I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I’ve found in the last week to around 40,000 people. It’ll save you tons of time.
MY IDEAS & ANALYSISAnalysis of the Recon/Attack Surface Management Space MoreSummary: The Pentester’s BluePrint — My review of Phillip Wylie and Kim Crawley’s new book on how to become a penetration tester. MoreSome Free-form Thoughts on Ayn Rand, Objectivism, and Other Big Ideas MoreThe Rise of Home Theater MoreAmazon Will Dominate Through 10,000 Small Bets MoreSECURITY NEWSSunburst — Russia’s APT29, or Cozy Bear, has evidently hacked multiple US Government agencies and corporations through malware implanted in SolarWinds asset management software. This is the same group that hacked the State Department and White House email servers during the Obama administration, and according to FireEye the hack against them was part of the same campaign. SolarWinds software is used by more than 300,000 organizations around the world, including all five branches of the US government, NASA, and NSA. This will be a very early test for the new Biden administration in terms of how aggressive they’ll be towards Russia, both publicly and behind the scenes. MoreSomeone has released a massive dump of data on members of the Chinese Communist Party, including where they live and work around the world. MoreNSA is warning that Russian state-sponsored attackers are targeting companies using recent VMware flaws. MoreTrucaller says spam calls grew 18% this year. MoreCrowdstrike says ransomware made up half of all serious intrusions in 2020. MoreThe US military has picked 16 sites and started vaccinating troops for COVID-19. MoreGitHub has rolled out dependency review, vulnerability alerts for pull requests, and dark mode. MoreVulnerabilities: 33 flaws have been discovered in millions of IoT device TCP/IP stacks, and many are basically unpatchable. More QNAP continues to have vulnerability issues, this time with XSS. More Accounts with default credentials have been found in over 100 GE medical devices. MoreCompanies: Dragos has raised $110 million to secure industrial systems. Congrats to the crew over there! More Palantir has won a major FDA contract to help review and inspect drugs before approval. More Orca Security raises $55 million to scan cloud infrastructure and produce a data flow map that it monitors for security. More At-Bay raises $34 million to do cyberinsurance, which is expected to be a $23 billion dollar industry by 2025. Their focus is on monitoring customers’ systems and reducing the chances they get compromised. More Salt Security raised $30 million to protect APIs from attack. MoreTECHNOLOGY NEWSAmazon launches HealthLake, a platform for storing and analyzing petabytes of health care data. “For example, HealthLake leverages natural language understanding and ontology mapping to identify whether a patient has been properly prescribed a drug, pulling out information from blood glucose monitoring systems, physicians notes, insurance forms and lab reports, and more to inform its conclusions.” MoreMultiple government groups are coming after Facebook for anti-competitive practices, but as Scott Galloway has pointed out many times, this could actually be good for investors if properties like Instagram and Whatsapp are broken out. MoreRedhat has killed CentOS. I think in like 10 to 20 years it’ll just be Amazon Linux and some hobby distros like Arch and Gentoo. MoreOracle, Palantir, HPE, and now Tesla are moving out of California. Many see this as a rejection of Calfiornia’s extremely high taxes and restrictive regulations, combined with its deteriorating infrastructure and inability to solve bad roads and homelessness. Many of these companies are moving to Texas, which has less of all that. MoreCruise is starting to test driverless cars in San Francisco. This comes right as Uber sold their driverless business to someone else. MoreCompanies: SpaceX has received $885 million to provide US rural areas with internet. More C3.ai stock doubled after its $651 million dollar IPO. The company manages the process of spinning up the use of AI within a company, from data ingest, management, model creation, and deployment. More Arthur.ai has raised $15 million to monitor the performance of ML models over time. More Squire, a barbership tech startup, has tripled its valuation to $250 million by providing customer management, scheduling, and contactless payments. MoreHUMAN NEWSThe US has approved the Pfizer vaccine, and millions of doses are being shipped immediately. MoreGallup says 63% of Americans would be willing to get an FDA-approved COVID vaccine. MorePlastic surgeons appear to be thriving because people want to fix how they look on Zoom calls. MoreThere’s a super exicting study out of UCSF that has reversed age-related mental decline in mice within days. Undocumented immigrants are half as likely to be arrested for violent crimes as US-born citizens. MoreWall Street now has a water futures market, like gold or oil. This is unrelated to the release of Dune in 2021. More“Jimenez told me that, compared with yelling, quiet talking reduces aerosols by a factor of five; being completely silent reduces them by a factor of about 50. That means talking quietly, rather than yelling, reduces the risk of viral transmission by a degree comparable to properly wearing a mask.” — A remarkable quote from this Atlantic article on how COVID spreads. This would also help explain why bars are especially bad, where the spaces are small and people are smashed together yelling at each other. MoreSome are starting to look into the use of MDMA in couples therapy, specifically where one partner has suffered from PTSD. MoreDisney launched around 10 new series’ in the Marvel and Star Wars uinverses, and their stock jumped 15% on the announcement. MoreHBO Max hits 12.6 million activations before Wonder Woman release. MoreCompanies: Koan just raised another $1 million to help build its OKR and Status software. MoreUPDATESI’m enjoying some time off from work, but quietly. Not like I can travel or eat out or anything.I purchased a new audio interface, the APOLLO Twin X, and will be trying out using that instead of my RODEcaster Pro. This is in preparation for transitioning to a true music creation setup in the near future. I’m also going to be tinkering with LUNA, the DAW from Universal Audio, and if I like it I might be trying that instead of Hindenburg, which is what I’m using now for the podcast. The other options I’ll be comparing will be Logic Pro and Ableton 11 once it comes out. MoreCurrently reading: Atlas Shrugged Anna Karenina Homeland (the UL Book Club Book)DISCOVERY CrowdSec, a modern replacement for Fail2Ban, has released their version 1.0, which includes a new local REST API, which allows you to deploy in different enterprise configurations. MoreA compilation of publically accessible web shells. MoreKafka is Not a Database MoreThis guy wrote a blog post about how he’s switching from WordPress to Jeckyl, and spent half of it describing how he needed to create half of the basic features that WordPress has, manually. I predict one of two things will happen here: either he stops blogging, or he comes back to WordPress. MoreSet your GitHub display preferences. MoreShopping Cart Theory MoreA defense engineer gives more detail on the microwave weapons likely used against US diplomats. MoreFollow your curiosity by reading your ass off and finding the source. MoreTo listen well, get curious. MoreRECOMMENDATIONSMORE is my favorite short film, and probably my favorite piece of art—ever—in any medium. It’s 5 minutes long. Please watch it. It might improve your life. MOREAPHORISMS“The first, and hardest, step to wisdom: avert the standard assumption that people know what they want.”~ Nassim Nicholas Taleb
No related posts.