• Unsupervised Learning
  • Posts
  • UL NO. 399: Wisdom Extraction From Any Text, Vegas Gets Cyber Jesus, AI Creativity Performance, Pentagon Cyber Strategy…

UL NO. 399: Wisdom Extraction From Any Text, Vegas Gets Cyber Jesus, AI Creativity Performance, Pentagon Cyber Strategy…

This week we talk about how I extract manual-quality wisdom from any text/transcript, what I learn from biographies, 25 lessons in 17 years of infosec, and tons of new tools and projects

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Happy Monday!

This week I’m struck by the value of having an aspect of humanity in everything we do.

I’m reading a bunch of Victor Frankl, and in one book he was talking about a patient calling him at like 2 a.m. in the morning, waking him from sleep. She was about to kill herself, and he gave her a giant list of reasons not to do it.

He saw her later in the office and said he was glad one of the reasons was good enough for her. Her response? It wasn’t any of the reasons he listed. It was the fact that he got woken up at 2 a.m., and he stayed on the phone for 30 minutes with her without complaining.

She said she was happy to live in a world where that level of kindness was still possible.

Be kind to people. It matters. And people need it now more than ever.


🔒️ 🔥🤖 ExtWis: Using AI to Extract Wisdom From Any Text (MEMBERS)
One of the coolest things I’ve done so far with AI. My latest project lets me automatically extract what I would have written down manually from a piece of content (like a conversation or presentation) if I listened slowly and took meticulous notes. Insanely powerful, here’s a sample output from extwis.

You have no idea how much I’m going to use this thing. And have used it already. Prompt shared in the member post. READ IT | GET ACCESS

An ExtWis capture of a piece of content

Why I Love Reading Biographies
All books have wisdom, but biographies are case studies in resilience and believing in yourself. READ IT

🎙️ Subscribe to the Podcast
I’ve moved podcast ads to the front of the podcast so that you’ll no longer be interrupted once the content starts! ADD UL TO YOUR CLIENT


Casino Cyberattacks 
I feel like Las Vegas is about to be paying a whole lot more attention to BH/DC after MGM got hit by ransomware this week. Not because they’re scared of the hackers there, but because they might want to buy some products and services. Like maybe those infosec budget asks weren’t so extreme after all?

Two of Las Vegas's biggest casinos, MGM Resorts and Caesars Entertainment, have been hit by cyberattacks, disrupting operations and raising serious concerns about customer data security. The breaches have shattered the perception of impenetrable casino security.

- The attacks began affecting MGM Resorts last Sunday, causing disruptions in reservations and casino floors.
- Caesars Entertainment confirmed it had also been hit by a cyberattack by Thursday.
- A hacker group emerged online, claiming responsibility for the attack on Caesars Entertainment's systems and demanded a $30 million ransom fee.
- Their ESX infrastructure may have been completely encrypted, which is a technique we’ve seen used often
- The Scattered Spider group is believed to be responsible, with the attack on Caesars involving a social engineering attack on an outsourced IT support vendor. THEREGISTER | SECURITYWEEK | MALWAREBYTES | CASINO.ORG | BLEEPINGCOMPUTER | GIZMODO 

Pentagon's Cyber Strategy 
Cyber Strategy 2023 The Pentagon's 2023 Cyber Strategy, published this week, outlines plans for both offensive and defensive efforts, with a key focus on boosting the cyber capabilities of allies and partners. The strategy aims to augment the capacity of partners, expand their access to cybersecurity infrastructure, and help them mature their cyber workforce through training events and exercises. SECURITYWEEK 



Cloud Visibility?

Cloud-first security teams are leading the pack in adopting Cloud Native Application Protection Platforms (CNAPP). This CNAPP Buyer’s Guide contains everything you need to know to make sure you’re adapting to the evolving threatscape and staying ahead of attackers, including:

Get the complete breakdown in the CNAPP Buyer’s Guide.

