Partial Patching Still Provides Strong Protection Against APTs

Analysis has surfaced what many would consider a surprising insight: Organizations that always update to the newest versions of all of their software have roughly the same risk of being compromised in cyber-espionage campaigns as those that apply only specific updates after a vulnerability is disclosed.

A quantitative look at data from 350 advanced persistent threat (APT) campaigns between 2008 and 2020 by researchers from University of Trento, Italy, shows that organizations with a purely reactive software update strategy had roughly the same risk exposure to advanced cyberattacks as those that keep up to date on everything. This is despite the fact that the subjects deployed only 12% of the updates that organizations that always updated immediately did.

The data shows that the same holds true for organizations that might apply updates to patch vulnerabilities based on information they have received in advance — for example, by paying for information about zero-days. Even these entities do not have a significant advantage over those that patch only on a reactive basis when it comes to breach risk, the study shows.

Why Reactive Patching Might Be OK for APTs
Though this flies in the fact of conventional wisdom, the study results reflect two realities: 1) APTs tend to be reactionary themselves, and 2) time-to-patch metrics matter.

In analyzing some 350 campaigns dating back to 2008 (including information on vulnerabilities exploited, attack vectors, and affected software products), researchers found that APTs targeted publicly disclosed vulnerabilities more often than they did zero-days, overall. They also tended to frequently share or target the same known vulnerabilities in their campaigns.

In all, the researchers identified 86 different APT groups exploiting a total of 118 unique vulnerabilities in their campaigns between 2008 and 2020. Just eight of these threat groups used exclusive vulnerabilities in their campaigns: Stealth Falcon, APT17, Equation, Dragonfly, Elderwood, FIN8, DarkHydrus, and Rancor.

That means there’s an opportunity for IT teams to prioritize those bugs that are known to be APT favorites, in order to eliminate most of the risk of compromise.

Risk Remains Roughly the Same
Organizations that can apply software updates as soon as they’re released naturally still face the lowest odds of being compromised, the study showed. However, the need to do regression testing before applying an update means that entities often take far longer to update their software. It’s here that the researchers found little difference in risk exposure between those that apply all software updates, those that apply on a reactive basis, and those that update based on information they might have received in advance of others.

After all, the advantage of receiving vulnerability information in advance goes away completely the longer an organization takes to act upon the information.

For example, organizations that applied all software updates within one month of the updates being released were roughly at between five and six times higher risk of being compromised than organizations that updated immediately. That number was lower than (but not significantly so) for those that patched on a reactive basis (roughly between five-and-a-half to seven times higher risk); and those acting upon advance information (approximately between five and seven times higher).

The researchers found that organizations which acted on a reactive basis deployed far fewer updates than those that applied all updates. “Waiting to update when a CVE is published presents eight times fewer updates,” the researchers said. “Thus, if an enterprise cannot keep up with the updates and needs to wait before deploying them, it can consider being simply reactive [as an alternative].”

A Critical Issue
The issue of patch prioritization has become increasingly critical for resource- and time-strapped IT departments and security organizations. The growing use of open source components — many with vulnerabilities in them — has only exacerbated the problem. A study that Skybox Research Lab conducted last year showed a total of 20,175 vulnerabilities were disclosed in 2021. Another study by Kenna Security showed that nearly 95% of all enterprise assets contain at least one exploitable vulnerability. The trend has heightened interest in risk-based patch prioritization and pushed the US Cybersecurity and Infrastructure Agency to publish a catalog of exploited vulnerabilities so organizations know on which ones to focus first.

For its part, the University of Trento study specifically focused on the effectiveness and cost of different software update strategies for five widely used enterprise software products: Office, Acrobat Reader, Air, JRE, and Flash Player for the Windows OS environment.

“In summary, for the broadly used products we analyzed, if you cannot keep updating always and immediately (e.g., because you must do regression testing before deploying an update), then being purely reactive on the publicly known vulnerable releases has the same risk profile than updating with a delay, but costs significantly less,” the researchers said.

Chatbot Army Deployed in Latest DHL Shipping Phish

Phishing emails intended to look like a DHL communications are now coming loaded with a new twist — a version of a chatbot that helps drive targets to malicious links, according to a new report.

