News

Rocket Lab’s mission to Venus, which was originally scheduled to launch last month, is “not imminent,” a spokesperson confirmed to TechCrunch. That means the mission will likely move ahead no earlier than January 2025, the only publicly stated back-up window for launch.

“Our focus right now is on delivering customer missions as a priority,” the spokesperson said. They did not provide any further reasons for the slip.

Rocket Lab announced it would go to Venus last August, in what will be the first fully private mission to the yellow planet. The company will fund the mission, while a team of researchers from the Massachusetts Institute of Technology and other organizations contributed to the scientific payload. The company plans on using its small Electron rocket and Photon spacecraft to send a very tiny probe to around 30 miles above the surface of Venus, where atmospheric conditions are most similar to that of Earth.

Indeed, everything about the mission is compact and ambitious. The probe, which will measure just 40 centimeters in diameter, will search for organic chemicals in Venus’s clouds — or in other words, signs of life and suggestions of habitable conditions for supporting life. After spending only five minutes flying through the clouds, the probe will slowly lose altitude until it hits the surface of Venus around an hour after atmospheric entry.

One of the other primary goals of the mission, according to a paper detailing the mission parameters, is to further mature the high-energy Photon spacecraft. Photon is Rocket Lab’s workhorse spacecraft, but this high-energy variant is specifically designed for deep space missions.

Rocket Lab developed the high-energy Photon for the Cislunar Autonomous Positioning System Technology Operations and Navigation Experiment (CAPSTONE) mission for NASA, which launched in June 2022. The company will also use this upper stage variant for a NASA mission to Mars next year.

What sets the high-energy Photon apart from the other variants that Rocket Lab sells — for example, as a satellite bus to startups like Varda Space — is that its capable of long-duration interplanetary cruising. The upcoming mission to Mars, and the mission to Venus in 2025, are likely only the tip of the iceberg for Rocket Lab’s ambitions.

The story has been updated to reflect that the probe will fly 30 miles, not feet, above the surface of Venus.

Fidelity, the lead investor in Reddit’s most recent funding round in 2021, has slashed the estimated worth of its equity stake in the popular social media platform by 41% since the investment.

Fidelity Blue Chip Growth Fund’s stake in Reddit was valued at $16.6 million as of April 28, according to the fund’s monthly disclosure released over the weekend. That’s down 41.1% cumulatively since August 2021 when the asset manager spent $28.2 million to acquire the Reddit shares, according to disclosures the firm has made in its annual and semi-annual reports.

Reddit was valued at $10 billion when the social media giant attracted funds in August 2021. Fidelity — which has marked down its stakes in many startups including Stripe and Reddit in recent quarters — also slashed the value of its Twitter stake, it disclosed in the filing, valuing Elon Musk’s firm at about $15 billion.

The substantial markdown of Reddit’s value by Fidelity predominantly occurred by the previous year. Nevertheless, it merits pointing out that Fidelity has persistently implemented minor reductions in the worth of Reddit’s shares in the ensuing months. Fidelity, also an investor in Indian startups such as Meesho and Pine Labs, has effected considerably less dramatic valuation cuts in these holdings in the past two years.

Reddit declined to comment.

This devaluation, part of a broader trend that has hit a variety of growth stage startups across the globe in the past year, raises uncertainties about whether Reddit will maintain its initial intent to reportedly go public at a valuation around $15 billion.

Reddit, which has raised over $1 billion to date, counts Sequoia Capital and Andreessen Horowitz among its backers. The firm was valued at as high as $15 billion in secondary markets late 2021, according to people familiar with the matter.

The current wave of valuation cutbacks sheds new light on the impact of deteriorating worldwide economic conditions on fledgling startups. Despite the diminished funding activities for startups globally over the past year, valuations of numerous larger startups have stayed constant.

