Unsupervised Learning Newsletter NO. 336

News & Analysis

NO. 336 | JUN 13 2022

Greetings all,

Feeling much better now, and thank you all for the well-wishes. And with RSA behind us it's time to start thinking about Vegas/DEFCON/Blackhat! I'll be there in some capacity so let's try to meet up. Outside. : ) Now onto this week's show, which is a chunky one, and it's also sporting the new header art I made last weekend!

Enjoy, and have a great week!
— Daniel


The NSO group is in talks to sell Pegasus to US defense contractor L3Harris, which is the company behind StingRay cell phone trackers. Many are worried this will allow Pegasus to be used by more US law enforcement agencies. They've already tried unsuccessfully to sell into the NYPD and the FBI. I'm surprised this is even a thing, honestly. How would a US contractor be allowed to purchase a technology that's on the US naughty list? I suppose the purchase could lead to audits and certifications that make it more trusted, but still. More

Many are currently being hit with spam text messages that pull you into a conversation (I got one while writing this sentence actually). They are designed to get you to respond by sometimes saying things as simple as, "Hello.", but they're often more tricky with something like, "Is this still Chris's number?" Once you respond to tell them off or correct them, you're pulled in. My recommendation is to tell all your loved ones about this, because they're probably getting hit too and actually responding. More

Digital Shadows says there are 24.6 billion sets of credentials up for sale on the dark web, 6.7 billion of which are unique. They say this is a 34% increase over 2020 (they do the analysis every two years). This corresponds to credential stuffing attacks gaining favor in real-world attack data, and adds pressure to move everyone to 2FA and a more passwordless future. More


Storyblok — Level-Up the Security of your Company's CMS

More and more cybersecurity companies are ditching their traditional CMS and to move to a Headless CMS platform. Why? Because they want the best possible security, the flexibility of headless, and the ability to publish to any front-end.

By using an API-first platform like Storyblok, you get:

  • Faster performance and page loading

  • A content CDN

  • Easier integrations

  • User-friendly editing

  • Enterprise-grade security

Join the many companies moving from traditional CMS to the headless API model using Storyblok.

Palantir and Google Cloud have entered into a strategic partnership. The solution basically gives a place for analysis to take place, and the toolsets to perform that analysis. They list the following as benefits: faster onboarding of data, single source of truth, and AI and data analytics. This is the type of partnership that saw a lot of negative press a year or two ago, with Google employees making the argument that they didn't want to work for shady data analytics companies. The problem is that companies that are good at shady analysis are also good at regular analysis, and if the analysis is good it's going to sell. More

Multiple sources say China had access to US TikTok data, including an independent auditor hired to evaluate the product's security, as well as multiple TikTok employees. More

TikTok says all US data is now being routed to Oracle Cloud, but that they're still sending it on to its own servers in Virginia and Singapore. They say in the future they'll be deleting that data from their servers and migrate to using only Oracle's cloud. More

Microsoft has patched the Follina Zero Day in its monthly updates. More

Paige Thompson has been convicted of wire fraud and computer intrusions against Capital One. Capital One was fined $80 million and settled another $190 million in lawsuits related to the attacks. More

China is considering requiring all platforms in-country to moderate all comments before they're posted. Presumably they could then publish rules of what's acceptable and what isn't, and have that apply to the entire country. Yikes. More


  • There's a CVSS 9.8 vulnerability in Sophos Firewall. More

  • CISA recommends everyone update to the latest version of Chrome due to multiple vulnerabilities. More

  • The Ninja Forms Wordpress plugin has been updated for a critical code injection vulnerability. There are more than 1 million installations of the plugin. More

  • SAP has patched some High severity issues in Netweaver. More


  • QNAP devices are being targeted in new DeadBolt and eCh0raix ransomware campaigns. More

  • Kaiser Permanente had a data breach that exposed around 70,000 patient records. More


China is looking to build the world's first space-based solar power plant. It would absorb solar power in space and beam that power down to Earth. They're looking to launch it as early as 2028. More

Coinbase has laid off 18% of its staff, saying they hired too quickly. More

iOS 16 will have a new feature called RoomPlan that will let you create a 3D floorplan of a house or building using LiDAR. More | Video

Tesla is planning a 3-1 stock split. More


Germany is responding to Russia's reduced supply of natural gas by reopening some of its coal plants. More

Repairing Yellowstone's flooding damage could take years and cost over a billion dollars. More

A new study has found that high levels of Omega-3 in the blood were linked with a 49% lower chance of Alzheimer's. More

Apple Store workers in Maryland have become the first to unionize. More

A new study in the American Journal of Clinical Nutrition has found a link between Vitamin D deficiency and the risk of dementia and stroke. More

Air travel continues to get safer from accidents, but less safe due to intentional pilot crashes. Mental health once again. More

Omicron appears much less likely to cause Long Covid than Delta, but experts aren't sure exactly how much. More

US prison workers produce $11 billion worth of goods and services a year and get paid virtually nothing. I think this would be ok if we weren't also using the whole enterprise as a business in many cases. In other words, if we were doing our best to keep people out of prison, and helping people become functioning citizens when they do get there, this would be fine. But there are too many industries that actually incentivize a growing prison population, which is extremely gross. More

After 45 years, the Voyager spacecraft are starting to lose power to their systems. Some systems are still operational, and scientists are hoping to get some data back into the early 2030's. More


Cannibalism and Automation in Recessions — Two things to watch as we head into a likely recession are 1) the larger companies in a space gobbling up the smaller players because the smaller players might not have the strength to survive, and 2) companies doubling down on human-replacing automation to save money. Watch for these.


I just finished Don't Trust Your Gut, which is another great book by the former Google Data Scientist who did all the analysis on search engine logs. Really love this book, and I'm doing a full summary for members that will be released this week. Maybe a candidate for Book Club as well! More

I put a thread in Slack about changes I'm looking to make to the show, so if you have some time and are interested, head over and have a look! The TLDR is: 1) no pricing changes, 2) public newsletters, 3) more member content, all in service of 4) looking to move to doing UL as my main gig soon.

A big part of me buying a house was creating a sense of security in the original sense of "without worry". This is why I put in a lot of solar panels, got two Tesla batteries, got a reverse osmosis water filter, and upgraded my AC to a much better filter. As part of that, I'm also making my internet more robust by running fiber directly to an upgraded modem so that power outages don't take down my internet connection, and I've just installed a Starlink system as a backup. The Starlink system was super easy to set up, like 15 minutes from box to running, and there were surprisingly few steps. I basically plugged in power and the antenna, installed the app, and it moved by itself, found a solid signal, and like instantly gave me 300/150 internet from space. Highly impressive.



Try Writing One Sentence Per Line More

Luck Surface Area More

The Ugly Side of Collaboration in Bug Bounties More | by Shubs

Belief in God is down from 92% in 2011 to a new low of 81% in 2022. More

A Comic Strip Created by DALL-E. More

[ SUPPLY CHAIN SECURITY ] NPMDomainNameCheker — A tool to check the maintainer of every package in the NPM repo for sketch domains and MX records. More | by Firefart

[ STATIC ANALYSIS ] Semgrep Rules — A public repository of Semgrep rules. More | by Elttam


If you've been studying and planning to do something cool for a long time, stop it.

Do the thing.

You can still study after you're doing it, but don't let the studying trick you into thinking you're accomplishing something. You're not. It's a trick.

Do the thing.

P.S.: I really needed to hear this too.


"It is not possible to have fun when you try."

— Nassim Taleb