Lazarus Pulls $41 Million from Stake.com
North Korean Lazarus has taken $41 million in crytpo from online casino Stake.com. So far they’re already at around $200 million in virtual currency this year. SECURITYWEEK

Non-Profit Breach 
The cybercrime group BianLian claims to have infiltrated the IT systems of Save The Children, saying they’ve stolen 6.8TB of data, including financial, health, and medical records. THEREGISTER

Ethereum SIM-Swap Attack 
Ethereum co-founder Vitalik Buterin's Twitter account got hacked, and he says it was from a SIM-swap attack. How do we not have better protection against SIM Swapping yet? The hacker managed to take control of his T-Mobile account, leading to victims collectively losing over $691,000 due to a scam put out in his name. COINTELEGRAPH

Auto-GPT Vulnerabilities 
Like we’ve been saying for months now, agents doing dangerous shit (ADDS) is going to be the #1 practical threat from AI for a long time. And parsing untrusted content and then executing discovered code is ground zero for the risk. Positive Security researchers have discovered vulnerabilities in Auto-GPT that an attacker could trick Auto-GPT into executing arbitrary code by using indirect prompt injection on an attacker-controlled website. They also found that self-built versions of the Auto-GPT docker image were susceptible to a docker escape to the host system. POSITIVESCURITY 


Don’t Let Emails Lead To Blackmail

📰You might be one click away from making headlines. And not for the right reasons.

🐟From phishing and ransomware to credential theft and zero-day attacks, hackers have many tools in their arsenal to launch attacks. A lack of cybersecurity could put your employees and business at risk.

Mimecast has the industry’s best threat detection. We use AI to scan over a billion emails daily, with built-in prompts to catch the most common threats. It also has the ability to identify newer threats and stop them from doing any damage.

Email Domain Dangers 
Using your own domain for email can be super risky if you're unable to renew it and someone else snags it up. The biggest risk is they can start receiving your emails and potentially resetting your passwords. BAUTISTA 

Retool's 2FA Bypass Phishing Incident 
Retool, a cloud-based software company, fell victim to a spear phishing attack that led to unauthorized access to 27 of their cloud customers' accounts. The attacker was able to bypass multiple layers of security controls, including multi-factor authentication (MFA), by exploiting a feature in Google Authenticator that syncs MFA codes to the cloud. RETOOL 

Power Grid Breach 
Chinese hacker group, RedFly, linked to APT41, has breached the computer network of an unnamed Asian country's national power grid. The breach, which began in February and lasted for at least six months, has raised concerns about China's potential to disrupt power generation or transmission. WIRED 

UL Consulting

What actions would reduce the most risk to your company?

🗣️I am opening a few slots for my custom Security Efficacy Assessment, which is a broad-scope security assessment for a company focused on surviving real-world attacks.

🛡️ It leverages my nearly 25 years of security experience to prioritize the risks to your business from all causes—technical, process, personnel, etc.—and turn that into a list of findings, most likely threat scenarios, a list of specific recommendations, and a prioritized remediation plan.

What I do differently than most is start from my own dataset of how most companies are actually being hacked, and I use that to prioritize the findings, recommendations, and remediation strategy. If your company is interested in something like a pentest, but more business-focused around resilience to real-world attacks, you can reach out here or email me directly.

Iranian Spray Attacks 
An Iranian-backed threat group, known as APT33, has been launching password spray attacks against thousands of organizations globally since February 2023. The group, active since 2013, has shown particular interest in the satellite, defense, and pharmaceutical sectors. BLEEPINGCOMPUTER

SSH Tunnel Detection 
SSH tunnels, while often used for legitimate purposes, can also create blind spots for Network Security Monitoring tools. The article discusses how SSH tunnels can bypass NSM and Firewall/NAT sentries, and how they can be used to hide HTTP activity. TRISUL

China's Military Show 
China's been flexing its military in the Western Pacific this week, with a big show involving an aircraft carrier, naval ships, and warplanes. The drills seem to be a simulated blockade of Taiwan. I honestly hope their government falls on its face and crumbles, leading to their people demanding a better government. Either that, or all their best people just leave and come to the US, UK, and Canada. So tired of their hacking and warmongering. And yes, I understand the irony of an American saying that. Yay Chinese people. Boo Chinese government. OODALOOP


