How to root out shadow IT and maximize SaaS investments

Growing reliance on SaaS has opened the door to shadow IT: SaaS applications bought by individual employees without the knowledge or approval of their organization’s IT department.

While shadow IT can be an opportunity for innovation, if left unaddressed, it can lead to risks like duplicate subscriptions, wasted IT spend, a lack of compliance and greater risk of a data breach.

By leveraging SaaS management and taking some steps, businesses can more effectively manage shadow IT, gain a competitive edge, reduce unnecessary costs and empower a distributed workforce.

To avoid the negative consequences associated with shadow IT, you need to give IT teams visibility into your organization’s entire SaaS portfolio. Once IT has a line of sight into all applications in use and how they are used, they are positioned to optimize investments. Maximize your SaaS investments with these tips:

Implementing self-service SaaS at your organization is easier than you may think.

Discover all SaaS applications and spending

Some organizations take a spreadsheet-based approach to managing their SaaS applications. Others turn to web browser plugins, single sign-on tools and cloud access security brokers. But these discovery processes can be time-consuming and involve piecing together SaaS inventories from disparate sources, often resulting in records that are out of date before they’re even completed.

Even the most detailed, frequently updated spreadsheet is not always the most effective way to manage SaaS, especially when you consider that organizations manage over 650 SaaS applications on average, and they underestimate the number of SaaS applications within their ecosystem by two to three times. If you don’t know a SaaS application exists, how can you manage and budget for it?

To optimize your SaaS portfolio, you have to start with gaining complete visibility. Tools like SaaS management platforms with machine learning capabilities that detect SaaS purchases enable continuous discovery of software. These solutions can also integrate with your financial management systems to discover purchases.

It’s critical for this strategy to happen in real time so you have a picture of your tech ecosystem that’s always complete, accurate and up to date.

Optimize and rightsize licenses and features

Do you have as many active users as you accounted for or could you downgrade your plan? Perhaps an employee left, but their accounts were never deactivated. In practice, you may not need all the premium features or seats you’ve paid for, which means there could be opportunities to reduce your SaaS spend.

Zolve raises $40 million to help global citizens access financial services

Zolve, a neobanking startup that aims to help immigrants in the U.S. gain access to financial services, said on Wednesday it has raised $40 million in a new financing round as it begins to roll out its offerings.

Partners of DST Global led the Bangalore-headquartered startup’s Series A financing round. The round, which values the 10-month-old startup at $210 million and brings its all-time raise to $65 million, also saw participation from Tiger Global and Alkeon Capital and existing investors Lightspeed Venture Partners and Accel.

Tens of thousands of students and working professionals leave India for the U.S. each year to pursue higher education and for work. Even after spending months in a new country, they struggle to get a credit card from local banks, and end up paying a premium to access a range of other financial services.

Raghunandan G, a high-profile Indian entrepreneur who sold his previous startup to ride-hailing giant Ola, set out to solve this problem for Indians earlier this year.

Zolve rolled out its credit card to 2,000 customers (and amassed a waiting list that has surpassed 70,000) and immediately identified two insights, he said in an interview with TechCrunch.

Not only were the customers extensively using Zolve’s services, he said, but the startup had also organically attracted demands from individuals who had immigrated from other nations such as Australia, United Kingdom, Canada and Germany.

“Our basic value proposition is a credit card. Other than a credit card, you also get a local bank account and a debit card. We never expected our customers to deposit money to their bank accounts. And we thought even if someone deposits money, it would probably be a few hundred or thousand dollars. What we saw is that people are depositing tens of thousands of dollars and using this account as their primary bank account,” he said. “We are currently sitting on a deposit of $2 million.”

The logical result of this early traction is that Zolve now plans to expand its offerings to immigrants from several nations early next year, he said.

Zolve currently works with banks in the U.S. and India to provide consumers access to financial products seamlessly — without paying any premium or coughing up any security deposit. It underwrites the risks, which has enabled banks in foreign countries to extend their services to Zolve customers.

Working with banks in India has helped Zolve gain clarity on the individuals and do the underwriting. The startup now plans to replicate this model for customers from other nations.

