US government urges Sisense customers to reset credentials after hack | TechCrunch

US government urges Sisense customers to reset credentials after hack | TechCrunch

U.S. cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.

In a brief statement on Thursday , CISA said it was responding to a “recent compromise” at Sisense, which provides business intelligence and data analytics to companies around the world.

CISA urged Sisense customers to “reset credentials and secrets potentially exposed to, or used to access, Sisense services,” and report to the agency any suspicious activity involving the use of compromised credentials.

The exact nature of the cybersecurity incident is not clear yet.

Founded in 2004, Sisense develops business intelligence and data analytics software for big companies, including telcos, airlines and tech giants. Sisense’s technology allows organizations to collect, analyze and visualize large amounts of their corporate data by tapping directly into their existing technologies and cloud systems.

Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis. With access to these credentials, an attacker could potentially also access a customer’s data.

CISA said it is “taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations.”

Sisense counts Air Canada, PagerDuty, Philips Healthcare, Skullcandy and Verizon as its customers, as well as thousands of other organizations globally.

News of the incident first emerged on Wednesday after cybersecurity journalist Brian Krebs published a note sent by Sisense Chief Information Security Officer Sangram Dash urging customers to “rotate any credentials that you use within your Sisense application.”

Neither Dash nor a spokesperson for Sisense responded to an email seeking comment.

Israeli media reported in January that Sisense had laid off about half of its employees since 2022. It is unclear if the layoffs impacted the company’s security posture. Sisense has taken in close to $300 million in funding from investors, which include Insight Partners, Bessemer Ventures Partners and Battery Ventures.

Do you know more about the Sisense breach? To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email . You can also send files and documents via  SecureDrop .

US government urges Sisense customers to reset credentials after hack | TechCrunch

Meta will auto-blur nudity in Instagram DMs in latest teen safety step | TechCrunch

Meta will auto-blur nudity in Instagram DMs in latest teen safety step | TechCrunch

Meta said on Thursday that it is testing new features on Instagram intended to help safeguard young people from unwanted nudity or sextortion scams. This includes a feature called “Nudity Protection in DMs,” which automatically blurs images detected as containing nudity.

The tech giant said it will also nudge teens to protect themselves by serving a warning encouraging them to think twice about sharing intimate images. Meta hopes this will boost protection against scammers who may send nude images to trick people into sending their own images in return.

The company said it is also implementing changes that will make it more difficult for potential scammers and criminals to find and interact with teens. Meta said it is developing new technology to identify accounts that are “potentially” involved in sextortion scams, and will apply limits on how these suspect accounts can interact with other users.

In another step announced on Thursday, Meta said it has increased the data it is sharing with the cross-platform online child safety program, Lantern , to include more “sextortion-specific signals.”

The social networking giant has had long-standing policies that ban people from sending unwanted nudes or seeking to coerce others into sharing intimate images. However, that doesn’t stop these problems from occurring and causing misery for scores of teens and young people — sometimes with extremely tragic results .

We’ve rounded up the latest crop of changes in more detail below.

Nudity Protection in DMs aims to protect teen users of Instagram from cyberflashing by putting nude images behind a safety screen. Users will be able to choose whether or not to view such images.

“We’ll also show them a message encouraging them not to feel pressure to respond, with an option to block the sender and report the chat,” said Meta.

The nudity safety screen will be turned on by default for users under 18 globally. Older users will see a notification encouraging them to turn the feature on.

“When nudity protection is turned on, people sending images containing nudity will see a message reminding them to be cautious when sending sensitive photos, and that they can unsend these photos if they’ve changed their mind,” the company added.

Anyone trying to forward a nude image will see the same warning encouraging them to reconsider.

The feature is powered by on-device machine learning, so Meta said it will work within end-to-end encrypted chats because the image analysis is carried out on the user’s own device.

The nudity filter has been in development for nearly two years .

In another safeguarding measure, Instagram users who send or receive nudes will be directed to safety tips (with information about the potential risks involved), which, according to Meta, have been developed with guidance from experts.

“These tips include reminders that people may screenshot or forward images without your knowledge, that your relationship to the person may change in the future, and that you should review profiles carefully in case they’re not who they say they are,” the company wrote in a statement. “They also link to a range of resources, including Meta’s Safety Center, support helplines , StopNCII.org for those over 18, and Take It Down for those under 18.”

