Unsupervised Learning Newsletter NO. 323

News & Analysis

STANDARD EDITION | EP. 323 | MAR 21 2022


Google's TAG has uncovered a new Initial Access Broker called Exotic Lily, which they say is working with the cybercrime gang known for the Conti and Diavol ransomware operations. Initial Access Brokers gain and then sell access to various companies as their business model. More

The FBI is warning of an MFA flaw in Duo that allowed Russian state attackers to compromise an NGO. The flaw involves attacking weak passwords on an un-enrolled and inactive account that hasn't yet been disabled within Active Directory. More

CISA and the FBI are warning SATCOM providers to stay alert to threats against their networks. This comes after the disruption of broadband satellite internet access in Ukraine. More


The Dept. of Know Live!: A Series of 15-minute Conversations and Live Q&As with Experts on Web App and API Security

You’ve probably been to dry security webinars that resort to fear-mongering. At Fastly, we’re tired of the security status quo, too. That’s why we created The Dept. of Know Live! Virtual Speaker Series.

Every Thursday in March, Kelly Shortridge, Fastly, and Bea Hughes, PagerDuty, will host 15-minute conversations and live Q&As with security leaders that cover everything from how we define success in modern security to how security falls short of developer expectations to why we can’t ignore asset management.

Google's TAG says Chinese state-backed attackers are targeting Ukrainian government organizations. More

A German cybersecurity company called BSI says you shouldn't use Kaspersky's AV software. Their warning seemed less directed at Kaspersky and more on the fact that Russian company software embedded in companies could be used by the government as an attack vector. More

China appears to be expanding one of its major naval shipyards by around 50%. More

DJI is getting pressure to get more involved in the war in Ukraine because both sides are using their drones for war. In one example, a Ukrainian official calls on DJI to stop Russians from using their drones from guiding missiles. More


  • Most QNAP devices are vulnerable to the Dirty Piple Linux vulnerability. More


  • Cowbell, a cyber insurance platform that does AI-assisted continuous assessment of risk has raised $100 million dollars. More

  • Sentinel One is purchasing Attivo Networks for $616 million. More


Tencent is cutting 20% of its workforce as a result of Chinese government pressure and the economic downturn in the country. More

Russian demand for VPNs has gone up by over 2,600%. More


The James Web Telescope has sent back a brilliant image of a star! And the background is full of galaxies! Cannot wait to see more from this system. More

A new study has found a bi-directional association between Alzheimer's and daytime napping. More

In the largest study of its kind, Ivermectin was shown not to reduce Covid hospitalizations. More


Consumer Authentication Strength Maturity Model (CASMM) V6 — I've updated the CASMM model to version 6, with this version's focus being on the distinction between app and token-based codeless MFA options. As a refresher, the model gives people a visual way to understand the authentication security on their important accounts. More

Not All MFA is Equal, and the Differences Matter a Lot — A piece on the most important factor in modern MFA systems—anti-phishing defenses! The updated version of the CASMM model (see below) makes it more clear that only Levels 7 and 8 are codeless options. All others are still vulnerable to phishing because they provide the user with a code that they can then pass to an attacker via form field or voice. More

Thoughts on the Future of InfoSec (v2022) — A new piece that talks about how I see the Information Security industry developing as it moves out of its teen years and into its 20s and 30s. More

Google Has Opened the Door to Cloudflare — How Google has allowed Cloudflare to take an increasing share of internet services by failing to innovate and being unresponsive to customers. More

Environmentalism Isn't About the Earth — I was listening to Gary Kasparov talk about Ukraine and he casually mentioned something about the environment that I thought was interesting. He said, "The Earth will be fine. It's the people we are worried about." I'd heard this argument before but somehow it hit different this time. Or maybe I just know more about the history of the Earth now. Either way, I find it quite fascinating to think about how many people are worried about the Earth itself vs. being worried about whether people can survive and thrive during changes that happen to the Earth. Like, the Earth doesn't care. We could massively change the climate, kill off most of the species, and then kill all humans in a massive nuclear war. The planet would basically be like, "Um, whatever…" And then in a few thousand years it would be hard to notice that we were even here. I'm guilty of this confusion myself, and this was a reminder to keep in mind that it's better to be nice to the planet, but that if we aren't it'll be people that suffer, not the Earth. I'm not sure why, but it helps. Mabye because I see the Earth as helpless, kind of like caring more for animal suffering than humans at times.


I think I'm giving up on Brandon Sanderson novels. I didn't like Mistborn that much, and I just got through the third book of Way of Kings. I'd describe Way of Kings as just being messy. There is way too much going on and I haven't been sold properly on why I should care. I think this is one example of where I need to bail from the series. Maybe I'll try one of the new novels, as I hear he has different styles in a lot of his stuff. I will say that I loved the magic system in Way of Kings. It was very consistent and well-thought-out.

I'm actually really enjoying the Cradle series. It's more YA, honestly, but it has a clear direction and focus to it that I'm enjoying. I'm definitely looking for a more serious fantasy series if anyone has any recommendations. Something like GoT or NoTW.


How Kremlin accounts manipulate Twitter. More

Netflix's most popular shows. More

This is Why Autocracies Fail More

The sound team for Dune used Rice Krispies for the crunching sounds. More

10 of the 53 cybersecurity unicorns to watch. More

❤️ Make sure you have everything vital. More

[ OSINT ] Researcher Avi Lumelsky demonstrates how he found thousands of open databases on AWS. More

[ OSINT ] Ben Binmead shows how to extract URLs from an Nmap scan. More

[ OSINT ] nrich — A new tool by Shodan that provides fast IP enrichment. You feed it a list of IPs and it tells you open ports, whether there are known vulnerabilities associated, and lots of other data about them. More

[ MALWARE ] Arya — A tool by Claroty that creates pseudo-malicious files that trigger YARA rules. More


If you do any type of content creation, there's a secret I've been circling around for a number of years now. It's best captured as a quote from Martin Scorcese, which is, "The most personal is the most creative." Then, more recently, I heard someone say that the key to creating good content is sharing your secrets. This got me thinking and I think the answer is this: it's not possible to perfectly know what resonates with others. But the safest bet is to share what resonates with you, because the odds are good that that particular joke, or that particular moment that makes you laugh or cry, will also do the same for someone else.

So, share what resonates with you. And if you're in content creation, don't worry about sharing secrets. Just keep doing it and people will keep coming back.


“Burnout is not caused by overwork. It’s caused by spending too long on work that lacks vision, has a vision you don’t agree with, or where you feel unable to make progress."

Daniel Miessler