Raghunandan said the startup was fortunate enough to identify and bring on-board the investors it wanted. He pointed out that many of the partners at DST Global are immigrants themselves and the three new investors have backed several startups that operate in similar spaces.

“Access to tailored and fair financial products has a direct and meaningful impact on people’s lives. We’re incredibly excited to have invested in Zolve, and to support Raghu’s vision of bringing world-class financial services products and experiences to immigrants in the US and other markets,” said Bejul Somaia, partner at Lightspeed, in a statement.

“The company’s rapid acceleration, especially around customer acquisition and usage, is a reflection of the team’s execution capability and significant unmet needs of Zolve’s target customer base. We’re excited for what the future holds and have high confidence in Zolve’s future success.”

Zolve also said it plans to aggressively expand its team. The startup’s headcount was just five earlier this year. It has since grown to 100, and now the startup is looking to hire 150 people across several roles.

Smart Eye’s latest acquisition points to consolidation among driver monitoring system suppliers

Smart Eye, a supplier of driver monitoring systems for automakers, has agreed to acquire human behavior software company iMotions for $46.6 million just five months after it snapped up emotion-detection software startup Affectiva.

Smart Eye, a publicly traded Swedish company, said Tuesday this is a cash-and-stock deal. Smart Eye will provide $23.2 million (200 million Swedish kroner) in shares and the remaining amount will be paid in cash. iMotions, which employs 63 people, will operate as a standalone company within the Smart Eye Group. The company’s structure and management team will remain in place, according to Smart Eye.

The acquisition is notable because it signals growing consolidation within the driver monitoring systems segment, a trend that Smart Eye CEO and founder Martin Krantz confirmed in comments to TechCrunch.

“We expect to see continued consolidation of DMS vendors due to increased demand for DMS and interior sensing, which is already ramping up amongst OEMs,” Krantz told TechCrunch in an email. “With regulatory requirements in Europe — that are sure to follow in other regions of the world — we believe that nearly all global OEMs will procure their first or second generation DMS during the next couple of years. By joining forces with Affectiva, and now with iMotions, we are perfectly positioned for this development.”

Attention on DMS has increased as automakers roll out so-called Level 2 advanced driver assistance systems. There are five levels of automation under standards created by SAE International. Level 2 means two primary functions — like adaptive cruise and lane keeping — are automated and still have a human driver in the loop at all times. Level 2 is not considered full self-driving. These are advanced driver assistance systems that require a human being to be engaged and ready to take over.

The DMS typically involves a camera that watches the driver to ensure they’re paying attention and not abusing or stretching the capabilities of the system. GM and Ford use DMS to allow for hands-free driving. For years, Tesla has not had a camera, or in the case of the Model 3 and Y, used it to monitor the attentiveness of drivers using its Autopilot system. Instead, Tesla has relied on a sensor to gauge whether the driver’s hands were on the wheel.

While Tesla now equips Model X and Model S vehicles produced in 2021 or later with a camera, the feature is currently only available for Model 3 and Y vehicles equipped with Tesla Vision. That has been a sore spot for safety advocates in the United States, who have called on Tesla to change the system design of Autopilot to ensure it not being misused.

Regulators in Europe have already weighed in on what vehicles must be equipped with, opening up an opportunity for Smart Eye and other competitors.

While Affectiva and iMotion are related, Smart Eye contends that they offer different and complementing capabilities that can be folded into its own AI-based eye-tracking technology. The two companies actually used to work together, according to Smart Eye.

Affectiva, which spun out of the MIT Media Lab in 2009, uses computer vision, speech analytics and software to study facial expressions and analyze human emotion and cognitive states. Meanwhile, iMotion developed a software layer that brings together data coming in from multiple sensors and provides analytics that can then be used to improve driver safety and the driving (or riding) experience.

Affectiva and iMotions’ tech could help its new parent company establish market share in “interior sensing,” in which software and hardware are combined to monitor the entire cabin of a vehicle and deliver services in response to the occupant’s emotional state.

