Apple patches annoying security bugs, HBO Max suddenly removes content, and a16z supports Neumann’s next thing – businesskinda.com

Hello Hello! We’re back with another issue of Week in Review, the newsletter where we quickly summarize businesskinda.com’s top stories from the past seven days. Want it in your inbox? Register here.

other things

a16z backs WeWork founder’s new thing: When a company implodes so hard that it inspires a miniseries, would anyone support the founders again? It doesn’t seem to have discouraged a16z, which recently stuffed its biggest-ever check into WeWork founder Adam Neumann’s next thing.

Black Girls Code founder fired by board“Kimberly Bryant is officially out of Black Girls Code, eight months after being indefinitely suspended from the organization that founded them,” write Natasha Mascarenhas and Dominic-Madori Davis. Bryant has filed a lawsuit over the termination for “wrongful suspension and conflict of interest.”

Google shuts down IoT Core: Google’s IoT Core is a service intended to help device manufacturers build internet-enabled gadgets that connect to Google Cloud. This week, Google announced they were discontinuing it, giving those device makers a year to come up with another solution.

Apple’s Big Security Bug: Time to update your Apple devices! This week, the company released critical patches that fix two (!) security vulnerabilities that attackers already seem to be actively exploiting. The bugs relate to Safari’s WebKit engine and could allow an attacker to essentially have full access to your device – so go update.

Remove HBO Max titles: HBO Max is merging with Discovery+, and for some reason that means a ton of titles are getting underway — and soon. I wanted to tell everyone to work their way through the incredible “Summer Camp Island” series before it’s gone, but apparently it’s already deleted. Find the full list of missing/soon to be released titles here.

TC fights stalkerware: In February, businesskinda.com’s Zack Whittaker opened the curtain on a network of “stalkerware” apps designed to silently gobble up a victim’s private text messages, photos, browsing history, etc. This week, Zack launched a tool designed to help people determine if their Android phone — and therefore their private data — was being affected. We hear more from Zack about this new tool below.

An illustration of a blue lit phone with a location pointer on it, against a background of red and blue moving eyes.

Image Credits: Bryce Durbin / businesskinda.com

audio stuff

How’s the world of businesskinda.com podcasts doing? This week the Equity crew talked about why we should “officially stop comparing Adam Neumann and Elizabeth Holmes,” and Burnsy spoke to Ethena co-founder Roxanne Petraeus and Homebrew’s Hunter Walk about how to “sell the vision, not the company,” on businesskinda.com Live.

extra stuff

What’s behind the TC+ paywall? Really great stuff! Here’s a sneak peek:

How does venture capital work?: It seems like a fundamental question, but it’s one we get… quite a lot. Haje, with his rare overlapping perspective as a reporter AND pitch coach AND former director at a VC fund, it all breaks down as only he can.

Are you planning to use your seed capital as collateral? Good luck: After years of working, you managed to build a ton of equity in the private company you helped build. Can you actually use it as collateral for something? Max Brenner from Compound walks us through the challenges.

Writer Spotlight: Zack Whittaker

Image Credits: Veanne Cao

This week we’re experimenting with a new section where we quickly catch up with a businesskinda.com writer to hear about them and what’s on their minds this week. First? The unbelievable, inimitable Zack Whittaker.

Who is Zack Whittaker? What do you do at businesskinda.com?

Hi, I’m the security editor here, aka businesskinda.com’s Bearer of Bad News, and I oversee the security desk. We discover and report on the big cybersecurity news of the day – hacks, data breaches, nation-state attacks, surveillance and national security – and how it affects you and the wider tech scene.

If you could snap your fingers and tell everyone in the world one thing about your beat, what would it be?

Think of cybersecurity as an investment for something you hope will never happen, such as a breach of your personal data. Better to get ahead of it now. Today it’s easier than ever – and it’s never too late to get started. Invest a small amount of time in three easy steps that make it that much harder for hackers to break into your accounts or steal your data: use a password manager, set up two-step verification everywhere, and keep your apps and devices up to date – to date.

Tell me about this anti-stalkerware tool you launched this week

In February, businesskinda.com revealed that a network of nearly identical “stalkerware” apps share the same common security bug, which spreads the private phone data of hundreds of thousands of Android device owners around the world. Placed by someone with access to your phone, these malicious apps are designed to stay hidden but silently steal a victim’s phone data such as messages, photos, call logs, location, and more. Months later, we got a leaked list of every single device compromised by these apps. The data doesn’t contain enough information to identify or notify victims, so we developed this lookup tool so anyone can check if their device has been hacked – and how to remove the spyware, if it’s safe.

Ugh. Okay. So someone grabs your phone, installs one of these sketchy apps while you’re not paying attention, the app rips your private data for the installer to poke around… meanwhile, the app leaks a bunch of data to anyone who knows where to look. Does it look like the people behind the stalkerware apps are planning to quit?

Not at all. The Vietnam-based group of developers behind the stalkerware network did everything they could to keep their identities hidden (but not well enough). The number of compromised devices grew daily, but without expecting a fix, we published our research to alert victims to the dangers of this spyware. No one in civil society should be subjected to this type of invasive surveillance without their knowledge or consent.

Besides this tool (which is excellent!), what’s your favorite post you’ve written or done with TC?

In the four years I’ve been here? That is heavy! One that I often think about is the inside story of how two British security researchers in their early twenties helped save the internet from the rapidly spreading WannaCry ransomware malware in 2017, which spread around the world and destroyed computers in NHS hospitals locked. shipping giants and transportation hubs, causing billions of dollars of damage. But when one of them found and registered a certain domain name in the malware code, the attack stopped in its tracks. They found the malware’s “kill switch,” turning them into “accidental” heroes overnight. But the only thing stopping another WannaCry outbreak was holding the kill switch domain in their hands, despite attempts by bad actors to force it offline by flooding it with internet traffic. ‘Being responsible for this thing that keeps the NHS afloat? Damned terrifying,” one of the researchers told me at the time.