Unsupervised Learning Newsletter NO. 367

Hive Ransom, Anti-Google, Software 2.0…

🎙️If you're not subscribed to the podcast version of the newsletter, please add it using with your favorite client! APPLE | SPOTIFY | OTHER


The FBI infiltrated the HIVE ransomware group, stopping over $130 million in ransomware attacks. HIVE is known for going after hospitals, school districts, and critical infrastructure, and on Tuesday, the FBI announced it had taken over the HIVE infrastructure and removed its ability to extort victims further. MORE

Riot had the League of Legends source code stolen by a ransomware group, but they're refusing to pay the $10 million ransom. Riot security teams are looking at how the source can be used to generate malicious tools or hacks, and are looking at defending preemptively. No customer data seemed to be part of the incident. MORE

ODIN Intelligence got hacked, resulting in the loss of police raid plans, facial recognition data, and surveillance information. ODIN is a company that provides apps and services to police departments. The attackers said the company's main app, SweepWizard, was leaking data about police raids. MORE


PlexTrac will cut your security team's reporting time in half!

If you are spending more time reporting than on real cybersecurity work, PlexTrac is the platform for you. This secret weapon empowers streamlined workflows, improved collaboration, and increased efficiency.

Our premier reporting and collaboration platform will save your team precious time and resources that are better spent protecting your valuable assets and strengthening your security posture. It’s no surprise that our customers report results like:

  • PlexTrac being “a top 3 most important tool our red team uses”

  • “A 30% increase in efficiency”

  • “5X return-on-investment in year one”

  • “60% reduction in the time our practitioners spend writing reports”

Check out plextrac.com/unsupervisedlearning to learn more about PlexTrac and claim your free month on the platform!

The FBI says North Korea was behind the $100 million Horizon Bridge crypto hack. They named Lazarus as the APT involved. MORE

Zendesk was hacked via smishing back in October of 2022, and the attack could be related to a campaign called Oktapus that's targeted over 130 organizations since March of 2022. Other targets include Twilio and Cloudflare. MORE

Australia lost a radioactive capsule the size of a mini grape, and people are on high alert. The thing is putting out both X and Gamma rays, and standing within 1 meter of it can expose you to a year's worth of X-rays in an hour. Longer exposures can result in burns and/or radiation sickness. MORE

A new report has found that China is the #1 exporter of facial recognition technology, with 201 export deals (the US has 128). The report's authors are concerned that China's export of this tech is likely to lead receiving countries to turn more autocratic when they could have been previously trending democratic. MORE

iOS 16.3 is out, and includes the following security features: the ability to use a physical security key to protect your AppleID, advanced data protection for iCloud, which includes more end-to-end encryption options, and modified controls for invoking the SOS feature. MORE

Yandex's source code has been leaked for pretty much all its major services, including its search engine, maps, Alice, Taxi, Direct, and many other services. No definitive word yet on how the leak happened. MORE

Some New York traffic cameras also have microphones so that they can issue citations for noise violations. 71 people have already received noise-related tickets as part of a pilot program. MORE

Military-like vehicles are becoming more popular in the US, and the Vengeance starts at $285,000 and costs another $125,000 if you want things like bullet-proof glass, body armor, underside explosion protection, and other warzone features. But the kicker is they're marketing to suburban families, not security contractors. MORE

Google has shut down thousands of pro-China disinformation channels related to Taiwain and COVID. MORE


The US DOJ is going after Google for violating antitrust in ad technology. They claim Google, “corrupted legitimate competition in the ad tech industry by engaging in a systematic campaign to seize control of the wide swath of high-tech tools used by publishers, advertisers and brokers to facilitate digital advertising". This is the first move by the Biden DOJ against big tech, but I doubt it'll be the last. MORE

OURA Ring now has Apple Watch integration, including a new app, watch complications, and other features. If you're an Apple-based OURA user, check it out. MORE

Stripe will soon be processing a large volume of Amazon's payment traffic, including for Prime, Audible, Kindle, Amazon Pay, and others. In return, Stripe will expand their use of AWS throughout their business. MORE

