiring. Formerly TeleTech Holdings Inc., Englewood, Co.-based TTEC now has nearly 60,000 employees, most of whom work from home and answer customer support calls on behalf of a large number of name-brand companies, like Bank of America, Best Buy, Credit Karma, Dish Network, Kaiser Permanente, USAA and Verizon.

On Sept. 14, KrebsOnSecurity heard from a reader who passed on an internal message apparently sent by TTEC to certain employees regarding the status of a widespread system outage that began on Sunday, Sept. 12.

“We’re continuing to address the system outage impacting access to the network, applications and customer support,” reads an internal message sent by TTEC to certain employees.

TTEC has not responded to requests for comment. A phone call placed to the media contact number listed on an August 2021 TTEC earnings release produced a message saying it was a non-working number.

[Update, 6:20 p.m. ET: TTEC confirmed a ransomware attack. See the update at the end of this piece for their statement]

TTEC’s own message to employees suggests the company’s network may have been hit by the ransomware group “Ragnar Locker,” (or else by a rival ransomware gang pretending to be Ragnar). The message urged employees to avoid clicking on a file that suddenly may have appeared in their Windows start menu called “!RA!G!N!A!R!”

“DO NOT click on this file,” the notice read. “It’s a nuisance message file and we’re working on removing it from our systems.”

Ragnar Locker is an aggressive ransomware group that typically demands millions of dollars worth of cryptocurrency in ransom payments. In an announcement published on the group’s darknet leak site this week, the group threatened to publish the full data of victims who seek help from law enforcement and investigative agencies following a ransomware attack.

One of the messages texted to TTEC employees included a link to a Zoom videoconference line at ttec.zoom.us. Clicking that link opened a Zoom session in which multiple TTEC employees who were sharing their screens took turns using the company’s Global Service Desk, an internal TTEC system for tracking customer support tickets.

The TTEC employees appear to be using the Zoom conference line to report the status of various customer support teams, most of which are reporting “unable to work” at the moment.

For example, TTEC’s Service Desk reports that hundreds of TTEC employees assigned to work with Bank of America’s prepaid services are unable to work because they can’t remotely connect to TTEC’s customer service tools. More than 1,000 TTEC employees are currently unable to do their normal customer support work for Verizon, according to the Service Desk data. Hundreds of employees assigned to handle calls for Kaiser Permanente also are unable to work.

“They’ve been radio silent all week except to notify employees to take another day off,” said the source who passed on the TTEC messages, who spoke to KrebsOnSecurity on condition of anonymity. “As far as I know, all low-level employees have another day off today.”

The extent and severity of the incident at TTEC remains unknown. It is common for companies to disconnect critical systems in the event of a network intrusion, as part of a larger effort to stop the badness from spreading elsewhere. Sometimes disconnecting everything actually does help, or at least helps to keep the attack from spreading to partner networks. But it is those same connections to partner companies that raises concern in the case of TTEC’s ongoing outage.

In the meantime, if you’re unlucky enough to need to make a customer service call today, there’s a better-than-even chance you will experience….wait for it…longer-than-usual hold times.

This is a developing story. Further details or updates will be noted here with a date and time stamp.

Update, 5:37 p.m. ET: TTEC responded with the following statement:

TTEC is committed to cyber security, and to protecting the integrity of our clients’ systems and data. We recently became aware of a cybersecurity incident that has affected certain TTEC systems.  Although as a result of the  incident, some of our data was encrypted and business activities at several facilities have been temporarily disrupted, the company continuous to serve its global clients. TTEC immediately activated its information security incident response business continuity protocols, isolated the systems involved, and took other appropriate measures to contain the incident. We are now in the process of  carefully and deliberately restoring the systems that have been involved.

We also launched an investigation, typical under the circumstances, to determine the potential impacts.  In serving our clients TTEC, generally, does not maintain our clients’ data, and the investigation to date has not identified compromise to clients’ data. That investigation is on-going and we will take additional action, as appropriate, based on the investigation’s results. This is all the information we have to share until our investigation is complete.

Glassdoor acquires Fishbowl, a semi-anonymous social network and job board, to square up to LinkedIn

While LinkedIn doubles down on creators to bring a more human, less manicured element to its networking platform for professionals, a company that has built a reputation for publishing primarily the more messy and human impressions of work life has made an acquisition that might help it compete better with LinkedIn.

Glassdoor, the platform that lets people post anonymous and candid feedback about the organizations they work for, has acquired Fishbowl — an app that gives users an anonymous option also to provide frank employee feedback, as well as join interest-based conversation groups to chat about work, and search for jobs. Glassdoor, which has 55 million monthly users, is already integrating Fishbowl content into its main platform, although Fishbowl, with its 1 million users, will also continue for now to operate as a standalone app, too.

