Salesforce Ventures invested $300M in Automattic while Salesforce was building a CMS

In September, Salesforce Ventures, the venture of arm of Salesforce, announced a hefty $300 million investment in Automattic, the company behind WordPress, the ubiquitous content management system (CMS). At the same time, the company was putting the finishing touches on Salesforce CMS, an in-house project it released last week.

The question is, why did it choose to do both?

One reason could be that WordPress isn’t just well-liked; it’s also the world’s most popular content management system, running 34 percent of the world’s 10 billion websites — including this one — according to the company. With Automattic valued at $3 billion, that gives Salesforce Ventures a 10 percent stake.

Given the substantial investment, you wouldn’t have been irrational to at least consider the idea that Salesforce may have had its eye on this company as an acquisition target. In fact, at the time of the funding, Automattic CEO Matt Mullenweg told TechCrunch’s Romain Dillet that there could be some partnerships and integrations with Salesforce in the future.

Now we have a Salesforce CMS, and a potential partnership with one of the world’s largest web content management (WCM) tools, and it’s possible that the two aren’t necessarily mutually exclusive.

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was inadvertent, and that many of the credentials were already expired.

Based in Sunderland, VT. and founded in 1856, privately-held Orvis is the oldest mail-order retailer in the United States. The company has approximately 1,700 employees, 69 retail stores and 10 outlets in the US, and 18 retail stores in the UK.

In late October, this author received a tip from Wisconsin-based security firm Hold Security that a file containing a staggering number of internal usernames and passwords for Orvis had been posted to Pastebin.

Reached for comment about the source of the document, Orvis spokesperson Tucker Kimball said it was only available for a day before the company had it removed from Pastebin.

“The file contains old credentials, so many of the devices associated with the credentials are decommissioned and we took steps to address the remaining ones,” Kimball said. “We are leveraging our existing security tools to conduct an investigation to determine how this occurred.”

However, according to Hold Security founder Alex Holden, this enormous passwords file was actually posted to Pastebin on two separate occasions last month, the first being on Oct. 4, and the second Oct. 22. That finding was corroborated by 4iq.com, a company that aggregates information from leaked databases online.

Orvis did not respond to follow-up requests for comment via phone and email; the last two email messages sent by KrebsOnSecurity to Orvis were returned simply as “blocked.”

It’s not unusual for employees or contractors to post bits of sensitive data to public sites like Pastebin and Github, but the credentials file apparently published by someone working at or for Orvis is by far the most extreme example I’ve ever witnessed.

For instance, included in the Pastebin files from Orvis were plaintext usernames and passwords for just about every kind of online service or security product the company has used, including:

-Antivirus engines
-Data backup services
-Multiple firewall products
-Linux servers
-Cisco routers
-Netflow data
-Call recording services
-DNS controls
-Orvis wireless networks (public and private)
-Employee wireless phone services
-Oracle database servers
-Microsoft 365 services
-Microsoft Active Directory accounts and passwords
-Battery backup systems
-Security cameras
-Encryption certificates
-Mobile payment services
-Door and Alarm Codes
-FTP credentials
-Apple ID credentials
-Door controllers

By all accounts, this was a comprehensive goof: The Orvis credentials file even contained the combination to a locked safe in the company’ server room.

The only clue about the source of the Orvis password file is a notation at the top of the document that reads “VT Technical Services.”

Holden said this particular exposure also highlights the issue with third parties, as the issue most likely originated not from Orvis staff itself.

“This is a continuously growing trend of exposures created not by the victims but by those that they consider to be trusted partners,” Holden said.

It’s fairly remarkable that a company can spend millions on all the security technology under the sun and have all of it potentially undermined by one ill-advised post to Pastebin, but that is certainly the reality we live in today.

Long gone are the days when one could post something for a few hours to a public document hosting service and expect nobody to notice. Today there are a number of third-party services that regularly index and preserve such postings, regardless of how ephemeral those posts may be.

“Pastebin and other similar repositories are constantly being monitored and any data put out there will be preserved no matter how brief the posting is,” Holden said. “In the current threat landscape, we see data exposures nearly as often as we see data breaches. These exposures vary in scope and impact, and this particular one is as bad as they come without specific data exposures.”