Cloudflare has overtaken Apache and NGINX as the most commonly-used web server in the top million business websites. MORE


Amazon has a new offering called RxPass, which is a $5 prescription subscription service. It covers more than 80 common medications, and you receive them all for free shipping and just $5 a month. MORE

Nearly 900 million people wanted to migrate out of their countries in 2021, and most (by a significant margin) wanted to come to the United States. Next in desired destinations were Canada, Germany, Spain, and France. MORE

In a new meta-analysis of 16 studies of over 1.5 million people, strength training was associated with a 20% reduction in risk from cardiovascular disease, cancer, diabetes, lung cancer, and all-cause mortality. This places it on solid footing compared to aerobic exercise, which provides similar benefits on its own. MORE


🔥 My Summary of Andrej Kaparthy on Lex Fridman's Podcast (Members) — Simply one of the best podcasts I've heard in years, if not ever. I spent a long time summarizing this one, and I highly recommend either reviewing my write-up and/or listening to the entire episode. Teaser Idea: The future of programming is not humans writing code, but neural nets creating weights. 🤯 SUMMARY

The Current 2 Major AI Bottlenecks — My analysis of the two major obstacles to AI getting truly nutty in the near future. MORE

🧵 My Mentoring Thread on Twitter — My prescriptive guidance on things to do and not do when reaching out to a potential mentor. MORE

My Interaction with Eric Weinstein on Covid Misinformation — Eric was being irresponsibly provocative about a COVID video going around. I called him on it and his response was expected. We follow each other and have had a number of decent interactions, so I'm continuing to treat him as if he's acting in good faith. MORE


I've got GPT API access working and have built my own CLI tooling and API around it already. I'm basically god now. It feels that way, anyway. Currently messing with how best to integrate it with Siri via Shortcuts.

Super fun UL Book Club yesterday. We discussed Moby Dick at length, including our thoughts while reading it, our major takeaways, and a bunch of orthogonal discussions on how the book reminded some of our members of security startups. Hilarious analysis by Justin there! Plus we picked February's book!

I'm hearing the third episode of The Last of Us was incredibly good. Haven't seen it yet because Sunday is "finish the newsletter" night. :)

The newsletter continues to grow. We were at 45K a year ago and now we're about to hit 53K, so around 8K a year! I'm hoping to increase that rate significantly this year using an age-old tactic called "great f*cking content*.

On the member content side I've put out more member-only content this month than probably the entire year of 2022. Like 5 pieces I think! And that includes a template for generating security reports using GPT, which I posted in full in our member Slack. 2023 is going to be ridiculous. You should join and stuff. BECOME A MEMBER AND STUFF

I think I'm about over my cold-thingy. Wasn't Covid-97AlphaMuave, so that's good. Can't wait to crush the gym this week. And I hope you do the same!


⚒️ offsec tools  A website that displays and organizes nothing but offensive security tools. SITE 

⚒️ trickest  A visual bug bounty tooling platform. You organize your various recon and testing steps visually, and it runs those tools in the cloud and gives you the results. Super cool. SITE 

🔭 [ Sponsor ] PlexTrac — Are you spending more time writing reports than pentesting or red teaming? PlexTrac streamlines security reporting to let you get back to what actually matters. GET A MONTH FOR FREE FOR UL MEMBERS

GenZ and Millennials are buying paper maps. Younger people are yearning for something tangible. MORE 

The ultimate life hack? Maybe it's finding a partner that's default happy, positive, and optimistic. MORE 

How to set up your AppleID to use physical security keys. MORE 

Eightify — AI summaries of YouTube videos. Pretty impressive, but I tried it on a couple Lex videos and it errored because the transcriptions were too long. Sadface. Still cool though. MORE 

🙏🏼 Super Agent — Nuke cookie popups with an extension. Works on Chrome, Firefox, Safari, and Edge. MORE 


If you're looking for a show, I recommend After Life, by Ricky Gervais. Unspeakably human and beautiful. Especially true if you've lost anyone recently. Especially to a terminal illness.


“When I was young I admired clever people. Now that I'm old I admire kind people."

Abraham Joshua Heschel