REvil ransomware group that targeted Apple supplier gets hacked in multinational operation

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

REvil, the ransomware group responsible for a string of high-profile hacks including that of Apple supplier Quanta, was this week hacked by a cohort of government actors, an action that has diminished the entity’s online presence.

Citing sources familiar with the matter, Reuters on Thursday reported that the FBI, U.S. Cyber Command, and the Secret Service joined forces with unnamed foreign governments to hack into REvil’s infrastructure and take control of certain servers.

While specifics of the operation were not disclosed, it appears that efforts to infiltrate the group accelerated shortly after REvil breached IT management firm Kaseya in July. Shortly after the attack, the FBI gained access to a universal decryption key that allowed affected companies to recover deleted files without paying a ransom, the report said. That key was withheld from Kaseya and the impacted firms as the FBI carried out a hacking operation targeting REvil associates.

REvil’s websites and backend went offline for unknown reasons after the Kaseya attack. When group members restarted those websites from a backup in September, they unknowingly activated servers controlled by law enforcement agencies, sources said.

One of the people responsible for the restart, “0_neday,” confirmed that REvil’s systems had been hacked in a post to an online forum last weekend.

The multinational effort to take down REvil is still active, according to the report.

REvil has been linked to a number of serious cyber crimes including the April hack of Quanta. At the time, the group threatened to release “confidential drawings” of future Apple Watch, MacBook Air and MacBook Pro models, and released a handful of schematics claiming to show a purported next-generation MacBook Pro. Those drawings proved to be accurate, as evidenced by this week’s MacBook Pro announcement.

In addition to Kaseya and Quanta, REvil targeted and extracted funds from Colonial Pipeline and meat processing company JBS.

Google in talks to invest in Facebook-backed Indian social commerce Meesho

Google has held discussions to invest over $50 million in Indian social commerce startup Meesho, which recently secured $570 million in a financing round, according to a source familiar with the matter.

The Android-maker, which has backed over half a dozen startups in India, has yet to make the investment in Meesho, according to another person familiar with the matter.

Meesho — which counts Facebook, B Capital, SoftBank, Sequoia Capital India, Y Combinator, Elevation Capital among its earliest investors — operates a three-sided marketplace that connects suppliers (manufacturers and distributors) and resellers with customers on social media platforms such as WhatsApp, Facebook and Instagram. The resellers buy listed products from the suppliers and make commission on each transaction when they sell to customers.

About 80% of resellers on the platform are women. From the beginning, the startup has aimed to help women start their business without need for any capital. The startup, which like many other e-commerce firms was severely hit by the pandemic last year, has fully recovered and achieved an all-time peak growth in recent months.

Meesho’s recent fast-growth has been a topic of several serious discussions at Flipkart, India’s largest e-commerce firm, according to two people who work at the firm’s recently launched social commerce effort.

As of April this year, 13 million entrepreneurs and over 100,000 suppliers were using Meesho, the startup’s founder Vidit Aatrey told TechCrunch in an interview last month, adding that the startup had since “grown 3x.”

At stake is the world’s second-largest internet market, where e-commerce has hardly made any dent to the overall retail. Just the social commerce market is expected to be worth up to $20 billion in value by 2025, up from about $1 billion to $1.5 billion last year, analysts at Bernstein said last month.

“Social commerce has the ability to empower more than 40 million small entrepreneurs across India. Today, 85% of sellers using social commerce are small, offline-oriented retailers who use social channels to open up new growth opportunities,” they wrote.

Google, which has committed to invest $10 billion in India in the next couple of years, has also backed Indian startups Glance and DailyHunt. YouTube acquired social commerce startup SimSim in July this year. Earlier this month, the firm backed Bangalore-based neobanking startup Open.

Apple Watch Series 7 teardown reveals big screen changes, minor battery upgrade

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Repair specialist iFixit performed its customary teardown of Apple Watch Series 7 this week, revealing unannounced component specifications like battery capacity and highlighting tentpole features including the wearable’s larger screen.

The all-in-one teardown includes both 41mm and 45mm Apple Watch Series 7 variants, exposing component details that have gone unreported by Apple. To offer a more in-depth look at the new wearable, and compare it against past models, iFixit enlisted the help of three former Apple Watch engineers who work at production defect analysis firm Instrumental.