If you’re responsible for securing your organization’s environment, it would be an excellent idea to create some tools for monitoring for your domains and brands at Pastebin, Github and other sites where employees sometimes publish sensitive corporate data, inadvertently or otherwise. There are many ways to do this; here’s one example.

Have you built such monitoring tools for your organization or employer? If so, please feel free to sound off about your approach in the comments below.

The Good, the Bad and the Ugly in Cybersecurity – Week 45

Image of The Good, The Bad & The Ugly in CyberSecurity

The Good

This week, Google announced The App Defense Alliance. The new venture is a joint effort coordinated along with ESET, Lookout and Zimperium.

The overall goal is to ensure ongoing ‘safety’ of the official Google Play store, primarily finding and removing malicious apps from the marketplace. Potentially harmful applications and mobile malware have been a constant issue given the open nature of the Android marketplace, official or otherwise. This alliance hopes to curtail that by screening apps prior to their going ‘live’ on the Play store. App Defense Alliance partners can request that specific apps be analyzed, with subsequent results sent back to the requestor enriched with scan data and any intelligence gleaned from the analysis. Process-wise, the Google Play detection systems will be fully integrated with each partner’s scanning technology, allowing for a robust and multifaceted view of the app’s potential risk. A secure communication channel between Google and partners is also key to this effort. This allows for critical and expert-level vetting of code, above and beyond what occurs now. Naturally, this also generates more useful data around what is ‘good’ and what is ‘bad’. In the longer-term, this would benefit the entire ecosystem and enhance intelligence and reputation data around malicious behaviors and actors, including repeat offenders in the mobile space.

image of app defense alliance

The Bad

This week brought another round of ransomware attacks, targeting a variety of critical entities. We had multiple attacks make the news across Spain (Everis, Cadena SER) as well as the Lincoln County School District in Mississippi. Initial reports of the attack emerged on Monday morning. According to a statement from Lincoln County School District superintendent Mickey Myers:

“The district computer systems have been encrypted by a ransomware virus. This cyber-attack has adversely affected multiple systems in our network. We are investigating the incident with numerous agencies and will provide more information as soon as possible”.

According to current reports, the attack affected multiple sites, specifically affecting all internet-based communications across the district and a majority of the telecom systems. The district was quick to coordinate with local authorities as well as the FBI. As of this writing, there has not been confirmation on which specific family of ransomware was used in this attack. That being said, all cautions and standard caveats apply…Be prepared. Have tested and proven Backup, BCP, and DRP strategies in place. Better still, deploy a trusted security solution that beats ransomware attacks. 

The Ugly

All organizations should be hyper-aware (by now) that malicious insider activity is one of any environment’s largest threats. This holds true in both accidental AND intentional malicious actions. Now imagine an intentional bad actor with access to all your company’s customer support data. That alone is a treasure. Sprinkle in the fact that said bad actor also works for a well-known security company and you have the ‘perfect storm’: all the ingredients required for a modern “tech support” scam, backed by accurate personal data that the scammers can use to their advantage.

trend micro

This week it was reported that a Trend Micro employee was siphoning customer support data and selling it to a “malicious third party”. That 3rd party was a phone-based technical support scam operation that used data from approximately 68,000 Trend Micro customers. The scammers used this data to ‘inform’ the process of calling victims and attempting to extract personal and financial data from them. Phone-based support scans are not new, but this is a fresh reminder than even if the voice on the other end of the phone sounds like they have accurate data and valid info on your purchase of a specific product or service, they may still be adversarial.

The incident reportedly surfaced in August of 2019, with Trend Micro reaching a conclusion on the insider threat in October. Trend Micro released a statement on their blog highlighting the most important way to protect yourself from these types of scams: “TREND MICRO DOES NOT CALL CONSUMERS UNSOLICITED”.

The same holds true for your bank, the government/IRS, and other entities that are often tied to these scams and social engineering attempts. You can never be too careful.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Microsoft Teams gets Yammer integration, secure private channels and more

You’re forgiven if you thought Yammer — Microsoft’s proto-Slack, not quite real-time chat application — was dead. It’s actually still alive (and well) — and still serves a purpose as a slower-moving social network-like channel for company and team-wide announcements. Today, Microsoft announced that, among other updates, it will offer a Yammer integration in Teams, its Slack competitor. Yammer in Teams will live in the left-hand sidebar.

