Unsupervised Learning Newsletter No. 279

News & Analysis

STANDARD EDITION | Ep. 279 | Monday: May 3, 2021 


FBI and CISA have released new tactics being used by Russia's SVR. SVR is also known as APT29 and CozyBear, and are believed responsible for Solarwinds and other attacks. They're believed to primarily target government networks, think tank and policy analysis organizations, and information technology companies. TTPs have moved from installing malware on networks to attacking cloud email services, such as Microsoft Office 365, password spraying, and targeting VPN services. More 

CISA has released an advisory regarding real-time OS (RTOS) ICS systems. More

Industry experts have submitted an 81-page report to the Biden administration aimed at coordinating efforts to counter ransomware. They are looking to unify into a task force that helps disrupt the problem using a combination of techniques, including disrupting payments, prosecuting attackers, and disrupting services that support the ecosystem, including forums where services are sold. More

Python library ipaddress is vulnerable to a critical IP address validation vulnerability first found in the netmask library earlier this year. It basically causes leading 0's to be stripped off of addresses, leading to the ability to bypass filters. More

Krebs says Experian had a leaky API that exposed most Americans' credit scores. More

Censys found more than 1.93 million databases exposed to the internet on cloud servers. Most it found were MySQL, followed by Postgres and Redis. More

Kaspersky says it found new malware it believes was created by the CIA. More

The NYPD has canceled the use of its robotic dog due to public backlash. More

US Navy SEALs are shifting from counterterrorism to global skills such as electronic warfare and unmanned systems for the purposes of collecting intelligence. More


  • Microsoft released updates to at least 110 security issues in its monthly patch Tuesday release, including 4 updates to Exchange. More

  • Microsoft has identified two dozen RCE vulnerabilities in IoT and OT devices that are being called BadAlloc. More

  • Cisco firewalls have several remote accessible vulnerabilities that have patches available. More

  • There are patches out for Samba. More

  • QNAP warns of AgeLocker ransomware attack. More


  • ParkMobil had a breach that exposed license plate and mobile number information of 21 million users. More


  • Vectra AI has raised $130 million to do AI-powered SOAR. More


Google is going to be experimenting with new office designs as employees return from COVID. They're targeting September for the first returns, and are going to be strongly encouraging—but not requiring—that returning people are vaccinated. In the meantime, they've saved $1 billion dollars by not having employees onsite, but that doesn't factor in any productivity difference. More

Amazon is spending $1 billion to raise operations workers' pay by up to $3 dollars an hour. More

Tesla is upgrading its Powerwall 2 systems to Powerwall+, which have the same capacity but higher surge output. More

The Linux kernel now has over 1 million commits. More


  • Amazon's net sales increased 44% in the first quarter of 2021. More

  • Microsoft's revenue increased 19% in the first quarter. More

  • Google's revenue grew 34% in the first quarter. More


Pfizer is currently testing a COVID cure with 60 individuals. If successful, this would be used in patients who already had COVID as opposed to the vaccine which is used to prevent getting it. More

The measures taken to control the spread of COVID have nearly eliminated influenza worldwide. US deaths from flu in the 2020-2021 season was around 600, and in the years before it was 22,000 and 34,000. More

California is looking to stop Nestlé from taking millions of gallons of its water. More

Global electric vehicle sales grew 41% in 2020. More

Soaring lumber prices are adding $36,000 to the cost of a new home. More

Biden has proposed ARPA-H, a DARPA for cancer. Love it, but CARPA or HARPA makes more sense I think. More

Over 3,000 cargo containers fell off ships last year, and we're already past 1,000 in 2021 due to pressure to speed up deliveries causing more accidents. More

There is now a Journal of Controversial Ideas (JCI). More

A new study shows that consumption of sugar-sweetened beverages, and high BMI independently, are associated with lower testosterone in men. More


Explaining Threats, Threat Actors, Vulnerabilities, and Risk using a Real-world Scenario — My expansion of a tweet by Casey Ellis on how to think about these key infosec terms. More

A Summary of Balaji Srinivasan's Thoughts on the Future — My parsing of a fascinating 4-hour conversation between Balaji Srinivasan and Tim Ferriss about future trends. More

Magnifying Big City Political Differences — One of the ideas Balaji Srinivasan talked about in the conversation I linked to with Tim Ferriss is the idea of cities becoming a lot more different from each other politically, and attracting completely different types of people. E.g., Austin seems to be tech + libertarianism. Portland seems to be hippy + anti-authority. Assuming people are mobile enough to pick up and move this could be a fascinating effect over time, with different cities becoming natural experiments around innovation and standard of living.


I finished Our Mathematical Universe and I now think about greater existence in a completely different way. Highly recommended for anyone who likes Hawking, Sagan, Tyson, or anything related to Cosmology. More

I'm currently re-reading The Red Queen, which is the UL Book of the Month. More Join Us!

As you may have noticed already, we launched our new logo as part of our ongoing site design update. It isn't just a new visual; it has a lot of meaning built in that I talk about in the launch post. More

The UL Book Club is absolutely thriving, and we're talking about doing more meetups, including a new mid-month meetup with a rotating topic. We're also thinking about an in-person meetup at some point next year. Possibly a dinner at Blackhat/DEFCON and maybe a weekend getaway in Big Sur where we bring family (so we can get permission). Our monthly meet-up has become the favorite event of the month for a number of our members, me included. Turns out it's a lot of fun to talk about interesting topics with a bunch of smart and pleasant people. It's reminding me of the internet we were all promised but so often doesn't materialize. You should come join us.


Profil3r — An OSINT tool for finding social network profiles. More

Weather Spark — Get a remarkably accurate visual and description of the weather in any city. More

My friend Alejandro Hernández at IOActive (where I used to work) has released new research on how stock prices are affected by vulnerabilities and breaches. He's presenting his findings at Black Hat Asia. More

THC-RELEASE: The World's Smallest Backdoor More

How the new US Federal CISO sees Zero Trust More

It turns out we've all been using our trash bags incorrectly. They're actually shipped inside-out so you can put them on like a hat. Then you just push the whole bag down the center. Insanity. Video

The Army has new night-vision goggles, and their visuals look sci-fi/alien amazing, with outlines around objects and a crazy amount of detail. They also let you look through the scope of a rifle using wireless technology. More

A list of Significant Cyber Incidents More

All-cause Mortality Statistics for Each US State More

Welcome to the YOLO Economy More

How to make your voice sound more attractive and competent. Could also be the reason for Vocal Fry. More


If you like thinking about the future across tech, policy, government, etc., you really should listen to this conversation with Balaji Srinivasan on the Tim Ferriss podcast. It's long, but if you're into this stuff it'll absolutely be worth it. More


“Everyone you meet is fighting a battle you know nothing about. Be kind. Always.”

~ Robin Williams