The company is also testing showing pop-up messages to people who may have interacted with an account that has been removed for sextortion. These pop-ups will also direct users to relevant resources.

“We’re also adding new child safety helplines from around the world into our in-app reporting flows. This means when teens report relevant issues — such as nudity, threats to share private images or sexual exploitation or solicitation — we’ll direct them to local child safety helplines where available,” the company said.

While Meta says it removes sextortionists’ accounts when it becomes aware of them, it first needs to spot bad actors to shut them down. So, the company is trying to go further by “developing technology to help identify where accounts may potentially be engaging in sextortion scams, based on a range of signals that could indicate sextortion behavior.”

“While these signals aren’t necessarily evidence that an account has broken our rules, we’re taking precautionary steps to help prevent these accounts from finding and interacting with teen accounts,” the company said. “This builds on the work we already do to prevent other potentially suspicious accounts from finding and interacting with teens.”

It’s not clear what technology Meta is using to do this analysis, nor which signals might denote a potential sextortionist (we’ve asked for more details). Presumably, the company may analyze patterns of communication to try to detect bad actors.

Accounts that get flagged by Meta as potential sextortionists will face restrictions on messaging or interacting with other users.

“[A]ny message requests potential sextortion accounts try to send will go straight to the recipient’s hidden requests folder, meaning they won’t be notified of the message and never have to see it,” the company wrote.

Users who are already chatting with potential scam or sextortion accounts will not have their chats shut down, but will be shown Safety Notices “encouraging them to report any threats to share their private images, and reminding them that they can say ‘no’ to anything that makes them feel uncomfortable,” according to the company.

Teen users are already protected from receiving DMs from adults they are not connected with on Instagram (and also from other teens, in some cases). But Meta is taking this a step further: The company said it is testing a feature that hides the “Message” button on teenagers’ profiles for potential sextortion accounts — even if they’re connected.

“We’re also testing hiding teens from these accounts in people’s follower, following and like lists, and making it harder for them to find teen accounts in Search results,” it added.

It’s worth noting the company is under increasing scrutiny in Europe over child safety risks on Instagram , and enforcers have questioned its approach since the bloc’s Digital Services Act (DSA) came into force last summer.

Meta has announced measures to combat sextortion before — most recently in February , when it expanded access to Take It Down . The third-party tool lets people generate a hash of an intimate image locally on their own device and share it with the National Center for Missing and Exploited Children, helping to create a repository of non-consensual image hashes that companies can use to search for and remove revenge porn.

The company’s previous approaches to tackle that problem had been criticized , as they required young people to upload their nudes. In the absence of hard laws regulating how social networks need to protect children, Meta was left to self-regulate for years — with patchy results.

However, some requirements have landed on platforms in recent years — such as the U.K.’s Children Code (which came into force in 2021) and the more recent DSA in the EU — and tech giants like Meta are finally having to pay more attention to protecting minors.

For example, in July 2021 , Meta started defaulting young people’s Instagram accounts to private just ahead of the U.K. compliance deadline. Even tighter privacy settings for teens on Instagram and Facebook followed in November 2022 .

This January , the company announced it would set stricter messaging settings for teens on Facebook and Instagram by default, shortly before the full compliance deadline for the DSA kicked in in February .

This slow and iterative feature creep at Meta concerning protective measures for young users raises questions about what took the company so long to apply stronger safeguards. It suggests Meta opted for a cynical minimum in safeguarding in a bid to manage the impact on usage, and prioritize engagement over safety. That is exactly what Meta whistleblower Francis Haugen repeatedly denounced her former employer for.

Asked why the company is not also rolling out these new protections to Facebook, a spokeswoman for Meta told TechCrunch, “We want to respond to where we see the biggest need and relevance — which, when it comes to unwanted nudity and educating teens on the risks of sharing sensitive images — we think is on Instagram DMs, so that’s where we’re focusing first.”