Update: The Air Force denies any such simulation took place, and the Colonel who related the story said that, although though the quote below seems unambiguous about training and retraining an AI using reinforcement learning, he “misspoke” and this was all in fact a “thought experiment.” Turns out this was a very different kind of lesson!

A story about a simulated drone turning on its operator in order to kill more efficiently is making the rounds so fast today that there’s no point in hoping it’ll burn itself out. Instead let’s take this as a teachable moment to really see why the “scary AI” threat is overplayed, and the “incompetent human” threat is clear and present.

The short version is this: Thanks to sci-fi and some careful PR plays by AI companies and experts, we are being told to worry about a theoretical future existential threat posed by a superintelligent AI. But as ethicists have pointed out, AI is already causing real harms, largely due to oversights and bad judgment by the people who create and deploy it. This story may sound like the former, but it’s definitely the latter.

So the story was reported by the Royal Aeronautical Society, which recently had a conference in London to talk about the future of air defense. You can read their all-in-one wrap-up of news and anecdotes from the event here.

There’s lots of other interesting chatter there I’m sure, much of it worthwhile, but it was this excerpt, attributed to U.S. Air Force Colonel Tucker “Cinco” Hamilton, that began spreading like wildfire:

He notes that one simulated test saw an AI-enabled drone tasked with a SEAD mission to identify and destroy SAM sites, with the final go/no go given by the human. However, having been “reinforced” in training that destruction of the SAM was the preferred option, the AI then decided that “no-go” decisions from the human were interfering with its higher mission — killing SAMs — and then attacked the operator in the simulation. Said Hamilton: “We were training it in simulation to identify and target a SAM threat. And then the operator would say yes, kill that threat. The system started realising that while they did identify the threat at times the human operator would tell it not to kill that threat, but it got its points by killing that threat. So what did it do? It killed the operator. It killed the operator because that person was keeping it from accomplishing its objective.”

He went on: “We trained the system — ‘Hey don’t kill the operator — that’s bad. You’re gonna lose points if you do that’. So what does it start doing? It starts destroying the communication tower that the operator uses to communicate with the drone to stop it from killing the target.”

Horrifying, right? An AI so smart and bloodthirsty that its desire to kill overcame its desire to obey its masters. Skynet, here we come! Not so fast.

First of all, let’s be clear that this was all in simulation, something that was not obvious from the tweet making the rounds. This whole drama takes place in a simulated environment not out in the desert with live ammo and a rogue drone strafing the command tent. It was a software exercise in a research environment.

But as soon as I read this, I thought — wait, they’re training an attack drone with such a simple reinforcement method? I’m not a machine learning expert, though I have to play one for the purposes of this news outlet, and even I know that this approach was shown to be dangerously unreliable years ago.

Reinforcement learning is supposed to be like training a dog (or human) to do something like bite the bad guy. But what if you only ever show it bad guys and give it treats every time? What you’re actually doing is teaching the dog to bite every person it sees. Teaching an AI agent to maximize its score in a given environment can have similarly unpredictable effects.

Early experiments, maybe five or six years ago, when this field was just starting to blow up and compute was being made available to train and run this type of agent, ran into exactly this type of problem. It was thought that by defining positive and negative scoring and telling the AI to maximize its score, you would allow it the latitude to define its own strategies and behaviors that did so elegantly and unexpectedly.

That theory was right, in a way: elegant, unexpected methods of circumventing their poorly-thought-out schema and rules led to the agents doing things like scoring one point then hiding forever to avoid negative points, or glitching the game it was given run of so that its score arbitrarily increased. It seemed like this simplistic method of conditioning an AI was teaching it to do everything but do the desired task according to the rules.

This isn’t some obscure technical issue. AI rule-breaking in simulations is actually a fascinating and well-documented behavior that attracts research in its own right. OpenAI wrote a great paper showing the strange and hilarious ways agents “broke” a deliberately breakable environment in order to escape the tyranny of rules.