With this, Microsoft’s two main enterprise communications platforms are finally growing together and will give users the option to use Teams for fast-moving chats and Yammer as their enterprise social network in the same way Facebook messenger and its news feed complement each other.

Screen Shot 2019 10 31 at 2.36.27 PM

Oh, and Yammer itself has been redesigned, too, using Microsoft’s Fluent Design System across all platforms. And Microsoft is also building it into Outlook, too, to let you respond to messages right from your inbox. This new Yammer will roll out as a private preview in December.

With this update, Teams is getting a number of other new features, too. These include secure private channels, multi-window chats and meetings, pinned channels and task integration with Microsoft To Do and Planner (because having one to-do app is never enough). Microsoft is also making a number of enhancements to Teams Rooms, with upcoming support for Cisco WebEx and Zoom meetings, the Teams Phone System, which is getting emergency calling, and the IT management features that help admins keep Teams secure.

A Teams client for Linux is also in the works and will be available in public preview later this year.

Alpaca nabs $6M for stocks API so anyone can build a Robinhood

Stock trading app Robinhood is valued at $7.6 billion, but it only operates in the U.S. Freshly funded fintech startup Alpaca does the dirty work so developers worldwide can launch their own competitors to that investing unicorn. Like the Stripe of stocks, Alpaca’s API handles the banking, security and regulatory complexity, allowing other startups to quickly build brokerage apps on top for free. It has already crossed $1 billion in transactions within a year of launch.

The potential to power the backend of a new generation of fintech apps has attracted a $6 million Series A round for Alpaca led by Spark Capital . Instead of charging developers, Alpaca earns its money through payment for order flow, interest on cash deposits and margin lending, much like Robinhood.

“I want to make sure that people even outside the U.S. have access” to a way of building wealth that’s historically only “available to rich people” Alpaca co-founder and CEO Yoshi Yokokawa tells me.

Alpaca co-founder and CEO Yoshi Yokokawa

Hailing from Japan, Yokokawa followed his friends into the investment banking industry, where he worked at Lehman Brothers until its collapse. After his grandmother got sick, he moved into day-trading for three years and realized “all the broker dealer business tools were pretty bad.” But when he heard of Robinhood in 2013 and saw it actually catering to users’ needs, he thought, “I need to be involved in this new transformation” of fintech.

Yokokawa ended up first building a business selling deep learning AI to banks and trading firms in the foreign exchange market. Watching clients struggle to quickly integrate new technology revealed the lack of available developer tools. By 2017, he was pivoting the business and applying for FINRA approval. Alpaca launched in late 2018, letting developers paste in code to let their users buy and sell securities.

Now international developers and small hedge funds are building atop the Alpaca API so they don’t have to reinvent the underlying infrastructure themselves right away. Alpaca works with clearing broker NTC, and then marks up margin trading while earning interest and payment for order flow. It also offers products like AlpacaForecast, with short-term predictions of stock prices, AlpacaRadar for detecting price swings and its MarketStore financial database server.

AlpacaForecast

The $6 million from Spark Capital, Social Leverage, Portag3, Fathom Capital and Zillionize adds to $5.8 million in previous funding from investors, including Y Combinator. The startup plans to spend the cash on hiring to handle partnerships with bigger businesses, supporting its developer community and ensuring compliance.

One major question is whether fintech businesses that start to grow atop Alpaca and drive its revenues will try to declare independence and later invest in their own technology stack. There’s the additional risk of a security breach that might scare away clients.

Alpaca’s top competitor, Interactive Brokers, offers trading APIs, but other services as well that distract it from fostering a robust developer community, Yokokawa tells me. Alpaca focuses on providing great documentation, open-source contribution and SDKs in different languages that make it more developer-friendly. It will also have to watch out for other fintech services startups like DriveWealth and well-funded Galileo.

There’s a big opportunity to capitalize on the race to integrate stock trading into other finance apps to drive stickiness because it’s a consistent, voluntary behavior rather than a chore or something only done a few times a year. Lender SoFi and point-of-sale system Square both recently became broker dealers as well, and Yokokawa predicts more and more apps will push into the space.

Why would we need so many stock trading apps? “Every single person is involved with money, so the market is huge. Instead of one-player takes all, there will be different players that can all do well,” Yokokawa tells me. “Like banks and investment banks co-exist, it will never be that Bank of America takes 80% of the pie. I think differentiation will be on customer acquisition, and operations management efficiency.”

