Interesting Tech from March 2021

monthly
Written By Nauman

This is a monthly column of curated tech news, highlighting interesting and/or valuable tech developments from the past month, which are impacting our society directly or indirectly. It also gives some vague sense of the trajectory that the technology as a whole is taking. The aim is to share the information concisely, in an easy-to-understand manner, help you fill some gaps on what you might have missed & learn something new.

The Microsoft Exchange Attack

There were 4 0-day exploits that Microsoft was made aware of in January of this year. It took almost 2 months for Microsoft to release the patches. The attack was being actively exploited during that time period and still continues to be exploited on unpatched exchange servers.

All 4 Zero-Day Exploits in Microsoft Exchange Attack

All 4 Zero-Day Exploits in Microsoft Exchange Attack

The exploits were found only in the on-premises exchange servers. That means Microsoft 365 exchange-online was not affected.

How does this attack affect us?

If you are an employee working for a small business or large-scale enterprise, most likely your employer is using Microsoft Exchange server for the full email and calendaring solution. These 0-day exploits make the job a lot easier for the attackers to hack the servers, which enable them to exfiltrate the email and other sensitive data, download full address books and install malicious code.

Microsoft has released patches to fix the vulnerabilities. They also shared tools with their customers to help identify if their systems are affected and how they can be remedied. You can read about the attack in full detail here.

A $2.9 Million Jack Dorsey’s Tweet and a $69 Million Beeple’s Digital Art - Welcome to the World of NFTs

Jack Dorsey’s First Tweet Ever - Sold for $2.9 million as an NFT

Jack Dorsey’s First Tweet Ever - Sold for $2.9 million as an NFT

The digital images you see, have been sold as an NFT for almost $72 million dollar. So, what’s an NFT (Non-Fungible Tokens)? Think of an NFTs as a record of a unique transaction on an Ethereum blockchain, which can be used to verify who is the original owner of the digital art. I know it’s hard to make any sense of it. You can read more here.

Beeple's Digital Art Sold as an NFT for 69 million dollar.jpg

Beeple’s Digital Art sold for $69 million.

Metakoven (Vignesh S) paid in Ethereum currency for this NFT.

DuckDuckGo vs. Google - App Store Privacy Labels - A Stark Difference

A picture is worth a thousand words.

App Store Privacy Labels - DuckDuckGo’s tweet comparing the data collected by DuckDuckGo vs. Google

App Store Privacy Labels - DuckDuckGo’s tweet comparing the data collected by DuckDuckGo vs. Google

Visa will now support transactions in USDC on Ethereum Blockchain

USDC (US Dollar Coin) is a cryptocurrency, which is pegged to the value of USD. It falls in the category of stable coins. Just like bitcoin is traded over bitcoin blockchain, USDC is traded over ethereum blockchain.

5-Visa Settlement in USDC.jpg

In a traditional scenario if the user pays using a visa card, it takes a number of days to settle the transaction in a fiat currency, such as USD. You spend money using Visa, which then gets transferred from your banking account to Visa and the transaction is settled in USD or currency of your choice.

With Visa’s new announcement, in which it is partnering with crypto.com, Visa won’t require the settlement in traditional fiat currency.

How does that work? A crypto.com user has a crypto card with the Visa credentials attached to it. He has USDC (cryptocurrency) in his crypto wallet. He spends say e.g., 10 USDC using the card. Crypto.com will then just have to send 10 USDC to Visa’s ethereum enabled wallet, instead of converting the USDC to USD first and then settling the transaction.

SMS Rerouting - Intercepting the Texts that are meant for You

Motherboard reported in great detail how an attacker using an online SMS service called Sakari, was able to reroute text messages to himself. The author who was meant to receive those messages never received them, nor was notified that his phone number was registered to that SMS service.

4-SMS Rerouting using cloud based SMS service Sakari.jpg

This attack did not involve SIM swapping. The original user of the phone did not lose any signal, which normally happens when you lose your sim. Nor the attack involved a high degree of technical know-how, since it did not rely on tapping into the backbone of the telecommunication company.