Christian Sutherland-Wong, the CEO of Glassdoor, said that he sees Fishbowl as the logical evolution of how Glassdoor is already being used. Similarly, since people are already seeking out feedback on prospective employers, it makes sense to bring recruitment and reviews closer together.

“We’ve always been about workplace transparency,” he said in an interview. “We expect in the future that jobseekers will use Glassdoor reviews, and also look to existing professionals in their fields to get answers from each other.” Fishbowl has seen a lot of traction during the Covid-19 pandemic, growing its user base threefold in the last year.

The acquisition is technically being made by Recruit Holdings, the Japanese employment listings and tech giant that acquired Glassdoor for $1.2 billion in 2018, and the companies are not disclosing any financial terms. San Francisco-based Fishbowl — founded in 2016 by Matt Sunbulli and Loren Appin — had raised less than $8 million, according to PitchBook data, from a pretty impressive set of investors, including Binary Capital, GGV, Lerer Hippeau Ventures, and Scott Belsky.

Microsoft-owned LinkedIn towers over the likes of Glassdoor in terms of size. It now has more than 774 million users, making it by far the biggest social media platform targeting professionals and their work-related content. But for many, even some of those who use it, the platform leaves something to be desired.

LinkedIn is a reliable go-to for putting out a profile of yourself, for the public, for those in your professional life, or for recruiters, to find. But what LinkedIn largely lacks are normal people talking about work in an honest way. To read about other’s often self-congratulatory professional developments, or to see motivational words on professional development from already hugely successful personalities, or to browse developments relative to your industry that probably have already seen elsewhere is not everyone’s cup of tea. It’s anodyne. Sometimes people just want tea to be spilled.

That’s where something like Glassdoor comes into the picture: the format of making comments anonymous on there turns it into something of the anti-LinkedIn. It is caustic, perhaps sometimes bitter, talk about the workplace, balanced out with positive words seem to get periodically suspected of being seeded by the companies themselves. Motivational, inspirational and aspirational are generally not part of the Glassdoor lexicon; honest, illuminating, and sobering perhaps are.

Fishbowl will be used to augment this and give Glassdoor another set of tools now to see how it might build out its platform beyond workplace reviews. The idea is to target people who come to Glassdoor to read about what people think of a company, or to put in their own comments: they can now also jump into conversations with others; and if they are coming to complain about their employer, now they can also look for a new one!

In the meantime, it feels like the swing to more authenticity is also a result of the shift we’ve seen in the world of work.

Covid-19 mandated office closures and social distancing have meant that many professionals have been working at home for the majority of the last year and a half (and many continue to do so). That has changed how we “come to work”, with many of our traditional divides between work and non-work personas and time management blurring. That has had an inevitable impact on how we see ourselves at work, and what we seek to get out of that engagement. And it also has led many people to feel isolated and in need of more ways to connect with colleagues.

Glassdoor’s acquisition, it said, was in part to meet this demand. A Harris Poll commissioned by Glassdoor found that 48% of employees felt isolated from coworkers during the COVID-19 pandemic; 42% of employees felt their career stall due to the lack of in-person connection; and 45% of employees expect to work hybrid or full-time remotely going forward — all areas that Glassdoor believes can be addressed with better tools (like Fishbowl) for people to communicate.

Of course, it will remain to be seen whether Glassdoor can convert its visitors to use the new Fishbowl-powered tools, but if there really is a population of users out there looking for a new kind of LinkedIn — there certainly are enough who love to complain about it — then maybe this cold be one version of that.

Zonos banks $69M to develop APIs for democratizing cross-border commerce

Cross-border commerce company Zonos raised $69 million in a Series A, led by Silversmith Capital Partners, to continue building its APIs that auto classify goods and calculate an accurate total landed cost on international transactions.

St. George, Utah-based Zonos is classifying the round as a minority investment that also included individual investors Eric Rea, CEO of Podium, and Aaron Skonnard, co-founder and CEO of Pluralsight. The Series A is the first outside capital Zonos has raised since it was founded in 2009, Clint Reid, founder and CEO, told TechCrunch.

As Reid explained it, “total landed cost” refers to the duties, taxes, import and shipping fees someone from another country might pay when purchasing items from the U.S. However, it is often difficult for businesses to figure out the exact cost of those fees.

