Unsupervised Learning Newsletter NO. 343
News & Analysis
🗞️ NO. 343 — STANDARD EDITION | AUG 8 2022
Happy Summer Camp week!
I'm in Vegas, but staying mostly outdoors. Hope to see you around if you're in town!
Emergency Warning Takeover
The US's FEMA has warned that there are serious vulnerabilities in the country's emergency broadcast system that can allow an attacker to send emergency messages without authorization. A researcher named Ken Pyle with CBIR.com found the issue, and he'll be showing a PoC at DEFCON this weekend. More
Slack Resets Passwords
Slack notified a small number of users that it had to reset their passwords after a security researcher found a bug that was including salted passwords in invitation links. More
Chinese Cobalt Strike
There's a new Chinese offensive framework called Manjusaka that's like a Chinese version of Cobalt Strike. It's written in Rust and targets Windows and Linux. It includes a C2 component written in GoLang. More
🔭 ZeroFox: Building a threat intelligence program? Start here.
Threat actors have long had the advantage in the digital world, going unnoticed before a cyberattack. Now, leaders across industries view threat intelligence as a vital component of a mature, proactive cybersecurity posture.
Whether you’re starting from scratch or maturing an existing threat intelligence program, building on the right foundation is critical. And because intelligence isn’t a one-size-fits-all program, there is a lot to consider.
Twitter Confirms Zero-Day
Twitter has confirmed that a now-patched zero-day flaw allowed an attacker to link emails to Twitter accounts, which is something you're not supposed to be able to do. This resulted in the de-anonymizing of 5.4 million Twitter accounts by submitting an email, getting back the Twitter account ID, and then scraping the account for info. More
Microsft has entered the Attack Surface Management space with a new tool called Microsoft Defender Attack Surface Management. It sports a real-time inventory, attack surface visibility, exposure detection and prioritization. More
Major Solana Hack
There was a major Solana hack last week that drained millions from over 9,000 hot wallets. The issue turned out to be due to a closed-source wallet called Slope, which was using a third-party logging service called Sentry that was sending seed phrases to a centralized server unencrypted. More
US Takes Out al-Zawahiri With Ninja Bomb
The US didn't use explosives in the drone strike that killed al-Zawahiri. They reportedly used what's called a "flying Ginsu" missile (the Hellfire R9X), which deploys six retractable blades to do its damage. More | The R9X Missile
Axio raises $22.5 million to measure cyber risk. More
China arrested at least 4 top executives in their chipmaking industry on corruption charges. The government had invested over $20 billion into the industry with mixed results, and it appears they've come looking for who is to blame. More
The US Adds 528,000 Jobs
The US added 528K jobs in July, which is more than double the 250K that were expected. This brought unemployment to 3.5%, which is a 50-year low. More
Loneliness and Memory Loss
A new study found that there is a strong correlation between loneliness and memory problems in people over 50, and that more loneliness leads to more loss. More
VA Finds Cardiovascular Issues After Covid
A VA study of 150,000 people who've had Covid found they faced a higher risk of multiple cardiovascular problems, even if they weren't hospitalized and had minor symptoms. But symptoms were worse for people who were hospitalized and/or went to ICU. More
CONTENT, IDEAS & ANALYSIS
✍🏼 Why I'm OK with Amazon Buying One Medical
My new essay on why I think it's a good thing for Amazon to be entering the medical world. More
Amazon Buys Roomba
You know how people in futuristic movies like Her can do really interesting stuff with technology? Like smart home stuff. Personal assistant stuff. Star Trek "Tea Earl Grey Hot" stuff. I think Amazon is best positioned to be the company that pulls this stuff off. They have Alexa. They have Ring. They just bought One Medical. And now Roomba. I think Apple has a more pure vision of such things, but it's infinitely slower. Exhibit A: Siri. Amazon is doing the most important thing to win here, which is constant movement. Constant progress. And I'm here for it. Even if I'd rather have the Apple version, I'm happy that Amazon is applying pressure to everyone else. It's going to be Tesla and Amazon racing to home robots soon. More
China and Apple
After Pelosi went to Taiwan China is figuring out the best way to penalize America. The answer? Mess with Apple’s ability to ship. Think of how bad of a situation this is for Apple. They’re standing between two superpowers and the more they fight the more Apple risks not being able to hit profit targets. They cannot get their manufacturing to other countries fast enough. More
Are We In a Recession or Not?
Experts are debating whether we're in a recession, but it seems the real answer won't come until the backward-looking analysis is done many months from now. The current situation is that inflation is as high as it's been in ~40 years, but unemployment is as low as it's been in ~50 years. And if you judge by activity at public venues, things seem to be doing great. It's a weird situation for sure. I feel like everyone's in a weird in-between state waiting for things to either thrive or crash. More
Funniest thing I've seen in a while, evidently from an old Peter Cook cartoon:
Person 1: "I am writing a book."
Person 2: "Neither am I."
I'm finishing Freedom, which is the second book in Daniel Suarez's Daemon series. Wow, it just keeps getting better. It's so good I'm submitting it for UL Book Club at the end of the month. More
We're having an (outdoor) UL Members meetup in Vegas! Check Slack for details! More
⚙️ RECON | Blackbird
An OSINT tool that searches for username hits across 153 different sites. Love it, but wish it were fully CLI instead of a Python web interface! More | by p1ngul1n0
Autosummarized Hacker News
GPT-3 created summaries of Hacker News stories. Brilliant. More
🔉 myNoise Noise Generator
Creates beautiful noises to mask the noises you don’t want to hear. Irish Coast, cafes, rain on tent, waterfalls, Japanese gardens. So many great ones. Wonderful stuff. More
DALL-E + GPT-3 = ❤️
A brilliant combination of story prompts and images that go with the narrative. More
A critique of CVSS 3.1
First time I've seen anyone going after CVSS, and it's quite eye-opening. It voices a number of concerns I hadn't even turned into thoughts yet. But it still leaves the question of "what else then?", and for that reason I don't think such critiques will have much impact. More
Reading stuff that makes you feel like you've been productive when you haven't. More
On pretending to have read books. More
A solid write-up on these new text scams we're seeing. More
"Find ride-or-die friends. They make your world better." — Jason Haddix
It's harder to make super close friends later in life, but if you haven't talked to your old close friends, reach out to them. Try to rekindle it. And if you already have such people, use this opportunity to tell them you appreciate them. And make an effort to spend more time hanging out, whether in person or on video chat.
"The part of life we live is really small. All the rest is not life, but merely time."
Fake Seneca, by DKB