So here we have a simulation being done by the Air Force, presumably pretty recently or they wouldn’t be talking about it at this year’s conference, that is obviously using this completely outdated method. I had thought this naive application of unstructured reinforcement — basically “score goes up if you do this thing and the rest doesn’t matter” — totally extinct because it was so unpredictable and weird. A great way to find out how an agent will break rules but a horrible way to make one follow them.

Yet they were testing it: a simulated drone AI with a scoring system so simple that it apparently didn’t get dinged for destroying its own team. Even if you wanted to base your simulation on this, the first thing you’d do is make “destroying your operator” negative a million points. That’s 101-level framing for a system like this one.

The reality is that this simulated drone did not turn on its simulated operator because it was so smart. And actually, it isn’t because it is dumb, either — there’s a certain cleverness to these rule-breaking AIs that maps to what we think of as lateral thinking. So it isn’t that.

The fault in this case is squarely on the people who created and deployed an AI system that they ought to have known was completely inadequate for the task. No one in the field of applied AI, or anything even adjacent to that like robotics, ethics, logic … no one would have signed off on such a simplistic metric for a task that eventually was meant to be performed outside the simulator.

Now, perhaps this anecdote is only partial and this was an early run that they were using to prove this point. Maybe the team warned this would happen and the brass said, do it anyway and shine up the report or we lose our funding. Still, it’s hard to imagine someone in the year 2023 even in the simplest simulation environment making this kind of mistake.

But we’re going to see these mistakes made in real-world circumstances — already have, no doubt. And the fault lies with the people who fail to understand the capabilities and limitations of AI, and subsequently make uninformed decisions that affect others. It’s the manager who thinks a robot can replace 10 line workers, the publisher who thinks it can write financial advice without an editor, the lawyer who thinks it can do his precedent research for him, the logistics company that thinks it can replace human delivery drivers.

Every time AI fails, it’s a failure of those who implemented it. Just like any other software. If someone told you the Air Force tested a drone running on Windows XP and it got hacked, would you worry about a wave of cybercrime sweeping the globe? No, you’d say “whose bright idea was that?”

The future of AI is uncertain and that can be scary — already is scary for many who are already feeling its effects or, to be precise, the effects of decisions made by people who should know better.

Skynet may be coming for all we know. But if the research in this viral tweet is any indication, it’s a long, long way off and in the meantime any given tragedy can, as HAL memorably put it, only be attributable to human error.

Boeing and NASA said Thursday that the first crewed flight test of the Starliner capsule would be further delayed due to a new crop of technical issues with the spacecraft.

The first crewed mission was scheduled to fly two NASA astronauts on July 21 after being pushed back from an earlier April launch date. Officials did not provide a new launch date during a media briefing, though Boeing’s VP of commercial crew, Mark Nappi, said leadership would spend the next week or so figuring out a plan to ensure the capsule is safe for flight.

Nappi said Boeing engineers discovered two new issues with Starliner: one related to the parachute systems and another with the tape that wraps around wire harnesses in the spacecraft. He said that data on the parachutes’ load limits was recorded incorrectly, leading engineers to discover that some sections of the parachute had a lower failure load limit than was previously identified. Separately, engineers discovered that the aforementioned tape was flammable.

“That tape was tested late in the process,” he said.

The tape was present on the spacecraft that flew in the Starliner’s only mission, an uncrewed flight test that took place a little over a year ago. The parachute system also flew on that mission. It was only during a more detailed review that the issues were discovered, Nappi said.

Nappi said he thought a launch at some point this year was feasible, but he substantially hedged his statement. “I think it’s feasible, but I certainly don’t want to commit to any dates or timeframes until we spend the next several days understanding what we need to go do,” he said.

Boeing has spent years developing Starliner, a crewed capsule that is supposed to join SpaceX’s Dragon capsule in transporting astronauts to and from the International Space Station for customer NASA. (Both Boeing and SpaceX were awarded astronaut transportation contracts from NASA for a set number of missions.) But while SpaceX has nearly completed all of its six contracted missions for the space agency, Boeing has been beset with seemingly unending technical delays — the costs of which the company must bear due to the fixed-cost structure of its contract.

