Amazon is bringing its Amazon One palm scanner to select Whole Foods as a payment option

Amazon is bringing its new biometric device, the Amazon One scanner, to Whole Foods store. The retail giant this past fall first introduced the Amazon One scanner, which allows shoppers to enter a store by having their palm scanned. The customer’s palm signature can be associated with their payment mechanism in a retail environment — like Amazon’s cashier-less Amazon Go stores, where customers shop then walk out without having to go through a traditional checkout process. Now at Whole Foods, the Amazon One scanner will be added as a payment option at checkout.

That means customers could choose to scan their palm over the reader to pay for their purchases, instead of paying with cash or a credit or debit card, for example. It will not replace other payment options, Amazon stressed.

Amazon says it’s initially adding the Amazon One palm scanner to the Whole Foods Market store at Madison Broadway in Seattle, but plans to roll it out to seven more Whole Foods Market stores in the greater Seattle area in the months to come. Seattle will likely serve as a test market for the new technology before Amazon chooses to roll it out more broadly.

Since its launch in September, Amazon One scanners have already been installed in several Amazon stores in the Seattle area, including Amazon Go, Amazon Go Grocery, Amazon Books, Amazon 4-star, and Amazon Pop Up. The retailer says “thousands” of customers have now enrolled their palm signatures.

With the Whole Foods launch, customers will be able to sign up for Amazon One at a kiosk or device in the participating Whole Foods stores, where they can choose to enroll one or both palms. The scanner uses computer vision technology to create the unique palm signature, which is associated with the payment card the customer inserts into the device.

Existing customers who had previously enrolled in Amazon One at a different location will have to re-insert their credit card one time in the Whole Foods store to continue to use the service in those stores, Amazon said.

In addition, customers will be able to link their Amazon One ID with their Amazon account in order to get their Prime membership discount to apply to their Whole Foods Market purchases via the Amazon One device in the future.

“At Whole Foods Market, we’re always looking for new and innovative ways to improve the shopping experience for our customers,” said Arun Rajan, senior vice president of technology and chief technology officer at Whole Foods Market, in a statement about the expansion. “Working closely with Amazon, we’ve brought benefits like Prime member discounts, online grocery delivery and pickup, and free returns to our customers, and we’re excited to add Amazon One as a payment option beginning today. We’re starting with an initial store at Madison Broadway in Seattle and look forward to hearing what customers think as we expand this option to additional stores over time,” he added.

The device, of course, comes with concerns given Amazon’s track record with biometric technology. The company has sold biometric facial recognition services to law enforcement in the U.S.; its facial recognition technology was the subject of a data privacy lawsuit; and its Ring camera company continues to work in partnership with police. It was also found to be keeping Alexa voice records indefinitely, with no option for customers to delete them. (Amazon later changed that — and, to be fair, Google and Apple were mishandling customer voice data, too.)

Just yesterday, Amazon announced tests of other retail and AR technology in a London area hair salon, which would involve cameras capturing customer images. The company said it wasn’t retaining “customer data,” but declined to answer a question about the non-personal data being collected at the salon.

In today’s announcement, Amazon notes that the Amazon One device is “protected by multiple security controls, and palm images are never stored on the Amazon One device.” It says the images are encrypted and sent to a secure area built for Amazon One in the cloud where Amazon creates the customers’ palm signatures. It also offers a way for customers to unenroll from Amazon One from either a device itself or from one.amazon.com, which also deletes their biometric data when all their transactions have completed.

Stix expands from at-home pregnancy and ovulation tests to UTI products with $3.5M seed

Companies like Ro and Hims have capitalized on the need for more seamless and discreet access to health and wellness products that are part of everyday life. For men.

Stix is looking to do the same for women, and has today announced the raise of a $3.5 million seed round. The financing was co-led by Resolute Ventures and SWAT equity partners, with participation from Entrepreneurs Roundtable Accelerator, Bullish, and a variety of strategic angels. This brings the total amount raised by the company to $5 million.

Stix launched in 2019 with a D2C pregnancy test that was easy to buy and use, and that eliminated some of their associated stigma. For example, some pregnancy tests show a smiley face when a woman tests positive, despite the fact that not all women taking a pregnancy test want to be pregnant.

The company then expanded to ovulation tests and prenatal supplements. Most recently, Stix has moved into UTI diagnostics tests, pain relief products, and preventative supplements. This last product category is particularly important. First of all, women are 30 times more likely to get a UTI than men, according to womenshealth.gov, and more than half of all women will have at least one UTI in their lifetime. It’s a huge market.

