STANDARD EDITION | Ep. 279 | Monday: May 3, 2021
SECURITY NEWS
FBI and CISA have released new tactics being used by Russia's SVR. SVR is also known as APT29 and CozyBear, and are believed responsible for Solarwinds and other attacks. They're believed to primarily target government networks, think tank and policy analysis organizations, and information technology companies. TTPs have moved from installing malware on networks to attacking cloud email services, such as Microsoft Office 365, password spraying, and targeting VPN services. More
CISA has released an advisory regarding real-time OS (RTOS) ICS systems. More
Industry experts have submitted an 81-page report to the Biden administration aimed at coordinating efforts to counter ransomware. They are looking to unify into a task force that helps disrupt the problem using a combination of techniques, including disrupting payments, prosecuting attackers, and disrupting services that support the ecosystem, including forums where services are sold. More
Python library ipaddress is vulnerable to a critical IP address validation vulnerability first found in the netmask library earlier this year. It basically causes leading 0's to be stripped off of addresses, leading to the ability to bypass filters. More
Krebs says Experian had a leaky API that exposed most Americans' credit scores. More
Censys found more than 1.93 million databases exposed to the internet on cloud servers. Most it found were MySQL, followed by Postgres and Redis. More
Kaspersky says it found new malware it believes was created by the CIA. More
The NYPD has canceled the use of its robotic dog due to public backlash. More
US Navy SEALs are shifting from counterterrorism to global skills such as electronic warfare and unmanned systems for the purposes of collecting intelligence. More
Vulnerabilities:
Microsoft released updates to at least 110 security issues in its monthly patch Tuesday release, including 4 updates to Exchange. More
Microsoft has identified two dozen RCE vulnerabilities in IoT and OT devices that are being called BadAlloc. More
Cisco firewalls have several remote accessible vulnerabilities that have patches available. More
There are patches out for Samba. More
QNAP warns of AgeLocker ransomware attack. More
Incidents:
ParkMobil had a breach that exposed license plate and mobile number information of 21 million users. More
Companies:
Vectra AI has raised $130 million to do AI-powered SOAR. More
TECHNOLOGY NEWS
Google is going to be experimenting with new office designs as employees return from COVID. They're targeting September for the first returns, and are going to be strongly encouraging—but not requiring—that returning people are vaccinated. In the meantime, they've saved $1 billion dollars by not having employees onsite, but that doesn't factor in any productivity difference. More
Amazon is spending $1 billion to raise operations workers' pay by up to $3 dollars an hour. More
Tesla is upgrading its Powerwall 2 systems to Powerwall+, which have the same capacity but higher surge output. More
The Linux kernel now has over 1 million commits. More
Companies
Amazon's net sales increased 44% in the first quarter of 2021. More
Microsoft's revenue increased 19% in the first quarter. More
Google's revenue grew 34% in the first quarter. More
HUMAN NEWS
Pfizer is currently testing a COVID cure with 60 individuals. If successful, this would be used in patients who already had COVID as opposed to the vaccine which is used to prevent getting it. More
The measures taken to control the spread of COVID have nearly eliminated influenza worldwide. US deaths from flu in the 2020-2021 season was around 600, and in the years before it was 22,000 and 34,000. More
California is looking to stop Nestlé from taking millions of gallons of its water. More
Global electric vehicle sales grew 41% in 2020. More
Soaring lumber prices are adding $36,000 to the cost of a new home. More
Biden has proposed ARPA-H, a DARPA for cancer. Love it, but CARPA or HARPA makes more sense I think. More
Over 3,000 cargo containers fell off ships last year, and we're already past 1,000 in 2021 due to pressure to speed up deliveries causing more accidents. More
There is now a Journal of Controversial Ideas (JCI). More
A new study shows that consumption of sugar-sweetened beverages, and high BMI independently, are associated with lower testosterone in men. More
CONTENT, IDEAS & ANALYSIS
Explaining Threats, Threat Actors, Vulnerabilities, and Risk using a Real-world Scenario — My expansion of a tweet by Casey Ellis on how to think about these key infosec terms. More
A Summary of Balaji Srinivasan's Thoughts on the Future — My parsing of a fascinating 4-hour conversation between Balaji Srinivasan and Tim Ferriss about future trends. More
Magnifying Big City Political Differences — One of the ideas Balaji Srinivasan talked about in the conversation I linked to with Tim Ferriss is the idea of cities becoming a lot more different from each other politically, and attracting completely different types of people. E.g., Austin seems to be tech + libertarianism. Portland seems to be hippy + anti-authority. Assuming people are mobile enough to pick up and move this could be a fascinating effect over time, with different cities becoming natural experiments around innovation and standard of living.
NOTES
I finished Our Mathematical Universe and I now think about greater existence in a completely different way. Highly recommended for anyone who likes Hawking, Sagan, Tyson, or anything related to Cosmology. More
I'm currently re-reading The Red Queen, which is the UL Book of the Month. More Join Us!
As you may have noticed already, we launched our new logo as part of our ongoing site design update. It isn't just a new visual; it has a lot of meaning built in that I talk about in the launch post. More
The UL Book Club is absolutely thriving, and we're talking about doing more meetups, including a new mid-month meetup with a rotating topic. We're also thinking about an in-person meetup at some point next year. Possibly a dinner at Blackhat/DEFCON and maybe a weekend getaway in Big Sur where we bring family (so we can get permission). Our monthly meet-up has become the favorite event of the month for a number of our members, me included. Turns out it's a lot of fun to talk about interesting topics with a bunch of smart and pleasant people. It's reminding me of the internet we were all promised but so often doesn't materialize. You should come join us.
DISCOVERY
Profil3r — An OSINT tool for finding social network profiles. More
Weather Spark — Get a remarkably accurate visual and description of the weather in any city. More
My friend Alejandro Hernández at IOActive (where I used to work) has released new research on how stock prices are affected by vulnerabilities and breaches. He's presenting his findings at Black Hat Asia. More
THC-RELEASE: The World's Smallest Backdoor More
How the new US Federal CISO sees Zero Trust More
It turns out we've all been using our trash bags incorrectly. They're actually shipped inside-out so you can put them on like a hat. Then you just push the whole bag down the center. Insanity. Video
The Army has new night-vision goggles, and their visuals look sci-fi/alien amazing, with outlines around objects and a crazy amount of detail. They also let you look through the scope of a rifle using wireless technology. More
A list of Significant Cyber Incidents More
All-cause Mortality Statistics for Each US State More
Welcome to the YOLO Economy More
How to make your voice sound more attractive and competent. Could also be the reason for Vocal Fry. More
RECOMMENDATIONS
If you like thinking about the future across tech, policy, government, etc., you really should listen to this conversation with Balaji Srinivasan on the Tim Ferriss podcast. It's long, but if you're into this stuff it'll absolutely be worth it. More
APHORISMS
"Everyone you meet is fighting a battle you know nothing about. Be kind. Always."
~ Robin Williams