Free Tool Helps Security Teams Measure Their API Attack Surface

APIs — application programming interfaces — are critical to the modern Internet, as they facilitate communications between applications such as data transfers. As developers increasingly rely on APIs to deliver new features across web, mobile, and cloud-native applications, threat actors are also taking advantage of their prevalence to breach organizations and extract data.

Enterprise security teams have the difficult task of managing and protecting these service-based application architectures. Security teams need to know when new APIs are added or existing APIs are modified, as well as what kind of client data is being exposed at every layer of the application stack.

“Gartner predicts that by 2022, application programming interface (API) attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications,” the research firm said in a recent webinar.

The API Attack Surface Calculator is a free self-assessment tool designed to help organizations measure their attack surface, according to Data Theorem, the company behind the service. The calculator asks seven questions and performs a first-level security analysis based on the supplied answers in less than five minutes.

Questions include asking if the organization has APIs for public web and mobile applications, what kind of APIs are in use (REST, GraphQL, etc), which public clouds and cloud services the organization uses, which web application framework the developers rely on, and which regulatory and compliance standards apply to the organization. Data Theorem’s Analyzer Engine takes the answers and generates ratings around potential API exposures across the multiple applications layers: client, data transport, and cloud.

The calculator doesn’t help with API discovery, but it gives security teams a starting point for understanding how their APIs contribute to the organization’s attack surface. A thorough understanding of the type of APIs in use would help security leaders build a modern API security program, Data Theorem says.

Read more here.

Lawmakers confront TikTok, Snapchat and YouTube about eating disorder content

Representatives from TikTok, Snapchat and YouTube testified before the Senate Subcommittee on Consumer Protection, Product Safety, and Data Security today to discuss how to protect kids online. This hearing follows Facebook whistleblower Frances Haugen‘s document leaks to the Wall Street Journal, which — among many things — exposed Facebook’s knowledge that Instagram is toxic for teenage girls. According to Facebook’s own research, thirty-two percent of teen girls said that when they felt bad about their bodies, Instagram made them feel worse.

But as the Senate tries to hold Facebook accountable for its influence on teen girls, lawmakers understand that this problem doesn’t begin and end with Mark Zuckerberg. Though the companies that testified today each have policies prohibiting content that promotes eating disorders, Senators cited evidence from constituents about teenagers on these platforms who have still suffered from illnesses like anorexia and bulimia.

“On YouTube, my office created an account as a teenager. We watched a few videos about extreme dieting and eating disorders. They were easy to find,” Senator Blumenthal (D-CT), the committee chair, said in his opening statement. He said that then, the account was fed related eating disorder content in its recommendations. “There’s no way out of this rabbit hole.”

Blumenthal’s staff also found troubling content on TikTok. The Wall Street Journal conducted an investigation like this into the platform, creating 31 bot accounts — registered as users — between the ages of 13 and 15. The publication reported that while content glorifying eating disorders is banned on TikTok, the accounts in its investigation were still served several such videos.

Senator Amy Klobuchar (D-MN) confronted Michael Beckerman, TikTok’s Head of Public Policy for the Americas, asking if TikTok has stopped promoting content that glorifies eating disorders, drugs, and violence to teens.

Beckerman noted that he doesn’t agree with the Wall Street Journal’s methodology for that experiment — the users were bots programmed to search for and linger on certain content — but affirmed that TikTok has made improvements to the way users can control the algorithm and see age-appropriate content on TikTok.

Beckerman said that content related to drugs violates community guidelines, and that 97% of content violating policies about minor safety is removed proactively. These numbers track with a recently released transparency report, outlining information about how content was removed on the platform between April and June 2021. Per the report, 97.6% of content violating minor safety policies were removed proactively before being reported by users, and 93.9% of those videos were removed at zero views. In the category of “suicide, self-harm and dangerous acts” — which is inclusive of content glorifying eating disorders — 94.2% were removed proactively, and 81.8% of videos had zero views.

Senator Klobuchar continued by asking Beckerman if TikTok has conducted any research about how the platform might push content promoting eating disorders to teens, and if Beckerman personally had asked for any internal studies on eating disorders before testifying. He said no to both questions, but reaffirmed that TikTok works with outside experts on these issues.

