Archive for July 28, 2021

Wednesday, July 28, 2021

1Password Takes Second Round of Venture Capital

Jeff Shiner (tweet):

Today we’re announcing a new investment round in 1Password. Our current investor Accel led this round and a number of incredible folks including Ashton Kutcher’s Sound Ventures and top executives from Shopify, Slack, Squarespace, Google, Eventbrite, MessageBird and Atlassian also came on board.


We’ve grown from 177 people to 473 awesome folks. This has allowed us to greatly expand what 1Password can do to help consumers and businesses alike including[…]


Initially I wasn’t open to the idea as we’re profitable and did not need the money. But investment rounds have some real benefits. They help spread the word that we are an enduring and successful company which attracts both customers and talent. So we gave it further thought and went back to what we valued most from the first round – having smart folks invested in our success who can help and guide us. That, and ensuring we could retain full control of our destiny. If we could accomplish the same here then it would truly make sense for us to proceed.

Mary Ann Azevedo:

[The] company announced that it raised $100 million in a Series B round of funding that doubles the company’s valuation to $2 billion.

You may recall that the previously bootstrapped 1Password only raised its first round of external capital in 2019 – a $200 million Series A led by Accel that represented the venture firm’s largest single investment in its 35-year history.


Profitable since day one, 1Password recently crossed the $120 million in ARR (annual recurring revenue) mark, according to CEO Jeff Shiner. Over 90,000 businesses use its SaaS platform[…]


Apple’s Q3 2021 Results

Apple (Hacker News):

The Company posted a June quarter record revenue of $81.4 billion, up 36 percent year over year, and quarterly earnings per diluted share of $1.30.


“Our record June quarter operating performance included new revenue records in each of our geographic segments, double-digit growth in each of our product categories, and a new all-time high for our installed base of active devices,” said Luca Maestri, Apple’s CFO. “We generated $21 billion of operating cash flow, returned nearly $29 billion to our shareholders during the quarter, and continued to make significant investments across our business to support our long-term growth plans.”

Jason Snell (transcript):

There will be a lot more to say about it momentarily, but here are the charts….

John Voorhees:

After the break, we’ve compiled a graphical visualization of Apple’s Q3 2021 financial results.

Michael E. Cohen and Josh Centers:

Q3 iPhone revenues shot up an impressive 49.8% year over year, from $26.4 billion in Q3 2020 to $39.6 billion this quarter.


The iPad brought in $7.4 billion in revenue, handily beating the $6.6 billion it brought in one year ago, an increase of 11.9%. You would have to go back to 2012 to find a June quarter in which iPads brought in more revenue than this year.


Apple’s Mac products also exhibited strong growth, with a year-over-year increase of about 16%, from $7.1 billion in revenue in Q3 2020 to $8.2 billion this quarter. Cook said this was a new Q3 record for the Mac, thanks to the new M1-based iMac.


In plain English, the chip shortage that’s affecting the entire supply chain is looming over Apple. While Apple said it was able to mitigate those issues in Q3, it’s looking less likely in Q4.

Eric Slivka:

Gross margin for the quarter was 43.3 percent, compared to 38.0 percent in the year-ago quarter.

Juli Clover:

Apple now has more than 700 million paid subscriptions, which is up 150 million from last year, and is four times the number of subscriptions that Apple had four years ago.

David Sparks:

However, the most interesting number for me was services, which represent 21% of Apple’s revenue. That’s right. Apple makes more now on services than it does on the Mac and [iPad] combined.

This causes me a slight pause because historically, Apple has always been a product company. They made gizmos and we gave them money for the gizmos. Being in the gizmo business lead Apple to a particular set of priorities and serious commitment to customer experience.

Edward Snowden:

Apple today: “In 3 months, we spent $10 billion on dividends and $66b on stock buybacks.”

Sure sounds like a good time to commit $10b to improving iOS security, since companies are selling iPhone hacks for less than your lunch money to actual murderers[…]


XLoader Malware

Ben Lovejoy:

XLoader malware has now migrated from Windows machines to attack Macs too. An evolution of the malware known as Formbook, it lets an attacker log keystrokes, take screenshots, and access other private information.

Worryingly, the malware is sold on the dark web for $49, enabling anyone to deploy it against both Windows and Mac users …

The good news is that it does require user action to trigger it. Attackers typically send an email that contains the malware embedded into Microsoft Office documents.

Alexey Bukhteyev and Raman Ladutska (via Objective-See):

The malware now features a more lucrative economic model for the authors as compared to Formbook. Customers may only buy the malware for a limited time and are only able to use a server provided by the seller; no panel sources codes are sold anymore. Thus, a “Malware-as-a-Service” scheme is used. Centralized C&C infrastructure allows the authors to control how the malware is used by the customers.


Hydromac Malware

Bill Toulas:

The infection begins with dropping a legit copy of Adobe Flash Player, which is also very common among macOS malware strains. Still, MapperState’s features, encryption scheme, debug symbols, and strings were all hidden, encrypted, or stripped. By digging deeper, the researchers were able to confirm that the malware had the capability to fetch more payloads and also check for installed AV tools, but not much else was discerned.

This is where the flashcard app leaks come into play, as the researchers recently used what decrypted strings they held to search on the internet, and the gods (Google) answered. Someone based in San Diego had created a flashcards app account with content matching what was found in MapperState’s code. In the published flashcards, the researchers found another macOS malware named “Hydromac,” which appears to have the same commands as in their sample.

Taha Karim (copy, Hacker News):

The chain of different stages has become very complex nowadays and the analysis phase takes more time, due to the malware authors’ understanding of how reverse engineering is being done, but also countering the tools we wrote to decrypt their malware.


To close this chapter, it is worth noting that this is not the first time critical information is leaked via Flashcards apps, interestingly this week Bellingcat has reported that US Soldiers exposed Nuclear Weapons Secrets via Flashcard Apps, as they were using them for learning purposes.