Despite shaky markets, a steady stream of investors continue writing big checks for blockchain infrastructure providers.

InfStones, which aims to help clients build applications across a number of blockchain platforms, closed a $66 million round led by SoftBank Vision Fund 2 and GGV Capital, the company announced on Wednesday.

Other investors in the raise include INCE Capital, 10T Fund, SNZ Holding and A&T Capital. This funding round follows shortly after its $33 million Series B three months ago and brings its total funding to $111 million. InfStones didn’t disclose an exact valuation, but said it was “near unicorn-status.”

“The funding will help us with product development consistent with our product strategy and road map, move into new markets, expand our team, and advance web3 adoption,” Zhenwu Shi, CEO of InfStones, said in an email to TechCrunch.

In the past, Shi said InfStones aims to be the web3 version of Amazon Web Services in order to make onboarding into the space easier so clients can quickly build applications on different blockchain platforms.

The company was founded in 2018 and has customers ranging from centralized crypto entities like Binance and Circle to decentralized scaling platforms like Polygon. It provides services for institutional clients globally and supports infrastructure for over 50 blockchains including Ethereum, Polygon, Solana and Chainlink, among others.

…read more

https://techcrunch.com/2022/06/01/softbank-co-led-66-million-round-for-blockchain-focused-infstones/

Code Intelligence, an automated application security testing platform based in Bonn, Germany, that focuses on fuzzing, announced today that it has raised a $12 million Series A funding round led by Tola Capital. Existing investors LBBW, OCCIDENT, Verve Ventures, HTGF and Thomas Dohmke, the CEO of GitHub, also participated in this round, which brings the company’s total funding to about $15.7 million.

The company was co-founded in 2018 by Sergej Dechand, Khaled Yakdan and their former professor at the University of Bonn, Matthew Smith.

“Back then, we noticed that fuzzing and some other techniques are super powerful, but outside of the security research community, no one actually used it,” Dechand told me. “We started to collaborate from the university with a few larger enterprise companies to try things out and we had really, really good results. So even though we didn’t want to found a company in the beginning, somehow we had a prototype of a product.” Encouraged by Smith, the team decided to give it a shot and founded a company to develop and commercialize its prototype system. At first, the co-founders continued to work at the university, but in 2019, they decided to work on the service full-time. Now, a few years later, Code Intelligence counts the likes of Bosch, Continental and Deutsche Telekom among its users.

Dechand argued that while there are plenty of open source fuzzing tools, it still takes a very knowledgeable security team to actually implement and use them. With the security teams as the bottlenecks to implementing these tools, Code Intelligence put its focus on bringing its tools directly to the developers. “In the end, they are the ones who are fixing it and know best what kind of error is critical,” said Dechand.

Since developers don’t want to look at yet another tool in their development pipeline, Code Intelligence integrates with services like Jenkins, GitHub and GitLab. Thanks to this, developers will not only see how well their code is covered, but Code Intelligence also adds additional pipeline in the continuous integration system that automatically fuzzes the code as a new pull or merge request comes in.

Currently, Code Intelligence offers support for Go, C++, Java and Kotlin, with support for Node.js, JavaScript, .NET and Python coming soon.

Image Credits: Code Intelligence

As of now, Code Intelligence is in closed beta and the company is still working closely with its enterprise customers to onboard new teams. Over time, though, the plan is to automate all of this and launch a self-service platform.

“Code Intelligence is the most advanced automated fuzz testing solution for applications and APIs …read more

https://techcrunch.com/2022/06/01/application-security-testing-platform-code-intelligence-raises-12m-series-a-to-fuzz-your-code/

Large construction projects often take a long time to finish, and subcontractors can get caught up in the flow of money, waiting, in certain circumstances, up to 80 days to be paid by general contractors. This not only causes delays, but also means subcontractors are essentially being asked to finance their portion of the project, Constrafor CEO Anwar Ghauche told TechCrunch.

“Subcontractors get hired on the project, and when they finish their first month of work, submit an invoice and then wait an average of 45 to 60 days — even up to 80 days — to get paid,” he added. “Meanwhile, they are buying equipment and borrowing money to be able to do all of this work. You’re not borrowing at a cheap rate, either, because most banks barely touch them.”

