MEMBER EDITION | Episode 290 | Monday: July 19, 2021
SECURITY NEWS
The US has joined the UK in officially accusing China of hacking Microsoft, specifically speaking of the Exchange attacks, but generally of its widespread support for global hacking campaigns. The US said China "has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain." More >
NSO is under considerable scrutiny for selling its morally questionable surveillance software (Pegasus) to morally questionable customers, including oppressive regimes. The software infects iPhone and Android devices and extracts data from them, and a new leak shows how it's being used all over the world to target human rights activists, journalists, and lawyers. Amazon responded to the new reporting by shutting down NSOs Amazon-hosted infrastructure. More > More > More >
China has a new law that requires researchers to report all discovered 0-day vulnerabilities to the Chinese government. More >
Vulnerabilities:
D-Link issues a patch for a hardcoded password issue with its routers. More >
A new critical SolarWinds 0-day is under active attack. More >
Incidents:
There's 1TB of Saudi Aramco data being sold as a result of their recent data breach. More >
Companies:
Cybereason raises $275 million at Series F. More >
TECHNOLOGY NEWS
Windows 365 is a new service from Microsoft that lets you run Windows computers in the cloud, with your actual computer acting as a terminal. It works with Windows 10 and 11, and is designed to help with the shift to remote and hybrid workforces. More >
China's share of Bitcoin mining was dropping before the crackdown, and the US's share has been rising sharply—now at around 50%. More >
AWS has launched Amazon HealthLake into GA for managing health data. Health Data in the cloud sounds bad, but 1) it's Amazon and they're pretty solid with this stuff, 2) data security in legacy health environments is generally atrocious, and 3) who says your health data isn't already in the cloud? More >
HUMAN NEWS
MIT put out a report in 1972 saying that the world would collapse mid-century due to overexploitation of Earth's resources. New analysis by KPMG/Harvard agrees, and says it could happen as early as 2040. The new research looked at MIT's "World3" model that they used to make the prediction, and found that it held up well using current empirical data. More > Trends >
New market analysis says influencer marketing on big networks is likely to be nearly $4 billion this year, and could hit almost $5 billion by 2023, which is double the 2019 level. More >
Content creation continues to boom. "If you make stuff for the internet, and are good at it, you are very happy right now." More >
Companies are having trouble hiring young workers into sales jobs. Lots of openings available (over 700,000), but few takers. More >
Machine learning is being used to create an "Inflammation Clock" that can reveal the body's true biological age. More >
New running shoes are getting so good that they're leading to record-breaking performances, and some are calling them "technological doping". More >
CONTENT, IDEAS & ANALYSIS
Direction Over Speed — Don't worry first about what you are doing. Think first about what you're about, and then ask what you're doing to help manifest that identity. It's like teaching and knowledge: you can't teach what you don't understand. In life, you can't become yourself if you don't know yourself. If you're not sure whether you're in that situation, try writing an about page >. It's much harder than most imagine.
NOTES
Thank you so much for all the Reverse Osmosis responses! You all know your water! Really appreciated.
With the new place I'm getting super into organization, including in the refrigerator. There's refrigerator TikTok now, because obviously. More >
Still in big-changes mode on my side, and handling all the tasks that come with that, but I am kicking towards the surface of the water. SO MUCH exciting stuff I can't wait to get started on!
DISCOVERY
Your career needs a vision. More >
Angle Grinder — Slice and dice log files. More >
Defending Against DNS Exfil in AWS More >
Learn how Semgrep works from my friend Clint Gibler. More >
The American Identity Crisis More >
Roadrunner is a look at Anthony Bourdain's career, and it uses a deepfake version of his voice that's been controversial. More >
Burp Suite 2021 Roadmap — Everything Burp is working on for 2021. More >
NEXFIL — Find profiles by username on the web. More >
AuthZ — Carta's highly scalable permissions system based on Google Zanzabar. More >
Racoon — Audit your Salesforce install for insecure object permissions. More >
Deciduous —A web app by Kelly Shortridge for easily generating security decision trees. More >
Ben Bidmead shows how CSVtoMD is a great way to view asset tables. More >
Github Copilot — An AI-based pair programmer from Github. Get code suggestions right inside your editor. More >
OSINT Tools Collection — A website that collects and organizes OSINT tooling. More >
RECOMMENDATIONS
If you're hunting for a display (TV, monitor, gaming monitor, etc), I highly recommend this year's LG C1 OLEDs. I have one as my main monitor now (48"), as well as one for my main living room display (83"). Highly recommend. More > Wired Review >
APHORISMS
"Nature is wise. You can learn everywhere and from anything."
~ Leonardo da Vinci