Senator Tammy Baldwin (D-WI) asked each company to outline the steps each company is taking to remove “content that promotes unhealthy body image and eating disorders and direct users to supportive resources instead.” In particular, Baldwin’s question was geared toward how these companies are focusing on these issues among younger users.

Beckerman reiterated that TikTok “aggressively” removes content that promotes eating disorders and works with outside organizations to support users who might need help. He may have been referring to TikTok’s recent expansion of its mental health resources. Right after Instagram was blasted for its harm to teen girls, TikTok rolled out a brief memo about the impact of eating disorders in its Safety Center, developed in collaboration with the National Eating Disorders Association (NEDA). NEDA has a long track record of collaborating with social media platforms and worked with Pinterest to prohibit ads promoting weight loss this year.

Beckerman added that TikTok doesn’t allow ads that target people based on weight loss. The app updated its policies in September 2020 to ban ads for fasting apps and weight loss supplements, and increase restrictions on ads that promote a negative body image. This update came soon after Rolling Stone reported that TikTok was advertising fasting apps to teenage girls. Still, TikTok allows weight management product ads for users above the age of 18.

Snapchat’s Vice President of Global Public Policy Jennifer Stout answered Klobuchar’s question by saying that content promoting eating disorders violates community guidelines. Snapchat directs users who search terms like “anorexia” or “eating disorder” to expert resources that might be able to help them.

Per Snap’s ad policies, diet and weight loss ads aren’t banned, but certain content in that realm is. Ads can’t promote weight loss supplements, contain exaggerated or unrealistic claims, or show “before and after” pictures related to weight loss.

Leslie Miller, YouTube’s Vice President of Government Affairs and Public Policy, also said that YouTube prohibits content glorifying eating disorders. YouTube’s ad policy says that it allows ads for weight loss as long as the imagery isn’t disturbing.

But TikTok and YouTube’s representatives both pointed out how some users can find solace on social media, for instance, in a video about how someone overcame an eating disorder. This content can be uplifting and help teens know that they’re not alone in what they’re experiencing.

Miller claimed that when users search for eating disorder content, its algorithms “raise up” content that might offer positive support to someone who is struggling with an eating disorder. She said more than 90% of content that violates guidelines is spotted through technology, but human moderators contribute as well.

Toward the end of the hearing, Senator Blumenthal circled back to the points he made in his opening statement — his office made fake TikTok accounts for teenage girls, and was quickly able to find content that is supposedly banned from the platform.

“How do you explain to parents why TikTok is inundating their kids with these kinds of videos of suicide, self-injury, and eating disorders?” Senator Blumenthal asked.

“I can’t speak to what the examples were from your staff, but I can assure you that’s not the normal experience that teens or people that use TikTok would get,” Beckerman said.

Though the representatives from TikTok, Snapchat and YouTube used their ad policy and content moderation guidelines as evidence that their companies are moving in the right direction, Senators still seemed hesitant about how cooperative the platforms would be in passing legislation to make social media safer for children.

As the hearing closed, Senator Blumenthal observed that he wouldn’t be taking the day’s testimony at face value. “The time for platitudes and bromides is over,” Blumenthal said.

Hands on: Should you buy the Nike or standard aluminum Apple Watch Series 7

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

If you’re pondering a new Apple Watch Series 7 purchase and are torn between the Nike and standard aluminum versions, check out this hands-on with a breakout of all the differences and our recommendation.

Here’s the important bit — there are no feature differences between the Nike and non-Nike models. You don’t get any additional sensors, one isn’t faster than the other, and neither comes with bonus accessories.

So what are the differences?

The differences in the two can be enough to decide which model you choose, but they aren’t transformative.

In the end, there are two reasons why you may want to buy the Nike model over the standard aluminum.

Buy the Nike version

All the Nike faces

There are five exclusive Nike faces

One reason is that the Nike version comes with exclusive watch faces that you don’t get on any other Apple Watch. There are now five exclusive faces that include Nike Analog Nike Compact, Nike Digital, Nike Hybrid, and the new Nike Bounce face. These faces are also available on previous Nike Apple Watch versions.