Meta is rolling out tighter teen messaging limitations and parental controls

Meta will auto-blur nudity in Instagram DMs in latest teen safety step | TechCrunch

Substack now allows podcasters to sync and distribute their episodes to Spotify | TechCrunch

Substack now allows podcasters to sync and distribute their episodes to Spotify | TechCrunch

Substack announced on Thursday it’s introducing a few new features for podcasters on its platform. Most notably, the company is rolling out a Spotify integration that will allow podcasters on Substack to sync and distribute all of their free and paid episodes to Spotify’s streaming service. In addition, Substack is introducing new custom audio transcripts and captions, along with improvements to clip sharing and mobile video.

The launch of the new features comes as Substack has announced that podcasters on Substack are collectively earning more than $100 million in annual revenue and that this number has more than doubled in the past year. The number of active podcasters on the platform has also more than doubled in the same period.

The new integration with Spotify will make Substack podcasts discoverable via the streaming service, making it easier for podcasters to reach more listeners. Plus, the integration will allow Substack podcasters’ existing subscribers to listen to paid episodes on Spotify. Substack says the integration with Spotify has the potential to help podcasters earn more, as free listeners will be nudged to upgrade to a subscription.

Podcasters on Substack can set up a Spotify integration by going into their podcast settings, opening the Spotify dropdown and clicking the “Sync to Spotify” option to create a new feed with all current and future episodes. Paid episodes are labeled with a padlock, and listeners need to link their Substack account to Spotify to listen to paid episodes directly on the streaming service.

Image Credits: Substack

Image Credits: Substack

Creators can go to their Spotify for Podcasters account to see data about streams, unique listeners, playtime, demographics and more. Substack plans to make this data accessible via a creator’s Substack podcast stats page in the future.

As for the new custom audio transcripts and captions, podcasters can now upload their own transcript instead of using Substack’s automatically generated one, if they choose. Video podcasters can also opt to upload a separate audio track and free preview to distribute to podcast RSS feeds instead of using the default one extracted from the uploaded video.

Plus, podcasters and their listeners can now share a link to a podcast video at a specific timestamp or download a clip to post on social media platforms like Instagram, TikTok and X.

Substack says it’s making it easier to watch video podcasts on mobile, as video posts on iOS and Android now feature an inline player. This new capability lets users read and watch at the same time, while also keeping their place in a video they watched partway to revisit it at a later time.

The new features are available to all users starting today.

Substack now lets writers curate a ‘network’ of recommended publications for their subscribers

Substack now allows podcasters to sync and distribute their episodes to Spotify | TechCrunch

Lyrak to take on X by combining the best of Twitter with fediverse integration | TechCrunch

Lyrak to take on X by combining the best of Twitter with fediverse integration | TechCrunch

Threads . Mastodon . Bluesky . Substack Notes . Post . Nostr . Spoutible . There’s no shortage of X competitors in the months following the acquisition of the text-based social network formerly known as Twitter by Elon Musk. Now you can add one more startup to that lineup: Lyrak , a new X rival that aims to differentiate itself by focusing on real-time news and monetization options for creators, as on X, but with fediverse integrations, similar to Instagram’s Threads.

The fediverse refers to the open source social network of interconnected servers powered by the social networking protocol ActivityPub. Mastodon is the most well-known among the federated social apps, but even Meta has sensed a shift in the direction of the web and built its latest social network, Threads, with an eye toward ActivityPub integrations.

With Lyrak , the plan is to take the best of what Twitter has to offer and combine it with ActiviyPub integration, allowing users to interact with a wider audience on other federated social networks, like Mastodon and others.

That integration isn’t yet live, but the team says it’ll begin the work in a few months. Once live, Lyrak users will be able to see posts from Mastodon users and vice versa.

Image Credits: Lyrak

Image Credits: Lyrak

Founded by London-based web designer and marketer Rishi Siva, Lyrak is named for a lead character in the TV show “His Dark Materials,” Lyra. Siva says Lyra discovers new worlds, and because Lyrak is also striving to build something better, it seemed like a good source of inspiration.

The founder came up with the idea after spending time helping small businesses set up websites so they could make money on the web and attract customers. At one point, Siva also created a Thumbtack-like app, but the COVID-19 pandemic impacted its ability to grow as many local tradespeople were unable to work at the time.

Still, he expresses a desire to help users to better monetize their content and skills online.

“Our lower fees and sharing 50% ad revenue with creators further support this goal,” Siva notes.

By comparison, X doesn’t publicly share its percentage, which can vary based on the type of post, demographics, geography and other factors. Plus, revenue is only earned for ads shown to Verified users (paid subscribers).