That’s where Constrafor comes in: as a SaaS construction procurement platform with embedded financing, it streamlines information and documentation for how general contractors work with subcontractors, while its Early Pay Program assumes the risk for the subcontractor invoice, freeing up cash flow and reliance on traditional and costly lending options. The general contractor then reimburses Constrafor for the invoice.

Both of Ghauche’s parents were in construction, so he grew up listening to stories about the industry. After attending MIT business school and working in financial services at an AI startup, he and Douglas Reed co-founded Constrafor in 2019 and launched the platform in early 2020.

General contractors can sign contracts with their subcontractors and collect relevant documentation, including certificates of insurance, and then collect the invoices and pay through the platform. When there were a number of subcontractors in the database, Constrafor then began offering the Early Pay Program. Its revenue is based on taking in about 2% of the value of the invoice.

Two years later, Constrafor currently has 15,000 companies on its network and both a slightly smaller group of active users and another group utilizing Early Pay.

When it became too cumbersome for the company to purchase all of the invoices, Ghauche and Reed decided to go after some venture capital, raising $106.3 million in both credit and equity seed funding. The breakdown is $100 million in credit and $6.3 million from an earlier equity round raised in June that was undisclosed, Ghauche said.

CoVenture led the credit facility while FinTech Collective led the equity portion, with participation from Village Global, Clocktower Technology Ventures, Commerce Ventures and a group of individual tech founders from Ramp, Uber and Paxos. The equity went to company payroll, while the credit will be used to purchase the invoices.

Over the past 12 months, the company doubled its revenue every month for the last few months, and Ghauche expects to continue to see that kind of growth for the next couple of months.

In more evidence of fast growth, he added that in January, Constrafor had less than $100,000 in annual recurring revenue, but by April …read more

https://techcrunch.com/2022/06/01/constrafor-grabs-106m-in-equity-credit-to-finance-construction-subcontractors/

We’ve seen a boom in the last several years around tech built for front-line, service, manual, and other workforces typically paid on an hourly wage. In one of the latest developments, Hourly.io — which has built an app that tracks working hours, generates payroll, and then calculates and assigns workers compensation insurance to individuals based on that — has closed in on $27 million in funding.

Hourly.io is based out of the U.S. — Palo Alto to be exact — but it has strong Israeli roots in the form of co-founders Israel transplants Tom Sagi and Shay Litvak, and that is following through also in the VCs backing it. Glilot Capital Partners is leading the round, with S Capital (an Israeli fund headed by former partners of Sequoia), Vintage Investment Partners and J-Ventures also participating. S Capital also led Hourly’s $7.2 million seed round in 2019.

Hourly today has some 1,000 customers all in the state of California in areas like construction, home services, accounting and retail. It will be using the funding both to continue enhancing its product to target more verticals, and to expand to more markets: the plan is to be live also in Texas, Arizona and Nevada by 2023.

Hourly’s own birth came out of Sagi’s own experiences. When he initally moved to the U.S., his first work experience was to help out in his family’s construction firm, where he was tasked with any and all odd jobs relating to admin and more. One of those involved handling payroll, he told me.

“We had 30-40 hourly employees, and I helped with everything on the business side including HR,” he recalled. “Every Friday the workers were paid, so I spent every Thursday collecting time cards in the field.” Working out workers comp insurance and payouts, he added, was a mandatory aspect of that, given the labor work involved.

“It was a headache to deal with,” he said. “What really should have only taken minutes to do took at least a day.” That was the impetus for building a platform to automate the process, from tracking time worked through to calculating payment and workers comp based on that.

Hourly’s rise is part of a bigger shift we’ve seen in tech built for the world of work. For the longest time, a lot of the most interesting innovations have been focused on so-called “knowledge workers” — those who typically get salaries, use computers and desks, and might well be paid much higher overall.

Hourly workers, however, have come into focus more recently for a number of reasons. Perhaps the strongest of these has been the communications and productivity evolutions arising from the ubiquity of smartphones.

