STANDARD EDITION | Ep. 279 | Monday: May 3, 2021
SECURITY NEWS
FBI and CISA have released new tactics being used by Russia's SVR. SVR is also known as APT29 and CozyBear, and are believed responsible for Solarwinds and other attacks. They're believed to primarily target government networks, think tank and policy analysis organizations, and information technology companies. TTPs have moved from installing malware on networks to attacking cloud email services, such as Microsoft Office 365, password spraying, and targeting VPN services. More >
CISA has released an advisory regarding real-time OS (RTOS) ICS systems. More >
Industry experts have submitted an 81-page report to the Biden administration aimed at coordinating efforts to counter ransomware. They are looking to unify into a task force that helps disrupt the problem using a combination of techniques, including disrupting payments, prosecuting attackers, and disrupting services that support the ecosystem, including forums where services are sold. More >
Python library ipaddress is vulnerable to a critical IP address validation vulnerability first found in the netmask library earlier this year. It basically causes leading 0's to be stripped off of addresses, leading to the ability to bypass filters. More >
Krebs says Experian had a leaky API that exposed most Americans' credit scores. More >
Censys found more than 1.93 million databases exposed to the internet on cloud servers. Most it found were MySQL, followed by Postgres and Redis. More >
Kaspersky says it found new malware it believes was created by the CIA. More >
The NYPD has canceled the use of its robotic dog due to public backlash. More >
US Navy SEALs are shifting from counterterrorism to global skills such as electronic warfare and unmanned systems for the purposes of collecting intelligence. More >
Vulnerabilities:
Microsoft released updates to at least 110 security issues in its monthly patch Tuesday release, including 4 updates to Exchange. More >
Microsoft has identified two dozen RCE vulnerabilities in IoT and OT devices that are being called BadAlloc. More >
Cisco firewalls have several remote accessible vulnerabilities that have patches available. More >
There are patches out for Samba. More >
QNAP warns of AgeLocker ransomware attack. More >
Incidents:
ParkMobil had a breach that exposed license plate and mobile number information of 21 million users. More >
Companies:
Vectra AI has raised $130 million to do AI-powered SOAR. More >
TECHNOLOGY NEWS
Google is going to be experimenting with new office designs as employees return from COVID. They're targeting September for the first returns, and are going to be strongly encouraging—but not requiring—that returning people are vaccinated. In the meantime, they've saved $1 billion dollars by not having employees onsite, but that doesn't factor in any productivity difference. More >
Amazon is spending $1 billion to raise operations workers' pay by up to $3 dollars an hour. More >
Tesla is upgrading its Powerwall 2 systems to Powerwall+, which have the same capacity but higher surge output. More >
The Linux kernel now has over 1 million commits. More >
Companies
Amazon's net sales increased 44% in the first quarter of 2021. More >
Microsoft's revenue increased 19% in the first quarter. More >
Google's revenue grew 34% in the first quarter. More >
HUMAN NEWS
Pfizer is currently testing a COVID cure with 60 individuals. If successful, this would be used in patients who already had COVID as opposed to the vaccine which is used to prevent getting it. More >
The measures taken to control the spread of COVID have nearly eliminated influenza worldwide. US deaths from flu in the 2020-2021 season was around 600, and in the years before it was 22,000 and 34,000. More >
California is looking to stop Nestlé from taking millions of gallons of its water. More >
Global electric vehicle sales grew 41% in 2020. More >
Soaring lumber prices are adding $36,000 to the cost of a new home. More >
Biden has proposed ARPA-H, a DARPA for cancer. Love it, but CARPA or HARPA makes more sense I think. More >
Over 3,000 cargo containers fell off ships last year, and we're already past 1,000 in 2021 due to pressure to speed up deliveries causing more accidents. More >
There is now a Journal of Controversial Ideas (JCI). More >
A new study shows that consumption of sugar-sweetened beverages, and high BMI independently, are associated with lower testosterone in men. More >
CONTENT, IDEAS & ANALYSIS
Explaining Threats, Threat Actors, Vulnerabilities, and Risk using a Real-world Scenario — My expansion of a tweet by Casey Ellis on how to think about these key infosec terms. More >
A Summary of Balaji Srinivasan's Thoughts on the Future — My parsing of a fascinating 4-hour conversation between Balaji Srinivasan and Tim Ferriss about future trends. More >
Magnifying Big City Political Differences — One of the ideas Balaji Srinivasan talked about in the conversation I linked to with Tim Ferriss is the idea of cities becoming a lot more different from each other politically, and attracting completely different types of people. E.g., Austin seems to be tech + libertarianism. Portland seems to be hippy + anti-authority. Assuming people are mobile enough to pick up and move this could be a fascinating effect over time, with different cities becoming natural experiments around innovation and standard of living.
NOTES
I finished Our Mathematical Universe and I now think about greater existence in a completely different way. Highly recommended for anyone who likes Hawking, Sagan, Tyson, or anything related to Cosmology. More >
I'm currently re-reading The Red Queen, which is the UL Book of the Month. More > Join Us! >
As you may have noticed already, we launched our new logo as part of our ongoing site design update. It isn't just a new visual; it has a lot of meaning built in that I talk about in the launch post. More >
The UL Book Club is absolutely thriving, and we're talking about doing more meetups, including a new mid-month meetup with a rotating topic. We're also thinking about an in-person meetup at some point next year. Possibly a dinner at Blackhat/DEFCON and maybe a weekend getaway in Big Sur where we bring family (so we can get permission). Our monthly meet-up has become the favorite event of the month for a number of our members, me included. Turns out it's a lot of fun to talk about interesting topics with a bunch of smart and pleasant people. It's reminding me of the internet we were all promised but so often doesn't materialize. You should come join us. >
DISCOVERY
Profil3r — An OSINT tool for finding social network profiles. More >
Weather Spark — Get a remarkably accurate visual and description of the weather in any city. More >
My friend Alejandro Hernández at IOActive (where I used to work) has released new research on how stock prices are affected by vulnerabilities and breaches. He's presenting his findings at Black Hat Asia. More >
THC-RELEASE: The World's Smallest Backdoor More >
How the new US Federal CISO sees Zero Trust More >
It turns out we've all been using our trash bags incorrectly. They're actually shipped inside-out so you can put them on like a hat. Then you just push the whole bag down the center. Insanity. Video >
The Army has new night-vision goggles, and their visuals look sci-fi/alien amazing, with outlines around objects and a crazy amount of detail. They also let you look through the scope of a rifle using wireless technology. More >
A list of Significant Cyber Incidents More >
All-cause Mortality Statistics for Each US State More >
Welcome to the YOLO Economy More >
How to make your voice sound more attractive and competent. Could also be the reason for Vocal Fry. More >
RECOMMENDATIONS
If you like thinking about the future across tech, policy, government, etc., you really should listen to this conversation with Balaji Srinivasan on the Tim Ferriss podcast. It's long, but if you're into this stuff it'll absolutely be worth it. More >
APHORISMS
"Everyone you meet is fighting a battle you know nothing about. Be kind. Always."
~ Robin Williams