Secondly, and perhaps more importantly, there are few if any diagnostic products out on the market that women can buy over the counter. In other words, it’s taxing for a woman to diagnose a UTI (usually having to go see a doctor) despite the fact that UTIs are incredibly common.

The FDA-cleared UTI test makes it much easier for women to take action and get some answers from the comfort of their own home. Stix offers these products as a subscription and gives customers the option to choose how frequently they’d like them delivered.

Stix was cofounded by Cynthia Plotch and Jamie Norwood. The startup is looking to build a full suite of not only products, but educational resources and content to help guide women through these hyper common, but difficult, experiences.

Stix has eight people on the team, including the cofounders, three of whom are people of color. All are women.

The startup is not alone in the market. Modern Fertility, for example, is selling ovulation and pregnancy tests direct to consumer and has distribution through big box retailers like Wal-Mart.

Someone minted an NFT of the low-key photoshop we made to try to get people to vote for Equity in the Webbys

Our venture capital-focused podcast Equity made it to the finals of its category in the Webbys, a digital awards show for digital things. We were pretty stoked about it.

Natasha, in fact, was both excited and ready to go to battle with editing tools so that we could share an image of sorts in an attempt to garner more votes. We’d like to win, frankly.

Then Patrick Sutton who works at Avalanche, a finance-focused blockchain, minted an NFT of Natasha’s work, which she described as “too ugly to share.” 2021 is full of all sorts of surprises, it appears. So now, you can vote for Equity — please do, we will love you for eternity — or you can buy an NFT of our excellent photoshop work.

How it started:

How it’s going:

Equity drops every Monday at 7:00 a.m. PST, Wednesday, and Friday at 6:00 AM PST, so subscribe to us on Apple PodcastsOvercastSpotify and all the casts!

OneSoil raises $5 million for its farm monitoring tech

OneSoil, a company selling technology to help farmers monitor fields and increase yields, has raised $5 million from international investors Almaz Capital and PortfoLion.

The company’s tech integrates satellite imagery with mobile and desktop applications for farming analytics. These offerings include both remote crop monitoring, variable-rate seed and fertilizer applications that can reduce the time spent on field scouting and improve efficiency as it relates to inputs.

OneSoil already has more than 200,000 farmers and consultants using its service across over 180 countries just two and a half years after its launch.

The company claims that roughly 5% of the world’s total arable land (197 mln acres) is covered by OneSoil users, which include major ag companies like BASF and Krone.

The financing from Almaz and PortfoLion will be used to expand on its market position in the Americas and Europe, the company said.

“We aim to help farmers make informed decisions for their agricultural operations, reduce input waste, and increase their profits. To do that, we provide digital tools that combine real-time, global-scale satellite imagery processing for the best analytics and insights for our users,” says Slava Mazai, CEO at OneSoil, in a statement. “We aim to build the biggest digital platform for informed solutions and precision agriculture. To move faster down this path, we will hire tech and marketing professionals in Europe and the CIS, and we’re looking for consultants and business partners in the field of agronomy in North and South America”

 For Almaz investor, Pavel Bogdanov, it was the company’s impressive adoption rates among farmers that convinced the firm to invest in the OneSoil round. “[Farmers’] adoption of new tools has been slow due to the complexity of the products, cost, and a degree of risk aversion among farmers. At least, we thought adoption was slow before we met OneSoil. OneSoil is very popular with farmers; the growth in global usage was so impressive that we decided to invest in OneSoil to help them add even more valuable solutions for farmers”, said Bogdanov, in a statement.

'Fathom,' the Apple TV+ documentary film, will show at the Tribeca Film Festival in June

Director Drew Xanthopoulos’ film about whales, headed to Apple TV+ June 25, is in the competition at the Tribeca Film Festival earlier that month.

Apple announced on April 15 that it had acquired “Fathom,” the latest film for Apple TV+’s growing library of nature films. The film, directed by Drew Xanthopoulos, follows Dr. Ellen Garland and Dr. Michelle Fournet, a pair of scientists who research whales’ communications.

The company had said that “Fathom” was “premiering globally” on the service on June 25. But on April 20, it was announced that “Fathom” will be showing at this year’s Tribeca Film Festival, which is running from June 9 through 20. “Fathom” is part of the festival’s Documentary Competition.

This year’s Tribeca festival will use a hybrid format, which will include both in-person outdoor showings throughout New York City and a virtual component. The festival did not announce what day “Fathom” will screen, or whether or not it will show in person. It’s far from rare, especially in the era of virtual festivals, for a film to premiere at a film festival, and then arrive on a streaming service a matter of days later.