But there have been other changes. They’ve included a growing regard for this segment of the workforce (this one really stood out during the Covid-19 pandemic where front-line workers were seen for the essential role they play to show up for work to keep the …read more

https://techcrunch.com/2022/06/01/hourly-io-banks-27m-for-its-new-approach-to-providing-workers-comp-and-payroll-for-hourly-wage-workers/

Venture capital firms continue to deploy and raise capital for crypto markets despite volatility in recent weeks, with Binance Labs closing a $500 million investment fund to focus on web3 and blockchain technology adoption.

“We really see the fund as another step in terms of us being able to build our mission statement, which is to help advance adoption of web3 technologies, across all stages,” Ken Li, Binance Labs’ executive director of investments and M&A, told TechCrunch.

The fund was supported by DST Global Partners and Breyer Capital, in addition to family offices and corporations as limited partners, the company said.

Binance Labs is the venture capital and accelerator arm of Binance, the world’s largest crypto exchange by volume. The $500 million fund will be invested in projects across three stages of pre-seed or incubation, early-stage venture and late-stage growth, Li said.

“We’d like to partner with more founders across more geographies and sectors and support them with the fund but also support them through the broader Binance ecosystem,” Li said. “Ultimately, all the adoption that comes in crypto will come from great founders.”

Since 2018, it has invested in over 170 projects across more than 25 countries with projects like 1inch, a decentralized finance and exchange aggregator; play-to-earn games Axie Infinity; and The Sandbox and Polygon, a decentralized Ethereum-focused layer-2 scaling platform.

The fund also plans on setting aside capital for sectors that “haven’t even been defined yet,” Li said.

“We want to be prepared to invest into those sectors as they come into play,” Li said. With gaming and DeFi, for example, adoption can happen quite quickly. On the consumer side, there’s DeFi, gaming, NFTs and metaverse, but there’s also yet-undefined sectors that Binance wants to be prepared for.

Its incubator program is web3-focused, but comparable to a Web 2.0 accelerator like Y Combinator, Li said. Each program is done in batches or seasons and it is currently in “season four,” incubating 14 projects chosen out of over 500 applications, Li said.

While capital is a positive for founders, it might not be the most important thing, Li noted. “Supporting founders is more meaningful than the capital we bring to market.”

A number of crypto funds have launched recently, including Andreessen Horowitz’s latest – and biggest – $4.5 billion mega fund, alongside other massive multi-million dollar funds.

Last week, former Binance executives at Old Fashion Research launched a $100 million venture fund to focus on the metaverse and bringing greater crypto adoption to emerging markets like Latin America and Africa, according to its managing partner, Ling Zhang, who was previously the vice president of M&A and investments at Binance.

Even though crypto markets may be in choppy waters, this year to date has had more funds deployed into the space than in 2021.

“We’re going to support founders regardless of market conditions,” Li said.

About $2 billion in capital was raised across164 deals …read more

https://techcrunch.com/2022/06/01/binance-labs-closes-500m-fund-to-focus-on-web3-and-blockchain-adoption/

In 2015, there were approximately 3.5 billion internet of things (IoT) devices in use. Today, the number stands around 35 billion, and is expected to eclipse 75 billion by 2025. IoT devices range from connected blood pressure monitors to industrial temperature sensors, and they’re indispensable. Yet every device increases an organization’s attack surface, along with the potential for a cybersecurity attack.

The challenge was the driving force behind Ordr, a startup focused on network-level device security. Pandian Gnanaprakasam and Sheausong Yang — who between them had tenures at Cisco, Aruba Networks, and AT&T Bell Labs — co-founded Ordr in 2015 to address what they call the “visibility gap” in enterprise networks. 

“We realized that enterprise security had reached a breaking point as enterprises tried to implement zero trust strategies when they could not even determine what devices were connected to their own networks,” CEO Greg Murphy told TechCrunch in an email interview. “The visibility gap and the resulting risk was greatest for those unmanaged IoT, internet of medical things, and operational technology devices that could not be secured like traditional IT infrastructure.”

Certainly, the risk of breaches and ransomware has grown recent years, especially as the pandemic spurred organizations to move more of their devices online. According to one study, 75% of all internet-connected infusion pumps contain at least one vulnerability — a problematically high figure considering that there’s 10 million to 15 million medical devices in U.S. hospitals today. 