“The bottom line here is: Safety is always our top priority,” Nappi said. “It’s always been that way with human spaceflight. And so that’s what drives this decision. You can say we’re disappointed because it means a delay, but the team is proud that we’re making the right choices.”

He added that there are “growing pains” in developing a vehicle and that Boeing has no intention of walking away from its commercial crew ambitions anytime soon.

Uber, Lyft, DoorDash and other app-based ride-hail and delivery companies will have to reimburse California gig workers potentially millions of dollars for unpaid vehicle expenses between 2022 and 2023.

The back payments come from a provision in Proposition 22, the controversial law that classifies gig workers as independent contractors rather than employees and promises them halfhearted protections and benefits. For example, gig workers get a minimum earnings guarantee, rather than a guaranteed minimum wage, for the time they spend “engaged” in a gig, and not the time spent between rides.

Part of Prop 22 stipulates that drivers making the bare minimum get a reimbursement for vehicle expenses. Starting in 2021, when Prop 22 went into effect in California, drivers began receiving $0.30 per mile driven while “actively engaged.” The law also states that the rate should be raised to keep up with the pace of inflation. So, 2022’s 6.8% inflation raise should have bumped those payments to $0.32 per mile; and in 2023 it should have gone up another $0.02 to $0.34 per mile.

A couple of cents may not seem like a big deal, but drivers clock thousands of miles every year, so it can really add up. Especially when you consider that there are roughly 1.3 million gig drivers in California, according to industry reports.

(By the way, in line with the lackluster benefits afforded to gig workers under Prop 22, their vehicle mileage deduction rate is half the standard rate for business owners and employees, which in 2023 is $0.655 per mile.)

Pablo Gomez, a full-time Uber driver since 2019, noticed that his payments never went up past $0.30, according to The Los Angeles Times, which first reported the discrepancy. Now we know that no drivers received the increased payments, because none of the app-based companies implemented the adjustment.

Uber, DoorDash, Lyft and Grubhub all told TechCrunch that they didn’t adjust driver reimbursement fees because they were waiting for the California treasurer’s office to publish adjusted rates. According to Prop 22, the treasury is indeed tasked with calculating and publishing the adjusted rate each year.

After studying the language of Prop 22, Gomez tried reaching out to the state treasurer’s office on April 13 and was brushed off. He then tweeted directly at Fiona Ma, the California treasurer, asking why the rate hadn’t been changed yet. Sergio Avedian, a gig worker and senior contributor at The Rideshare Guy, boosted the tweet. On May 10, Ma replied saying the rate adjustment had finally been published. Uber and DoorDash immediately started sending backpay to drivers, lest they face a class-action lawsuit.

For his part, Avedian said he was ready to file suit if the companies didn’t agree to retroactively pay. “I had the law firm ready, and I was gonna be the lead plaintiff,” he told TechCrunch.

Lyft and Instacart told TechCrunch they have now begun issuing backpay and have notified drivers. Grubhub said it will start retroactively paying drivers.

The state’s treasury told TechCrunch that it waited to publish the rates because of Prop 22’s uncertain status. The ballot measure had been ruled unconstitutional in August 2021, and therefore unenforceable. In March, a California appeals court overturned that decision, which is when the treasury decided it was time to start making preparations to publish adjusted rates. Industry experts say that despite the lower court ruling Prop 22 unconstitutional, it was still the law of the land, and the treasury should have treated it as such.

I asked the app-based companies if they had reached out to the department in the past year and a half to push for an updated rate. Uber said it reached out once in January 2022, and DoorDash said it had made repeated requests for updated mileage rates “dating back to January 2022.” Lyft also said it reached out to the treasury for information, but didn’t specify when or how many times. The treasury says it never received outreach from the companies.