Global cross-border e-commerce was estimated to be over $400 billion in 2018, but is growing at twice the rate of domestic e-commerce. This is where Zonos comes in: The company’s APIs, apps and plugins simplify cross-border sales by providing an accurate final price a consumer pays for an item on an international purchase. Businesses can choose which one or multiple shipping carriers they want to work with and even enable customers to choose at the time of purchase.

“Businesses can’t know all of a country’s laws,” Reid added. “Our mission is to create trust in global trade. If you are transparent, you bring trust. This was traditionally thought to be a shipping problem, but it is really a technology problem.”

As part of the investment Todd MacLean, managing partner at Silversmith Capital Partners, joined the Zonos board of directors. One of the things that attracted MacLean to the company was that Reid was building a company outside of Silicon Valley and disrupting global trade far from any port.

He says while looking into international commerce, he found people wound up being charged additional fees after they have already purchased the item, leading to bad customer experiences, especially when a merchant is trying to build brand loyalty.

Even if someone chooses not to purchase the item due to the fees being too high, MacLean believes the purchasing experience will be different because the pricing and shipping information was provided up front.

“Our diligence said Zonos is the only player to take the data that exists out there and make sense of it,” MacLean said. “Customers love it — we got the most impressive customer references because this demand is already out there, and they are seeing more revenue and their customers have more loyalty because it just works.”

In fact, it is common for companies to see 25% to 30% year over year increase in sales, Reid added. He went on to say that due to fees associated with shipping, it doesn’t always mean an increase in revenue for companies. There may be a small decrease, but a longer lifetime value with customers.

Going after venture capital at this time was important to Reid, who saw global trade becoming more complex as countries added new tax laws and stopped using other trade regulations. However, it was not just about getting the funding, but finding the right partner that recognizes that this problem won’t be solved in the next five years, but will need to be in it for the long haul, which Reid said he saw in Silversmith.

The new investment provides fuel for Zonos to grow in product development and go-to-market while also expanding its worldwide team into Europe and Asia Pacific. Eighteen months ago, the company had 30 employees, and now there are over 100. It also has more than 1,500 customers around the world and provides them with millions of landed cost quotes every day.

“Right now, we are the leader for APIs in cross-border e-commerce, but we need to also be the technology leader regardless of the industry,” Reid added. “We can’t just accept that we are good enough, we need to be better at doing this. We are looking at expanding into additional markets because it is more than just servicing U.S. companies, but need to be where our customers are.”

 

Matillion raises $150M at a $1.5B valuation for its low-code approach to integrating disparate data sources

Businesses and the tech companies that serve them are run on data. At best, it can be used to help with decision-making, to understand how well or badly an organization is doing and to build new systems to run the next generation of services. At its most challenging, though, data can represent a real headache: there is too much of it, in too many places, and too much of a task to bring it into any kind of order.

Enter a startup called Matillion, which has built a platform to help companies harness their data so that it can be used, and what’s more, the platform is not just for data scientists, but it’s written with a “low-code” approach that can be used by a wider group of users.

Today, it is announcing a big round of investment — $150 million at a $1.5 billion valuation — a sign not just of Matillion’s traction in this space, but of the market demand for the tech that it has built.

The company currently has “hundreds” of large enterprise customers, including Western Union, FOX, Sony, Slack, National Grid, Peet’s Coffee and Cisco for projects ranging from business intelligence and visualization through to artificial intelligence and machine learning applications.

General Atlantic is leading the funding, with Battery Ventures, Sapphire Ventures, Scale Venture Partners and Lightspeed Venture Partners — some of the biggest enterprise startup investors in the world — also participating. Matillion last raised money — a Series D of around $100 million — as recently as February this year, at what was an undisclosed valuation at the time.

Announcing this latest round at a $1.5 billion valuation is significant not just for Matillion. The startup was founded in Manchester (it now also has a base in Denver), and this makes it one of a handful of tech startups out of the city — others we’ve recently covered include The Hut Group, Peak AI and Fractory — now hitting the big leagues and helping to put it on the innovation map as an urban center to watch.

Matthew Scullion, the startup’s CEO and founder, explained that the crux of the issue Matillion is addressing is the diamond-in-the-rough promise of big data. Typically, large organizations are producing giant amounts of data every day, hugely valuable information as long as it can be tapped efficiently. The problem is that this data is often sitting across a lot of different places — typically large organizations might have over 1,000 data sources, apps sitting across multiple clouds and servers and storage across Snowflake, Amazon Redshift and Databricks. On top of this, while a lot of that data is very structured, those sources are not necessarily aligned with each other.