That is to say, it behaves like a chatbot, but behind the scenes, the scripts are pre-programed to respond with stock phrases based on a victim’s answer, according to researchers at Trustwave who reported the phishing campaign tactic. But the effect is the same — targets think they’re talking to a live DHL representative.

After clicking, the victim’s browser opens a PDF file with another link asking the person to “Fix delivery,” the Trustwave team reported. The chatbot will ask the victim to confirm a delivery address and tracking number, and it will even present a fake CAPTCHA to make everything seem legitimate. Eventually, the target will be asked to enter in login credentials and credit card information, which is promptly harvested.

Because chatbots are widely used by brands to interact with customers online, end users aren’t suspicious of interacting with them, the Trustwave team added — making this a perfect social-engineering ploy.

“This is what the perpetrators of this phishing campaign are trying to capitalize on,” the chatbot phishing report added. “Aside from spoofing the target brand on the phishing email and website, the chatbot-like component [is what] slowly lures the victim to the actual phishing pages.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

A third straight week of tech layoffs in the books

You thought the market was bad for venture capitalists, but what about the actual workers behind the tech companies they’ve backed?

Reluctantly, we’re writing a tech layoffs roundup for the third week in a row, because once again, there have been reductions across stages and sectors. Over the past month, public and private tech companies have been announcing mass layoffs across sectors. Employees from Section4, Carvana, DataRobot, Mural, Robinhood, On Deck, Thrasio, MainStreet and Netflix have been impacted by the workforce reductions. Some bigger companies are instituting hiring freezes, such as Twitter and Meta, or announcing a shift in strategy, such as Uber.

As has been our mantra while reporting on the layoffs sweeping the tech industry: layoffs don’t happen to companies, they happen to people. Especially for the U.S.-based tech employees, layoffs don’t just mean a loss of income — they mean a medically dangerous loss of healthcare.

Let’s take a look at which companies announced reductions this week.

After layoffs hit Netflix’s content arm Tudum a few weeks ago, 150 more primarily U.S.-based employees were let go, plus 70 other employees in the animation division.

A Netflix representative wrote in an emailed statement, “As we explained on earnings, our slowing revenue growth means we are also having to slow our cost growth as a company.” Netflix reported revenue of $7.87 billion for the first quarter of 2022 and a significant loss of 200,000 subscribers.

Contractors were also impacted by these layoffs, but the number of affected workers in that designation is unclear. TechCrunch asked Netflix about reports that staff running diverse social channels like Strong Black Lead, Golden, Most and Con Todo were laid off, but Netflix said that the company decided not to renew contracts with certain agencies it used to recruit contractors. Still, it doesn’t feel great to see queer people and people of color losing their jobs, which helped Netflix cater to these audiences.

Picsart’s unicorn status didn’t save it 

Less than a year ago, Picsart raised $130 million from SoftBank, putting the visual creator tools startup into unicorn territory with a valuation exceeding $1 billion. A leaner, hipper version of Adobe, things seem to have taken a downturn for Picsart, which laid off 8% of its staff this week, affecting 90 people. Other SoftBank-backed companies like Cameo, which also became a unicorn last year, just conducted layoffs. When Alex Wilhelm last covered Picsart, he noted that the company was expected to go public — that still hasn’t happened, which may be a clue into what’s going on at the company to precipitate such cuts.

Cars24, a marketplace for used cars last valued at $3.3 billion by its venture capital investors, cut 600 jobs — or 6% of its entire workforce — this week. The Series G startup had just raised a $400 million round, making the reduction more about runway extension than lack of ability to pay the bills.

As our own Manish Singh reports, Cars24 is one of many Indian startups that fired people in the last few weeks. Employees from Vedantu, Unacademy, Meesho, OkCredit, Trell, Furlenco and Lido have also cut several roles, he says.

Marketplace startups, such as Cars24, feel especially vulnerable during a downturn. Consumer spending habits can get extremely fickle, which means that demand may decline while supply stays consistent or even grows. Balancing the two sides is the biggest art for any marketplace startup, but it becomes especially difficult to predict stability in revenue when everyone else has hit pause.

Skillz scales back esports biz team 

Esports company Skillz laid off 70 employees, around 10% of the team, earlier this week, the company confirmed to TechCrunch. No executives were impacted by the cuts.

“We decided to reorganize our resources and investments to increase our profitable growth and further deliver against our vision of building the competition layer of the internet,” the company said in an emailed statement. “This realignment resulted in changing some of our programs and consequently people on our team as we prioritize our resourcing levels to continue to offer a great player experience and enable more game developers to bring their creations to life.”

