Skip to content

My theory of what happened at OpenAI, a new ransomware tactic, analysis of what the SEC case will do to Cybersecurity, live David Attenborough narration, and more…

November 20, 2023   |   Read Online

UL NO. 408: OpenAI Coup Theory, SEC vs. SolarWinds Analysis, Deepfake D&D Summaries

My theory of what happened at OpenAI, a new ransomware tactic, analysis of what the SEC case will do to Cybersecurity, live David Attenborough narration, and more…

👉 Read this issue as a webpage to avoid the email cutoff issue 👈

image

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.

Good morning!

Well, this weekend was quite a year.

  • I binged Seasons 1, 2, and 3 of Sam Altman this weekend. Microsoft is streaming Season 4 starting this morning, starting with most everyone quitting if the board doesn’t resign. 🔎 Here’s my analysis of the situation.
  • Functionally, Ilya left and started a new company with people who want to approach AGI very slowly and carefully—exciting nobody.
  • 🔥I just got done doing some magic with Whisper (an IlyaAI project) and my own RPGSession AI. I’m now taking our live weekly RPG sessions and turning them into full summaries and even “Previously On Crown and Mayhem…” audio teasers! LISTEN TO IT

image

Our “Previously On…” teaser read in a deepfake of my voice from 11Lab!

  • I’m reading probably the most interesting piece of fiction I’ve read in…maybe forever. It’s Kafka on the Shore, by Murakami. The way this book is building characters, story, and suspense is insane.

Can’t wait to see what Sam and team does next, whether he’s at Microsoft, back at OpenAI, or out on his own.

I hope you have a less exciting week than Sam’s weekend. Let’s get into it.

image

MY WORK

Insane amount of output this week!

🔥🚨Sam Altman Wants AGI as Fast as Possible, and He Has Powerful Opponents
My analysis and theory of how Sam Altman was removed from OpenAI by the forces for XRisk and EA. MORE

🛡️SEC vs. SolarWinds is CyberSecurity’s ENRON Moment
My essay analyzing the SEC case against SolarWinds, and how it’ll affect cybersecurity going forward. MORE

⚔️ My AI Summarization of a D&D Session + Previously On Trailer + My Deefaked Voice
This is was SUPER fun to make, and we’re going to do it for all our sessions going forward. Nothing beats tabletop RPG with friends! LISTEN TO IT

SECURITY

👋 I continue to work on making the news sections as concise yet rich as possible, which is the unique approach for the UL newsletter. As such, I’ll putting only the especially interesting, surprising, or notable stories in the main SECURITY section, because most Vulnerabilities and Incidents are so commonplace that they’re becoming noise. I will still have them down below in their own sections so you get the coverage!

🤯This is nuts. A ransomware group has added a new technique to their arsenal: threatening to report a company to the SEC if they don’t pay. Actually in this case they just straight up reported them. But now this is a move other groups can use. Compromise, start the clock, and tell the victim you won’t report them if they pay. MORE

TikTok is under massive scrutiny because Bin Laden’s “Letter to America” went viral on the platform despite its extremely anti-American and antisemitic language. Similar to the pro-Palestinian bias on TikTok, TikTok’s leadership is saying they’re not influencing anything. “Young people are just pro-Palestine”. That could very well be true, but I hate the fact that they (see the CCP) have the ability to influence what millions of America’s kids are seeing and thinking. MORE

The FBI is intensifying its scrutiny on Hamas-related activities in the US following the group's unexpected strike on Israel. In a recent testimony, FBI Director Christopher A. Wray highlighted the increased threat level to the US after last month's attack by Hamas on southern Israel. MORE

Sponsor

Get Ahead of Threats: Continuous Threat Exposure Management

Flare automates monitoring & remediation across the clear & dark web to detect high-risk exposure before threat actors have a chance to leverage it.

Get actionable intelligence that cuts through the noise of data from public GitHub repositories, infected device markets, illicit Telegram channels, etc. Integrating into your program in 30 minutes, the platform empowers practitioners of all levels.