“Data has become the new currency, and the world is pivoting to that,” he said. “It’s changing all aspects of how we work, and it is happening very fast. But the problem is that the world’s ability to innovate with data is constrained. It’s not the shortage of data or demand to put it to work, but the point is the world’s ability to make that data useful.”

Matillion has answered that with a framework and system that can both identify data sources and basically bring order to them, without needing to move the data from one place to another in order to be used. It’s an ETL (extract, transform and load) provider, and it is far from being the only one in the market, with others like Dataiku, Talent, SnapLogic, as well as cloud providers like AWS and Microsoft, among the many trying to address this area.

The difference with Matillion, Scullion said, is that it has a democratized platform, so that organizations don’t have to rely on data scientists to get involved in order to use it, by building a low-code interface around it.

“We have made it accessible, intuitive and easy to use by bringing in a low-code approach,” he said. “We’ve developed a platform and data operating system that has all the things in the kit bag that an organization needs to make it useful.”

This is important because, as big data analytics and the tools to build these processes become more mainstream and themselves take on low-code interfaces, Matillion is providing a way for those less technical users to source and use their data, too. This means more efficiency, less cost, and more time for data scientists to work on more difficult problems and do less busy work.

“As organizations look for ways to harness data to make better business decisions, the market for cloud data integration and transformation is expanding,” said Chris Caulkin, managing director and head of Technology for EMEA at General Atlantic. “We believe that Matillion’s low-code ETL platform simplifies the process of constructing data pipelines and preparing data for analysis, enabling citizen data scientists and data engineers alike to play a valuable role in extracting data-based insights. We look forward to supporting the team through its next phase of growth and expansion.”

Ascend raises $5.5M to provide a BNPL option for commercial insurance

Ascend on Wednesday announced a $5.5 million seed round to further its insurance payments platform that combines financing, collections and payables.

First Round Capital led the round and was joined by Susa Ventures, FirstMark Capital, Box Group and a group of angel investors, including Coalition CEO Joshua Motta, Newfront Insurance executives Spike Lipkin and Gordon Wintrob, Vouch Insurance CEO Sam Hodges, Layr Insurance CEO Phillip Naples, Anzen Insurance CEO Max Bruner, Counterpart Insurance CEO Tanner Hackett, former Bunker Insurance CEO Chad Nitschke, SageSure executive Paul VanderMarck, Instacart co-founders Max Mullen and Brandon Leonardo and Houseparty co-founder Ben Rubin.

This is the first funding for the company that is live in 20 states. It developed payments APIs to automate end-to-end insurance payments and to offer a buy now, pay later financing option for distribution of commissions and carrier payables, something co-founder and co-CEO Andrew Wynn, said was rather unique to commercial insurance.

Wynn started the company in January 2021 with his co-founder Praveen Chekuri after working together at Instacart. They originally started Sheltr, which connected customers with trained maintenance professionals and was acquired by Hippo in 2019. While working with insurance companies they recognized how fast the insurance industry was modernizing, yet insurance sellers still struggled with customer experiences due to outdated payments processes. They started Ascend to solve that payments pain point.

The insurance industry is largely still operating on pen-and-paper — some 600 million paper checks are processed each year, Wynn said. He referred to insurance as a “spaghetti web of money movement” where payments can take up to 100 days to get to the insurance carrier from the customer as it makes its way through intermediaries. In addition, one of the only ways insurance companies can make a profit is by taking those hundreds of millions of dollars in payments and investing it.

Home and auto insurance can be broken up into payments, but the commercial side is not as customer friendly, Wynn said. Insurance is often paid in one lump sum annually, though, paying tens of thousands of dollars in one payment is not something every business customer can manage. Ascend is offering point-of-sale financing to enable insurance brokers to break up those commercial payments into monthly installments.

“Insurance carriers continue to focus on annual payments because they don’t have a choice,” he added. “They want all of their money up front so they can invest it. Our platform not only reduces the friction with payments by enabling customers to pay how they want to pay, but also helps carriers sell more insurance.”

Ascend app

Startups like Ascend aiming to disrupt the insurance industry are also attracting venture capital, with recent examples including Vouch and Marshmallow, which raised close to $100 million, while Insurify raised $100 million.

Wynn sees other companies doing verticalized payment software for other industries, like healthcare insurance, which he says is a “good sign for where the market is going.” This is where Wynn believes Ascend is competing, though some incumbents are offering premium financing, but not in the digital way Ascend is.

He intends to deploy the new funds into product development, go-to-market initiatives and new hires for its locations in New York and Palo Alto. He said the raise attracted a group of angel investors in the industry, who were looking for a product like this to help them sell more insurance versus building it from scratch.