The company’s statement is ironic; to better support its external community, it is cutting its internal community. The company says it plans to continue hiring in some areas of the business but did not mention which ones.

TechCrunch+ roundup: Construction tech survey, founder-CEO friction, diversify your cap table

The technological advances we’ve made over the last few thousand years are stunning, but the construction industry still relies on centuries-old technology.

Configuring a robot to mix cement is easy, but delivering a CementTron 3000 to a job site, training employees on its use, and keeping it maintained are not the kinds of disruptions builders are looking for, especially when margins are so thin and experienced workers are hard to find.

Even so, investors are backing startups bringing robotics, data management, automation and augmented reality into the construction process.

Many major construction firms operate their own R&D divisions, but that hasn’t substantially changed attitudes about adopting new tech: in one survey, more than one-third of respondents who worked in the industry said they are ambivalent about using new tools. Despite their reluctance, growing numbers of construction tech startups are helping builders with bidding, scheduling, modeling software, and, quite frequently, drones.

To learn more about the market forces shaping construction tech in 2022, we spoke to five investors:

  • Nikitas Koutoupes, managing director, Insight Partners
  • Heinrich Gröller, partner, Speedinvest
  • Momei Qu, managing director, PSP Growth
  • Suzanne Fletcher, venture partner, Prime Movers Lab
  • Sungjoon Cho, general partner, D20 Capital

Full TechCrunch+ articles are only available to members
Use discount code TCPLUSROUNDUP to save 20% off a one- or two-year subscription

TechCrunch columnist Sophie Alcorn will join a TechCrunch+ Twitter Space on Tuesday, May 24.

Image Credits: Bryce Durbin/Sophie Alcorn

On Tuesday, May 24 at 8:30 a.m. PT/11:30 a.m. ET, I’m hosting a Twitter Space with Silicon Valley immigration lawyer Sophie Alcorn, who writes the “Dear Sophie” advice column for TechCrunch+ each Wednesday. If you have questions about working and living legally in the United States, please join the conversation.

To get a reminder before the chat, follow @TechCrunchplus on Twitter.

Thanks very much for reading: I hope you have a relaxing weekend.

Walter Thompson
Senior Editor, TechCrunch+

For better or for worse: Managing founder-CEO tension inside a startup

Hands pulling rubber band

Image Credits: Flashpop (opens in a new window) / Getty Images

Technical founders often recruit a CEO who can fill in gaps in their business experience, but if they cannot build a strong partnership, everyone suffers.

Metaphorically, imagine two people in a lifeboat arguing over which direction leads to land.

Managing potential points of tension is critical, but founders must be pragmatic: Only choose someone you respect, and be prepared to invest time and energy into cultivating a close relationship, advises Max Schireson, an executive-in-residence at Battery Ventures. Previously, the co-founders of MongoDB hired him to be their CEO.

“In the best case, a strong partnership can pioneer new models and build a lasting and impactful company,” says Schireson.

Dear Sophie: Can I do anything to speed up the EAD renewal process?

lone figure at entrance to maze hedge that has an American flag at the center

Image Credits: Bryce Durbin/TechCrunch

Dear Sophie,

I’m on an L-2 visa as a dependent spouse to my husband’s L-1A.

My EAD (work permit) is expiring in May — we filed for the extension of both my visa and EAD a few months ago. How long is the current process?

Might there be anything I can do so my employment isn’t affected?

— Career Centered

The one-chart argument that tech valuations have fallen too far

As you may have heard, tech companies are having a bit of a whoopsie.

But is it possible that stock sellers have gone overboard when it comes to devaluing these startups so deeply and so quickly?

Alex Wilhelm says they have, in large part because “select tech concerns are now worth less than they were before the pandemic, despite having a few years of growth in the bank.”

To make his case, he tracked the share price for Okta and found that the identity platform’s share price has rolled back to where it was in early 2019.

“It’s also about three times as large,” writes Alex. “But it is now worth less today than it was back then. Chew on that.”

3 things to remember when diversifying your startup’s cap table

High Angle View Of Multi Colored Toys Over White Background

Image Credits: redmal (opens in a new window) / Getty Images

Just as a sales team builds and refines its funnel, early-stage founders in fundraising mode can create an investor funnel that will help sustain their company for years to come.