Siva is also unhappy with the direction X is going and how it affects creators.

“After Musk took over Twitter, I saw a significant change in the way the platform behaved and the types of accounts it promoted. It’s disappointing to see that all the tech leaders I admire ignored this and still use Twitter [X],” he noted, pointing to the issues around far-right groups and antisemitic content on X’s platform.

However, he admits that Twitter/X still remains the best place for real-time news, which is why it remains sticky with users, despite the changes. Threads, meanwhile, isn’t prioritizing real-time news outside of sports; Siva dubs it “basically a text version of Instagram.”

He thinks Mastodon and Bluesky will ultimately be too complicated for regular users, but Lyrak could benefit from their networks through fediverse integrations. (Technically, Bluesky is not federated with Mastodon because it uses a different protocol, but work is being done to build bridges between the two.)

Image Credits: Lyrak

Image Credits: Lyrak

Lyrak says it will focus initially on getting journalists to join the network, to help it with becoming a real-time social app. To attract them, Lyrak will allow Verified journalists to share content to users’ home feeds based on their interests and offer tools to send them notifications to people who regularly click their links. (The latter is similar to Artifact — RIP — which would alert users to new articles from reporters and writers they followed .)

The startup will also try to attract people who sell digital products, with specific tools launching for this crowd later in May. Creators will be able to offer subscriptions to their followers as well as collect tips.

Another coming feature will involve AI tools, like an answer engine and user-generated AI characters, also planned for May.

The company plans to generate revenue through ads, like X, but also by taking a 10% cut from paid posts, subscriptions, tips, digital products and other AI features, in time.

To route around app store fees, Lyrak’s website will allow users to deposit funds to the app, which they can use to pay creators. (Funds added through in-app purchases will require paying Apple its 30% fee, however.)

Another idea, borrowed from sites like Reddit, is a reputation score that will reflect the value a user brings to the community through their comments, reposts, likes and inviting others to the platform. This will be combined with AI moderation efforts and human moderators to keep the app safe, the team promises.

Image Credits: Lyrak

Image Credits: Lyrak

“After our initial launch and a couple of weeks of bug fixes, we plan to regularly release new features,” Siva said. “The advantage of being a startup building a social app is that we have a fresh perspective on things. We’re not stuck in the old ways of thinking, which allows us to innovate and create features that truly benefit our users.”

Lyrak is being built by a team of five, most of whom are based in London. (The fifth person is soon moving to London, too.) The startup is currently bootstrapped and available for download on iOS.

Lyrak to take on X by combining the best of Twitter with fediverse integration | TechCrunch

Cendana, Kline Hill have a fresh $105M to buy stakes in seed VC funds from LPs looking to sell | TechCrunch

Cendana, Kline Hill have a fresh $105M to buy stakes in seed VC funds from LPs looking to sell | TechCrunch

If you ask investors to name the biggest challenge for venture capital today, you’ll likely get a near-unanimous answer: lack of liquidity.

Despite investing in startups or VC funds that increased in value, due to the dearth of IPOs, those bets are not generating much, if any, cash for their backers. That’s the drawback of private investment versus the public market. Shares of companies in private companies like startups cannot be sold at will. The companies must authorize their existing investors to sell their shares to approved others, known as secondary sales.

Cash-hungry venture investors, whether VCs themselves or their limited partners, are increasingly looking to sell their illiquid positions to secondary buyers. 

Now, add in that many early-stage startups were overvalued during the fundraising frenzy that peaked in 2021 and that those shares may now be worth less. That presents a new and unique opportunity to buy stakes in seed-stage VC funds, as well as shares in startups, at relative bargains.

Today, Cendana Capital , a fund of funds that invests in dozens of seed-stage venture firms , and partner Kline Hill Partners, a firm focused on buying small previously owned private assets, are announcing a new $105 million Kline Hill Cendana Partners fund, which is well above the $75 million target they initially hoped to raise.

“Over the past two years, we’ve been hearing from our portfolio funds, ‘We have a family office that wants to sell their $2 million commitment. Would you be interested in buying it?’” said Michael Kim, founder and managing director of Cendana Capital.