The co-founder’s biggest concern is keeping up with all the new opportunities in financial services, from cash management and cryptocurrency that Robinhood already deals in, to security token offerings and fractional investing. Yokokawa says, “I need to make sure I’m on top of everything and that we’re executing with the right timing so we don’t lose.”

The CEO hopes that Alpaca will one day power broader access to the U.S. stock market back in Japan, noting that if a modern nation still lags behind in fintech, the rest of the world surely fares even worse. “I want to connect this asset class to as many people as possible on the earth.”

Here We GO: Crimeware & APT Journey From “RobbinHood” to APT28

The Zero2Hero malware course with Vitali Kremez. Watch now!

The Zero2Hero course continues with Vitali Kremez exploring Golang malware through a comparison of Robbinhood ransomware and Zebrocy loader samples.

image of crimeware

We continue to observe both crimeware and advanced persistent threat (APT) malware variants found in the wild and during active targeted campaigns that are compiled in more non-traditional languages including Golang (Go) and Delphi programming languages. 

The goal of this lesson is to investigate and obtain necessary malware analysis and valuable intelligence from two specific Golang compiled binaries that we increasingly see leveraged by various adversaries.

The compiled executables of both of these languages are to an extent a kind of “kryptonite” to malware analysts. Historically, malware analysis and reverse engineering practitioners have focused mainly on C compiled malware; therefore, the majority of custom and commercial malware analysis tools have aimed to assist with such C compiled binaries.

Golang executable malware introduces some challenges for the traditional anti-virus detection model, which has mainly focused on more traditional C-programmed malware. These kind of engines tend to have lower static detections for samples written in this language. As an additional benefit to attackers, Golang binaries are fast and efficient and have a high operational performance due to Golang’s concurrency features and garbage collection. 

Such features allow various malware operators to achieve the desired malware state of “fully undetectable” (FUD). On the general cybercrime underground, such FUD malware means the malware developer can market and sell their wares more effectively; as a result, they make more profit when they can demonstrate that their malware samples really are FUD.

image of undetectable

In addition, various nation-state APT actors have also began adopting the Golang programming language for their payloads. This has been seen, for example, with the Russian state-sponsored group known as APT28, Sofacy, Fancy Bear, STRONTIUM, Pawn Storm, and Sednit. Such changes in threat actor methodology necessitate that we examine the internals of the Golang binaries closely in order to derive both more malware analysis and greater intelligence value.

Introduction to Golang Journey

Initially developed at Google, Golang is an open source programming language with extensive community support. Golang might be thought of as analogous to a healthy mix of the high-programming ease-of-use Pythonic syntactic “sugar”, with a dose of lower-level C++ compiled features. The standout feature of this language is concurrency with its “goroutines.”

When analyzed, some of the quirks of the compiled Golang executables include more complicated control flow graph (CFG) calls as well as garbage collection.

The positive side for analysts is that Golang binaries include a plethora of metadata and compilation artifacts. These can often be used to derive additional intelligence about the possible source path.

Golang Binaries: From RobbinHood Ransomware to APT28 Zebrocy

For the purpose of reviewing Golang binaries, we will focus on two prominent Golang malware variants:

  1. Crimeware: RobbinHood Ransomware
  2. APT: APT28 Zebrocy loader

Both of these binaries were linked to the major outbreaks that made media headlines. RobbinHood ransomware is widely known for holding hostage the City of Greenville and more recently disrupting major local government operations in the City of Baltimore. The APT28 Zebrocy loader is a malware tool widely deployed by the purported Russian-based intelligence agencies in targeting various government and political entities to deliver another malware of choice as needed.

Golang Malware Executables Share Common Features

  1. The RobbinHood ransomware is a Golang executable consisting of 2.8 MB (2855424 bytes) with 2724 functions.
  2. The APT28 Zebrocy loader is a Golang executable consisting of 4.5 MB (4508672 bytes) with 5459 functions.

We are assessing the similarities and differences of the two using the popular Diaphora binary diffing IDA plugin tool and CFF Explorer.