👉**hi.flare.io/unsupervised-learning****👈**

Start Your Free Trial

AlphaLock, a new Russian hacking group, is going Silicon Valley with live performances, a slick UI, offering hacker training, and monetizing through an affiliate program. They've built a two-part business model: first, they train hackers via online courses, and second, they plan to profit from these trained hackers through an affiliate program on the dark web. Sorry to say, but I’m impressed. MORE

Israel is reportedly using NSO's Pegasus spyware to track Hamas-related kidnappings and murders. I’m torn on this. It legitimizes this kind of software, but if there ever were a legitimate use, I suppose this is it. MORE

Google just dropped new Titan security keys. They’re available with USB-C and USB-A connections, they're FIDO2 compatible, can store over 250 passkeys, and also include NFC for easy mobile device pairing. MORE

Vulnerabilities:

  • 🚨Patch Tuesday Alert — Microsoft's latest update fixes 60+ vulnerabilities, including three exploited zero-days. | CRITICAL | CVE-2023-36025, CVE-2023-36033, CVE-2023-36036 MORE
  • 🪳Fortinet Vulnerability Alert — Fortinet has issued updates for critical vulnerabilities in FortiClient and FortiGate. | HIGH | CVE-2023-38545, CVE-2023-38546 | CVSS Score: Not provided MORE
  • 🪳WordPress Plugin Flaw — Over 600,000 WordPress sites are at risk due to a WP Fastest Cache plugin vulnerability. | HIGH | CVE-2023-6063 | CVSS Score: 8.6 MORE
  • 🪳SAP Business One Flaw — SAP's latest patch fixes a critical vulnerability in Business One. | CRITICAL | CVE-2023-31403 | CVSS Score: 9.6 MORE
  • 🪳SSH Key Exposure — Researchers found a new way to snatch SSH keys due to computational errors. | CRITICAL | No CVSS Score provided MORE
  • ⚠️ MeridianLink SEC Complaint — AlphV reported MeridianLink to the SEC for not disclosing a recent breach. | SEVERITY: MEDIUM | RESPONSE: MeridianLink claims minimal business interruption and no unauthorized access found. MORE
  • 🪳FortiSIEM Critical Bug — Fortinet has found a critical bug in FortiSIEM that lets attackers run commands remotely. | CRITICAL | CVE-2023-36553 | CVSS Score: 9.8 MORE
  • 🪳VS Code Extension Flaws — Third-party VS Code extensions have markdown vulnerabilities. | CRITICAL | MORE

Incidents:

  • 🚨Juniper RCE Exploit Chain — CISA alerts of active exploitation of critical Juniper vulnerabilities. | CRITICAL | CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847 | MORE
  • 🚨Zimbra Email Heist — Attackers exploited a Zimbra email server 0-day to steal data from various governments. | CRITICAL | CVE-2023-37580 MORE
  • ⚠️Denmark's Energy Sector Hit Hard — Denmark's energy firms just faced their biggest coordinated cyberattack, with hackers exploiting Zyxel firewall flaws to hit 22 companies. | HIGH | CVE-2020-28771, CVE-2023-33009, CVE-2023-33010 | MORE | MORE
  • ⚠️Mr. Cooper Cyberattack — They know some customer data was lost but they were able to get many systems back online. RESPONSE: They’re still determining the scope of the intrusion and damage. MORE
  • ⚠️ Truepill Data Breach — Over 2.3 million customers' personal health information was exposed. | SEVERITY: HIGH | RESPONSE: Notification letters sent, lawsuits pending. MORE
  • ⚠️ Toyota Ransomware Threat — Medusa ransomware gang hits Toyota Financial Services, demands $8 million. | SEVERITY: HIGH | RESPONSE: Systems taken offline, law enforcement engaged. MORE | MORE
  • ⚠️MySQL Under Siege — MySQL servers are being hijacked by the 'Ddostf' botnet for DDoS attacks. | HIGH MORE
  • ⚠️ Law Firm Ransomware — Allen & Overy hit by LockBit ransomware, possibly exploiting CitrixBleed. | SEVERITY: MEDIUM | RESPONSE: Affected a few storage servers, no major data loss reported. MORE

New SECURITY Format

How did you like the new structure/content of this section?