Looking at power delivery, the 45mm model comes with a 1.189 watt hour battery that is 1.6% more capacious than the 1.17Wh part used in 2020’s 44mm Apple Watch Series 6. The 41mm version sports a 1.094Wh battery, a 6.8% increase in capacity over the 1.024Wh cell that powered last year’s 40mm version.

Though the batteries are physically larger and more energy dense, the changes are unlikely to translate into a substantial increase in operating life in part due to Series 7’s larger and brighter displays, iFixit says. The firm also found that Apple adopted a metal pouch battery design for the 41mm model.

Apple Watch Series 7 Teardown Battery Comparison

As expected, the larger display represents the most significant update in the Series 7. Apple appears to be utilizing on-cell touch panels that integrate touch sensor and OLED layers to reduce thickness and manufacturing complexity. In addition to space savings, the technology enables Apple to use a single flex cable for touch and display data duties, a change from the two-cable layout of past Watch designs.

According to the report, the new display design most likely led to production delays. Rumors leading up to Apple’s announcement of Series 7 in September suggested that manufacturing partners faced significant issues with the screen, problems that pushed back mass manufacture to mid-September.

Apple Watch Series 7 Teardown Display Comparison

The teardown confirmed the removal of Apple Watch’s diagnostic port, which was replaced by a 60.5GHz wireless module that interfaces with a specially designed dock. Transitioning to a wireless solution not only affords more internal space, but also removes a potential ingress point for water and dust. That wireless capability is marked as one of few upgrades to see inclusion in the new S7 system-on-chip, silicon that is largely identical to last year’s S6.

Other minor updates include a new speaker grille and a reduction in component brackets.

Overall, iFixit assigned Apple Watch Series 7 a repairability score of six out of ten, citing a modular construction and fairly easy access to the device’s screen and battery.

You Can Now Directly Read Data Logs From Tesla Vehicles (Jalopnik)

[Development] Posted Oct 21, 2021 23:24 UTC (Thu) by corbet

The Jalopnik automotive site has posted an article on a (relatively) new set of open-source tools that can extract log data from Tesla cars.

Since Tesla cars run a Debian-based operating system, navigating through their file systems is somewhat trivial to anyone who’s spent a weekend messing with virtual Linux machines (or watching Mr. Robot). Actually accessing the car’s memory, however, is considerably harder: all cases require at least partially disassembling the dashboard, and some even require disassembly of the car’s media control unit.

Once that’s done, however, the data trove is incredible.

Comments (none posted)

Bolt Mobility launches in-app navigation for shared e-scooters

Bolt Mobility, a micromobility company co-founded by Olympic sprinter Usain Bolt, has launched an in-app navigation system for its e-scooters dubbed “Mobility OS.” To make this feature easy to use, Bolt’s next generation of scooters, the “Bolt Two,” allows a rider’s smartphone to be mounted to, and charged by, the scooter.

The simple act of adding a phone mount to a scooter along with this in-app navigation is a differentiator in the shared scooter market. Not many shared e-scooters include phone mounts, a shocking oversight considering that it’s 2021 and most people who ride scooters likely outsource their navigation to Google Maps or Apple Maps. That said, some operators told TechCrunch giving distraction-prone riders a screen to look at when approaching intersections is a safety risk, not to mention the probable costs associated with having to fix or replace mounts that get damaged on the tough city streets.

Bolt’s MobilityOS uses map visualization provided by Google Maps, but the navigation system is built in-house to incorporate city-specific geofences for each unique ride, which helps keep riders on streets with bike lanes away from dangerous, sensitive or high traffic areas. Spin’s app has a similar feature. Bolt says its system also encourages users to park vehicles safely and keep sidewalks clean with “reward parking zones.”

The mount on the Bolt Twos is also built-in wireless smartphone charger that’s powered by the scooter’s swappable batteries. The impact on the scooter battery of charging a smartphone is “minimal,” according to the company.

Bolt is currently present in 33 cities, towns and campuses across the United States. MobilityOS and the Bolt Twos are already live in Miami, the company’s hometown, but the navigation system will arrive in Bolt’s other markets in the first quarter of next year. The new scooters will arrive into new markets, which Bolt hasn’t yet announced, and into existing markets as older fleets are updated.

In terms of what the competition offers, Voi, which mainly operates in Europe, does have a phone mount, but most of the others, including Veo, Spin, Lime and Bird, don’t. Superpedestrian and Veo say they’re working on getting phone holders on their fleets now, and Lime is piloting them on its Gen4 Scooer in Stockholm before making a decision about rolling them out globally.