The Diaphora plugin showed the following results between the two Golang binaries:

image from diaphora

  • Best Matches: 1158 functions
  • Partial Matches: 1091 functions
  • Unreliable Matches: 109 functions
  • Unmatched in APT28 Loader: 396 functions
  • Unmatched in RobbinHood Ransomware: 3077 

It demonstrates that the separate Golang binaries share at least some similarities and best matches by either the same function hash, bytes hash, equal assembly and others. 

Another similarity between the two Golang samples are the sections as follows:

image of sections 

  • .rdata
  • .text
  • .idata
  • .symtab 

Both of the Golang binaries share the exact same import table with three static Windows dynamically linked libraries (DLL):

  • winmm.dll
  • ws2_32.dll
  • kernel32.dll

image of imports

Main Functions of Golang Malware

Leveraging IDA Golang Helpers tool, we assess and parse the Golang binaries trying to rename them. Then, based on the version, we try to add standard Go types and parse types by module data.

We make various attempts to parse the Golang section called “gopclntab”, which contains a function table routinely starting with the { FF FF FF FB 00 00 } bytes and containing the size of the table and offsets to the location of the first function, through which we can resolve the names of the functions.

The code from the helper functions demonstrates the parsing of the “gopclntab” table for module data and function renaming as well as version find.

The relevant parser code is as follows: 

 def getGopcln(self):
    gopcln_addr = self.getVal("gopcln")
    if gopcln_addr is None:
      gopcln_addr = Gopclntab.findGoPcLn()
      self.setVal("gopcln", gopcln_addr)
    return gopcln_addr

  def findModuleData(self):
    gopcln_addr = self.getGopcln()
    fmd = Firstmoduledata.findFirstModuleData(gopcln_addr, self.bt_obj)
    self.setVal("firstModData", fmd)
    return

  def renameFunctions(self):
    gopcln_tab = self.getGopcln()
    Gopclntab.rename(gopcln_tab, self.bt_obj)


image of goloader

The possible output reveals the oftentimes necessary structure definition and type assignment as follows, for example: 

According to moduleData struct it should be go1.8 or go1.9 or go1.10

Creating structure string
Creating structure slice
Creating structure __iface
Creating structure type
Creating structure arrayType
Creating structure chanType
Creating structure ptrType
Creating structure sliceType
Creating structure uncommonType
Creating structure method__
Creating structure structField
Creating structure structType
Creating structure imethod
Creating structure interfaceType
Creating structure funcType
Creating structure mapType
539d60 53ad6c 4df000
Processing: 4e9d00
PTR


1. The RobbinHood ransomware contains, for example, 2754 functions with only 26 main functions that affect the malware operation beyond static linking. Notably, Golang executables often preserve the original function names as developed by the developer.

image of robin hood functions

The function names are descriptive of the ransomware encryption processes (for example, “main_RsaEncrypt”) and help navigate the malware analysis to locate the functions of interest. 

2. The APT28 Zebrocy loader contains, for example, 5459 functions with only 16 main functions that affect the malware operation beyond static linking. Again, we see that the Golang executable likewise preserves the original function names as developed by the developer.

image of zebrocy functions

One of the key interesting analysis insights is the APT28 Golang executable relies heavily on various Golang open source code templates from GitHub including iamacarpet/go_win64api (ProcessList, InstalledSoftwareList, ListLoggedInUsers,SessionDetails/FullUser), shirou_gopsutil (host_Info), and kbinani/screenshot (NumActiveDisplays, GetDisplayBounds, CaptureRect) for its processes as noted with the function parsed prefixes “github_com” and the source paths above. 

Golang Metadata Artifacts

1. The RobbinHood ransomware contained the original source “main.go” path data stored in “.rdata” section as follows:

image of main go robin hood

  • C:/Users/valery/go/src/oldboy/config.go
  • C:/Users/valery/go/src/oldboy/functions.go
  • C:/Users/valery/go/src/oldboy/main.go

2. The APT28 Zebrocy loader contained the original source “main.go” data stored in “.rdata” section as follows:

image of main go Zebrocy

C:/!Project/C1/ProjectC1Dec/main.go

Conclusion

The Golang programming language has become a language of choice and adoption for some of the most notable crimeware and APT groups. Being able to recognize the primary features of Golang executables is increasingly important for malware analysis and reverse engineering. Some of the key elements of malware analysis of Golang executables involve locating “main” functions within the binary that affect the flow of the program as well as understanding the importance of “gopclntab”.