AI Outperforms Humans in Creativity
AI chatbots are now scoring higher than humans in creativity tests, according to a study published in Nature Scientific Reports. The study involved AI chatbots like OpenAI's ChatGPT and GPT-4, and Copy.Ai, built on GPT-3, coming up with creative uses for common objects. TECHREVIEW

Also, remember:

AI Revolutionizing Science 
Artificial Intelligence (AI) is being touted as a game-changer in scientific discovery, with the potential to accelerate progress in fields like medicine, climate science, and green technology. AI tools are now being applied in almost every field of science, with 7.2% of physics and astronomy papers published in 2022 involving AI. This is exactly what Joseph Thacker and I have been on about, and what I wrote about here. ECONOMIST

DHS AI Guidelines 
The Department of Homeland Security (DHS) has released new guidelines on AI use, promising not to collect or disseminate data used in AI activities and to thoroughly test all facial recognition technologies. THEHILL

AI Revolution Predicted 
Just as UL predicted way back in March, Goldman Sachs is also predicting a major tech boom on the horizon. The company's research shows that the valuations of leading tech stocks are not as stretched as in previous periods like the 2000 internet bubble, and these companies have unusually strong balance sheets and returns on investment. LFG! OODALOOP

Salesforce CEO's Remote Work 
Salesforce CEO, Marc Benioff, has revealed that he's always been a remote worker and doesn't work well in an office. But the Salesforce policy still requires employees to come in. :( FORTUNE

AI in Game Development 
Generative AI will dominate 50% of game development in 5-10 years, per Bain & Company. The study discovered that AI can improve game quality and speed up development. VENTUREBEAT

Lyft's Gender Preference 
Lyft has launched a new feature, Women Plus Connect, that allows women and nonbinary drivers to prioritize matches with women and nonbinary riders. I hope Uber gets this too. THEVERGE

TikTok Shopping 
TikTok has launched its in-app shopping feature, TikTok Shop, in the US, allowing users to buy products directly from videos. I’ve already bought a few things myself. And no, I’m not worried about China stealing my data. I save them the trouble and just bundle up my latest PII every year and email it to the CCP directly. I value efficiency. THEVERGE


After-Work Schmoozing Declines 
Maybe Covid made us love our homes too much. People are spending way less time hanging out after work. WSJ 

Fentanyl Crisis Escalates 
The fourth wave of the opioid epidemic is hitting the US hard, with fentanyl overdoses claiming more lives than ever across all communities. A recent study reveals that in 2021, drug overdoses killed over 100,000 people in the US, with more than 66% of these deaths linked to fentanyl, a synthetic opioid 50 times more potent than heroin. BBC

Libya Flood Tragedy 
Over 5,000 people have died in Libya’s flooding, and thousands are missing. OODALOOP

Blood Pressure Misconceptions 
A new study by the American Heart Association shows that doctors might not be catching important health problems by only checking patients' blood pressure when they are sitting up. The study, which lasted almost 30 years, suggests that doctors should also check blood pressure when patients are lying down. STUDYFINDS | HEART.ORG

Age Limit for Politicians 
Most Americans think there should be a maximum age limit for elected officials, according to a recent CBS News/YouGov survey. 77% of those surveyed believe in age limits for politicians, with 45% suggesting the maximum age should be 70. Yep. AXIOS

Viral Exhalation Peaks 
COVID patients exhale up to 1,000 copies of the virus per minute during the first eight days of symptoms, according to a Northwestern Medicine study. This is the first longitudinal, direct measure of the number of SARS-CoV-2 viral copies exhaled per minute over the course of the infection. NORTHWESTERN 

Latest Covid Booster 
The CDC is recommending more Americans to get the latest Covid booster. Tons of my friends aren’t doing it. Here’s why I’m probably getting it:

  • I’m not trying to avoid Covid. I’m trying to avoid long-term negative effects from Covid. Same reason I wear a mask. I’m not looking for silver bullets. I’m looking for likelihood and impact reduction.

  • Yes, it seems that vaccines cause myocarditis. I believe it did in me as well. But guess what causes it WAY worse? Covid.

