MEMBER EDITION | Episode 290 | Monday: July 19, 2021
SECURITY NEWS
The US has joined the UK in officially accusing China of hacking Microsoft, specifically speaking of the Exchange attacks, but generally of its widespread support for global hacking campaigns. The US said China "has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain." More
NSO is under considerable scrutiny for selling its morally questionable surveillance software (Pegasus) to morally questionable customers, including oppressive regimes. The software infects iPhone and Android devices and extracts data from them, and a new leak shows how it's being used all over the world to target human rights activists, journalists, and lawyers. Amazon responded to the new reporting by shutting down NSOs Amazon-hosted infrastructure. More More More
China has a new law that requires researchers to report all discovered 0-day vulnerabilities to the Chinese government. More
Vulnerabilities:
D-Link issues a patch for a hardcoded password issue with its routers. More
A new critical SolarWinds 0-day is under active attack. More
Incidents:
There's 1TB of Saudi Aramco data being sold as a result of their recent data breach. More
Companies:
Cybereason raises $275 million at Series F. More
TECHNOLOGY NEWS
Windows 365 is a new service from Microsoft that lets you run Windows computers in the cloud, with your actual computer acting as a terminal. It works with Windows 10 and 11, and is designed to help with the shift to remote and hybrid workforces. More
China's share of Bitcoin mining was dropping before the crackdown, and the US's share has been rising sharply—now at around 50%. More
AWS has launched Amazon HealthLake into GA for managing health data. Health Data in the cloud sounds bad, but 1) it's Amazon and they're pretty solid with this stuff, 2) data security in legacy health environments is generally atrocious, and 3) who says your health data isn't already in the cloud? More
HUMAN NEWS
MIT put out a report in 1972 saying that the world would collapse mid-century due to overexploitation of Earth's resources. New analysis by KPMG/Harvard agrees, and says it could happen as early as 2040. The new research looked at MIT's "World3" model that they used to make the prediction, and found that it held up well using current empirical data. More Trends
New market analysis says influencer marketing on big networks is likely to be nearly $4 billion this year, and could hit almost $5 billion by 2023, which is double the 2019 level. More
Content creation continues to boom. "If you make stuff for the internet, and are good at it, you are very happy right now." More
Companies are having trouble hiring young workers into sales jobs. Lots of openings available (over 700,000), but few takers. More
Machine learning is being used to create an "Inflammation Clock" that can reveal the body's true biological age. More
New running shoes are getting so good that they're leading to record-breaking performances, and some are calling them "technological doping". More
CONTENT, IDEAS & ANALYSIS
Direction Over Speed — Don't worry first about what you are doing. Think first about what you're about, and then ask what you're doing to help manifest that identity. It's like teaching and knowledge: you can't teach what you don't understand. In life, you can't become yourself if you don't know yourself. If you're not sure whether you're in that situation, try writing an about page. It's much harder than most imagine.
NOTES
Thank you so much for all the Reverse Osmosis responses! You all know your water! Really appreciated.
With the new place I'm getting super into organization, including in the refrigerator. There's refrigerator TikTok now, because obviously. More
Still in big-changes mode on my side, and handling all the tasks that come with that, but I am kicking towards the surface of the water. SO MUCH exciting stuff I can't wait to get started on!
DISCOVERY
Your career needs a vision. More
Angle Grinder — Slice and dice log files. More
Defending Against DNS Exfil in AWS More
Learn how Semgrep works from my friend Clint Gibler. More
The American Identity Crisis More
Roadrunner is a look at Anthony Bourdain's career, and it uses a deepfake version of his voice that's been controversial. More
Burp Suite 2021 Roadmap — Everything Burp is working on for 2021. More
NEXFIL — Find profiles by username on the web. More
AuthZ — Carta's highly scalable permissions system based on Google Zanzabar. More
Racoon — Audit your Salesforce install for insecure object permissions. More
Deciduous —A web app by Kelly Shortridge for easily generating security decision trees. More
Ben Bidmead shows how CSVtoMD is a great way to view asset tables. More
Github Copilot — An AI-based pair programmer from Github. Get code suggestions right inside your editor. More
OSINT Tools Collection — A website that collects and organizes OSINT tooling. More
RECOMMENDATIONS
If you're hunting for a display (TV, monitor, gaming monitor, etc), I highly recommend this year's LG C1 OLEDs. I have one as my main monitor now (48"), as well as one for my main living room display (83"). Highly recommend. More Wired Review
APHORISMS
"Nature is wise. You can learn everywhere and from anything."
~ Leonardo da Vinci