Having only been around eight months, it is a bit early for Ascend to have some growth to discuss, but Wynn said the company signed its first customer in July and six more in the past month. The customers are big digital insurance brokerages and represent, together, $2.5 billion in premiums. He also expects to get licensed to operate as a full payment in processors in all states so the company can be in all 50 states by the end of the year.

The ultimate goal of the company is not to replace brokers, but to offer them the technology to be more efficient with their operations, Wynn said.

“Brokers are here to stay,” he added. “What will happen is that brokers who are tech-enabled will be able to serve customers nationally and run their business, collect payments, finance premiums and reduce backend operation friction.”

Bill Trenchard, partner at First Round Capital, met Wynn while he was still with Sheltr. He believes insurtech and fintech are following a similar story arc where disruptive companies are going to market with lower friction and better products and, being digital-first, are able to meet customers where they are.

By moving digital payments over to insurance, Ascend and others will lead the market, which is so big that there will be many opportunities for companies to be successful. The global commercial insurance market was valued at $692.33 billion in 2020, and expected to top $1 trillion by 2028.

Like other firms, First Round looks for team, product and market when it evaluates a potential investment and Trenchard said Ascend checked off those boxes. Not only did he like how quickly the team was moving to create momentum around themselves in terms of securing early pilots with customers, but also getting well known digital-first companies on board.

“The magic is in how to automate the underwriting, how to create a data moat and be a first mover — if you can do all three, that is great,” Trenchard said. “Instant approvals and using data to do a better job than others is a key advantage and is going to change how insurance is bought and sold.”

Relyance AI scores $25M Series A to ensure privacy compliance at the code level

Relyance AI, an early-stage startup that is helping companies stay in compliance with privacy laws at the code level, announced a $25 million Series A today. At the same time, they revealed a previously unannounced $5 million seed round.

Menlo Ventures and Unusual Ventures led the A round, while Unusual was sole lead on the seed. Serial entrepreneur Jyoti Bansal from Unusual will join the board under the terms of the deal. His partner John Vrionis had previously joined after the seed round. Matt Murphy from Menlo is coming on as a board observer. The company has now raised $30 million.

Relyance takes an unusual approach to verifying that data stays in compliance working at the code level, while ingesting contracts and existing legal requirements as code to ensure that a company is in compliance. Company co-CEO and co-founder Abhi Sharma says that code-level check is key to the solution. “For the first time, we are building the legal compliance and regulation into the source code,” Sharma told me.

He added, “Relyance is actually embedded within the DevOps pipeline of our customers’ infrastructure. So every time a new ETL pipeline is built or a machine learning model is receiving new source code, we do a compiler-like analysis of how personal sensitive data is flowing between internal microservices, data lakes and data warehouses, and then get a metadata analysis back to the privacy and compliance professionals [inside an organization].”

Leila R. Golchehreh, the other founder and co-CEO, brings a strong compliance background to the equation and has experienced the challenge of keeping companies in compliance firsthand. She said that Relyance also enables companies to define policy and contracts as code.

“Our approach is specifically to ingest contracts. We’ve actually created an algorithm around how [you] actually write a good data protection agreement. We’ve extracted those relevant provisions and we will compare that against [your] operational reality. So if there’s a disconnect, we will be able to raise that as an intelligent insight of a data misalignment,” she said.

With 32 employees, the co-founders hope to double or perhaps even triple that number in the next 12-18 months. Golchehreh and Sharma are a diverse co-founder team and they are attempting to build a company that reflects that. They believe being remote-first gives them a leg up in this regard, but they also have internal policies to drive it.

“The recruiters we work with have a mandate internally to say, ‘Hey, we really want to hire good people and diverse people.’ Relyance as a company is the genesis of two individuals from two completely different ends of the spectrum coming together. And I think hopefully, we can do our job of relaying that into the company as we scale,” Sharma said.

The two founders have been friends for several years and began talking about forming a company together in 2019 over a pizza dinner. The idea began to gel and they launched the company in February 2020. They spent some time talking to compliance pros to understand their requirements better, then in July 2020 began building the solution they have today. They released a beta in February and began quietly selling it in March.

Today they have a number of early customers working with their software, including Dialpad, Patreon, Samsara and True.

Front introduces customer-centric features with deeper CRM integration

Customer communication platform Front is holding an event today to introduce three new features. These new features focus on showing you more information about your customers right from Front’s user interface.

If you’re not familiar with Front, the company started as a shared email inbox product so that you can interact with incoming emails as a team. For instance, if your company uses email lists, such as support@companyname.com, sales@companyname.com or jobs@companyname.com, multiple team members can see incoming emails in Front.