Oriana Papin-Zoghbi, CEO and co-founder of women’s health startup AOA Dx, shared her investor breakdown with TC+:

  • 35% private investors.
  • 34% women (female investors or female-headed funds).
  • 26% venture capitalists.
  • 23% family and friends.
  • 18% international investors.
  • 15% angel groups.

“When building an investor funnel, vocalizing what you want is crucial to finding the right investors,” says Papin-Zoghbi.

“Finding the right investors is like finding the right team members — you need to be upfront about your expectations and address what you want them to bring to the table.”

Pitch Deck Teardown: BoxedUp’s $2.3M seed round pitch deck

When video production equipment rental company BoxedUp launched, it initially focused on serving corporate customers who hosted events and conferences.

And then, it pivoted: Earlier this year, BoxedUp raised a $2.3 million seed round to scale up its rental marketplace where individuals can rent high-end equipment directly to creators.

“We found a $10 billion opportunity where owner-operators are renting things out via Instagram and rental shops are still using really old websites,” said CEO and founder Donald Boone.

“Instead of spending $30,000 to buy a camera to rent out one at a time, we could instead create the platform to connect people that have that $30,000 camera,” he told TechCrunch in March.

To help other founders replicate his success with BoxedUp’s seed round, he’s shared the unreacted 22-slide pitch deck with TechCrunch+.

Texas boy's 31 cheeseburger order demonstrates why you should secure your iPhone

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

A Texas mother ended up with 31 McDonald’s cheeseburgers after her two-year-old son got a hold of her iPhone and ordered the food via DoorDash.

Kelsey Burkhalter Golden recounted the incident on Facebook Monday, posting an image of her son next to the small mountain of burgers. She joked that she has “31 free cheeseburgers from McDonald’s if anyone is interested”

“Apparently my 2 yr old knows how to order DoorDash,” the woman added.

Other Facebook users in the comments also shared their own stories about random purchases made by their young children. One commenter said their child ordered three iPhones, while another said they know a kid who once ordered the entire NBA league pass.

But, all these sagas could have been avoided had the users configured the parental controls on their devices. For years, Apple has provided a host of mechanisms to prevent an unauthorized user from ordering 31 cheeseburgers, racking up thousands of dollars in in-app purchases, and more.

For instance, Apple users who want to avoid their kids making random purchases can set parent controls on their iPhone and iPad devices. Users can also set the default payment method on DoorDash to Apple Pay, which requires a Face ID scan before purchases can be made.

Match Group and Google reach an interim compromise over app payments

Match Group, the parent company of dating apps Tinder, Hinge and OkCupid, is getting along better with Google, just by a little bit.

On Friday, Match withdrew its request for a temporary restraining order against the company, which it accuses of wielding unfair monopoly power in its mobile app marketplace. Match filed an antitrust lawsuit against the search giant earlier this month over the company’s restrictions on Android in-app payments, which drive app users toward remaining in its mobile ecosystem. The company filed the temporary restraining order request a day after suing Google.

Match cited a handful of “concessions” from Google in its decision to withdraw the restraining order request, including assurances that its apps would not be rejected or deleted from the Google Play Store for providing alternative payment options. The company will also place up to $40 million aside in an escrow account in lieu of paying fees to Google directly for Android app payments that happen outside of Google Play’s payment system, arguing that those fees are “illegal under federal and state law.” The escrow account will remain in place while the case awaits its day in court.

Match’s lawsuit is the most recent example of app makers objecting to Google and Apple’s practice of extracting steep fees for in-app payments. Developer frustration around the issue boiled over two years ago when Epic Games sued Apple for antitrust violations, a case that didn’t result in a straightforward victory for either side but did force Apple to allow developers to offer their users alternative payment options.

Quantum Key Distribution for a Post-Quantum World

The emergence of quantum computing and its ability to solve computations with incredible speed by harnessing the fundamental properties of quantum mechanics could revolutionize our world. But what does this quantum future mean for data security?

As quantum computing evolves from the test lab to the real world, this unprecedented new form of computing power has massive implications for current forms of encryption and public-key cryptography (PKC), such as Rivest–Shamir–Aleman (RSA) and elliptic curve cryptography (ECC). Against the processing capabilities of quantum computing, which can analyze vast sets of data orders of magnitude faster than current digital computers, these forms of encryption will essentially become vulnerable to bad actors.