I also asked the companies if they had alerted gig workers to the treasury’s delay to reassure them that they’d be reimbursed eventually. None of them had.

And that’s not surprising. App-based gig companies have yet to achieve true measures of profitability, even as they find new and exciting ways to extract as much work for as little pay as possible from workers. (See: algorithmic wage discrimination, tip hiding and tip stealing.) When I asked an Uber spokesperson why the company didn’t just make its own calculations for workers, he responded that “it’s up to the treasurer’s office to mandate that rate.”

It’s not quite a “better to ask for forgiveness than permission” argument, but it’s along the same lines. Better to hope that no one notices you’re not paying workers properly than to proactively pay them properly.

“The formula is so simple, and it’s outlined in the statute, that anyone with a calculator and the internet can figure it out,” said Joe DeAnda, director of communications for the state treasurer’s office. “If any of these companies were so inclined to have paid their employees, it could have easily been done. If they felt that this was an active law, the rate would have been the rate whether we posted it or not.”

Not every driver will end up receiving backpay. Many ride-hail drivers exceed the minimum rate, so they aren’t eligible for vehicle reimbursement fees. However, those who mainly drive for Uber Eats, DoorDash and other food delivery platforms tend to rely more on tips for income, so they should begin to see payments show up in their accounts.

Avedian, who drives part-time and cherry picks his gigs, said he got around $85 from Uber. His wife, who also works part-time, got more than $200 from DoorDash.

But what about the workers who drive full-time?

“If you’re a full-time DoorDash, Uber Eats, GrubHub driver, you’re driving a solid 5,000 miles a month. There’s no doubt about that,” he said. “They’re gonna end up owing a few hundred million. It’s gonna be a lot of money.”

None of the companies I spoke to shared how much money they expect to doll out to drivers, but some back of the envelope math suggests that, collectively, companies could end up paying in the millions.

Aside from Uber, Lyft, DoorDash, Grubhub and Instacart, other relevant companies that employ gig workers include Amazon Flex, Target’s Shipt and Walmart’s Spark.

Lack of transparency

Avedian has gathered screenshots of his own, his wife’s and his podcast listeners’ backpay reimbursements. One of his major gripes is the complete lack of transparency from the companies regarding the calculation of these amounts. None of the companies provide drivers with a mileage breakdown.

Uber is the only company to even stipulate that the payment is a result of California Prop 22 benefits. DoorDash drivers just see a random payment appear.

“Everybody’s getting money, and these drivers are like, ‘Oh, I got 400 bucks. I got 800 bucks,’ but they don’t all know what it’s for.”

Avedian actually keeps a spreadsheet where he logs all his net earnings, miles driven, number of trips and Prop 22 adjustments. Per his calculations, Uber’s back payment to him was actually off by $3.

“I call this nickel and diming of the gig economy,” said Avedian. “$3 times a million people is 3 million more dollars. I mean, I’m not bitching and moaning that people are getting money, but all I’m saying is, why not be transparent?”

In May, a bill in Colorado that aimed to make gig worker platforms more transparent for workers was shut down.

“Millions of people are driving for these companies, and while they’re doing it, they’re getting ripped off because of a lack of transparency,” said Avedian. “You must have something to hide, otherwise you wouldn’t be afraid of transparency.”

This article has been updated to reflect that Instacart has begun issuing backpay to drivers, and with additional comments from California’s treasury.

Puneet Chandok, the head of AWS in India and South Asia, has resigned, according to two sources familiar with the matter, a surprise move just weeks after the cloud giant pledged to invest over $12 billion in India by 2030.

Chandok, who served as the president of AWS India and South Asia, joined the e-commerce group four years ago, according to his LinkedIn. His last day at Amazon’s cloud unit is in August, one of the sources said. A broader group of Amazon executives were informed about the move on Tuesday, the source said.