So, how the attacker pulled this off? The attacker just had to register on Sakari by buying a $16 monthly plan and fill out LoA (Letter of Authorization) basically stating that the signer had the authority over the phone.

There are other companies as well, which offer such services. Sakari, now has added a security feature that would send an automated call to the owner requiring a consent to transfer the number.

Interesting Cyber Attacks, Breaches Discovered in March 2021

  • Cloudflare, Tesla, Florida hospital and a school district were among the organizations, which became the victim of Verkada security camera hack. More than 150,000 cameras were hacked. Apparently, the hack made use of internal admin accounts, which Verkada later on disabled.

  • Popular iPhone call recording app called Call Recorder had a serious security vulnerability, which allowed anyone to access the call recording from other users as long as you knew their number. The developer fixed the vulnerability with a new update.

  • Microsoft Exchange servers became the target for the hackers, when 4 critical zero-day vulnerabilities were found.

  • There has been another data breach related to Accellion File Transfer Application. This time the victim was oil giant Shell. Last month it was Bombardier, which disclosed similar breach related to Accellion FTA.

  • Acer has been hit by REvil ransomware and the attackers are demanding $50 million. This is the largest ransom demand to date. REvil might have used the exchange zero-day vulnerabilities, mentioned above, to infect Acer’s network. At the time of this writing, Acer was still investigating.

  • Australia’s Channel 9 was also the victim of the cyber attack in March. The attack was significant enough that the staff was asked to work from home and the Weekend Today show had to be stopped. Staff were instructed not to turn on their systems. Although, what caused the attack is still being investigated, it is thought that it could be a malware attack, which could have been started by clicking a phishing link, leading to widespread infection through updates etc.

Notable Tech Acquisitions in March 2021

  • Consumer electronics and appliance company Panasonic will buy Blue Yonder for $6.5 billion. This will help Panasonic better manage its supply chain challenges using Blue Yonder’s ML based supply chain solutions.

  • VMware buys Mesh7 for an undisclosed amount, to strengthen its application delivery portfolio. Mesh7 provides cloud-based layer 7 security that can automatically find all layer 7 interactions.

  • Cruise, a robotaxi company, buys Voyage. This acquisition will help Voyage extend its self-driving service from senior citizen demographics to other demographics with the help of Cruise’s resources.

Other Tech News from March 2021

  • LinkedIn will stop using IDFA (Identifier for Advertising) data for its iOS Apps. This change is primarily because of Apple’s privacy changes in iOS14.

  • Microsoft has updated its Visual Studio code for Apple’s M1 chips.

  • Gogo’s 5G network launch has been delayed due to Chipageddon.

  • GM has partnered with SES (SolidEnergy Systems) to make use of their anode-free lithium metal battery technology in their EVs. SES’s battery technology claims to be twice as energy dense and their safety profile is comparable to the lithium-ion-batteries that we use today. This comes with an obvious advantage of less weight for the batteries and more space for the car.

  • SpaceX is seeking regularity approval to beam its Starlink’s satellite internet to large trucks, RVs, ships and aircraft. Elon won’t be connecting to Tesla’s fleet because it’s big.

  • Delta Airlines plans to move its technology infrastructure to IBM cloud by 2024.

  • VW was unable to build 100,000 cars due to Chipageddon.

  • Intel will be investing $20 billion on new chip manufacturing facilities. This will reduce America’s reliance on Taiwan and South Korea based foundries. This might also help Intel win its old customer i.e., Apple again.

  • EV startup Rivian is planning to install 10,000 chargers across US and Canada by 2023.

  • You think that you don’t get tracked when browsing internet in incognito mode on Google Chrome. This lawsuit might make you think again.

  • If you are an Amazon delivery driver, be careful next time you yawn. Amazon’s new AI powered cameras will take notice.

Until next time. Thanks!

Nauman
Previous

CISSP Exam - Introduction and FAQs
Next

Interesting Tech News from February 2021