microsoft windows

Auto Added by WPeMatico

Spotify says it paid $340M to buy Gimlet and Anchor

Spotify doubled down on podcasts last week with a double deal to buy podcast networks Gimlet and Anchor. Those acquisitions were initially undisclosed, but Spotify has quietly confirmed that it spent €300 million, just shy of $340 million, to capture the companies.

That’s according to an SEC filing — hat tip Recode’s Peter Kafka — which deals the transactions which were “primarily in cash,” Spotify said. Kafka previously reported that Spotify paid around $200 million for Gimlet, which, if correct, would mean Anchor fetched the remaining $140 million.

Those numbers represent an impressive return for the investors involved, particularly those who backed the companies at seed stage.

Gimlet raised $28.5 million from investors that included Stripes Group, WPP, Betaworks and Lowercase Capital, according to Crunchbase.

Anchor, meanwhile, raised $14.4 million. Crunchbase data shows its backers included Accel, GV, Homebrew and (again) Betaworks.

Those deals represent a good chunk of change, but Spotify still has more fuel in the tanks.

As we reported last week, it plans to spend a total of up to $500 million this year “on multiple acquisitions” as it seeks to further its position on podcasting which, to date, has been an after-thought to its focus on music. Less these deals, Spotify has around $160 million left in its spending budget for 2019.

In a blog post announcing the deals published last week, Spotify CEO Daniel Ek admitted that he didn’t originally release that “audio — not just music — would be the future of Spotify” when he founded the business in 2006.

“This opportunity starts with the next phase of growth in audio — podcasting. There are endless ways to tell stories that serve to entertain, to educate, to challenge, to inspire, or to bring us together and break down cultural barriers. The format is really evolving and while podcasting is still a relatively small business today, I see incredible growth potential for the space and for Spotify in particular,” Ek explained.

China’s Tencent Music raises $1.1 billion in downsized US IPO

Tencent Music, China’s largest streaming company, has raised $1.1 billion in a U.S. IPO after it priced its shares at $13 a piece ahead of a listing on the Nasdaq.

That makes it one of the largest tech listings of the year, but the pricing is at the bottom end of its $13-$15 range indicating that the much-anticipated IPO has felt the effects of an uncertain market. Indeed, the company is said to have paused the listing process, which it started in early October, for a time so choppy are the waters right now — and that’s not even mentioning a shareholder-led lawsuit that was filed last week.

Still, this listing gives TME — Tencent Music Entertainment, a spin-out of Tencent — an impressive $21.3 billion valuation which is just below the $30 billion that Spotify commanded when it went public earlier this year via an unconventional direct listing. TME was valued at $12 billion at the time of Spotify’s listing in Q1 of this year so this is also a big jump. (Meanwhile, Spotify’s present market cap is around $24 billion.)

The company operates a constellation of music streaming services in China which span orthodox Spotify-style streaming as well as karaoke and live-streaming services. Altogether, TME claims 800 million registered users — although there’s likely a little creative accounting or double counting across apps involved since the Chinese government itself says there are 800 million internet users in the entire country.

Notably, though, TME is profitable. The same can’t be said for Spotify and likely Apple Music — although we don’t have financials for the latter. That’s down to the unique business model that the Chinese firm operates, with subscription and virtual goods a major driver for its businesses, while Tencent’s ubiquitous WeChat messaging app helps it reach users and gain virality.

Tidy though the numbers are, its revenues are dwarfed by those of Spotify, which grossed €1.4 billion ($1.59 billion) in sales in its last quarter. For comparison, TME did RMB 8.6 billion ($1.3 billion) in revenue for the first six months of this year.

TME executives are taking that as a sign that there’s ample scope to grow their business, although it seems unlikely that will ever be as global as Spotify. The two companies might yet collaborate in the future though, since they are both mutual shareholders via a share swap deal that concluded one year ago.

You can read more about TME in our deep dive below.

We also wrote about the lessons Western services like Spotify and Apple Music can learn from TME.

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Most modern computers, even devices with disk encryption, are vulnerable to a new attack that can steal sensitive data in a matter of minutes, new research says.

In new findings published Wednesday, F-Secure said that none of the existing firmware security measures in every laptop it tested “does a good enough job” of preventing data theft.

F-Secure principal security consultant Olle Segerdahl told TechCrunch that the vulnerabilities put “nearly all” laptops and desktops — both Windows and Mac users — at risk.

The new exploit is built on the foundations of a traditional cold boot attack, which hackers have long used to steal data from a shut-down computer. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again.

“It takes some extra steps,” said Segerdahl, but the flaw is “easy to exploit.” So much so, he said, that it would “very much surprise” him if this technique isn’t already known by some hacker groups.

“We are convinced that anybody tasked with stealing data off laptops would have already come to the same conclusions as us,” he said.

It’s no secret that if you have physical access to a computer, the chances of someone stealing your data is usually greater. That’s why so many use disk encryption — like BitLocker for Windows and FileVault for Macs — to scramble and protect data when a device is turned off.

But the researchers found that in nearly all cases they can still steal data protected by BitLocker and FileVault regardless.

After the researchers figured out how the memory overwriting process works, they said it took just a few hours to build a proof-of-concept tool that prevented the firmware from clearing secrets from memory. From there, the researchers scanned for disk encryption keys, which, when obtained, could be used to mount the protected volume.

It’s not just disk encryption keys at risk, Segerdahl said. A successful attacker can steal “anything that happens to be in memory,” like passwords and corporate network credentials, which can lead to a deeper compromise.

Their findings were shared with Microsoft, Apple, and Intel prior to release. According to the researchers, only a smattering of devices aren’t affected by the attack. Microsoft said in a recently updated article on BitLocker countermeasures that using a startup PIN can mitigate cold boot attacks, but Windows users with “Home” licenses are out of luck. And, any Apple Mac equipped with a T2 chip are not affected, but a firmware password would still improve protection.

Both Microsoft and Apple downplayed the risk.

Acknowledging that an attacker needs physical access to a device, Microsoft said it encourages customers to “practice good security habits, including preventing unauthorized physical access to their device.” Apple said it was looking into measures to protect Macs that don’t come with the T2 chip.

When reached, Intel would not to comment on the record.

In any case, the researchers say, there’s not much hope that affected computer makers can fix their fleet of existing devices.

“Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware,” said Segerdahl. “Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.”

Companies, and users, are “on their own,” said Segerdahl.

“Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case,” he said.