All Nike faces feature a Nike Swoosh somewhere on them which will act as a shortcut to the Nike Run Club app. These faces are sporty looking and can be appealing to many users.

Nike Bounce face

The new Nike Bounce face

The new Nike Bounce face is especially cool as it reacts to the movement of your wrist, the Digital Crown, or taps. Touch the time and it will bounce around your display.

The new Nike Sport Loop

The new Nike Sport Loop

Another pro for the Nike model is that it comes bundled with Nike watch bands. Many users love the perforated holes in the Nike Sport Band. They also tend to come in fun colors as well as black and gray.

If you want one of the Nike bands and don’t want to purchase it separately, you have to buy the Nike version of the Apple Watch.

Other minor and inconsequential differences includes special Nike packaging, a Nike logo on the back of the watch face, and a prompt during setup to pre-install the Nike Run Club app.

We recommend that almost anyone looking for an Apple Watch choose the Nike version because you get more value for your money with the additional watch faces.

Why you may not want the Nike version

That said, there are clear reasons why should not get the Nike version. Chiefly because the Nike version limits your options.

Aluminum Apple Watch Series 7 colors

Aluminum Apple Watch Series 7 colors

Nike is only available in Starlight or Midnight aluminum, so if you were hoping for (PRODUCT)Red, green, or blue aluminum, gold, silver, or graphite stainless steel, or either of the two titanium finishes you’ll be out of luck.

You also are limited in your band choices. If you already have a Nike band or just don’t love them, you don’t have another option. All of Apple’s bands work with the Nike model, but they cannot be bundled at the time of purchase; you’ll have to buy them separately on top of the Nike band that comes with the watch.

As Apple includes a portion of the band’s cost in the price of the Apple Watch, buying a new watch is often a good time to get one of Apple’s nicer band options. The Leather Link is one of our personal favorites. So if one of the other bands has caught your eye, you’ll need to look outside the Nike version.

It all comes down to what you’re looking for. If you planned on buying the Starlight or Midnight aluminum and don’t mind the Nike bands, you should get the Nike version. If you had your heart set on a different color or case material, your decision is already made.

Where to buy

The Apple Watch Series 7 is available for purchase from popular Apple resellers, with AT&T knocking $200 off at press time when you buy two Apple Watches.

16-inch MacBook Pro teardown reveals M1 Max, tweaked internals

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Teardowns of Apple’s new MacBook Pros have commenced, with one of the first showcasing the slightly tweaked internals of a 16-inch model with M1 Max chip.

Retired leaker L0vetodream received their 16-inch MacBook Pro in the mail on Tuesday and promptly began disassemble the laptop, sharing photos of the process in a Twitter thread along the way.

Entry into the 16-inch MacBook seems to be identical to other unibody models, with screws positioned around the perimeter of the rear lid offering easy access to the machine’s innards.

Removing the cover reveals a familiar internal component layout. Banks of batteries containing a total of six cells sit below the palm rests and trackpad, while a custom logic board resides beneath the keyboard and its “double anodized” black well.

The most apparent change is the logic board, which sports a massive central heat distribution plate for Apple’s M1 Max chip. A redesigned heat pipe arches down to pass directly over the center of the specialized Apple Silicon, wicking away heat for expulsion by redesigned fans that reportedly move 50% more air. Like past MacBook revisions, it appears that most of Apple’s fan engineering went into fin geometry and, perhaps, the motor, as both fan enclosures are nearly identical to parts used in the 2019 16-inch MacBook Pro.

Other items of interest include a relocated speaker system that is positioned closer to the user and extends the full length of the battery bank. Four force-cancelling woofers stacked in pairs take residence at the front corners of MacBook Pro, while tweeters are located toward the middle of the chassis.

MacBook Pro

Source: L0vetodream

L0vetodream goes further, extricating the logic board from its seat in the aluminum structure and prying off the heatsink to expose the large-die M1 Max. Thermal paste covers the system-on-chip and four modules of unified RAM.