In the coming post-quantum future, cryptography solutions built on the rules of quantum physics are essential to ensure that sensitive digital information is distributed safely and securely across the forthcoming quantum Internet. One of the pillars of this more secure quantum computing future is called quantum key distribution (QKD), which uses basic properties of physics to derive encryption keys for secure encryption between two locations simultaneously.

Tapping the Power of Photons

At the physical level, the data bits sent during key exchanges for today’s common encryption techniques, such as RSA and ECC, are encoded using large pulses of photons or changes in voltages. With QKD, everything is encoded on a single photon, relying on quantum mechanical properties that allow detection and prevent successful eavesdropping. Quantum objects exist in a state of superposition where the value for a property of the object can be described as a set of probabilities for different values.

The transmission of the encoded photons occurs over what’s known as the quantum channel. A separate channel, referred to as the classical channel, established between the two endpoints handles clock synchronization, key sifting, or other data exchange; this channel could be any conventional data communication channel.

Multiple Varieties of QKD

A number of implementations and protocols for QKD are emerging as the technology evolves. For example, discrete variable QKD (DV-QKD) is used in many commercial QKD systems today. A DV-QKD system consists of two endpoints: a sender and a receiver. The quantum connection between these endpoints could be free space or dark fiber. In this case, the sender encodes a bit value, 0 or 1, on a single photon by controlling the phase or polarization of the photon. A separate data connection between the two endpoints is used to communicate information about the quantum measurements and timing.

While initial QKD implementations consisted of separate dedicated fibers for the quantum and data channels, new versions can use separate wavelengths for each channel on the same fiber, leading to more cost-effective deployments and efficiencies.

Other implementations include continuous variable QKD (CV-QKD) and entanglement. With CV-QKD, the sender applies a random source of data to modulate the position and momentum quantum states of the transmission. Entanglement QKD, meanwhile, leverages quantum phenomena where two quantum particles are generated in a way in which they share quantum properties; no matter how far apart they may later separate, a measurement of a property on each will result in the same values.

Challenges Ahead for QKD

Distance remains a constraint on implementing QKD over fiber because the individual photons being transmitted will be absorbed over distance. The laser strength is attenuated to create the individual photons, and standard telecom equipment cannot be used to repeat or strengthen the signal. In general, between 60 miles and 90 miles is the practical limit.

Methods to extend the distance include trusted exchange, twin field QKD, and quantum repeaters.

  • Trusted exchanges act as a repeater — receiving the optical signals, converting them to digital, and then converting them back to optical. Trusted exchanges must be secured to prevent an intruder from reading the transmission while it is in digital form.
  • Twin field QKD adds a midpoint node that receives signals from both endpoint nodes, increasing the distance between endpoints to potentially hundreds of miles.
  • Quantum repeaters could eventually break the distance barriers of QKD over fiber, providing a function similar to repeaters in telecommunications today: to amplify or regenerate data signals so they can be transferred from one terminal to another.

Advancements in single photon sources and low-noise detectors will further improve the viable distances for QKD.

What’s Next for QKD

QKD has significant value in a quantum world due to its ability to enable symmetric key sharing between endpoints and identify when eavesdropping on the quantum channel is occurring. Before it can be broadly implemented by carriers, however, QKD must be supportable in a carrier environment, providing the availability and reliability their customers expect.

For example, disruption of the quantum channel can result in the loss of real-time key material; however, having a secure key storage associated with QKD allows key material to continue to be distributed while investigation of quantum channel outage is occurring. This also means that approaches and capabilities to troubleshoot and manage QKD equipment and services must be developed.

Since QKD relies on quantum mechanics, the observing state will impact the quantum system, and this in itself poses challenges to troubleshooting and management. As the technology continues to evolve and improve, QKD implementations on smaller mobile devices such as drones may eventually become possible. No matter how QKD evolves, it looks to be a promising solution for securing communications on the quantum Internet.

Salty, subterranean water could relieve world’s lithium shortage

The next bottleneck in lithium-ion battery supplies isn’t cobalt, even though China has a stranglehold on the market, and it’s not nickel, either, despite nickel prices nearly doubling in the past five months. Cobalt can be partially replaced with nickel, nickel can be partially replaced with manganese, and both can be completely replaced with iron phosphate, which is cheap and plentiful. 