Kim felt the opportunity to increase his firm’s ownership in venture funds and promising startups at a substantial discount was too good to pass up. But, since investing in secondary assets requires expertise that none of Cendana’s investors had, he decided to join forces with Kline Hill.

Raising money for this fund was easy, Kim said. Cendana’s limited partners were asking Kim to take advantage of this buyer’s market.

“We simply passed the hat around to our existing LPs at Kline Hill and Cendana,” said Kim.

What sets Kline Hill/Cendana’s investing vehicle apart is that it’s buying secondary interest in seed-stage firms and individual companies from seed funds. Most existing secondary players are too large to go after this opportunity, according to Kim.

Michael Kim, founder and managing director of Cendana Capital. Image Credits: Michael Kim

Michael Kim, founder and managing director of Cendana Capital. Image Credits: Michael Kim

It’s hard not to see the symbiosis between the two firms. Cendana’s relationships with its portfolio funds, including Lerer Hippeau, Forerunner Ventures and Bowery Capital, are helping it take the lead on sourcing secondary deals. It then passes these opportunities to Kline Hill, which values, underwrites and negotiates the transaction price.

While Kline Hill has been investing in secondary VC since the firm’s founding in 2015, Chris Bull, a managing director at the firm, said that partnering with Cendana brings the type of information that’s extremely valuable to the investment process.

“What’s most exciting for us is we’re able to get transactions done where I think either of us individually would have had difficulty getting across the line,” Bull said.

The current plan is to invest the whole $105 million fund through the end of 2024. The two firms are giving this joint venture a try, and if it goes well, they’ll raise a successor fund next year.

The two firms are not alone in noticing a large opportunity in scooping up previously owned venture stakes. Traditional secondary investors, such as Lexington Partners and Blackstone , recently raised their largest secondary funds ever. While these vehicles target all types of private assets, investors say a portion of that capital is bound to go to venture. In addition, Industry Ventures has picked up a nearly $1.5 billion fund dedicated to secondhand VC. 

But billion-dollar funds like these “typically focus on much, much larger, more multistage firms,” Kim said. Applying such big finance tactics to the seed stage is far less prevalent. 

Kline Hill/Cendana is on to something. With VC-backed companies tending to stay private longer than their investors’ 10-year fund cycles, the need for liquidity will likely only continue to grow.

Cendana, Kline Hill have a fresh $105M to buy stakes in seed VC funds from LPs looking to sell | TechCrunch

Watch: TikTok and Meta’s latest moves signal a more commodified internet | TechCrunch

Watch: TikTok and Meta’s latest moves signal a more commodified internet | TechCrunch

The internet’s mega-platforms are slowly merging into a great blob of sameness, and even the hottest companies in the world are not immune from the trend. TikTok’s winning strategy to focus on short-form, vertical video has found fans amongst other internet platforms, and now TikTok is taking a page from its rival, books, reportedly borrowing from what made them popular.

TikTok is working toward launching a new app called TikTok Notes that will allow users to post images in an apparent bid to rival Instagram, a service best known for its static-photo-sharing feature. Instagram, of course, has expanded into video and stories itself, taking pieces of other services and incorporating them into its own product.

Instagram’s parent company Meta’s other services are frequent borrowers as well. As is nearly every social service you can imagine. Recall that great Stories Boom that led to everyone from Line to Spotify to Instagram to LinkedIn trying out the popular sharing format. If it works for one social media service, expect the rest to follow in some manner at some point — probably sooner rather than later.

There’s good logic behind the effort. The answer is why X wants to become a super app; the more a service can offer its userbase to do, the more time they may spend inside the app’s walls. Expanding a feature set can bolster engaged time, and therefore how much revenue a social media service can earn. At the same time, bloat is a real issue that can dilute a user experience and render an app, well, Facebook in time.

This theme — the slow commodification of digital services via same ification — is similar to why we’re seeing LinkedIn try to ape The New York Times’ gaming might , and to some degree why major platform companies in tech wind up trying to be good at everything : the never-ending need to grow revenue. Perhaps this is why your favorite app always feels more and more like an alien world as time passes. It will evolve away from what made it special, and unique, because sticking to those guns is not the way to create a service that the maximum number of people will use. For that, you need to become Facebook.

Watch: TikTok and Meta's latest moves signal a more commodified internet | TechCrunch