“Fathom” is the only Apple film listed among the Tribeca lineup, at least as of now. The very first Apple TV+ show or movie to screen publicly was the series premiere of Dickinson, which debuted at the Tribeca TV Festival in September of 2019.

Production companies associated with “Fathom” include Sandbox Films, Impact Partners, Walking upstream Pictures, Back Allie Entertainment and Hidden Candy. Executive producers are Andrea Meditch and Greg Boustead.

Attackers Heavily Targeting VPN Vulnerabilities

Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.

Attacks on virtual private networks, like those this week targeting a trio of known vulnerabilities in Pulse Secure appliances, have intensified in recent months along with the increase in remote and hybrid work environments since the outbreak of COVID-19.

The trend requires organizations to patch VPN and other externally facing devices with the highest priority, says a new report from Digital Shadows.

The report, based on an analysis of vulnerability activity in first quarter of 2021, highlights other threats as well, including increased targeting of remote code execution (RCE) vulnerabilities such as one affecting Oracle WebLogic (CVE-2020-14882) and widespread attacks targeting the ProxyLogon flaws in Microsoft Exchange Server.

“[VPNs] continue to be targeted by a plethora of threat groups, which will almost certainly continue for the remainder of 2021,” says Chris Morgan, senior cyber-threat intelligence analyst at Digital Shadows. “VPN devices, in addition to other remote access software, are often prioritized as a useful entry point that can provide threat groups with a stable foothold onto target networks.”

The threat intelligence firm’s analysis of vulnerability activity in the first quarter of this year shows cyber adversaries are actively targeting VPN vulnerabilities, more so than most other attack avenues, to break into enterprise networks. VPN accesses were among the top three access types listed for sale on cybercriminal forums last quarter, Digital Shadows says.

According to the firm, attackers targeted vulnerabilities in a range of VPN appliances, including one in the Fortinet FortiGate VPN (CVE-2018-13379) and an older, previously patched flaw in Pulse Connect Secure VPN (CVE-2019-11510). Both the Fortinet and Pulse VPN appliances were the subject of a joint advisory last week from the National Security Agency (NSA), FBI, and the Cyber Security & Infrastructure Security Agency (CISA). The advisory warned US organizations of Russia’s Foreign Intelligence Services (SVR) — the actor behind the SolarWinds attack — actively targeting the VPN flaws and flaws in three other products.

“Easily identifiable public-facing infrastructure will always garner significant attention from advanced actors,” Morgan says, pointing to the attacks that targeted Pulse Secure VPNs this week. The attacks — by multiple threat groups, including one believed to have links to the Chinese government — have affected several organizations within the US defense industrial base and other sectors. Researchers are currently tracking as many as 12 separate malware families targeting vulnerabilities in Pulse Secure VPNs. Patches have been available for some time for all three of the vulnerabilities in Pulse Secure VPNs that are being attacked.

Thousands of Attacks
Meanwhile, other significant threat activity that Digital Shadows observed last quarter included heavy targeting of RCE flaws and a barrage of attacks aimed at ProxyLogon, a set of four critical vulnerabilities in Exchange Server, which Microsoft disclosed in March.

“Tens of thousands of companies worldwide were impacted by exploiting and chaining of the four zero-day vulnerabilities,” Morgan says. “Our observation of this particular set of bugs includes a diverse set of threat groups, including both nation-state and cybercriminal actors.”

The sheer scope of the attack activity highlighted both the ease with which the now-patched vulnerabilities could be exploited and the multiple potential courses of action available to an attacker after successful exploitation, he says.

A major concern related to the attacks was the strategy by one hacking group to deploy malicious Web shells on compromised Exchange Server systems so they could maintain a persistent presence on them. Concerns over the Web shells on US systems were so high that a court authorized the FBI to remove the shells from systems on which they have been deployed, including those belonging to private companies.

“While active exploitation of the bugs will likely subside in the aftermath of companies updating their servers, there is a distinct possibility that advanced groups could have created other avenues of approach and entry points onto targeted networks,” Morgan warns. Last week, CISA updated its original guidance around the flaws, which suggests that Exchange Servers are still being compromised via these bugs even though a vast majority of vulnerable systems have been patched, he says.