Also on display are the vaunted HDMI port and SDXC card reader, both of which make a return to MacBook Pro after a five-year hiatus.

The preliminary teardown offers little commentary on Apple’s hardware and design, but at first glance the overall component arrangement appears to be largely in line with other modern MacBook models. Apple’s thicker chassis design likely enables better thermal performance and adds vertical space for peripheral connectivity options.

A more thorough deconstruction of both 14- and 16-inch MacBook Pro variants is expected from repair specialist iFixit.

North Korea's Lazarus Group Turns to Supply Chain Attacks

Recent activity by North Korea’s infamous Lazarus Group provides fresh evidence of the growing threat actor interest in using trusted IT supply chain vendors as entry points to enterprise networks.

Security researchers from Kaspersky recently discovered two separate campaigns where the Lazarus Group infiltrated the network of an IT company — likely as part of a broader strategy to compromise its downstream customers.

In one of the incidents, Lazarus Group gained access to a South Korean security software vendor’s network and abused the company’s software to deploy two remote access Trojans (RATs) called Blindingcan and Copperhedge on a South Korean think tank’s network. The US Cybersecurity & Infrastructure Security Agency (CISA) last year had issued separate alerts — one in August and the other in May — warning of the Lazarus Group using the two RATs to maintain a presence on compromised networks.

The second Lazarus supply chain attack recently observed by Kaspersky researchers involved an IT asset-monitoring product vendor based in Latvia. In this attack, the Lazarus Group once again deployed the Copperhedge backdoor on the technology provider’s network. 

“This was done in a careful multistage process using two layers of multiple [command and control] servers,” says Ariel Jungheit, senior security researcher at Kaspersky. The attack resulted in the threat actors loading and executing the Copperhedge malware in-memory only.

But Jungheit says Kaspersky has been unable to confirm if Lazarus managed to compromise the asset management technology vendor’s software products itself. Similarly, Kaspersky has not been able to determine if the Lazarus Group leveraged its access on the asset management software vendor’s network to compromise any further victims.

“We did not have visibility into how Lazarus compromised the South Korean security software company nor the asset monitoring technology provider in Latvia,” Jungheit says. “We take our findings at face value as an indicator of Lazarus’ interest in developing supply chain capabilities.”

The Lazarus Group — responsible for the WannaCry ransomware attack and numerous other malicious campaigns — is among a growing number of threat actors that have begun developing capabilities for exploiting vulnerabilities in the IT supply chain to target enterprises. 

Just this week, for instance, Microsoft warned about Nobelium — the threat actor behind the SolarWinds breach — targeting trusted cloud and IT service providers in a dangerous new campaign to gain a foothold on their customer networks. Microsoft described the threat actor as having attacked more than 140 service provides since May and breaching 14 of them. 

The group has been identified by the federal government as Russia’s SVR spy agency.

Growing Attacker Interest
Over the last quarter, Kaspersky observed at least two other threat actors — HoneyMyte and BountyGlad — adopting the same tack. HoneyMyte basically injected a backdoor into an installer package of a fingerprint scanner product that central government employees of a South Asian country are required to use to record attendance. 

Kurt Baumgartner, principal security researcher at Kaspersky, says that it is very likely the threat actor did not directly target a specific vendor in this attack. “Instead, the attackers compromised the distribution server for the software itself, which was not run by the vendor” to distribute the Trojanized installer, he says. 

In the case of BountyGlad, the attackers replaced the installer for a digital certificate management software client on the vendor’s distribution server with a malicious downloader. When executed on a victim system, the downloader executed the legitimate installer as well as additional malicious code, Baumgartner says.

History of Supply Chain Hacks
Supply chain attacks such as these are certainly not new. In 2019, a threat actor called Barium broke into an automated software updated system at hardware maker Asus and used the access to distribute malware to customers of Asus systems. The malware — distributed as part of an operation referred to as ShadowHammer — ended up being executed on over 400,000 systems. In 2017, attackers compromised a software build system at Avast and used the company’s CCleaner software to distribute malware.

While these attacks garnered considerable attention, it was the breach that SolarWinds disclosed last December that really focused attention on supply chain security as an issue of critical concern.