Before replying, you can triage conversations by assigning them to specific team members, discuss the current conversation in the comment section or show your email draft before sending it.

Over time, Front has evolved to integrate more communication channels. You can now use Front for SMS conversations, live chat on your website with your customers, Facebook messages, etc. The company has also refined its product with more powerful features.

For instance, you can set up rules to automate your workflow with simple ‘if this then that’ rules. It’s a good way to spread out work across multiple team members and make sure the right person sees the incoming message as quickly as possible.

Today, the company is showcasing features that will be particularly useful for teams that interact with bigger customers, such as sales, support and customer success teams. First, Front users will be able to learn more about the customer they’re interacting with directly from their inbox.

The refreshed context panel works better if the team is interacting with multiple people working for your client. Instead of viewing past conversations with someone in particular, you can view past conversations with everyone working for this client.

Front already integrates with your CRM, such as Salesforce or HubSpot. You can now more easily pull data into the context panel. You can see the name of the account owner, the customer segment and the SLA (service-level agreement) commitment with this customer.

Image Credits: Front

Second, Front is adding new capabilities for its automated routing feature with deeper integrations with your CRM. For instance, you can find the name of the account owner in your CRM and assign incoming emails to the account owner directly.

If the account owner changes in Salesforce, rules will be automatically updated in Front. You can also fetch annual revenue data from your CRM and set a VIP tag if you’re receiving a message from an important customer.

Image Credits: Front

Finally, Front will soon upgrade the analytics pages. For instance, you can track the team’s performance for a specific account and compare that to the SLA.

These updates position Front as a tool that works better for bigger enterprise clients with expensive B2B contracts. Current Front customers include Shopify, Dropbox, Flexport, Checkout.com, Lydia and Airbnb.

Image Credits: Front

Microsoft Patch Tuesday, September 2021 Edition

Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google‘s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.

Four of the flaws fixed in this patch batch earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by miscreants or malware to remotely compromise a Windows PC with little or no help from the user.

Top of the critical heap is CVE-2021-40444, which affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. In a security advisory last week, Microsoft warned attackers already are exploiting the flaw through Microsoft Office applications as well as IE.

The critical bug CVE-2021-36965 is interesting, as it involves a remote code execution flaw in “WLAN AutoConfig,” the component in Windows 10 and many Server versions that handles auto-connections to Wi-Fi networks. One mitigating factor here is that the attacker and target would have to be on the same network, although many systems are configured to auto-connect to Wi-Fi network names with which they have previously connected.

Allan Liska, senior security architect at Recorded Future, said a similar vulnerability — CVE-2021-28316 — was announced in April.

“CVE-2021-28316 was a security bypass vulnerability, not remote code execution, and it has never been reported as publicly exploited,” Liska said. “That being said, the ubiquity of systems deployed with WLAN AutoConfig enabled could make it an attractive target for exploitation.”

Another critical weakness that enterprises using Azure should prioritize is CVE-2021-38647, which is a remote code execution bug in Azure Open Management Infrastructure (OMI) that has a CVSS Score of 9.8 (10 is the worst). It was reported and detailed by researchers at Wiz.io, who said CVE-2021-38647 was one of four bugs in Azure OMI they found that Microsoft patched this week.

“We conservatively estimate that thousands of Azure customers and millions of endpoints are affected,” Wiz.io’s Nir Ohfeld wrote. “In a small sample of Azure tenants we analyzed, over 65% were unknowingly at risk.”

Kevin Breen of Immersive Labs calls attention to several “privilege escalation” flaws fixed by Microsoft this month, noting that while these bugs carry lesser severity ratings, Microsoft considers them more likely to be exploited by bad guys and malware.

CVE-2021-38639 and CVE-2021-36975 have also been listed as ‘exploitation more likely’ and together cover the full range of supported Windows versions,” Breem wrote. “I am starting to feel like a broken record when talking about privilege escalation vulnerabilities. They typically have a lower CVSS score than something like Remote Code Execution, but these local exploits can be the linchpin in the post-exploitation phases of an experienced attacker. If you can block them here you have the potential to significantly limit their damage. If we assume a determined attacker will be able to infect a victim’s device through social engineering or other techniques, I would argue that patching these is even more important than patching some other Remote Code execution vulnerabilities.”

Apple on Monday pushed out an urgent security update to fix a “zero-click” iOS vulnerability (CVE-2021-30860) reported by researchers at Citizen Lab that allows commands to be run when files are opened on certain Apple devices. Citizen Lab found that an exploit for CVE-2021-30860 was being used by the NSO Group, an Israeli tech company whose spyware enables the remote surveillance of smartphones.