Digital Shadows’ first-quarter threat analysis shows that RCE flaws were the most commonly exploited flaws, just as they were in the fourth quarter of 2020. Twenty-three percent of attacks involved RCE exploits in the first quarter. The most likely reason for attackers targeting this class of vulnerabilities, according to Digital Shadows, is that they enable a wide range of malicious activities.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Recommended Reading:

More Insights

Save up to $200 when purchasing a 5G iPad Pro with rare carrier subsidy

Customers can receive a rare carrier subsidy worth up to $200 when purchasing a 5G iPad Pro directly from Apple.

Apple introduced the 5G iPad Pros during its “Spring Loaded” event on Tuesday. Customers can view pricing configurations on the Apple Store app or website with pre-orders going live on April 30.

The 5G model upgrade costs $200 regardless of iPad Pro configuration but now customers can get some or all of that upgrade cost back depending on their carrier of choice. When selecting the cellular option during device configuration a message appears stating that T-mobile, Verizon, and AT&T all have special deals available.

Verizon offers a $200 Verizon gift card upon cellular activation. Customers must activate their iPad Pro within 30 days of purchase and navigate to the promotional application on the My Verizon website.

T-mobile/Sprint will give customers a $200 virtual gift card that can be used anywhere. Like with Verizon, customers must activate their iPad Pro within 30 days of purchase and fill out a promotional application on T-mobile’s website.

AT&T offers $150 in bill credits that will be applied to the cellular account. Customers must activate their iPad Pro within 14 days then act upon an email sent to their account address. Then, $5 credits will be applied to the AT&T account over 30 months.

Bloomberg first shared the promotion and commented on the unusual nature of the offer. Subsidies are normally given on cellular plans attached to phones, not tablets.

The 5G iPad Pro will begin shipping in mid-May after pre-orders go live on April 30. The new models have an M1 processor, and the 12.9-inch iPad Pro has a Liquid Retina XDR display for professional productivity on the go.

Stay on top of all Apple news right from your HomePod. Say, “Hey, Siri, play AppleInsider,” and you’ll get latest AppleInsider Podcast. Or ask your HomePod mini for “AppleInsider Daily” instead and you’ll hear a fast update direct from our news team. And, if you’re interested in Apple-centric home automation, say “Hey, Siri, play HomeKit Insider,” and you’ll be listening to our newest specialized podcast in moments.

Join ECL on Wednesday to pitch your startup to Fifth Wall’s Brendan Wallace and Hippo’s Assaf Wand

Have you ever dreamed about the opportunity to find yourself in, say, an elevator with an investor who is open to hearing your pitch? Well, then the next episode of Extra Crunch Live is for you.

If you’ve hung out with us on an ECL before, you know we start with a bit of top news, chat with our speakers about how to successfully fundraise and finish with the Pitch Deck Teardown, where we take a look at decks submitted by you, the audience members, and give live feedback.

On Wednesday, with the help of Fifth Wall’s Brendan Wallace and Hippo’s Assaf Wand, we’re going to shake things up a bit.

Folks who attend the live event will be able to virtually “raise their hand,” come on screen, and give a 60-second pitch of their startup. No demoes. No videos. No visual aids of any kind. It’s the ultimate elevator pitch, and it’ll be done before a live audience.

Wallace and Wand (that’s catchy, eh?) will give their feedback and ask questions at the end of every pitch.

The only way you can participate in the ECL Pitch-off is to show up. Luckily, the events are free to anyone. However, accessing any of this content on demand is reserved strictly for Extra Crunch members.

We’re super excited to introduce the pitch-off as a feature of ECL and hope you are too! See you on Wednesday!

Register here.

AppOmni raises $40M for tools to secure enterprise SaaS apps

Enterprises are adopting an ever-wider range of SaaS applications to work and interface with customers, and that is proving to be a major security concern: it’s not just the prospect of phishing, credential stuffing and other malicious tricks to get into systems that are a worry, but the fact that more applications mean more attack surfaces, and more integrations between apps mean more inadvertent holes that get exposed in the process.

And that is leading to surge of interest in security applications that can help. Today, a startup called AppOmni — which has built a platform to help monitor SaaS apps and their activity, provide guidance to warn or block when things might go wrong, and fix problems when they do occur — is announcing some funding to fuel its growth.

The startup has raised $40 million in a Series B round led by Scale Venture Partners, with Salesforce Ventures and ServiceNow Ventures, as well as previous backers ClearSky, Costanoa Ventures, Inner Loop Capital and Silicon Valley Data Capital also participating.

The funding is coming on the back of a huge year for AppOmni. The company grew 900%, co-founder and CEO Brendan O’Connor told TechCrunch, and it has managed to stay at 100% customer retention — that is, AppOmni has yet to lose a single customer since it was founded.