Chatter among industry executives is that Chandok plans to join a rival firm. Sources requested anonymity to talk candidly about non-public information.

India, the world’s second largest internet market, has witnessed a considerable surge in cloud adoption across various industries in recent years, reflecting the sector’s robust growth. Amazon’s cloud division holds a dominant position within the market, boasting a roster of prominent customers.

Google, which like Amazon has two cloud regions in India, and Microsoft, which maintains three, have also expanded their cloud businesses in the country in recent years. The overall India public cloud services market is expected to reach $13 billion by 2026, according to researcher IDC.

Update: After publication of the story, AWS confirmed Chandok’s departure. Vaishali Kasture, head of enterprise, mid-market and global businesses at AWS India & South Asia, is taking on the role of interim leader of commercial business at the unit effective immediately.

Story updated with confirmation from AWS. 

It’s been far too long and yet you’re going to have to wait a bit longer.

After years of impatient waiting, the U.S. version of the Volkswagen ID.Buzz finally made its debut Thursday in Huntington Beach, California. When pitted against the European spec bus — which is already on sale — everything about this version of the automaker’s electric van is bigger.

America loves nostalgia and big vehicles — and this vehicle has both.

Bigger and bigger

The most notable “bigger” thing on the vehicle is the wheelbase. The U.S. three-row Buzz is 10 inches longer than its European counterpart at 192.4 inches to accommodate the removable third row. That’s 16 feet of electric bus. Why is the U.S. getting a super-sized vehicle instead of a two-row version? Because that’s what we want, according to VW.

“The consumer feedback was very clear,” Volkswagen Group CEO of the Americas Pablo Di Si said in an interview at the event. When polled, U.S. consumers overwhelmingly preferred a third-row bus over the shorter-wheelbase version currently on sale in Europe, he added.

This pits the Buzz against not only the traditional vans on the market but also large three-row SUVs. Without an electric van competitor on the horizon, Kia’s EV9 (available in the fall of 2023) could be what potential owners are cross-shopping in the future.

That future is going to stretch out a bit more though. The long-wheelbase ID.Buzz is expected to go on sale in the U.S. market sometime in the third quarter of 2024. That’s all we know. When asked about reservations, Di Si said the company was still figuring that out as it wanted to have a system that was fair as possible to consumers. The CEO and automaker are also mum on pricing details.

When it does arrive, the U.S.-spec ID.Buzz will sport a more significant 91 kWh capacity battery pack than what is available in Europe. The range will be dependent on the drivetrain and the ID.Buzz will be offered in two configurations at launch.

A rear-wheel drive single-motor variant will output 282 horsepower and 406 pound-feet of torque and has a targeted EPA range of about 260 miles. The all-wheel drive version will kick up the power to 330 horsepower. Adding a second motor will diminish the range by about eight miles with an EPA target of 252 miles. Again, these are targets and by the time the EPA tests the ID.Buzz they could fluctuate slightly.

Helping the ID.Buzz potentially exceed the 250 miles of range mark is the drag coefficient of 0.29 making it a surprisingly slippery bus. So while it looks like a box, it moves through the air nearly as smoothly as the more aerodynamic-looking Toyota Sienna with its 0.28 drag coefficient.

While the battery chemistry is the same for the U.S. and European-spec vehicles, Volkswagen notes that the motors in the American vehicle are an update to what we’ve seen in the European-spec vehicles with improved thermal management.

For charging, the vehicle supports up to 200kW at a compatible DC fast charging station and 11kW for at-home AC charging. That’s a nice upgrade over the ID.4’s peak charging rate of 125kW.

Flashback to the future interior

Image Credits: Roberto Baldwin

Inside we’re seeing additional updates over the European model. Notably the inclusion of two powered rear sliding windows in the back and the addition of rear HVAC vents.