Additionally, developing good RE habits through coding in Golang assists with gaining malware analysis. Programming in Golang allows the analyst to understand and identify patterns, types, and module data that would assist in future during Golang malware analysis and reverse engineering. 

Referenced Malware Samples

APT28 Zebrocy UPX Packed Sample
SHA-256: 93680d34d798a22c618c96dec724517829ec3aad71215213a2dcb1eb190ff9fa

RobbinHood Ransomware Sample
SHA-256: 3bc78141ff3f742c5e942993adfbef39c2127f9682a303b5e786ed7f9a8d184b  


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Cortana wants to be your personal executive assistant and read your emails to you, too

Only a few years ago, Microsoft hoped that Cortana could become a viable competitor to the Google Assistant, Alexa and Siri . Over time, as Cortana failed to make a dent in the marketplace (do you ever remember that Cortana is built into your Windows 10 machine?), the company’s ambitions shrunk a bit. Today, Microsoft wants Cortana to be your personal productivity assistant — and to be fair, given the overall Microsoft ecosystem, Cortana may be better suited to that than to tell you about the weather.

At its Ignite conference, Microsoft today announced a number of new features that help Cortana to become even more useful in your day-to-day work, all of which fit into the company’s overall vision of AI as a tool that is helpful and augments human intelligence.

Screen Shot 2019 10 31 at 3.25.48 PM

The first of these is a new feature in Outlook for iOS that uses Microsoft text-to-speech features to read your emails to you (using both a male and female voice). Cortana can also now help you schedule meetings and coordinate participants, something the company first demoed at previous conferences.

Starting next month, Cortana also will be able to send you a daily email that summarizes all of your meetings, and presents you with relevant documents and reminders to “follow up on commitments you’ve made in email.” This last part, especially, should be interesting, as it seems to go beyond the basic (and annoying) nudges to reply to emails in Google’s Gmail.

2019 11 01 0914

An early look at eFounders’ next batch of enterprise SaaS startups

European startup studio eFounders recently reached a portfolio valuation of $1 billion across 23 companies. And the company doesn’t want to stop there, as it is currently launching three new companies and products.

While software-as-a-service companies are trendy, eFounders has been exploring this space for a few years now. The company regularly comes up with ideas for new companies that improve the way we work.

In exchange for financial and human resources, eFounders keeps a significant stake in its startups. Ideally, startups raise a seed round and take off on their own after a year or two.

And here’s what eFounders has been working on.

Cycle

Cycle is a product management platform. And if you think about product management, it encompasses many things under one title, such as writing specs, planning a roadmap, assigning tasks and defining cycles or sprints.

Many startups use multiple tools for all those tasks. And sometimes, the tools they were using don’t scale well. Cycle will integrate with GitHub, Figma and Zendesk so that you can handle bugs, improvements and features more efficiently.

Finally, Cycle lets you generate product updates for your customers, create public roadmaps and collaborate with other people in your organization.

It has an Airtable vibe as you can create your own views and workflows depending on your needs. You can display data as a timeline, a to-do list, a kanban view, a normal list, etc.

Folk

Talking about Airtable, Folk is easy to describe. What if Salesforce and Airtable had a baby? It would look more or less like Folk.

Folk lets you manage your contacts more efficiently and collaborate with teammates. You can import your address book from iCloud, Gmail, Outlook, Excel and CSV files. You can then sort your contacts into groups, and add notes, reminders and tasks.

You also can create many views to go through your contacts. There’s a spreadsheet-like view, a kanban view, a calendar view and even a space view so you can create table layouts for an event.

It’s worth noting that eFounders CEO Thibaud Elziere is also going to be the CEO of Folk.

Once

Once is a new take on visual presentations. It lets you create stories using a drag-and-drop interface and generate a link to send your stories to your customers. Once supports everything you’d expect from an Instagram story, such as images, text, polls and sliders.

You also can embed tweets, YouTube videos or Google Maps addresses in your stories. The best part is that users don’t need to download an app or follow a brand on Instagram. It works in your mobile browser.

Salesforce announces new content management system

Salesforce has its fingers in a lot of parts of the customer experience, so why not content management? Today, the company announced a brand new tool called Salesforce Content Management System, which it says is designed from the ground up to deliver a quality customer experience across multiple channels.

