Unsupervised Learning Newsletter NO. 336
News & Analysis
NO. 336 | JUN 13 2022
Feeling much better now, and thank you all for the well-wishes. And with RSA behind us it's time to start thinking about Vegas/DEFCON/Blackhat! I'll be there in some capacity so let's try to meet up. Outside. : ) Now onto this week's show, which is a chunky one, and it's also sporting the new header art I made last weekend!
Enjoy, and have a great week!
The NSO group is in talks to sell Pegasus to US defense contractor L3Harris, which is the company behind StingRay cell phone trackers. Many are worried this will allow Pegasus to be used by more US law enforcement agencies. They've already tried unsuccessfully to sell into the NYPD and the FBI. I'm surprised this is even a thing, honestly. How would a US contractor be allowed to purchase a technology that's on the US naughty list? I suppose the purchase could lead to audits and certifications that make it more trusted, but still. More
Many are currently being hit with spam text messages that pull you into a conversation (I got one while writing this sentence actually). They are designed to get you to respond by sometimes saying things as simple as, "Hello.", but they're often more tricky with something like, "Is this still Chris's number?" Once you respond to tell them off or correct them, you're pulled in. My recommendation is to tell all your loved ones about this, because they're probably getting hit too and actually responding. More
Digital Shadows says there are 24.6 billion sets of credentials up for sale on the dark web, 6.7 billion of which are unique. They say this is a 34% increase over 2020 (they do the analysis every two years). This corresponds to credential stuffing attacks gaining favor in real-world attack data, and adds pressure to move everyone to 2FA and a more passwordless future. More
Storyblok — Level-Up the Security of your Company's CMS
More and more cybersecurity companies are ditching their traditional CMS and to move to a Headless CMS platform. Why? Because they want the best possible security, the flexibility of headless, and the ability to publish to any front-end.
By using an API-first platform like Storyblok, you get:
Faster performance and page loading
A content CDN
Join the many companies moving from traditional CMS to the headless API model using Storyblok.
Palantir and Google Cloud have entered into a strategic partnership. The solution basically gives a place for analysis to take place, and the toolsets to perform that analysis. They list the following as benefits: faster onboarding of data, single source of truth, and AI and data analytics. This is the type of partnership that saw a lot of negative press a year or two ago, with Google employees making the argument that they didn't want to work for shady data analytics companies. The problem is that companies that are good at shady analysis are also good at regular analysis, and if the analysis is good it's going to sell. More
Multiple sources say China had access to US TikTok data, including an independent auditor hired to evaluate the product's security, as well as multiple TikTok employees. More
TikTok says all US data is now being routed to Oracle Cloud, but that they're still sending it on to its own servers in Virginia and Singapore. They say in the future they'll be deleting that data from their servers and migrate to using only Oracle's cloud. More
Microsoft has patched the Follina Zero Day in its monthly updates. More
Paige Thompson has been convicted of wire fraud and computer intrusions against Capital One. Capital One was fined $80 million and settled another $190 million in lawsuits related to the attacks. More
China is considering requiring all platforms in-country to moderate all comments before they're posted. Presumably they could then publish rules of what's acceptable and what isn't, and have that apply to the entire country. Yikes. More
There's a CVSS 9.8 vulnerability in Sophos Firewall. More
CISA recommends everyone update to the latest version of Chrome due to multiple vulnerabilities. More
The Ninja Forms Wordpress plugin has been updated for a critical code injection vulnerability. There are more than 1 million installations of the plugin. More
SAP has patched some High severity issues in Netweaver. More
China is looking to build the world's first space-based solar power plant. It would absorb solar power in space and beam that power down to Earth. They're looking to launch it as early as 2028. More
Coinbase has laid off 18% of its staff, saying they hired too quickly. More
iOS 16 will have a new feature called RoomPlan that will let you create a 3D floorplan of a house or building using LiDAR. More | Video
Tesla is planning a 3-1 stock split. More
Germany is responding to Russia's reduced supply of natural gas by reopening some of its coal plants. More
Repairing Yellowstone's flooding damage could take years and cost over a billion dollars. More
A new study has found that high levels of Omega-3 in the blood were linked with a 49% lower chance of Alzheimer's. More
Apple Store workers in Maryland have become the first to unionize. More
A new study in the American Journal of Clinical Nutrition has found a link between Vitamin D deficiency and the risk of dementia and stroke. More
Air travel continues to get safer from accidents, but less safe due to intentional pilot crashes. Mental health once again. More
Omicron appears much less likely to cause Long Covid than Delta, but experts aren't sure exactly how much. More
US prison workers produce $11 billion worth of goods and services a year and get paid virtually nothing. I think this would be ok if we weren't also using the whole enterprise as a business in many cases. In other words, if we were doing our best to keep people out of prison, and helping people become functioning citizens when they do get there, this would be fine. But there are too many industries that actually incentivize a growing prison population, which is extremely gross. More
After 45 years, the Voyager spacecraft are starting to lose power to their systems. Some systems are still operational, and scientists are hoping to get some data back into the early 2030's. More
CONTENT, IDEAS & ANALYSIS
Cannibalism and Automation in Recessions — Two things to watch as we head into a likely recession are 1) the larger companies in a space gobbling up the smaller players because the smaller players might not have the strength to survive, and 2) companies doubling down on human-replacing automation to save money. Watch for these.
I just finished Don't Trust Your Gut, which is another great book by the former Google Data Scientist who did all the analysis on search engine logs. Really love this book, and I'm doing a full summary for members that will be released this week. Maybe a candidate for Book Club as well! More
I put a thread in Slack about changes I'm looking to make to the show, so if you have some time and are interested, head over and have a look! The TLDR is: 1) no pricing changes, 2) public newsletters, 3) more member content, all in service of 4) looking to move to doing UL as my main gig soon.
A big part of me buying a house was creating a sense of security in the original sense of "without worry". This is why I put in a lot of solar panels, got two Tesla batteries, got a reverse osmosis water filter, and upgraded my AC to a much better filter. As part of that, I'm also making my internet more robust by running fiber directly to an upgraded modem so that power outages don't take down my internet connection, and I've just installed a Starlink system as a backup. The Starlink system was super easy to set up, like 15 minutes from box to running, and there were surprisingly few steps. I basically plugged in power and the antenna, installed the app, and it moved by itself, found a solid signal, and like instantly gave me 300/150 internet from space. Highly impressive.
Try Writing One Sentence Per Line More
Luck Surface Area More
The Ugly Side of Collaboration in Bug Bounties More | by Shubs
Belief in God is down from 92% in 2011 to a new low of 81% in 2022. More
A Comic Strip Created by DALL-E. More
[ SUPPLY CHAIN SECURITY ] NPMDomainNameCheker — A tool to check the maintainer of every package in the NPM repo for sketch domains and MX records. More | by Firefart
[ STATIC ANALYSIS ] Semgrep Rules — A public repository of Semgrep rules. More | by Elttam
If you've been studying and planning to do something cool for a long time, stop it.
Do the thing.
You can still study after you're doing it, but don't let the studying trick you into thinking you're accomplishing something. You're not. It's a trick.
Do the thing.
P.S.: I really needed to hear this too.
"It is not possible to have fun when you try."
— Nassim Taleb