The removable third row opens up the seating to seven (six if you go for the optional captain’s chairs in the second row). Meanwhile, the second row tilts and moves forward four inches to assist ingress and egress into the back seat. Once seated, the second row can move forward or back 7.9 inches, giving those in the second row either more leg room, increasing leg room for those in the third row, or increasing cargo space behind the second row.

Up front, the Buzz continues the retro design of the exterior while offering plenty of storage space and nods to the past and concept vehicle. Easter eggs fill the interior, including VW adding the play and pause symbols to the accelerator and brake as we saw on the concept way back in 2017.

Image Credits: Volkswagen/James Lipman

The infotainment system has a new architecture with more memory and a new CPU to reduce the latency that was experienced in the ID.4 at launch. It sits behind a 12.9-inch touchscreen. The latest version of VW’s infotainment system also supports true over-the-air software updates, and, according to the automaker, instead of taking up to a minute to set a navigation route, it should now only take a few seconds. (If that proves to be accurate, it would be a huge improvement from VW’s previous forays into software.)

While we were unable to take the vehicle for a spin, it’s clear that Volkswagen has taken what it’s learned from the ID.4 and the launch of the short wheelbase ID.Buzz in Europe to enhance the U.S. version headed to the States in 2024.

Now we just need to wait. Again. Which is sort of the theme of the ID.Buzz at this point. Still, if they get it out in time for summer, it’ll hit all those nostalgia vibes for owners and their six closest friends.

That is if you can get one, because even with all the waiting, it’s still one of the most hotly anticipated vehicles in years.

Proptech firm Aurum is acquiring NestAway, a once high-flying Indian startup operating in the same space, for up to $10.9 million, in a deal that marks a near complete erosion in value for the startup’s investors.

Eight-year-old NestAway raised $115 million over the years and was valued at $227 million in a funding round in 2019. The startup counts Sequoia Capital India, Tiger Global, Goldman Sachs, Yuri Milner and Chiratae Ventures among its investors.

Aurum, which earlier acquired a unit of NestAway for about $6.8 million, said it will invest $3.6 million to stabilize NestAway’s business. “This capital infusion in NestAway is a testament to Aurum PropTech’s conviction in India’s $20-billion Rental Housing market,” Aurum said in a stock exchange filing.

NestAway’s revenue shrank to $3 million in 2022, down from $9.5 million two years earlier.

The erosion in NestAway’s value can at least be partially attributed to COVID. The home rental platform NestAway features 18,000 properties on its platform, down from 50,000 before the pandemic.

“When we started NestAway, our vision was to revolutionize the way people live in cities by providing them with convenient, affordable and hassle-free housing solutions,” said Jitendra Jagadev, founder of NestAway, in a statement. “Over the years, we have grown and expanded, serving thousands of customers, becoming a trusted brand in the PropTech industry.”

Shadow has decided to cut the price of its cloud storage service Shadow Drive. Users can now get 2TB of storage for €4.99 per month instead of €8.99 per month. As for the free tier, things aren’t changing. Users who sign up get 20GB of online storage for free.

Shadow is also the company behind Shadow PC, a cloud computing service that lets you rent a virtual instance of a Windows PC in a data center near you. It works particularly well to play demanding PC games on any device, such as a cheap laptop, a connected TV or a smartphone.

Coming back to Shadow Drive, as the name suggests, Shadow Drive works a lot like Google Drive, OneDrive, iCloud Drive or Dropbox. Users can upload and download files from a web browser. They are stored in a data center based in France so that you can access them later.

The company also offers desktop and mobile apps — your files are automatically synchronized with your local devices. When you drag and drop files and folders in your Shadow Drive, they are automatically synchronized with the server and will show up on your other devices that are synchronized with the same account.

Behind the scenes, Shadow Drive is based on Nextcloud, a popular open source online storage application that you can run on your own server. With Shadow Drive, the company manages the Nextcloud instance for you.

Thanks to this solid foundation, Shadow Drive offers many advanced features, such as the ability to share files and folders with a link, or WebDAV support. On mobile, Shadow can automatically upload your most recent photos in your photo library so that they are automatically backed up.

