Unsupervised Learning Newsletter No. 280

News & Analysis

MEMBER EDITION | EP. 280 | Monday: May 10, 2021


The US has declared an emergency due to the ransomware attack against the Colonial oil pipeline. The pipeline carries around 100 million gallons of oil a day, which is 45% of the oil requirement of the east coast. It went offline on May 7th and still isn't back up. The Darkside ransomware gang is evidently behind the attack, and you have to wonder if they knew the size of this bear before they punched it. This is the type of thing that gets you put on the drone list. More More

NSA is warning organizations against connecting OT technologies to the internet, saying doing so unsafely will result in "indefensible levels of risk". More

Recorded Future says we're about to see a major increase in the number of Deepfake attacks. People have been saying this for a while, but they're starting to see more people talking about them and selling them on the Darkweb, so they think we're close to critical mass. More

Insurer AXA has stopped ransomware payouts in France in order to remove the incentive for attackers. More

Google is about to start automatically enrolling people's accounts into 2FA. Bravo. Sometimes you have to help the customer drink. More

A number of US banks are deploying AI-powered cameras that can monitor both customers and employees for key behaviors and activities. Examples include: detecting open doors, open tills, people camping near ATMs, etc. More

The Strategic Support Force (SSF) branch of the People's Liberation Army (PLA) in China has purchased a bunch of antivirus software from American, European, and Russian companies. It's believed that they're using it either to test their own malware against it, or to look for vulnerabilities. More

Mental health startups are increasing in number, but what happens if they get breached? This happened to one of them and they lost the conversations had between customers and their therapists. More

The US Air Force and Navy are going to allow their Pentagon staff to work 50% remote indefinitely. More

Two men were arrested in Mumbai with 7kg of uranium. More


  • There are 21 new vulnerabilities in the Exim MTA, 10 of which are remotely exploitable. More

  • Pulse Secure has fixed an 0-day in their SSL VPN appliance. More

  • VMware has patched a critical vulnerability in vRealize Business for Cloud. More

  • Cisco has released updates to multiple products, including SD-WAN. More

  • MicroTik's RouterOS has a number of remote authenticated vulnerabilities. More

  • Peloton had a flaw in its API that allowed an attacker to pull customer data such as age, weight, location, and workout stats. More


  • The city of Tulsa was hit by a ransomware incident over the weekend. More


  • Synopsys has launched a CI/CD security solution called Intelligent Orchestration that tests using SAST, SCA, IAST, and APIs. More

  • JuniperOne closed a $30 million Series B to continue working on its IT asset inventory solution. More

  • MDR firm Huntress raised a $40 million Series B. More


Verizon has sold Yahoo and AOL to a private equity firm for $5 billion, which is a fraction of what they were purchased for just a few years ago. More

Zoom has launched a new feature called Immersive View that allows everyone to look like they're part of a single virtual room, like sitting at a table across from you. More

Google also provided guidance on remote work, asking employees to work in the office approximately 3 days a week, but also saying that they could work remotely if they wanted to. More


  • Oura raises $100 million to continue into personalized health. More

  • Square's revenue rose 266% in Q1, and brought in $5 billion in revenue vs. an expected $3.4 billion. This was greatly helped by a significant return on their Bitcoin investment. More

  • Cloudflare crossed 4 million customers in Q1 and their revenue beat expectations. More


The US added just 266,000 jobs in April, which was far less than expected. A number of experts are guessing that many people are staying out of the labor market because they're receiving significant government assistance. Montana is stopping some of its unemployment benefits in an attempt to get more people to apply to open positions. More

The US is supporting the waving of COVID-related patents to help increase the speed to market for new products. More

Canadians are flying south to get vaccinated in the US where supply is high and demand is falling. More

Doctors at UCSF say California is 'weeks away' from herd immunity to COVID. More

It looks like we're about to see psilocybin and MDMA become mainstream treatments for depression. More

A new study has shown it's possible to improve memory and even defend against Alzheimer's disease by eating a Mediterranean diet. More

The etymology of the word "decide" is the killing of choice. More

California's population has declined for the first time in over a century. More


Sustainable Content Creation — Exploring how content creators in security and other fields can remain content creators without sacrificing their mental health. More


I am very close to finishing my re-read of The Red Queen, by Matt Ridley. It's quite a bit more security-relevant than I remember, but also more sexuality and mating related, which is a bit odd. My first reading was long before the Me Too movement and I now have different sensors for certain topics, including many in the book. Not that I think the book is bad, or wrong about anything that I can tell, but I doubt any author would frame things the same way today. But the book overall is fantastic, and I'd absolutely love to extract all the biological Red Queen concepts and do a multi-day workshop on how they apply to both infosec and business.

I'm working on a new Vim tutorial based on 5 levels of Goku. I think it might be epic. Teaser 


ATT&CK v9 — What's new in v9 of the ATT&CK framework? More

80/20 is the new Half-ass. More

The best Ursula Le Guin books. More

Why rich parents have rich children. More

Belonging is Stronger Than Facts More

A Brookings Institute panel on China's Arctic Activities and Ambitions More

Herman Miller has brought back its Chicklet chair. More

There are towns in Italy that are paying for people to move there and telecommute. More

Someone please help me not buy this knife. Also this one. More

Sam Harris and Ricky Gervais are launching a paid podcast together, and it goes live today. More

WaybackURLs — A tool for pulling old URLs for a given domain from The Wayback Machine as part of security testing. More


If you used to enjoy finding and listening to new music, but you've found yourself only listening to your old favorites, force yourself out of the habit. I think one's ability to enjoy new music is something of a proxy for mental youth and curiosity. This is something you cen force yourself to maintain, and you can get it back if you have lost it. Find new music that's considered high-quality by other and force yourself to listen multiple times—like you used to. Learning to enjoy new things keeps the mind nimble.


“Weakness is more opposed to virtue than is vice.”

~ Francois De La Rochefoucauld