Lime, Spin and Bird are integrated with Google Maps, so users can both find e-scooters and route vehicle-specific trips on the app. However, without a mount, most users will probably just end up using headphones to listen out for directions while keeping their phone safely tucked away in a pocket.

Brex just signed a term sheet for $300M at a $12.3B valuation

Fast-growing fintech Brex has raised $300 million in funding that propels it to decacorn status, just six months after it was valued at $7.4 billion, according to people familiar with the deal.

The sources, who wished to remain anonymous since the deal is not yet public (although a term sheet has been signed), said corporate spend startup Brex is now valued at $12.3 billion. Greenoaks is said to be leading the investment, which also reportedly includes return backers who want more of a stake in the company after seeing the “strength” of the business. Brex is on track to double revenue this year, according to the sources.

Neither Brex nor Greenoaks responded to requests for comment.

Founded in 2017 by Pedro Franceschi and Henrique Dubugras (who are now in their mid-20s), San Francisco-based Brex was valued at $7.4 billion this April after raising a $425 million Series D led by Tiger Global Management. The company had raised $1.2 billion in debt and equity financing, according to Crunchbase data. With its latest infusion, that number climbs to $1.5 billion.

The fact that Brex is now a decacorn is somewhat remarkable, given its relatively young age. As mentioned above, it’s now on track to double revenue in 2021, although we don’t have any hard figures on hand. The company told TechCrunch at the time of its last raise that it was “onboarding thousands of new tech and non-tech customers every month.” Brex also said then that it grew its “total customer” figure by 80% in the first quarter of 2021, “with total monthly customer additions increasing by 5x.”

The corporate spend space has heated up in a major way over the past year. Spend management startup Ramp in August announced it had raised $300 million in a Series C round of funding that valued the company at $3.9 billion. The biggest difference between Brex and Ramp is that Brex is more focused on earlier-stage startups, whereas Ramp tends to serve larger, more established companies. At the time of its raise, Ramp told TechCrunch that it had seen its revenue and transaction volume surge by 1,000% since the beginning of the year.

And last week, TripActions revealed that a pandemic pivot to helping enterprises with corporate expenses helped boost its revenue and lift its valuation to $7.5 billion. So it too now has unexpectedly emerged as a competitor in the corporate spend race. CEO Ariel Cohen told TechCrunch that he believes TripActions differs from Brex and Ramp in that the two startups “are disparate from travel” and thus focus more on SMEs while TripActions is more focused on enterprise companies. Interestingly, Greenoaks led that company’s recent $275 million round, as well.

Brex, too, continues to evolve its model. Earlier today, the startup announced its new “Brex API.” The new open API is available to all Brex customers for no extra charge, it said, and is designed to allow them to “seamlessly manage financial information in a customizable interface.” For customers without in-house developers, Brex also announced a partnership with Zapier, which will allow the automation of workflows among products “without having to write a single line of code.”

With the Brex API, the company added, developers can build workflows that are customized for their company’s individual needs.

Earlier this year, the company announced it had put together a new service called Brex Premium that costs $49 per month. 

“The number of premium subscribers that we now have definitely blew away our expectations,” Dubugras told me in August.

In February, Brex was the latest fintech to apply for a bank charter.

The company, which sells a credit card tailored for startups, with Emigrant Bank currently acting as the issuer, had submitted an application with the Federal Deposit Insurance Corporation (FDIC) and the Utah Department of Financial Institutions (UDFI) to establish Brex Bank.

But in August, the company said it would voluntarily withdraw its bank charter and federal deposit insurance applications in an effort to “modify and strengthen” its application before resubmitting at a later date. 

Also in August, Brex acquired one-year-old Weav, a developer of a universal API for commerce platforms, for $50 million in its first significant acquisition. The move was aimed at giving the businesses which use its platform the ability to get financial services and new products “more quickly and precisely,” the company said.

Mesh++ raises $4.9M to make the world more connected than ever

If you’re standing at the water’s edge of the San Francisco Bay, chances are that you have half a dozen high-speed internet providers clamoring for your attention, eager to give you gigabits of internet. That isn’t the case for billions of people in rural communities around the world, who often have to make do with sub-par — if any — service. That’s the market Mesh++ is aiming to serve, and the company just snagged a couple of sacks of cash to help them realize its mission. Headquartered in Chicago and Nairobi, the team is focused on bringing internet connectivity to rural and underserved communities.