In addition to this new, lower subscription price, Shadow Drive is now also available on iOS, which was a weird omission. The app was already available on Android, Windows, macOS and Ubuntu.

Shadow Drive is currently available in 12 Western European countries. It is also available in the U.K., where the premium subscription tier costs £4.99 per month. The company says that it plans to roll out its service in North America at some point in the future.

Security researchers are sounding the alarm after hackers were caught exploiting a newly discovered vulnerability in a popular file transfer tool used by thousands of organizations to launch a new wave of mass data exfiltration attacks.

The vulnerability affects the MOVEit Transfer managed file transfer (MFT) software developed by Ipswitch, a subsidiary of U.S.-based Progress Software, which allows organizations to share large files and datasets over the internet. Progress confirmed on Wednesday that it had discovered a vulnerability in MOVEit Transfer that “could lead to escalated privileges and potential unauthorized access to the environment,” and urged users to disable internet traffic to their MOVEit Transfer environment. 

Patches are available and Progress is urging all customers to apply it urgently.

U.S. cybersecurity agency CISA is also urging U.S. organizations to follow Progress’ mitigation steps, apply the necessary updates and hunt for any malicious activity.

Corporate file-transfer tools have become an increasingly attractive target for hackers, as finding a vulnerability in a popular enterprise system can allow the theft of data from multiple victims.

Jocelyn VerVelde, a spokesperson for Progress via an outside public relations agency, declined to say how many organizations use the affected file transfer tool, though the company’s website states that the software is used by “thousands of organizations around the world.” Shodan, ​​a search engine for publicly exposed devices and databases, reveals more than 2,500 MOVEit Transfer servers discoverable on the internet, most of which are located in the United States, as well as the U.K., Germany, the Netherlands and Canada. 

The vulnerability also impacts customers who rely on the MOVEit Transfer cloud platform, according to security researcher Kevin Beaumont. At least one exposed instance is connected to the U.S. Department of Homeland Security and several “big banks” are also believed to be MOVEIt customers also to be affected, according to Beaumont.

Several security companies say they have already observed evidence of exploitation.

Mandiant said it is investigating “several intrusions” related to the exploitation of the MOVEit vulnerability. Mandiant chief technology officer Charles Carmakal confirmed that Mandiant had “seen evidence of data exfiltration at multiple victims.”

Cybersecurity startup Huntress said in a blog post that one of its customers has seen “a full attack chain and all the matching indicators of compromise.”

Security research firm Rapid7, meanwhile, confirmed it had observed signs of exploitation and data theft from “at least four separate incidents.” Caitlin Condon, senior manager of security research at Rapid7, said that the company has seen evidence that attackers may have begun automating exploitation.

While it’s unclear exactly when exploitation began, threat intelligence startup GreyNoise said it has observed scanning activity as early as March 3 and urges users to review systems for any indicators of unauthorized access that may have occurred within the past 90 days.

It’s not known who is yet responsible for the mass exploitation of MOVEit servers.

Rapid7’s Condon told TechCrunch that the attacker’s behavior appears to be “opportunistic rather than targeted,” adding that this “could be the work of a single threat actor throwing one exploit indiscriminately at exposed targets.”

It’s the latest effort by hackers and extortion groups to target enterprise file transfer systems in recent years.

In January, the Russia-linked Clop ransomware gang claimed responsibility for the mass exploitation of a vulnerability in Fortra’s GoAnywhere managed file transfer software. More than 130 organizations using GoAnywhere were targeted, including Florida-based healthcare company NationBenefits, virtual therapy provider Brightline and the City of Toronto.

Clop was also behind another widespread attack on another popular file transfer tool in 2021. The gang breached Accellion’s file-sharing tool to launch attacks against a number of organizations, including Morgan Stanley, the University of California, grocery giant Kroger and law firm Jones Day.