Unsupervised Learning Newsletter NO. 355

NEWS & ANALYSIS SERIES
October 31, 2022

SECURITY NEWS

 

⛔️ There is likely to be a critical TLS vulnerability released this week. Consider getting your teams ready by looking for your instances before it drops. ZDNET > | GLOBALSIGN > | REDDIT DISCUSSION > 

The US accused 13 Chinese nationals of committing espionage-related offenses for China, including attempting to force a Chinese national in the US to return to China, attempting to interfere with a federal investigation of Huawei, and attempting to recruit US academics to spy for China. MORE >

The Daily Mail says Russia hacked Liz Truss's personal phone and gained access to extremely sensitive conversations with Kwasi Kwarteng and others. MORE >

The second-largest investor in Twitter—after Musk—is Saudi Arabia's Kingdom Holding Company (KHC), with shares valued at $1.8 billion. MORE >

Apple has significantly upgraded its security research program >, speeding up its turn-around times and adding more transparrency for submission statuses. MORE >

University of Maryland made a sweater that confuses AI into not recognizing a person. MORE >

DHL has surpassed LinkedIn as the most spoofed phishing brand. MORE >

The New York Post got hacked, resulting in defamatation of the site and their social media. Someone named Thrax claimed credit and said they got access via Wordpress. MORE >

Juniper patched high-severity flaws in Junos OS that affect enterprise networking devices. MORE >

CrowdStrike has partnered with MITRE CTID to find attacker TTPs in cloud analytics. MORE >

Samba released security updates for issues up to and including system takeover. MORE >

Apple's new Ventura release patched over 100 vulnerabilities. MORE >

Sponsor

🔭 Simple and secure password management for your business


Protect employee passwords in minutes with Keeper — the award-winning password manager that is secure, easy to set up, and easy to use. Keeper works out-of-the-box > with identity, MFA, and SIEM solutions including Okta, Azure AD, Ping Identity, G Suite, YubiKey and many others.

Patented integration with Single Sign-On (SAML 2.0) solutions and SCIM provisioning gives users a passwordless login experience > while preserving zero-knowledge security. Attend a demo and we will send you a free 3-year personal plan.
 

keepersecurity.com/unsupervised_learning >

Learn More


TECHNOLOGY NEWS

 

Layoffs.fyi > says the layoffs mostly happened during the summer, and are slowing down. MORE >

Shutterstock will start selling AI-generated stock images powered by OpenAI. MORE >

Mr. Beast > is looking to raise $150 million for a $1.5 billion valuation on…himself. Love it. MORE >

Hidden Door is a gaming company that wants to turn fiction into role-playing experiences. MORE >

OpenAI invested $500 million in Descript >, an AI-based tool for editing audio and video. MORE >


HUMAN NEWS

 

Luis Inácio Lula da Silva (Lula) has defeated Bosonaro to become Brazil's president, again, 20 years after being the president the first time. MORE >

It looks like the UK wants back into the EU. Rejoining the UK recently had a 14-point lead in a poll. MORE >

The US economy grew by 2.6% last quarter. MORE >

Teens are starting to use TikTok to figure out what's wrong with them mentally. "I have this." MORE >

A record-high 56% in the US believe local crime has increased. MORE >


IDEAS & ANALYSIS

 

✍️ Why Apple Keeps Winning MORE >


NOTES

 

Book club was phenomenal this week. We got into a spirited discussion about whether AGI would happen before 2030. 1/3 said it would, and 2/3 either abstained or said it wouldn't. The chosen book of the month for November is The Science of Storytelling. MORE >

The aunt of one of our UL members is featured in a podcast called The Lost Women of Science. LISTEN >

I got in an uncharacteristic Twitter squabble about Apple on Sunday morning. Someone was attacking me for talking about what Apple is doing right, and he unfollowed me during the discussion. We talked for another hour or so, cooling down the tone, and it went from a scuffle to a conversation. At the end he followed me back, I thanked him for being so passionate for the right things, and I followed him back. The lesson? Civil conversations are still possible on the internet! :) THREAD >

I now have lots of birds showing up to my feeder! Thank you all again. And I have two hummingbird feeders now too. And they're getting some traffic as well. Loving it. Next step: Continuous IP Camera + AI bird identification -> Alerting system. Hit me up if you're this kind of nerd.

Absolutely loving The Mars Volta's new album. MORE >

Anyone know of a healthy cleanse recipe I can make at home with a Vitamix? HALP >

❤️ I met my love 30 years ago today. ❤️


DISCOVERY

 

🛠️ dastardly, from Burpsuite, is a light-weight web application scanner that you can use to scan your web apps during CI/CD. Integrates with GitHub actions and many others. TOOL > | by PORTSWIGGER >

🛠️ sandman is a backdoor for red teams that sends traffic over NTP. TOOL > | by IDO VELTZMAN >

🛠️ private_detector is Bumble's image classifier for lewd images. TOOL > | by BUMBLE TECH >

🛠️ threatest is a Go framework for end-to-end testing of threat detection. TOOL > | by DATADOG >

🔭 [ Sponsor ] Keeper Security — Simple and secure password management for your business. Keeper works out-of-the-box > with identity, MFA, and SIEM solutions including Okta, Azure AD, Ping Identity, G Suite, YubiKey and many others. LEARN MORE > 

semafor — A new news service by Ben Smith built on the idea of transparent, unbiased, and center-focused news. Meaning, much less tainted by the right and left narratives. Cool, sign me up. MORE > | ABOUT >

looka — An AI-based logo generator. You give it your company name and some seed material, and it makes you some logos. MORE >

namelix — An AI-based company name generator. You give it some vibes and it comes up with some possible company names. MORE >

pfpmaker — An AI-based profile pic generator. You give it an image and it makes you profile pics. MORE >

snipd — Listen to AI-generated summaries for Lex Fridman's podcast. MORE >

An absolutely packed episode of Lex's podcast, with guest Andrej Karpathy. I particularlly loved his explanations of ML, his points about AGI, his approach to leading organizations, and tons more. Must consume. MORE >

Japan's Anime community is seriously upset about the rise of AI-generated art. MORE >

The Lost Women of Science — For every Marie Curie or Rosalind Franklin whose story has been told, hundreds of female scientists remain unknown to the public at large. In this series, we illuminate the lives and work of a diverse array of groundbreaking scientists who, because of time, place and gender, have gone largely unrecognized. LISTEN >

The Rising Tide of Global Sadness MORE >

Is Listening to Audioreading Really Reading? — The author of this piece makes the point that listening actually came before print, because oral storytelling came before writing. MORE >

Jim Cramer cries on TV for recommending META to his audience. MORE >

Security is an Infinite Game MORE >

The rich are now signaling using statement trees. MORE >

passkeys.io — A demo site for enrolling in and using Passkeys. MORE >

Don't Overreact to Weak Signals MORE >

👀 The Art of the Desk Setup MORE >


RECOMMENDATION OF THE WEEK

 

Don't stress about how much you're learning when you read or watch educational content. Maybe you're only getting X amount of retention, but it's hard to say what that number really is. Plus, learning can sink deep into us and affect how we see the world, which has a lot more impact than remembering facts. If you love a book or some piece of content, watch it again while taking notes, or use it to update a current methodology you're using to do something. But feel free to just listen to it as well, lettting it blow by. You'll likely absorb more than you think.


APHORISM OF THE WEEK

 

"The two most important days in life are the day you born and the day you find out why."

Mark Twain

Thank you for reading...