On paper, the solution is elegant. You plug a wireless router into power, and the router looks for other nearby Mesh++ routers. They connect and share any available internet connectivity across the mesh network. Each router becomes a node, further spreading the Wi-Fi love across the land. The company claims a single node can blanket 10 acres of Wi-Fi connectivity, supporting up to 100 people. If a local internet connection goes down due to connectivity or power failure, the rest of the network picks up the slack — and if there’s a full breakdown, the network can be used for internal communication, including messaging and news alerts within the network.

The internet connection can come from anywhere — whether via ethernet, via cellular modems, via multiple points — you have a set of Ethernet or cellular modems, throughout the network, and you’re able to aggregate the bandwidth from all those sources. So that creates a redundant network where if one of those fails the others can fill in. The cool thing about that, versus having a set of separate networks that are all fed separately, is that it creates a very trusted network where, for example, you might be deploying a fiber network in a very old city where the fiber infrastructure is already starting to fail. And having a network like this, that can aggregate the sources, means you can trust a normally untrusted source, because if it fails, nothing really major happens. So, we can create very resilient networks.

In addition to routine connectivity when everything is working as planned, the network should be able to survive disaster situations. This was tested a couple of years ago, when Hurricane Ida knocked out a huge swathe of connectivity across New Orleans; the company claims its network continued without any downtime.

Of course, there is no shortage of plays for rural and remote internet connectivity, but I’m struck by how Mesh++’s solution is coming at the challenge from a place of access and equality. It is certainly more equalitarian than Elon Musk’s Starlink, to pick an example out of outer space, but at the same time it is easy to imagine a combination of Starlink for internet gateway purposes and Mesh++ for the local distribution of rural internet connectivity.

“There are a number of companies out there who can give you gigabit internet connections anywhere in the world,” says Mesh++’s CEO Danny Gardner, suggesting that Starlink may, in fact, be a good fit. “It would be a dream partnership. The challenge that a lot of these companies face, is that you can, in theory, serve a few hundred people per satellite, and the last-mile internet connectivity is the challenge. For them, partnering with a technology like ours that can get connectivity to anywhere, we will be able to connect the world’s remaining 3 billion people.”

The company is betting that it can out-execute even the big cellular data providers, and the team seems pretty unfazed by the competition offered by LTE or 5G networks.

“Look, T-Mobile promised to cover most of the U.S. with sub 6 Ghz 5G connectivity. But the truth is that if they haven’t covered it yet with 4G because they determined that wasn’t financially sustainable, then it’s not gonna happen with 5G either,” Gardner surmises.

In addition to having built out test networks in a number of American cities, the company has a presence in Nairobi, with a five-person subsidiary there.

“When we first started the company, it was primarily geared towards emerging markets and the need for internet access,” says Gardner. “At first, we didn’t realize how big of a problem it is here at home in the U.S. Slowly over time, we shifted more towards fixing the connectivity problems in our own backyard.”

Mesh++ has raised a $4.9 million seed led by impact investor World Within, with participation from new investors Lateral Capital, Anorak Ventures, First Leaf Capital and existing investors SOSV, GAN Ventures, TechNexus and Illinois Ventures.

“The fundraising marks a major shift in the company, from a pure R&D-driven company over the past few years, and towards focusing more on sales, and turning the company into a more mature organization,” says Gardner. “The fundraising unlocks us being able to partner with customers and distributors to connect as many people as possible, and to get the product out there.”

The company is playing into the macro-economic trend of ensuring that every home in the U.S. can be covered by internet connections. There is lots of funding available for last-mile networks, especially in the U.S. — now over $80 billion in the last few years. That’s not enough for fiber to every home — the economics and logistics of that only works in areas with higher population densities. This is where mesh networks might just be the key. Mesh++ claims that its technology cuts the infrastructure cost for installation from more than $400 per household to $29 or thereabouts. The savings are primarily in the labor costs and ease of installation, rather than the cost of the hardware that needs to be installed on-site.

Snap says iOS privacy changes hit its ad business harder than expected

In an earnings call Thursday, Snap said that it failed to meet revenue expectations for its third quarter. Snap reported $1.07 billion in Q3 revenue, missing Wall Street’s hopes that the company would bring in $1.1 billion.

