South Korean authorities are warning that North Koreans are disguising themselves and getting jobs in South Korea. The saddest part is that it appears to be just another income generation scheme, meaning they use the salaries to fund the North Korean nuclear program. MORE
Security researchers earned $989,750 for 63 zero-days at Toronto's Pwn2Own event. 26 teams participated and nobody signed up to hack the iPhone 13 or Pixel 6. MORE
Samsung's Android app-signing key has leaked, and it's being used to sign malware. MORE
Apple just released a ton of new security features, including encrypted iCloud backups, abandonment of the CSAM protection idea, and Contact Key Verification, which allows you to validate the identity of someone before sending them something sensitive. MORE
CISA and FBI are warning about the Cuba ransomware campaign in a joint cybersecurity advisory. The malware is Windows-based and written in C++, and has nothing to do with Cuba. MORE
Rackspace has confirmed that the issue that affected their hosted Exchange service starting on December 2nd was in fact ransomware. The investigation continues. MORE
The Israelis have done it again with air-gapped data extraction, this time detecting the radiation coming off the power supply at a distance of around 2 meters. Of course it requires that you have the malware on the system first, but still. MORE
Crafting Security Detections for AWS
In the same way it's intimidating for a blacksmith to be tasked with outfitting an army to charge the Black Gate, it is no small ask for security teams to secure ever-changing, ever-growing AWS environments.
In this ebook, learn how to craft detections for an AWS environment in the way a blacksmith of yore might fashion Mithril shirts for a battle against the forces of evil.
Google has implemented continuous scrolling on desktop search. So no more clicking to the next page; just scroll down. MORE
Chrome now has support for Passkeys, which is basically a 2-factor token built into your computer. WebAuthN and Passkeys are some of the best security tech to come out in decades, in my opinion. They're the opposite of cookie popups. MORE
AI-powered writing startups are doing really well. Makes sense. Writing is something that 1) helps people succeed, and 2) people need help with. So it's a perfect place for AI startups. MORE
Twitter Blue is relaunching with actual verification this time. Meaning they're going to take some measures to ensure you're a real person, which is nice. Also, it'll cost more if you're on iOS because of Apple's App Store tax. MORE
Google has combined the Waze team with the Maps team. So, they might be doomed, basically. MORE
iOS 16 has seen extraordinary adoption, hitting an almost 70% install percentage after just three months. iOS 15 only had around 25% at this point. Meanwhile, Android 12 is still at 13% after over a year, and even version 11 is still only at around 27% (from August). MORE
☀️ US government scientists have produced a net energy gain using nuclear fusion for the first time. Humans have been trying this since 1950. That's 77 years. The breakthrough came out of the Lawrence Livermore Laboratory in California. They'll announce more about the milestone this week. MORE
A new meta-analysis of gene heritability has shown that most traits are in fact heritable, including things that lead to outcomes like education and weight. As a smartish non-expert, I'm guessing this study is going to have major implications for the nature/nurture debate. MORE
A remarkable new cancer therapy was used to cure a girl's incurable cancer. It used base-pair editing, which is editing the genetic code of t-cells. "They started with healthy T-cells that came from a donor and set about modifying them. The first base edit disabled the T-cells targeting mechanism so they would not assault Alyssa's body. The second removed a chemical marking, called CD7, which is on all T-cells. The third edit was an invisibility cloak that prevented the cells being killed by a chemotherapy drug." Wonderful. MORE
Japan has a famously-low birth rate (1.5) but much of Asia has caught up with or surpassed it. Singapore, Taiwan, and Hong Kong all have the same or worse rates, and South Korea ranged between just 0.8 and 1.1. Some analysis points to the super-high cost of housing in these countries as a cause. MORE
Japanese Manga is becoming the new Facebook, a bit stale and with an older user-base (around 30). So what's TikTok? Korean Webtoons. They're more digitally native and are easier to consume. MORE
Ready to cut cybersecurity reporting time by half?
If you are spending more time reporting than you are hacking, PlexTrac is the secret weapon you need to streamline workflows, improve collaboration, and increase efficiency. PlexTrac is the premier cybersecurity reporting and collaboration platform transforming the way security work gets done.
Visit plextrac.com/unsupervisedlearning to learn more and claim your free month of the platform!
IDEAS & ANALYSIS
💡 GPT and Search — Why it's going to take some significant changes to GPT to be able to challenge Google. ARTICLE
GPT as Ever-present General Helper
ChatGPT is already turning into its eventual form, which is becoming The Oracle. It just sits there waiting to answer questions like: "What's the best way to say this?" "How would you rank these risks?" "Does this look malicious to you?" "Summarize this for me." Life-changing. TWEET
It occurred to me while writing this week's newsletter that if I did nothing but the Discovery section it'd still be a pretty great weekly update. Like, I'd pay $100/year for just the exposure to the links. That's the key I think. Make stuff that you'd pay for yourself, and just hope/assume there are other people out there like you.
I deepfaked my own voice for video transcription/editing, and it's both super cool and alarming at the same time. Sounds pretty damn good actually, and this was only like 20 minutes of training material. LISTEN
⚒️ Nosey Parker — A Rust-based secret discovery tool for finding secrets in text. Supports files, directories, and Git, including history. PROJECT | BY PRAETORIAN
📘 Awesome macOS Command Line — A powerful and comprehensive list of things you can do from the macOS command line. PROJECT | BY MARCEL BISCHOFF
🤖 ChatGPT (yeah, it gets its own section for the time being…)
Awesome ChatGPT Prompts: Some of my favorites: interview someone for $position, act like Excel, be a travel guide, act like a character from a book/movie, act like a motivational coach, write a screenplay, be a relationship coach, act like a cybersecurity specialist (lol), act like an etymologist, be a career counselor—these are great! MORE | by FATIH KADIR AKIN
Generative AI will be amazing for small marketing teams. MORE
How Threat Modeling and Detection Will Change in the Age of LLMs MORE
The GPT Architecture, on a Napkin MORE
Piss-weak Parenting MORE
Writing is Magic MORE
Tracking Meaningful Security Product Metrics MORE | by LEIF DREIZLER
Nightcap Guru — A web app that uses GPT to interpret your dreams. MORE
Is America Stealing TSMC? MORE
Rami Mcarthy writes at the excellent TL;DRSec about what it takes to be a Staff Security Engineer. MORE
A list of the most interesting AWS ReInvent Announcements MORE
Everyone is Sick Right Now MORE
5 Tips for a Better Slack Experience MORE
🔥 Keep Your Identity Small MORE
You should write more. MORE
Be Wary of Imitating High-status People Who Can Afford to Countersignal MORE
A photographer captured a fire photo of Mars coming up behind the moon. MORE
RECOMMENDATION OF THE WEEK
If you're feeling a lot of negativity from the AI stuff, keep this in mind: there is also about to be an extraordinary unleashing of human creativity as a result of this AI. And there is no guarantee that the negatives will outweigh the positives. There are guaranteed to be many negatives. And many, many positives as well. But this is the ride we humans are on. Happened with the printing press. Happened with the internet. Happened with iPhones and social media. We will adapt. Just prepare yourself and your loved ones as best you can, and try not to stress. Remember: anxiety in its positive form is excitement. Be excited.
APHORISM OF THE WEEK
"Discontent is the first step in the progress of a person or nation."