  • ❤️Loved it!
  • 👍It's better
  • 🫳Same / Ok
  • 🙁Worse I think
  • 👎Nah

Sponsor

15 Minutes Is All It Takes To Be Up And Running With Automox

Stop wrestling with manual work, complexity, and limited insights across your endpoints.

Automox gives you complete visibility and control over every Windows, macOS, and Linux endpoint – all from a single platform. Automation-ready, Automox makes endpoint management a snap while keeping your employees productive and your organization secure.

Try it for yourself now with a free trial.

👉**automox.com/signup****👈**

Sign-Up Now

👉 Continue online to avoid the email cutoff issue 👈

TECHNOLOGY

OpenAI blew up on Friday. Like, in a way that nobody would have believed if a fiction writer released it. Here’s my analysis of what happened, and over 700 employees have evidently signed their intent to leave if the board doesn’t step down. My question, though, is what happens if they do? Like what is that going to solve? MORE

Elon wants to change X so that it highlights smaller accounts based on algorithmic similarity match, rather than klout. This is extraordinarily good news because the biggest problem new writers and creators have is being discovered. I wrote about this a long time ago in a fake Amazon product that discovered things based on matching your preferences and similarity to stuff you like. MORE | THE DISCOVERABILITY CRISIS | AMAZON CURATE (FAKE)

This guy built an AI that takes screenshots from his camera and narrates the image in the voice of David Attenborough. SO CREATIVE. MORE | MORE

Google DeepMind's AI just outperformed traditional weather forecasting for the first time, predicting up to 10 days ahead with higher accuracy than traditional techniques. The AI, called GraphCast, surpassed the European Centre for Medium-range Weather Forecasts in 90% of the 1,380 metrics evaluated, including temperature and wind. MORE | MORE

Tesla is building old-style drive-in diners with tons of services available. This is the thing I like about Sam and Elon; they’re trying things, making things, doing things. I can’t stand Elon on Twitter most of the time, but he’s a lot more human and kind in interviews, and I love that he’s creating. MORE

YouTube is going after AI-generated content by requiring labels on videos that might mislead viewers into thinking they're real. The new policy will apply to videos that are either altered by AI or entirely synthetic, especially if they cover sensitive topics like elections or health. MORE | MORE | MY PIECE ON AI INFLUENCE LEVEL

Google's paying 36% of its search revenue from Safari to Apple, according to recent court testimony. No wonder Apple’s ok with not doing their own search engine. Seems to be working out pretty well for them. MORE

Amazon has cut hundreds of jobs in the Alexa department. Not sure what that means exactly, but I can tell you it doesn’t say good things for the adoption of voice interfaces on smart speakers. It looks like Benedict Evans continues to be right in our debate about how quickly voice interfaces would be adopted. I argued they only had to get “so good”, and then they’d take off. Perhaps they just haven’t hit that point yet. MORE

HUMANS

Sweden is planning a 'massive expansion' of nuclear energy to secure energy independence and combat climate change. The move includes constructing new reactors and extending the life of existing ones. MORE

Young Americans are increasingly siding with Palestinians over Israelis. A new survey shows a 7-point drop in overall sympathy for Israel since October, with only 54% of U.S. voters now more sympathetic to Israelis compared to 61% previously. Among voters aged 18-34, sympathy for Israelis has significantly shifted, with 52% now expressing more sympathy for Palestinians, and a significant 66% disapproving of Israel's response to recent Hamas attacks. MORE

Exxon Mobil is jumping into lithium production in Arkansas, eyeing the booming electric vehicle battery market. I think this is extraordinarily smart. It’s not just electric vehicles, but batteries in general are about to be massively needed. What better way to hedge against oil’s decline? 4D chess, these people. MORE | MORE