The idea is to provide a way for customers to create, manage and deliver more meaningful content across multiple channels from within the Salesforce family of products. The company claims it doesn’t require any kind of deep technical knowledge to do it, meaning marketers and product people should be able to create and deliver content without the help of IT, once the system is properly set up.

Anna Rosenman, Salesforce’s VP of product marketing for Community Cloud, Commerce Cloud and Salesforce CMS, says the company created the new CMS to answer a customer demand. “Our customers have been asking for a dedicated CMS. The systems that they’ve been relying on so far tend to be legacy tools that are hard to use and built for a single-channel or site,” she said.

Photo: Salesforce

While users can create more personalized content based on what they know about the customer based on Salesforce data, Rosenman says the key differentiator here is the ability to connect to third-party systems. “A hybrid CMS provides a native experience channel or touchpoint, but also gives you the flexibility to present content to any touchpoint built on a third-party system,” she explained.

Tony Byrne, founder and principal analyst at Real Story Group, who has followed the Web CMS space for two decades, says this isn’t the first time that Salesforce has tried content management. The previous iteration was called Salesforce Sites. “They made big promises around that platform, got some major customers on board and then dropped it,” Byrne said.

He says it’s a major challenge to build a sophisticated multi-channel CMS. “It’s easy to build a simple CMS. It’s much harder to build an extensible, enterprise platform,” he said. He added, “There’s a lot of work they still need to do to feed other platforms around things like connectors, simulation, tracking, very advanced asset management (e.g., compound assets), object-oriented storage, etc.”

But Rosenman says the system’s built-in flexibility is designed to provide that, and even be used in conjunction with existing legacy tools if need be.

What’s interesting here is that Salesforce decided to build this tool, rather than buying a company and integrating it into the Salesforce family, an approach it has not been afraid to take in the past. In fact, the company pursues an aggressive acquisition strategy. This year alone it spent more than $15 billion to buy Tableau and another $1.35 billion to buy ClickSoftware.

In this case, in the tension between building and buying, it decided to build instead. Time will tell if that was a good decision or not.

How Microsoft is trying to become more innovative

Microsoft Research is a globally distributed playground for people interested in solving fundamental science problems.

These projects often focus on machine learning and artificial intelligence, and since Microsoft is on a mission to infuse all of its products with more AI smarts, it’s no surprise that it’s also seeking ways to integrate Microsoft Research’s innovations into the rest of the company.

Across the board, the company is trying to find ways to become more innovative, especially around its work in AI, and it’s putting processes in place to do so. Microsoft is unusually open about this process, too, and actually made it somewhat of a focus this week at Ignite, a yearly conference that typically focuses more on technical IT management topics.

At Ignite, Microsoft will for the first time present these projects externally at a dedicated keynote. That feels similar to what Google used to do with its ATAP group at its I/O events and is obviously meant to showcase the cutting-edge innovation that happens inside of Microsoft (outside of making Excel smarter).

To manage its AI innovation efforts, Microsoft created the Microsoft AI group led by VP Mitra Azizirad, who’s tasked with establishing thought leadership in this space internally and externally, and helping the company itself innovate faster (Microsoft’s AI for Good projects also fall under this group’s purview). I sat down with Azizirad to get a better idea of what her team is doing and how she approaches getting companies to innovate around AI and bring research projects out of the lab.

“We began to put together a narrative for the company of what it really means to be in an AI-driven world and what we look at from a differentiated perspective,” Azizirad said. “What we’ve done in this area is something that has resonated and landed well. And now we’re including AI, but we’re expanding beyond it to other paradigm shifts like human-machine interaction, future of computing and digital responsibility, as more than just a set of principles and practices but an area of innovation in and of itself.”

Currently, Microsoft is doing a very good job at talking and thinking about horizon one opportunities, as well as horizon three projects that are still years out, she said. “Horizon two, we need to get better at, and that’s what we’re doing.”

It’s worth stressing that Microsoft AI, which launched about two years ago, marks the first time there’s a business, marketing and product management team associated with Microsoft Research, so the team does get a lot of insights into upcoming technologies. Just in the last couple of years, Microsoft has published more than 6,000 research papers on AI, some of which clearly have a future in the company’s products.