Read. Learn. Share.

Tech Talk Show Notes

May 1, 2021

Lyft is getting out of the self-driving business

Lyft has sold its self-driving division to a Toyota subsidiary called Woven Planet for $550 million—the latest sign that it takes deep pockets to compete in the self-driving arena. Lyft’s main competitor, Uber, sold its own self-driving unit to the well-financed startup Aurora back in December.

Lyft announced its self-driving project back in 2017, a time of extreme optimism about self-driving technology. A few months earlier, in late 2016, Lyft President John Zimmer predicted that a majority of Lyft rides would be handled by self-driving vehicles by 2021.

Obviously, that isn’t going to happen. Today, Alphabet’s Waymo is operating a small taxi service in the Phoenix area. Besides that, no one is operating fully driverless taxi services in the US, and most other companies aren’t expected to introduce driverless products this year.


Ransomware crooks threaten to ID informants if cops don’t pay up

Ransomware operators have delivered a stunning ultimatum to Washington, DC’s Metropolitan Police Department: pay them $50 million or they’ll leak the identities of confidential informants to street gangs.

Babuk, as the group calls itself, said on Monday that it had obtained 250GB of sensitive data after hacking the MPD network. The group’s site on the dark web has posted dozens of images of what appear to be sensitive MPD documents. One screenshot shows a Windows directory titled “Disciplinary Files.” Each of the 28 files shown lists a name. A check of four of the names shows they all belong to MPD officers.


Is Your Cloud Raining Sensitive Data?

Kubernetes’ market share continues to grow as organizations increase their use of containerized software and adopt cloud architectures. According to a Cloud Native Computing Foundation (CNCF) survey, Kubernetes use rose from 58% in 2018 to 91% in 2020. 

However, along with rapid growth, Kubernetes has already experienced a fair share of cyberattacks, with six major ones last year alone (CVE-2020-14386, CVE-2020-2121, CVE-2020-8558, CVE-2020-8559, CVE-2020-10749, and CVE-2020-8557). This trend will most likely continue or even accelerate. As more Kubernetes clusters are put into production, bad actors will be motivated to find more security holes.

Kubernetes containers often have loose security settings, sometimes by default, that hackers can leverage to execute a cyberattack. Lightspin inspected where our clients use “privilege” mode, which provides almost unrestricted access to resources on the host system; “privilege escalations,” where processes are given expanded privileges; and “run as root,” which allows unrestricted container management. Three-quarters of the companies surveyed matched one or more of the issues, and the average percentage of pods affected was nearly 25%. These permissions are often used for development purposes but present an unacceptable level of risk when containers are put into production.


5 signs your laptop is in trouble

When something goes seriously wrong with your laptop, you usually receive an advance warning. A virus might alter your security settings, for example, or a failing hard drive might start making funny noises. If you catch these signals early, you can quickly diagnose and fix your computer.

Many of our recommended solutions involve a thorough malware scan. If you haven’t already installed antivirus and antimalware programs on your system, do that now. You can rely on the build-in Windows or macOS programs, or go shopping for another security suite. Just make sure to put in the research: Check out an online buying guide for Windows or macOS, read up on user and professional reviews, and find the right set of tools for your needs. Don’t let price deter you—solid computer security is worth the money.

In addition to your primary suite, consider getting a second opinion. You can employ a less-intensive scanner, one that requires you to install fewer files, alongside your main one. Instead of running regular checks, the secondary program would work on an on-demand basis: You only need to fire it up when you need it. We like Microsoft Safety Scanner for Windows and Malwarebytes for macOS.


Ransomware Recovery Costs Near $2M

The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021. The average ransom paid is $170,404.

The figures come from Sophos’ new survey, “The State of Ransomware 2021”. The report also reveals that only 8% of organizations managed to get back all of their data after paying a ransom, and 29% received no more than half of their data.

Researchers polled 5,400 IT decision makers in mid-sized organizations across 30 countries in Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.

The survey finds the number of organizations that experienced a ransomware attack fell from 51% of respondents in 2020 to 37% in 2021. Fewer organizations suffered data encryption as the result of a significant attack: 54% in 2021 compared to 73% in 2020.


Report: Apple’s M2 chip has entered production and will ship as soon as July

A report in Japanese publication Nikkei claims that the next generation of Apple’s custom-designed silicon chips for Mac, dubbed the “M2,” entered production this month.

Citing “sources familiar with the matter,” Nikkei reports that the chips will power Macs that will be introduced in the second half of 2021, potentially as soon as July. That July date suggests that new Macs could be announced at Apple’s 2021 developer conference, which kicks off on June 7.

The sources also say this new chip will “eventually” be used in other Macs and Apple products besides MacBooks. The chip would be the successor to the M1, which Apple has included in recently launched or announced models of the MacBook Air, 13-inch MacBook Pro, Mac mini, iPad Pro, and 24-inch iMac.

The revised 5 nm design is being manufactured by Taiwan Semiconductor Manufacturing, which Apple has used many times before


Cleaning up after Emotet: the law enforcement file

Emotet has been the most wanted malware for several years. The large botnet is responsible for sending millions of spam emails laced with malicious attachments. The once banking Trojan turned into loader was responsible for costly compromises due to its relationship with ransomware gangs.

On January 27, Europol announced a global operation to take down the botnet behind what it called the most dangerous malware by gaining control of its infrastructure and taking it down from the inside.

Shortly thereafter, Emotet controllers started to deliver a special payload that had code to remove the malware from infected computers. This had not been formally clarified just yet and some details around it were not quite clear. In this blog we will review this update and how it is meant to work.


FCC lets SpaceX cut satellite altitude to improve Starlink speed and latency

SpaceX today was granted permission to use a lower orbit for Starlink satellites, as regulators agreed with SpaceX that the change will improve broadband speed and latency while making it easier to minimize orbital debris. In granting SpaceX’s request, the Federal Communications Commission dismissed opposition from Viasat, Hughes, Dish Network, OneWeb, the Amazon subsidiary known as Kuiper, and other satellite companies that claimed the change would cause too much interference with other systems.

In 2018, SpaceX received FCC approval to launch 4,425 broadband satellites at orbits of 1,110 km to 1,325 km. An FCC order in 2019 gave SpaceX permission to use a lower altitude for over 1,500 of those satellites. Today’s FCC order granting SpaceX’s additional license-change request lowers the altitude for 2,814 of the satellites, letting them orbit in the 540-570 km range. Today’s FCC order will also let SpaceX use a lower elevation angle for antennas on user terminals and gateway Earth stations.