Hate speech targeting Jews and Muslims has surged online, linked to the Israel-Gaza conflict. Researchers found a significant increase in antisemitic and anti-Muslim comments on platforms like Facebook and Instagram, fueled by recent tensions. MORE | MORE

Homeschooling is surging in the U.S. Experts originally thought it was just a pandemic blip, but the Washington Post reports that homeschooling, covering over 60% of school-age kids, continued to grow through the 2022-23 year. In my mind it comes down to the loss of trust in institutions. People simply aren’t trusting the schools to teach kids what the parents believe. MORE

👉 Continue online to avoid the email cutoff issue 👈

NOTES

I’m about to show you simply the coolest Vim Setup video ever created. Like by a factor of 35X. Unspeakably brilliant. I’m like inspired after watching this. Watch the video to love Vim more. To improve your dotfiles. To get into Vim. To want to be an artist. To want to move to Japan. To be a better person. Just watch the video. Trust me. MORE

DISCOVERY

🔥⚒️ privateGPT — A tool for interacting with documents using GPT models privately, without data leaks, even offline. | by imartinez MORE

⚒️ Open-Source Threat Intel Feeds — A GitHub repo offering structured, free-to-use threat intelligence feeds for better security monitoring. | by Bert-JanP MORE

⚒️ Awesome-GPTs — A comprehensive list of GPT models on OpenAI, including a specialized model for navigating and recommending GPTs based on user queries. MORE

⚒️ HackerArt GPT — A GPT by my buddy Joseph Thacker (rez0) that makes you super cool hacker profile pics and art. | by Rez0 | MORE

⚒️ Screenshot-to-code — Turn screenshots into HTML and Tailwind CSS with AI, using GPT-4 Vision and DALL-E 3 for image generation. | by Abi Raja MORE

⚒️ CVE Watcher — A tool for spotting CVEs before patches are released, helping you stay one step ahead of vulnerabilities MORE

⚒️ Ahref — A tool for monitoring SEO health, understanding backlinks, and analyzing traffic-driving keywords. MORE

⚒️ Hallucination Leaderboard - tracks how often language models make stuff up when summarizing text. | by Vectara MORE

⚒️ ASCII-Gen — Turn your images into ASCII art with this Rust-based command-line tool. MORE

⚒️ Free Burp Collaborator — Learn how to set up your own Burp Collaborator for free using Cloudflare Workers. | by Gabriel Schneider MORE

🔎 AI Decision Making— Using ChatGPT with mental models like First Principles Thinking, Second Order Thinking, and Regret Minimization Framework to make better decisions. MORE

Meta brings us a step closer to AI-generated movies MORE

🎵Google’s new AI music creation tooling MORE | MORE

Levels of AGI MORE

How to Stop Spam Calls on iPhone MORE

How to Keep Your Bank From Closing All Your Accounts MORE

✍️ More people should write MORE

We don’t do DST at this company MORE

🔥My favorite new developer / creator MORE

People think white AI-generated faces are more real than actual photos MORE

GPT-4's Abstract Reasoning Gap MORE

More Americans believe crime in US is becoming ‘extremely’ serious MORE

Teens don’t want Android MORE

TikTok is becoming a very popular news source MORE

Melatonin Overuse in Kids? MORE

Pesticides are being linked to infertility MORE

The Discoverability Dilemma MORE

The gang crisis in Sweden MORE

iPhone is getting RCS, finally… MORE

Sony Unveils Its Full-frame Global Shutter Offering — The Alpha 9 III MORE

Amazon Now Sells Cars MORE

RECOMMENDATION OF THE WEEK

The best Vim setup guide I’ve ever seen, but more than that—it’s the best setup guide PERIOD that I’ve ever seen. It’s just a brilliant way to present content, full stop. MORE

APHORISM OF THE WEEK

Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing.

Hellen Keller

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Share UL with someone like us…

Yours,

image