Unsupervised Learning Newsletter No. 278

MEMBER EDITION | Ep. 278 | Monday: April 26, 2021

SECURITY NEWS

CISA ordered federal organizations to patch their Pulse Secure VPN installs by last Friday, and the RCE vulnerability is being actively exploited. More More

Ransomware gangs are now reaching out to unscrupulous stock traders who would benefit from information that could negatively affect a stock. Basically, if you knew beforehand that a breach were about to be announced, you could short their stock beforehand and make money. It also works in the opposite direction: adding more reason to pay for the victim. More

Japan says a member of the Chinese Military Cyber Unit 61419 (Tick) launched attacks against its space program (JAXA). More

Dan Kaminsky died last week. He was brilliant and kind, and our community has been deeply affected by his loss. I really love Jeff Moss's idea of having a Dan Kaminsky award that goes to people who not only find or create the most interesting things, but those who do it with unrivaled humanity. I wasn't close to Dan, but we did talk about a number of security ideas over the years, and he was always the same: smart, and pleasant. He'll be missed. More

MI5 says 10,000 Britons have been targeted on LinkedIn by Russian and Chinese intelligence services. More

China's government has released an application that helps people report 'mistaken opinions' and people who 'deny the excellence of socialist culture'. Some Seriously Stalin stuff here. They're doing it in preparation for the 100th anniversary of the CCP. More

It appears the Codecov vulnerability may have affected hundreds of companies. Similar to the Blackbaud and Solarwinds attacks, these supply chain attacks are highlighting the extent to which we depend on third-party software. More

Moxie found a bunch of vulnerabilities in the Cellebrite system. It's a wonderful write-up. More

Vulnerabilities:

• Update Chrome ASAP. More

• Attackers are going after SonicWall email appliances using three vulnerabilities. More

• If you have a QNAP NAS, patch immediately to prevent QLocker ransomware. More

• Drupal has released patches to versions 7 through 9.1 for a vulnerability that can result in system takeover. More

Incidents:

• Geico had many customers' drivers' license numbers stolen out of a database they administer. They're warning customers against fraud as a result. More

Companies:

• Deep Instinct raises $100 million to continue providing threat protection using deep learning. More

• Mastercard is acquiring identity verification company Ekata for $850 million. More

TECHNOLOGY NEWS

Facebook and Twitter just rolled out their Clubhouse clones. Possibly just in time for nobody to care about Clubhouse. More
 
Google Fi is now 6 years old, and it has a new Simply Unlimited plan for $60 on a single line. That's for unlimited calls and texts in the US, Canada, and Mexico. More

Facebook says their employees can continue to work from home after COVID. More

Amazon is bringing palm-based authentication to Whole Foods stores. More

Companies:

• IBM posted revenue growth after four consecutive quarters of declines. More

HUMAN NEWS

Please keep India in your thoughts this week. They were seeing less than 100,000 COVID cases a week in early February and last week they saw 310,000 in a single day. This week will be even worse. This wave appears to be affecting young people as well, and their facilities are being overrun. More

The brain appears to "rotate" memories to avoid them being overwritten. More

Manhattan will no longer prosecute prostitution. More

Even a single night of sleep deprivation impairs the waste-removal function of the brain, and the situation isn't fixed by sleeping properly the following night. More

Sleeping too little in middle age can significantly increase the risk of dementia later in life. More

NASA flew a helicopter on Mars. More

California is ending oil extraction by 2045. More

The EU is going to allow travel this summer from vaccinated US travelers. More

Panpsychism—the idea that everything including atoms are conscious—is gaining support in the academic world. More


CONTENT, IDEAS & ANALYSIS

The Evolution of Tech— As tech advances, it moves from helping people manage things to helping people manage themselves and others. Tired: here's an OS for managing your files. Wired: Here's an OS for managing your life. Inspired: Here's an OS for society, sponsored by Palantir! Share

Suicide Lower in COVID — A number of sources are reporting that suicide is down during COVID. I wonder if this is because the pandemic gave people a clear reason and scapegoat for being unhappy. In short, maybe it feels way worse to feel bad if you feel there’s no explanation—and therefore nothing to fix. More

Innovation Industries — Porn, Gaming, and Ransomware have something in common. No, probably not what you're thinking, whatever that was. Innovation. Porn did tons of innovation in the world of video. Gaming has innovated massively in computer graphics. And now ransomware is pushing what's possible in terms of malicious monetization. Not the same kind of innovation, of course, but fascinating nonetheless. More 

NOTES

Book club yesterday was spectacular. I agree with someone on the call who said it was their favorite hangout of the month. I am not sure how or why, but I'm just genuinely surprised and thankful for how much I'm enjoying being part of the UL community. It honestly feels like the version of the internet that we were promised but never got. We're also working on adding some additional meetups—including one in meatspace! Next month's book, if you haven't heard yet, is The Red Queen, by Matt Ridley. Seriouslly, thank all of you for being part of this and making it possible. More

Not sure if you noticed, but the header image for this episode of the newsletter is different. This is part of a site-wide redesign I'm working on. It'll be relatively subtle, but I like the change to the logo. For those interested in logo geekery, here's what the new logo represents:

• The overall design is that of circuits/connections, as in (machine) learning

• The first part of the logo is an upside-down "U", for Unsupervised

• The second part of the logo is an "L", for Learning

• The orphaned dot fills out the square design and represents a connection that's not yet been made (there's always more to learn)

DISCOVERY  

Semgrep — A brilliant new tool for doing static analysis very quickly, which I heard about my friend Clint (of TL;DRSec fame), who is one of the founders. It's like a super-configurable version of grep, except with signatures for lots of different security issues. Plus support for lots of languages and with integrations into Github and Slack. If you have any need for static analysis of any kind, definitely give it a look. More

Remote Hunt — A tool for finding remote tech jobs. More

The Extortion Ecosystem — A fantastic blog post by Recorded Future on the various ways ransomware gangs try to monetize. More

I Think You Should Leave — A show that I've heard a number of people talking about lately, and that I plan on watching. It's short, otherwise I probably wouldn't. More

Lessons Learned From a Pentester More


RECOMMENDATIONS

If you produce spoken audio content, consider increasing the speed by 5-20%. Especially if you're just conveying information and ideas as a single presenter as I do on this show. Here are the benefits I see from this:

1. It saves time, which matters a lot today

2. Extra speed provides a gentle friction to understanding in the listener, also done by using a very small font size in text, which many believe helps with absorption and/or acceptance of the content

3. It gives the impression of better content, perhaps by removing the annoyance of delays

APHORISMS

“A matter that becomes clear ceases to concern us.”

~ Friedrich Nietzsche