But there’s no substitute for one crucial component of these batteries: Lithium.

Today’s lithium mines can’t hope to meet the skyrocketing demand for the next decade and beyond. Spotting an opportunity, startups like Lilac Solutions and Vulcan Energy Resources have leaped into action with new lithium extraction processes that are more efficient and potentially better for the planet.

The crunch

As automakers have fleshed out their electrification plans, they’ve caused an unprecedented rush for lithium. Over the last six months, lithium prices have gone on an epic bull run.

It started in January, when prices jumped to $37,000 per metric ton from $10,000 a month earlier, according to Benchmark Mineral Intelligence. Then it got worse in February, with spot prices rising to $52,000 per metric ton before rising again to $62,000 in March. Things have stabilized since then, but prices are still five times above the average price from 2016 to 2020.

Large companies of all stripes have been racing to secure supplies. Automakers like Ford and Tesla have signed huge contracts, and battery manufacturers and miners are rushing to secure supplies. Last year, for example, a three-way bidding war broke out for Canadian miner Millennial Lithium, which has large reserves in Argentina, and the winning bid ended up more than 40% higher than the initial offer.

Yet, those deals probably won’t be enough to fulfill the predicted demand for lithium, based on automakers’ current plans. Benchmark Mineral Intelligence is expecting demand to grow to 2.4 million metric tons in 2030 from less than 700,000 metric tons today.

Supply won’t be able to keep up given the current pace of new lithium projects.

“By the end of the decade, where we’re at now with the pipeline, we’re going to see significant deficits starting to grow,” said Daisy Jennings-Gray, a senior price analyst at Benchmark.

Last year, lithium supply fell short of demand by more than 60,000 metric tons. Jennings-Gray’s firm predicts that the deficit will be over 150,000 metric tons by 2030. To meet demand, Benchmark says that $42 billion will need to be invested in the space by the end of this decade.

Without new lithium projects coming online, it’ll likely get worse throughout the 2030s. By 2040, the International Energy Agency expects lithium demand to be 42 times higher than it is today.

“It’s an insane number,” said Jordy M. Lee, a program manager at the Payne Institute for Public Policy at the Colorado School of Mines. What’s more, it might even be too low.

“We’ve consistently underestimated how much demand for lithium-ion batteries we’re going to have in the coming years,” he said.

As the rise in demand shows no signs of abating, startups have surged into the space, pitching novel techniques to coax the volatile metal out of the earth.

Carbon capture is headed for the high seas

Unless you live near a port, you probably don’t think much of the tens of thousands of container ships tearing through the seas, hauling some 1.8 billion metric tons of stuff each year. Yet these vessels run on some of the dirtiest fuel there is, spewing more greenhouse gases than airplanes do in the process. The industry is exploring alternative fuels, and electrification, to solve the problem for next-generation ships, but in the meantime a Y Combinator-backed startup is gearing up to (hopefully) help decarbonize the big boats that’re already in the water.

London-based Seabound is currently prototyping carbon capture equipment that connects to ships’ smokestacks, using a “lime-based approach” to cut carbon emissions by as much as 95%, cofounder and CEO Alisha Fredriksson said in a call with TechCrunch. The startup’s tech works by routing the exhaust into a container that’s filled with porous, calcium oxide pebbles, which in turn “bind to carbon dioxide to form calcium carbonate,”—essentially, limestone, per Fredriksson.

Though carbon capture has yet to really catch on for ships, Seabound is just one of the companies out to prove the tech can eventually scale. Others, including Japanese shipping firm K Line and Netherlands-based Value Maritime, are developing their own carbon-capture tech for ships, typically utilizing the better-established, solvent-based approach (which is increasingly used in factories). Yet this comparably tried-and-true method demands more space and energy aboard ships, because the process of isolating the CO2 happens on the vessel, according to Fredriksson.

In contrast, Seabound intends to process the CO2 on land, if at all. When the ships return from their journey, the limestone can be sold as is or separated via heat. In the latter case, the calcium oxide would be reused and the carbon sold for use or sequestration, per Fredriksson, who previously helped build maritime fuel startup Liquid Wind. Her cofounder, CTO Roujia Wen, previously worked on AI products at Amazon.