The company notched 306 million daily active users, up from the 293 million it reported in Q2. That growth isn’t stratospheric, but it looks plenty healthy for a platform that risked falling out of relevance entirely not long ago.

Snapchat attributed the revenue miss to Apple’s big iOS privacy change, which put new restrictions in place for apps seeking to track user behavior beyond their own borders. On the call, Snap CEO Evan Spiegel noted that the company was caught off guard by how disruptive the impact on advertiser tools proved to be. Without the wide view that many advertisers were accustomed to, they had to adapt to new, more restrained ways of measuring user behavior. “Those tools were essentially rendered blind,” Spiegel said.

Spiegel framed the dent in Snap’s business as temporary, noting that adapting to the new normal “just takes time” and the long-term impact from Apple’s ad changes remains to be seen. He also observed the role of broader pandemic market trends in Snap’s underperformance.

Snap isn’t the only ad business adjusting to the iOS changes, which are a huge boon for user privacy. Facebook also warned that it expects to see a significant impact in Q3 due to Apple’s new policies, which dampened the company’s ability to target ads. Unsurprisingly, most people opt out of cross-platform tracking that ad businesses like Snap and Facebook rely on when presented with the choice.

Starting your journey to zero trust adoption

“Zero trust” is certainly a buzzword that gets freely thrown around in cybersecurity. But what does it actually mean?

Also, why is a zero trust security model and architecture being mandated by the government? What should organizations consider to ensure their success?

Let’s start off by agreeing on what zero trust is and is not. It’s not a product or tool — it’s a methodology and model that requires a shift in our approach to cybersecurity controls. The traditional castle and moat approach was based on an environment where users, applications and data were managed within a defined corporate network.

Let’s start off by agreeing on what zero trust is and is not. It’s not a product or tool — it’s a methodology and model that requires a shift in our approach to cybersecurity controls.

With cloud, IoT, BYOD and a mobile and remote workforce, many users, applications and data are now outside the traditional organizational boundary. As such, organizations are recognizing the need to shift their cybersecurity approach to a model that implicitly never trusts and always verifies.

Many organizations are only now beginning to look at zero trust and trying to figure out what it means to them. What’s the impact from a security and productivity perspective? How do we go about implementing this approach? What tools do we need? How will we afford this?

Shifting to a zero trust model is not about replacing the infrastructure wholesale. It’s more of an incremental journey of modernizing the IT and security environment. In a zero trust model, organizations can identify high-value assets and data within the network and ultimately protect this information beyond what traditional cybersecurity methods allowed, no matter where users, apps and data reside.

Maybe just as important is for this approach to enable the business by automating processes so that the security controls are essentially transparent to users. For example, single sign-on (SSO) allows a user to log in once to access all their authorized business applications, reducing friction and improving the user experience.

Facebook, Twitter stock dragged down by dour Snap earnings

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Stock prices of Facebook, Twitter and other companies reliant on digital ad revenue fell on word that Snap’s revenue was negatively impacted by new iOS privacy features.

Fallout from Snap’s third quarter earnings miss soured shares of Facebook and Twitter on Thursday, with both companies showing steep drop-offs in after-hours trading.

Facebook shed $17 shortly after Snap reported third quarter earnings after the bell, a 6.4% decline that has stabilized to about 4% as of this writing. Twitter dipped nearly 8% to hit a nadir of $60.25, but the stock has since bounced back and is hovering at about 3% below its closing price. Digital advertising companies were also impacted by Snap’s results, reports CNBC.

In its earnings report, Snap said its advertising business was disrupted by new iOS user privacy features introduced by Apple earlier this year. Released with iOS 14.5, App Tracking Transparency is a set of system tools that limits ad targeting by restricting third-party access to users’ Identification for Advertisers (IDFA) tags. One rule requires developers to ask permission before tracking users across apps and the web by displaying a prompt on initial app setup.

“While we anticipated some degree of business disruption, the new Apple-provided measurement solution did not scale as we had expected, making it more difficult for our advertising partners to measure and manage their ad campaigns for iOS,” Snap CEO Evan Spiegel said.

Facebook has been a vocal opponent of Apple’s privacy thrust, stating on multiple occasions that the iOS changes will eat into ad revenue and hurt businesses that operate on its platform. Despite warning investors of headwinds from ATT in April, the social network has yet to experience material impact from the privacy features and reported record ad revenues last quarter.

Facebook and Twitter are due to announce quarterly earnings next week.