The company today integrates with over 100 connectors, platforms used by developers and IT teams at companies to manage the apps that their businesses use, tools Splunk and Sumo Logic. Through this, AppOmni is able to aggregate and normalize event data around those apps, in addition to deeper monitoring in cases where it can integrate with apps themselves (those integrations to date include some of the most popular apps that enterprises use today, including Salesforce and Slack, Zoom, Microsoft 365, Box and Github).

As O’Connor describes it, the sheer number of apps that enterprise teams use and adopt has made managing security around them very complex. Partly because of how SaaS is set up for usage by as many people in and outside the organization as possible (to make the apps more useful), AppOmni estimates that some 95% of enterprises “overprovision” permissions for external users.

On top of that, some of the biggest problems occur indirectly, specifically when applications are linked up together, creating a flow of sensitive data. AppOmni says that some 55% of companies have sensitive data living in SaaS systems that has been inadvertently exposed to the anonymous internet, sitting there completely unguarded, in this way. (See Zack’s story here for a recent example of how this can play out.)

This is an issue, he said, that is unique to SaaS, which he describes different architecturally to any software that companies might have used in the past. “There is no operating system, no network that is exposed to customers,” he said.

The idea is that AppOmni provides a dashboard to make that monitoring much less murky. “One of our customers described using AppOmni as being akin to turning a light on in a dark room,” O’Connor said.

O’Connor and his co-founder, Brian Soby (the CTO), have first-hand knowledge of the challenges of securing SaaS applications: both spent years at Salesforce — with O’Connor the company’s SVP and “chief trust officer”, a role he left to join ServiceNow as its security CTO, before leaving there to co-found AppOmni with Soby.

It’s partly that track record, along with AppOmni’s own track record, that has given the startup the attention that it has from investors. Interestingly, Scale came to know AppOmni not over a coffee or a pitch deck, but as one of those satisfied customers, which eventually led the VC to offer to invest.

“Scale Venture Partners became an AppOmni customer in 2020. We know firsthand how powerful and differentiated the AppOmni product when it comes to protecting our sensitive SaaS data, and we’re excited to now be both a customer and an investor,” said Ariel Tseitlin, a partner at Scale Venture Partners, in a statement. “AppOmni’s 9x growth last year, driven by the acquisition of customers across a wide range of industries, proves that AppOmni is the market leader in the increasingly important SaaS Security Management market. We expect the momentum to continue in 2021 and beyond as companies accelerate their shift to cloud applications to support their larger remote workforces.”

The company has raised $53 million to date, and it is not disclosing valuation.

Authzed scores $3.9M seed to build permissions API service

Authzed, an early stage startup that wants to make it easier for developers to build permissions in their applications, announced a $3.9 million seed round today. The investment was led by Work-Bench with participation from Y Combinator and Amplify Partners.

CEO and co-founder Jake Moshenko says the service is an API that is designed to help developers quickly add permissions to an application. “Authzed is a platform to store, compute and validate application permissions. So based on our experience at Google and Red Hat and Amazon, we think that this is the proper way that companies should be doing application permissions,” Moshenko told me.

The way the service works is by helping to define groups of users, and based on the membership of a given group, defining what data they can see and what functions they have permissions to access. While it may rely on Active Directory or LDAP as the basis of permissions groups, he says that it simplifies the actual permissions implementation.

“So, by itself Active Directory doesn’t actually fully solve the problem. You still have to bind to that group membership to a set of permissions that it implies. With our system, you can actually unify the way that you talk about both the permissions and group members,” Moshenko said.

The company has built out the framework for the service, But Moshenko says the links to Active Directory and other directory services are on the road map. For now, they have been working with design partners to get the basics of the product down, and today the company is opening the service for any developer who wants to use it.

For starters, it will be free, but over time he expects they will have pricing tiers. He likens his service to other API companies like Twilio for communications or Stripe for payments and expects the cost will be low when an application is just starting out and then go up over time as it gets more popular and needs to check the permissions more regularly.

It’s early days for the company and other than the three co-founders, they have just one employee. The plan is to hire additional engineers using the money from this round, while trying to build traction in the developer community for the product. He says that the number of new employees they add this year will really depend on how well the product is doing in the market.

The founders previously founded Quay, a private registry for Docker containers, which they sold to CoreOS in 2014. Red Hat bought CoreOs in January 2018 for $250 million. IBM then bought Red Hat for $34 billion later in the year.