  • The data are pretty clear that regions that were vaccinated had better outcomes than those that weren’t. NYTIMES 


Isaacson's Musk Biography Criticism 
Walter Isaacson's latest biography on Elon Musk has been criticized for being more of a softball than a critical analysis. I disagree. I read the whole thing this week and I didn’t come away with a glowing opinion of Musk. I also think Elon is likely to be quite annoyed with Isaacson about it. To me it was quite balanced with negative and positive. It seemed very real, and gave me a lot to think about regarding leadership, mental illness, the role of trauma in innovation, and lots of other topics. It also reminded me how much I learn from biographies. Not just about the subject, but about life in general. THEINFORMATION


My buddy Mike Privette shares a phenomenal list of 25 things he’s learned in nearly 20 years of infosec. RETURNONSECURITY

I need an AI search bot for the entire website, including all newsletters. If you know of anyone building such things, or the best service out there for this, let me know. I know of a few, but I’m looking for the best.


⚒️ Instagraph — One of the sickest knowledge visualization tools I’ve ever seen. This tool takes text or a URL and turns the summary into a mindmap. | by Yohei | TWITTER 

⚒️ Einstein Copilot Unveiled — Salesforce demoed their Einstein AI system and it’s completely nuts. This is basically SPQA for sales, just like we’ve been talking about. Surprised it’s coming this fast. TWITTER

⚒️ Stable Audio Launch — Stability AI has now launched a text-to-audio generative AI platform called Stable Audio. The platform, trained with over 800,000 audio files, allows users to generate songs or background audio that you can use royalty-free in your projects. THEVERGE 

⚒️ Gamma.app — Put in an idea for a presentation, or a paper, or whatever, and it’ll come up with a full design and even content. I’m most impressed with the presentations it builds, which you can actually export to PowerPoint or Keynote or Google Slides. GAMMAAPP | SCREENSHOT

⚒️ MAC Lookup Tool — MACLookup is a handy tool that lets you find out who made a device's chipset by using its MAC address prefix. It pulls info from several well-known databases, and even offers a free MAC address database and a quick REST API for easy integration. HACKERNEWS

🛠️ Character.ai is catching up to ChatGPT in mobile usage. It lets you create AI characters. TECHCRUNCH | HACKERNEWS 

 📼 DEFCON 31 Videos Are Now Available! YOUTUBE

A new prompting technique called Chain of Destiny focused on summarization. TWITTER

The iPhone’s 5G speeds are supposed to be up to 25% faster than the 14 due to a new modem. 9TO5MAC

Amazon now provides AI to help people write product descriptions. ABOUTAMAZON

Top Engineer Secrets ENGINEERCODEX

Diamond prices are falling massively. ECONOMIST 

A $2.70 wine got a gold medal because some cheeky folks changed the labels and the judges couldn’t tell. ODDITYCENTRAL

Blackmagic releases an iPhone app for pro photography. 9TO5MAC

How much garden would you need to survive on? LIFEHACKER

Managing Your Family Data Warehouse HACKERNEWS

Completely insane APOD shot of a fireball meteor during the Icelandic Aurora. APOD

Webb has a picture of a new star that looks just like our sun when it was no more than a few tens of thousands of years old. PETAPIXEL 

Why are women still changing their last names? NYTIMES

WTF happened in 1971? HACKERNEWS 

A look at Apple's new text predictor model JACKCOOK

❤️ Viktor Frankl argues that idealists are the real realists. He believes that those who strive for ideals are more in touch with reality than cynics. Very similar to my old piece about treating people like A-players. YOUTUBE 

The “Two Health Bar" theory of burnout SUBSTACK


Read The Will to Meaning, by Victor Frankl.

It’s like an extension of Man’s Search for Meaning in that it elaborates on Logotherapy, his system for helping people become more healthy by helping them find their meaning in life.

This philosophy, combined with Stoicism, has been my approach to life for over a decade now, and I’m just so elated that he identified the same problem back in the 1920’s. Literally a hundred years ago.


Life is never made unbearable by circumstances, but only by lack of meaning and purpose.

Victor Frankl