“If you consider the impact of supply chain attacks we’ve seen in recent years, it’s not hard to see why an APT threat actor might find it an attractive approach,” says David Emm, principal security researcher at Kaspersky. “Supply chain attacks constitute a breach in trust relationship between a supplier and companies downstream.” 

An attack that leverages a compromised supplier is effectively an insider attack, he says.

Emm says supply chain attacks are within the range of most threat actors because pulling off one involves the same modus operandi used in other attacks — including the use of social engineering or exploiting vulnerabilities in software. 

“The key difference, of course,” he adds, “is that the target company then becomes a stepping stone into their customers’ networks.”

Daily Crunch: Indian mobility startup Chalo buys office commute bus aggregator Shuttl

To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here.

Hello and welcome to Daily Crunch for October 26, 2021! Our one-day SaaS event — extravaganza? — kicks off tomorrow morning and I could not be more hype. In fact, I am taking a break from honing my questions list for our data-focused panel (DataRobot, Monte Carlo and AgentSync; it’s going to be a blast) to write this newsletter for you. See you there! — Alex

The TechCrunch Top 3

  • Sequoia rebuilds itself for the future of venture capital: With capital now a commodity and nearly every VC focused on offering services, standing out is hard in the venture game. As are the harsh realities of startups staying private longer and restrictions on how venture capitalists can invest. Sequoia thinks that it has the solution.
  • Jessica Rosenworcel to lead FCC: Rosenworcel will be the first woman to ever lead the U.S. Federal Communications Commission, which is at once good news and an indictment of my nation’s governmental diversity through the years. Also, Gigi Sohn, whom TechCrunch called an “FCC veteran and tireless policy advocate,” was nominated to the group. Sohn is well known for her work on net neutrality.
  • Inside the Sweetgreen IPO filing: Heavily VC-backed fast-casual food chain Sweetgreen is going public, so TechCrunch spent time mucking about in its numbers. Our takeaway is that the company has identified a notable portion of the economy where it can plug a need, but that it loses too much money.
  • By the time this newsletter reaches your inbox, Rent the Runway should have priced its IPO. Our initial notes concerning its business are here; more in the a.m.


We have a lot of startup news to chat about today, but first, TechCrunch dug into the American Midwest yet again this morning, this time asking CEOs and investors in the region what impact the fundraising boom and increasingly flat global talent and capital market are having on area startups.

  • Indian AgTech accelerates: Sure, it seems that every day another Indian startup raises a nine-figure round. But this time it’s DeHaat, which focuses on agriculture, catching my eye. Per TechCrunch, the company built “an online platform that offers full-stack agricultural services to farmers in India.” Given how many farmers its market includes, DeHaat should not lack for TAM.
  • Gusto buys RemoteTeam: U.S. HR and payroll-focused startup Gusto bought another company, it announced this morning. With an eye on supporting more international hiring, it picked up RemoteTeam. The increasingly global and distributed tech talent pool likely helped pull Gusto in this particular direction.
  • DealShare set to raise more capital: Returning to India, TechCrunch can report from several sources that “Tiger Global and Falcon Edge Capital are looking to double down on their bets on DealShare,” perhaps putting more than $225 million into the company at a unicorn valuation. DealShare exists in the social commerce space, in case you were wondering.
  • How often do we get to talk about startups from Connecticut? Not very often. But today was a nice exception with LogicBroker raising $135 million in a single go. The startup builds software for the shipping world (think e-commerce and drop-shipping) and now certainly has as much capital as it could have dreamed about at its fingertips. Good on the Nutmeg State.
  • Piiano raises $9M to help keep PII safe: Get it? PII-ano wants to help you keep PII, or personally identifying information, safe. The company likely competes with Skyflow, which raised a bunch of money just the other week. The market for data protection services is hot and potentially lucrative given that there is lots of data in the world, and that leaking it is bad. (Note that this is not Piano, the subscription media software startup.)
  • SoftBank backs Pipefy: Gone are the days when SoftBank would drop a flat trilly on a dog-walking startup or zero-gravity pinball maker. Instead, the Japanese telco, conglomerate and frenetic technology investor has put $75 million into a low-code workflow management startup. How very pedestrian!

