Apple patches nasty security bugs, HBO Max suddenly removes content, and a16z backs Neumann’s next thing

2 years ago 163

Hello hello! We’re back with another edition of Week in Review, the newsletter where we quickly recap the top stories to hit TechCrunch across the last seven days. Want it in your inbox? Sign up here. 

other stuff

a16z backs WeWork founder’s new thing: When a company implodes hard enough that it inspires a miniseries, would anyone back the founders again? It doesn’t seem to have dissuaded a16z, who recently put its biggest check ever into WeWork founder Adam Neumann’s next thing.

Black Girls Code founder fired by board: “Kimberly Bryant is officially out from Black Girls Code, eight months after being indefinitely suspended from the organization that she founded,” write Natasha Mascarenhas and Dominic-Madori Davis. Bryant has filed a lawsuit in response to the termination, alleging “wrongful suspension and conflict of interest.”

Google shutters IoT Core: Google’s IoT Core is a service meant to help device makers build internet-connected gadgets that connect to Google Cloud. This week, Google announced that they’re shutting it down, giving those device makers a year to figure out another solution.

Apple’s big security bug: Time to update your Apple devices! This week the company shipped critical patches that fix two (!) security issues that attackers seem to already be actively exploiting. The bugs involve Safari’s WebKit engine and can lead to an attacker having, essentially, full access to your device — so, really, go update.

HBO Max removing titles: HBO Max is merging with Discovery+, and for some reason this means a bunch of titles are getting the boot — and fast. I was going to tell everyone to go speed-binge their way through the incredible “Summer Camp Island” series before it’s gone, but apparently it already got removed. Find the full list of gone/soon-to-be-gone titles here.

TC battles stalkerware: Back in February, TechCrunch’s Zack Whittaker pulled back the curtain on a network of “stalkerware” apps that were meant to quietly gobble up a victim’s private text messages, photos, browsing history, etc. This week Zack launched a tool meant to help people determine if their Android phone — and thus, their private data — was impacted. We’ll hear more from Zack about this new tool below.

An illustration of a blue-lit phone with a location pointer over it, on a background of red and blue moving eyes.

Image Credits: Bryce Durbin / TechCrunch

audio stuff

What’s up in the world of TechCrunch podcasts? This week the Equity crew talked about why we need to “officially stop comparing Adam Neumann and Elizabeth Holmes,” and Burnsy talked with Ethena co-founder Roxanne Petraeus and Homebrew’s Hunter Walk about how to “sell the vision, not the business,” on TechCrunch Live.

additional stuff

What lies behind the TC+ paywall? Some really great stuff! Here’s a taste:

How does venture capital work?: It seems like a basic question, but it’s one we get…quite a lot. Haje, with his rare overlapping perspective as a reporter AND pitch coach AND former director at a VC fund, breaks it all down as only he can.

Planning to use your startup equity as collateral? Good luck: After years of work, you’ve managed to build up a ton of equity in the private company you’ve helped to build. Can you actually use it as collateral for anything? Compound’s Max Brenner walks us through the challenges.

writer spotlight: Zack Whittaker

Image Credits: Veanne Cao

This week we’re experimenting with a new section where we quickly catch up with one TechCrunch writer to hear a bit about them and the thing that’s on their mind this week. First up? The incredible, inimitable Zack Whittaker.

Who is Zack Whittaker? What do you do at TechCrunch?

Hi, I’m the security editor here, a.k.a. TechCrunch’s Bearer of Bad News, and I oversee the security desk. We uncover and report the big cybersecurity news of the day — hacks, data breaches, nation-state attacks, surveillance, and national security — and how it affects you, and the wider tech scene.

If you could snap your fingers and tell everyone in the world one thing about your beat, what would it be?

Think of cybersecurity as an investment for something you hope never happens, like a breach of your personal data. It’s better to get ahead of it now. Nowadays it’s easier than it’s ever been — and it’s never too late to start. Invest a small amount of time on three simple steps that make it so much tougher for hackers to break into your accounts or steal your data: Use a password manager, set up two-factor authentication everywhere you can, and keep your apps and devices up-to-date.

Tell me about this anti-stalkerware tool you launched this week

Back in February, TechCrunch revealed that a network of near-identical “stalkerware” apps share the same common security bug, which is spilling the private phone data of hundreds of thousands of Android device owners around the world. These malicious apps are planted by someone with access to your phone and designed to stay hidden, but silently steal a victim’s phone data, like messages, photos, call logs, location and more. Months later, we obtained a leaked list of every single device that was compromised by these apps. The data didn’t have enough information for us to identify or notify victims, so we built this lookup tool to allow anyone to check if their device was compromised — and how to remove the spyware, if it’s safe to do so.

Ugh. Okay. So someone grabs your phone, installs one of these sketchy apps while you’re not paying attention, the app rips your private data for the installer to snoop around… meanwhile, the app is leaking a bunch of data to anyone who knows where to look. Does it seem like the folks behind the stalkerware apps have any intention of stopping?

Not at all. The Vietnam-based group of developers behind the stalkerware network went to great lengths to keep their identities hidden (but not well enough). The number of compromised devices was growing daily, but with no expectation of a fix, we published our investigation to help alert victims to the dangers of this spyware. Nobody in civil society should be subject to this kind of invasive surveillance without their knowledge or consent.

Besides this tool (which is excellent!), what’s your favorite post you’ve written or thing you’ve done with TC?

In the four years I’ve been here? That’s tough! One I still think about often is the inside story of how two British security researchers in their early-20s helped to save the internet from the fast-spreading WannaCry ransomware malware in 2017, which spread around the world, locking up computers in NHS hospitals, shipping giants, and transport hubs, causing billions of dollars in damage. But when one of them found and registered a certain domain name in the malware’s code, the attack stopped dead in its tracks. They found the malware’s kill switch, making them overnight “accidental” heroes. But the only thing holding back another WannaCry outbreak was keeping the kill switch domain in their hands alive, despite efforts by bad actors to force it offline by overwhelming it with internet traffic. “Being responsible for this thing that’s propping up the NHS? Fucking terrifying,” one of the researchers told me at the time.

Read Entire Article