Seabound says it has signed six letters of intent with “major shipowners,” and it aims to trial the tech aboard ships beginning next year. To get there, the company has secured $4.4 million in a seed round led by Chris Sacca’s Lowercarbon Capital. Several other firms also chipped in on the deal, including Eastern Pacific Shipping, Emles Venture Partners, Hawktail, Rebel Fund and Soma Capital.

Beyond carbon capture, another Y Combinator-backed startup is setting out to decarbonize existing ships via a novel battery-swapping scheme. New Orleans-based Fleetzero aims to power electrified ships using shipping container-sized battery packs, which could be recharged through a network of charging stations at small ports.

Best iPad accessories for college students

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Give yourself the best chance at success to wind down the school year or start the next one with our top picks for iPad accessories for students.

iPads are an everyday staple on college campuses, with many students preferring to use them on a daily basis over laptops.

By adding a few essential accessories, the iPad can help streamline your study setup, help you glide through group projects, and give you a great way to relax in your downtime.

Apple’s Magic Keyboard

The Magic Keyboard

While you may be able to type on the iPad’s screen directly, there’s something to be said about the ease and practicality of an actual keyboard. That’s why we picked Apple’s own Magic Keyboard.

It’s comfortable to type on, it features a USB-C connector to keep your iPad charged, and its built-in trackpad is the best in the game.

You can grab your own Magic Keyboard for $299 for the 11-inch iPad Pro and iPad Air, or $349 for the 12.9-inch iPad Pro.

In the event that you don’t have an iPad Pro or iPad Air, we suggest checking out the Brydge 10.2 MAX+, which fits the 10.2-inch iPad (7th, 8th, and 9th Gen,) or the Brydge 7.9 which fits the iPad mini 4 and iPad mini 5.

Apple Pencil

Apple Pencil 2 on glass tabletop

The Apple Pencil 2 helps with note-taking on compatible iPad models

The Apple Pencil is a must-have for students. It makes it easier to quickly jot down notes. It’s also helpful in outlining projects, marking up first drafts of papers, and working in many art and design apps.

Of course, which Apple Pencil you get depends on which iPad you have. The second-generation Apple Pencil ($129) is compatible with the iPad lines that feature USB-C charging.

The first-generation Apple Pencil ($99) is available for select models of the iPad that feature a Lightning port. Of Apple’s current lineup, that’s exclusively the 10.2-inch iPad.

A good bag or backpack

Incase Commuter Backpack in blue opened with iPad and controller

The commuter backpack offers plenty of storage for all the items you use on a daily basis

Carting your iPad around should also be convenient. After all, if you’re spending any amount of time on campus, you’ll probably want to make sure that you have your charger and your charging cables with you. And a good bag should also have a place for your keys, pens and pencils, and whatever else you need for the day.

Whether or not you need a full-size backpack is another thing entirely. If you have a lot of books you’ll need to carry from class to class, we suggest going with a heavy-duty backpack that offers a padded compartment for your iPad.

We like the Commuter Backpack by Incase, which costs $109.95. It features plenty of internal organization pockets to help keep your cords, pens, notebooks, chargers, keys, and wallet easily organized. The padded compartment can fit up to a 16-inch MacBook, which means it’ll easily keep even the largest iPad Pro safe.

Solo New York Ludlow Tablet Bag for iPad

Solo New York’s Ludlow Bag is an affordable way to tote around your iPad

Of course, if most of your books are digital, there’s no reason you can’t downsize, either. A smaller bag, like SoloNY’s Ludlow Universal Tablet Sling, which comes in at a mere $19.99 in select colors, can hold up to a 12.9-inch iPad Pro, a notebook, pens and pencils, keys, sunglasses, and your phone easily.

Portable SSD

CalDigit Tuff Nano Plus Portable SSD in blue next to a penny

CalDigit Tuff Nano Plus SSD is a compact way for students to gain extra storage

Even just a little extra storage can go a long way, especially if you’re recording and editing video, storing pictures, or making backups of important projects.

We like the CalDigit Tuff Nano Plus for students, as its small size lends itself to fitting in your bag or back pocket, and its silicone bumper makes it easy to identify from others you might purchase in the future.

These guys have an IPX8 water-resistant USB-C port protected from dust with a silicone dust cover. It sports a 1088 megabytes per second max transfer speed. CalDigit Tuff Nano Plus comes in a 2TB storage capacity.