And there was so much more. Fabric raised $200 million so that robots can help with e-commerce order fulfillment. Indian busing startup Chalo bought another bus-focused startup. Jay-Z’s venture capital firm just closed its second fund and Devo raised $250 million on the back of rising global cybersecurity spend.

To close us out, TechCrunch has a great story on what happens when you mix fiction, community, NFTs and copyright questions.

Bridging the gap: What CISOs must do to get the C-suite on their side

On a good day, most people forget the chief information security officer even exists. But if something should go wrong, everyone will demand answers.

Keeping a company’s security measures up to the mark while getting all stakeholders to implement safe security practices is a tall order, complicated by the fact that many CISOs aren’t inside the executive decision-making loop.

According to Sean McDermott, founder and CEO of RedMonocle, CISOs should meet executives where they are.

“You already know why cybersecurity investment is essential to your role. Now step into your leadership’s shoes to explain why it’s crucial to theirs,” he writes.

(TechCrunch+ is our membership program, which helps founders and startup teams get ahead. You can sign up here.)

Big Tech Inc.

TechCrunch Experts

dc experts

Image Credits: SEAN GLADWELL / Getty Images

TechCrunch wants you to recommend growth marketers who have expertise in SEO, social, content writing and more! If you’re a growth marketer, pass this survey along to your clients; we’d like to hear about why they loved working with you.

An all-electric Range Rover is coming in 2024

Land Rover plans to add an all-electric Range Rover to its lineup in 2024, the brand said Tuesday.

The announcement was made alongside its reveal of the 2022 Range Rover, the redesigned fifth generation of its luxury SUV that is loaded with tech, features an electrical architecture to support over-the-air software updates and sits on a new flexible architecture that will be the basis of the brand’s future models, including plug-in hybrid and electric variants.

Land Rover didn’t disclose many details about this upcoming EV. Although a close watcher of its parent company, Jaguar Land Rover might have seen this coming. JLR said back in 2017 that all new vehicles in both the Jaguar and Land Rover brands would offer an electric or hybrid option from 2020 on.

The 2022 Range Rover will be offered in a mild hybrid variant and a plug-in hybrid version of the new Range Rover is coming in 2023, according to Land Rover.

The extended-range plug-in hybrid set for 2023 will be outfitted with an inline six-cylinder engine with 48-volt mild hybrid technology, a 105kW electric motor and a 38.2kWh lithium-ion battery that has a usable capacity of 31.8kWh. This combo will provide up to 62 miles of pure EV range and have 434 horsepower.

Range Rover plug in hybrid electric SUV 2023

Image Credits: Land Rover

As for the 2022 Range Rover, the new SUV will be offered in an array of variants with standard and long wheelbase body designs, six- and eight-cylinder powertrains and seating options.

It all starts with the Range Rover P400 SE, a mild hybrid with a 3.0L turbocharged engine that produces 395 horsepower and 406 lb-ft of torque and has a base price of $104,000, not including taxes or the $1,350 destination fee. The 2022 Range Rover lineup tops out with the P530 First Edition, a long wheelbase body design with a 4.4L twin turbocharged V8 that produces 523hp and 553 lb-ft of torque and starts at $163,500 (again not including taxes and fees).

Other notable techy type highlights in the 2022 Range Rover includes a new electrical vehicle architecture, called internally EVA 2.0, that will allow the company to communicate wirelessly with more than 70 electronic modules, according to Land Rover. What this means is that Land Rover should be able to add features such as a new app or make improvements to existing functions on the vehicle’s infotainment system through a software update. That’s an important feature for any automaker hoping to keep up with these tech-centric times.

The 2022 Range Rover will come with Amazon Alexa as the integrated voice assistant that can provide news updates, access the driver’s calendar, control some vehicle functions as well as turn on lights at home and connect with other Alexa-enabled devices.

Apple CarPlay and Android Auto, the in-car platform that brings the look and functions of a smartphone to the vehicle’s central screen, will also be offered in the vehicle.