Google also released a new version of its Chrome browser on Monday to fix nine vulnerabilities, including two that are under active attack. If you’re running Chrome, keep a lookout for when you see an “Update” tab appear to the right of the address bar. If it’s been a while since you closed the browser, you might see the Update button turn from green to orange and then red. Green means an update has been available for two days; orange means four days have elapsed, and red means your browser is a week or more behind on important updates. Completely close and restart the browser to install any pending updates.

As it usually does on Patch Tuesday, Adobe also released new versions of Reader, Acrobat and a large number of other products. Adobe says it is not aware of any exploits in the wild for any of the issues addressed in its updates today.

For a complete rundown of all patches released today and indexed by severity, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that are causing problems for Windows users.

On that note, before you update please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

AgBiome lands $116M for safer crop protection technology

AgBiome, developing products from microbial communities, brought in a $116 million Series D round as the company prepares to pad its pipeline with new products.

The company, based in Research Triangle Park, N.C., was co-founded in 2012 by a group including co-CEOs Scott Uknes and Eric Ward, who have known each other for over 30 years. They created the Genesis discovery platform to capture diverse microbes for agricultural applications, like crop protection, and screen the strains for the best assays that would work for insect, disease and nematode control.

“The microbial world is immense,” said Uknes, who explained that there is estimated to be a trillion microbes, but only 1% have been discovered. The microbes already discovered are used by humans for things like pharmaceuticals, food and agriculture. AgBiome built its database in Genesis to house over 100,000 microbes and every genome in every microbe was sequenced into hundreds of strains.

The company randomly selects strains and looks for the best family of strains with a certain activity, like preventing fungus on strawberries, and creates the product.

AgBiome co-CEOs Scott Uknes and Eric Ward. Image Credits: AgBiome

Its first fungicide product, Howler, was launched last year and works on more than 300 crop-disease combinations. The company saw 10x sales growth in 2020, Uknes told TechCrunch. As part of farmers’ integrated pest program, they often spray fungicide applications 12 times per year in order to yield fruits and vegetables.

Due to its safer formula, Howler can be used as the last spray in the program, and its differentiator is a shorter re-entry period — farmers can spray in the morning and be able to go back out in the field in the afternoon. It also has a shorter pre-harvest time of four hours after application. Other fungicides on the market today require seven days before re-entry and pre-harvest, Uknes explained.

AgBiome aims to add a second fungicide product, Theia, in early 2022, while a third, Esendo was submitted for Environmental Protection Agency registration. Uknes expects to have 11 products, also expanding into insecticides and herbicides, by 2025.

The oversubscribed Series D round was co-led by Blue Horizon and Novalis LifeSciences and included multiple new and existing investors. The latest investment gives AgBiome over $200 million in total funding to date. The company’s last funding round was a $65 million Series C raised in 2018.

While competitors in synthetic biology often sell their companies to someone who can manufacture their products, Uknes said AgBiome decided to manufacture and commercialize the products itself, something he is proud of his team for being able to do.

“We want to feed the world responsibly, and these products have the ability to substitute for synthetic chemicals and provide growers a way to protect their crops, especially as consumers want natural, sustainable tools,” he added.

The company has grown to over 100 employees and will use the new funding to accelerate production of its two new products, building out its manufacturing capacity in North America and expanding its footprint internationally. Uknes anticipates growing its employee headcount to 300 in the next five years.

AgBiome anticipates rolling up some smaller companies that have a product in production to expand its pipeline in addition to its organic growth. As a result, Uknes said he was particular about the kind of investment partners that would work best toward that goal.

Przemek Obloj, managing partner at Blue Horizon, was introduced to the company by existing investors. His firm has an impact fund focused on the future of food and began investing in alternative proteins in 2016 before expanding that to delivery systems in agriculture technology, he said.

Obloj said AgBiome is operating in a $60 billion market where the problems include products that put toxic chemicals into the ground that end up in water systems. While the solution would be to not do that, not doing that would mean produce doesn’t grow as well, he added.

The change in technology in agriculture is enabling Uknes and Ward to do something that wasn’t possible 10 years ago because there was not enough compute or storage power to discover and sequence microbes.

“We don’t want to pollute the Earth, but we have to find a way to feed 9 billion people by 2050,” Obloj said. “With AgBiome, there is an alternative way to protect crops than by polluting the Earth or having health risks.”