Murphy said that WannaCry, the coordinated ransomware attack in 2017 that encrypted hundreds of thousands of computers in a matter of hours, was a particularly strong “business accelerant” for Ordr. “Companies, specifically in healthcare, realized the threat not just to data privacy and security, but to every aspect of their operations as they were forced to disconnect their devices and revert to manual processes overnight,” he added.

Recognizing the opportunity, investors including Dan Warmenhoven (former CEO of NetApp) and Dominic Orr (former CEO of Aruba Networks) contributed to Ordr’s $40 million Series C funding round, which was announced today. Battery Ventures and Ten Eleven Ventures co-led by with participation from Northgate Capital, Wing Venture Capital, Unusual Ventures, and several health organizations including Kaiser Permanente Ventures and Mayo Clinic, participated.

“The company revenue has been accelerating,” Murphy said somewhat vaguely, adding that Ordr has more than 500 customers including federal, state, and local governments. “Within other segments like manufacturing, security teams are looking for visibility and security of connected devices. Ordr experienced more than 140% year-over-year growth in new customer revenue in its most recent quarter ending on March 31, 2022, is deployed in three of the world’s top six hospitals, and has been adopted across more than 150 manufacturing sites.”

Ordr claims its technology can autonomously identify and protect connected devices by applying traffic flow and access policies. The startup’s system, which deploys on top of existing infrastructure, uses machine learning algorithms to build a baseline understanding of devices’ behavior and flag suspicious events.

It’s key to …read more

https://techcrunch.com/2022/06/01/2326321/

China-backed hackers are exploiting an unpatched Microsoft Office zero-day vulnerability, known as “Follina”, to execute malicious code remotely on Windows systems.

The high-severity vulnerability – tracked as CVE-2022-30190 – is being used in attacks to execute malicious PowerShell commands via the Microsoft Diagnostic Tool (MSDT) when opening or previewing specially crafted Office documents. The flaw, which affects 41 Microsoft products including Windows 11 and Office 365, works without elevated privileges, bypasses Windows Defender detection, and does not need macro code to be enabled to execute binaries or scripts.

The zero-day can also circumvent Microsoft’s Protected View feature, an Office tool that warns against potentially malicious files and documents. Huntress researchers warned that converting the document to a Rich Text Format (RTF) file could allow attackers to bypass this warning and also enables the exploit to be triggered with a hover-preview of a downloaded file that does not require any clicks. 

Microsoft has warned that the flaw could enable threat actors to install programs, delete data, and create new accounts in the context allowed by the user’s rights.

Cybersecurity researchers observed hackers exploiting the flaw to target Russian and Belarussian users since April, and Enterprise security firm Proofpoint said this week that a Chinese state-sponsored hacking group has been exploiting the zero-day in attacks targeting the international Tibetan community.

“TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique,” Proofpoint said in a tweet.”Campaigns impersonate the ‘Women Empowerments Desk’ of the Central Tibetan Administration and use the domain tibet-gov.web[.]app.”

Proofpoint tells TechCrunch that it has previously observed the TA413 threat actor – also tracked as “LuckyCat” and “Earth Berberoka” – targeting Tibetan organizations through the use of malicious browser extensions and COVID-19 themed espionage campaigns.

The Follina zero-day was initially reported to Microsoft on April 12, after Word documents – which pretended to be from Russia’s Sputnik news agency offering recipients a radio interview – were found abusing the flaw in the wild. However, Shadow Chaser Group’s crazyman, the researcher who first reported the zero-day, said Microsoft initially tagged the flaw as not a “security-related issue”.  The tech giant later informed the researcher that the “issue has been fixed,” but a patch does not appear to be available.

TechCrunch asked Microsoft when a patch will be published, but the company did not respond. The company has however issued new guidance that advises admins that they can block attacks exploiting CVE-2022-30190 by disabling the MSDT URL protocol, along with the Preview pane in Windows Explorer. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Tuesday urging users and administrators to review Microsoft’s guidance and apply the necessary workarounds.

…read more

https://techcrunch.com/2022/06/01/china-backed-hackers-are-exploiting-unpatched-microsoft-zero-day/