Sendoso nabs $100M as its corporate gifting platform passes 20,000 customers

Corporate gift services have come into their own during the COVID-19 pandemic by standing in as a proxy for other kinds of relationship-building activities — office meetings, lunches and hosting at events — that have traditionally been part and parcel of how people do business, but were no longer feasible during lockdowns, social distancing and offices closing their doors.

Now, Sendoso — a popular “end-to-end” gifting platform offering access to 30,000 products, including corporate swag, regular physical gifts, gift cards and more; and then providing services like logistics, packing and sending to get those gifts to the recipients — is announcing $100 million of funding to capitalize on this shift, led by a big new investor.

New backer SoftBank, via its Vision Fund 2, is leading this latest Series C round of funding. Oak HC/FT, Struck Capital, Stage 2 Capital, Craft Ventures, Signia Venture Partners and Felicis Ventures — all previous investors — are also participating.

The company has been on a strong growth trajectory for years now, but it specifically saw a surge of activity as the pandemic kicked off. It now has more than 20,000 businesses signed up and using its services, particularly for sales and marketing outreach, but also to help shore up morale among employees.

“Everyone was stuck at home by themselves, saturated with emails,” said Kris Rudeegraap, the CEO of Sendoso, in an interview. “Having a personal connection to sales prospects, employees and others just meant more.” It has now racked up some 3 million gifts sent since launching in 2016.

Sendoso is not disclosing its valuation, but Rudeegraap hinted that it was four times higher than the startup’s Series B valuation from 2020. PitchBook estimates that to be $160 million, which would make the current valuation $640 million. The company has now raised more than $150 million.

Rudeegraap said Sendoso will be using the funds in part to invest in a couple of areas. First, to hire more talent: It has 500 employees now and plans to grow that by 30% by the end of this year. And second, international expansion: It is setting up a European HQ in Dublin, Ireland to complement its main office in San Francisco.

Comcast, Kimpton Hotels, Thomson Reuters, Nasdaq and eBay are among its current customers — so this is in part to serve those customers’ global user bases, as well as to sign up new gifters. He estimated that the bigger market for corporate gifting is about $100 billion annually, so there is a lot to play for here.

The company was co-founded by Rudeegraap and Braydan Young (who is its chief alliances officer) on the back of a specific need Rudeegraap identified while working as a sales executive. Gifting is a very standard practice in the world of sales and marketing, but he was finding a lot of traction with potential and current customers by taking a personalized approach to this act.

“I was manually packing boxes, grabbing swag, coming up with handwritten notes,” he recalled. “It was inefficient, but it worked so well. So I dreamed up an idea: why not be able to click a button in Salesforce to do this automatically? Sometimes the best company is one that solves a pain point of your own.”

And this is essentially what Sendoso does. The startup’s platform integrates with a company’s existing marketing, sales and management software — Salesforce, HubSpot, SalesLoft among them — and then lets users use this to organize and order gifts through these channels, for example as part of larger sales, marketing or HR strategies. The gifts are wide-ranging, covering corporate swag, other physical presents, gift cards and more, and there are also integrations you can include to share gifting across teams of salespeople, to analyze the campaigns and more.

The Sendoso platform itself, meanwhile, positions itself as having the “marketplace selection and logistics precision of Amazon.com.” But Sendoso also believes it’s better than someone simply using Amazon.com itself since it ultimately takes a more personalized approach in how it presents the gift.

“There are a lot of things we do uniquely in terms of what we have built throughout our software, gifting options and logistics centre. We really personalize our gifts at scale with handwritten notes, special boxing, and more,” something that Amazon cannot do, he added. “We have built a lot of unique technology and logistics software that would make it hard for Amazon to compete.” He said that one of Sendoso’s integrations is actually with Amazon, so Sendoso users can order through there, but then the gift is first routed to Sendoso to be repackaged in a nicer way before being sent out.

At its heart, the startup has built a way of knitting together disparate work practices — some codified in software, and some based on human interactions and significantly more infused with randomness, emotion and ad hoc approaches — and built it all into a technology platform. The ability to scale what feels like an otherwise bespoke level of service is what has helped Sendoso gain traction not just with users, but investors, too.

“We believe Sendoso offers the most comprehensive end-to-end gifting platform in the market,” said Priya Saiprasad, a partner at SoftBank Investment Advisers. “Their platform includes a global marketplace of curated vendors, seamless integration with existing tools, global logistics, and deep analytics. As a result, Sendoso serves as the backbone to enterprises’ engagement programs with prospective customers, existing customers, employees and other key stakeholders. We’re excited to lead this Series C round to help Sendoso accelerate its vision.”