MEMBER EDITION | EP. 244 | August 31, 2020
Russian attempted hack of Tesla, New Zealand SE DDoS, Drone Assassinations, China Unified Social Credit System, Cisco Sabotage, Stolen Gaming Accounts, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…
SECURITY NEWS
A Russian hacker group tried to pay a Russian-speaking immigrant employee at Tesla $1,000,000 to install malware on the Nevada factory's network. What's interesting to me is that the representative was in-country, and actually met with the employee he was trying to bribe, which is quite spy-tradecraft-like. The attack would have performed data exfiltration leading to a ransomware attack, but the employee went to the FBI who arrested the group's representative at the airport as he tried to leave the country. More >
The New Zealand stock exchange was hit twice in two days by DDoS attacks, which made cash market trading unavailable. More >
Drug cartels are doing assassinations using drones carrying bombs. More >
China is rolling out a new blockchain-based technology to link together its various provisional social credit systems. More >
A Cisco ex-employee deleted 465 VMs that powered 16,000 customer Webex accounts, resulting in around $2 million dollars in damage. More >
The FBI is warning about online romance scams that are costing nearly $500 million a year. The attacker basically finds lonely people and starts up a fake relationship, and at some point they ask for money. It's a very old scam, but obviously very effective right now due to COVID. More >
Stolen gaming accounts for games like Fortnite, Minecraft, and Runescape are part of a $1 billion dollar market. More >
Vulnerabilities:
Cisco fixed some high severity bugs in its switches and fibre storage products. More >
Slack fixed a critical RCE vulnerability in its desktop app that was found through a HackerOne bounty. More >
Three vulnerabilities have been discovered in MicroTik's routers. More >
Companies:
Congrats to Signal Sciences for getting picked up by Fastly for $775 million. More >
TECHNOLOGY NEWS
A team from MIT has successfully used radio signals and deep learning to identify what people are doing in a room without the use of cameras. More >
Musk's Neuralink demo was interesting but not a major victory, largely because the subjects were pigs. It turned out to mostly be a recruiting pitch. More >
Amazon is delivering nearly two-thirds of its own packages. More >
LG is releasing a wearable air purifier. It uses HEPA filters and LED lights to kill bacteria. More >
Internet Explorer is finally dead. Officially at least. More >
Some Canon cameras can now upload their images straight to Google Photos. More >
Companies:
Grid is an Iceland-based company that turns spreadsheets into visual narratives. More >
Snowflake IPO'd, and here's some analysis of the filing. More >
Salesforce has cut around 1,000 jobs and had a great earnings report that pushed its stock up by 26%. More >
Okta's stock has doubled since March due to increased remote auth requirements from COVID. More >
SOCIETY NEWS
One theory says the reason we feel so bad is that we've exhausted our "surge capacity" due to serial catastrophes. More >
Germany's largest trade union is looking to propose 4-day work weeks to help prevent layoffs. More >
New Yorkers are fleeing to the suburbs. The story is about New York, but I imagine the data will soon show that many big cities are doing something similar. More >
50 new planets were discovered using machine learning. More >
China has recently built at least 200 prison and internment camps to hold tens or hundreds of thousands of Muslims. More >
IDEAS, TRENDS, & ANALYSIS
Why Understanding Beats Knowledge More >
GPT-3 might represent new challenges for law firms. More >
Data Scientists Should Be More End-to-End More >
Zoom is Now Critical Infrastructure. More >
UPDATES
After discussing it with our community in the UL Slack channel >, I decided to update our subscription pricing to match a few other creators and make it weighted heavier towards annual subs. So if you're doing monthly, we're moving from $5 a month to $9.99, which is $120/year. But subscribing for a year takes that down by half to $59.99. If you're already on the annual plan your price will go up by $0.83 cents per month, which is hopefully tolerable. : ) Once again, thank you all for being supporters. It means a great deal to me that you find my work valuable.
I was rather affected by the loss of Chadwick Boseman. On Twitter I wrote: "I feel ashamed to be so affected by his loss, given that the way I learned about him is through Black Panther—a comic book movie. But he did such a great job of conveying kindness and strength. It was just beautiful. Fiction matters. He was brilliant. He’ll be missed." More >
I've changed the theme for UL from security, tech, and humans....to security, tech, and society. Many have complained that "humans" was a bit ambiguous, so hopefully "society" both implies the human element while making it clear that it's also about how humans interact with each other.
Last week I said that Sullivan—the former CISO at Uber—was arrested for the handling of their breach announcement, but in fact he was just charged, not arrested. Engadget got the story wrong, and I trusted them as a reputable source. This is why we must remain vigilant over our delicate web of trust. Apologies.
DISCOVERY
I just bought NOMAD's new wireless charging mat, the Base Station Pro. The big feature for me was the ability to drop your device anywhere on the mat, as opposed to having to perfectly align it. More >
How to Write in Plain English More >
A stellar 85-megapixel image of the moon. More >
Common mistakes made during interviews. More >
Riot released a Game Design curriculum for free. More >
Cory Doctorow has released a new book called How to Destroy Surveillance Capitalism, and he's put it out as a blog post as well. More >
Meditation as a shield against the attention economy. More >
Vuln Cost — An open-source security scanner for VS code. More >
URLGrab — A Go-based web spider. More >
Parth — Heuristic Vulnerable Parameter Scanner More >
RECOMMENDATIONS
The Bellingcat Podcast — A podcast about using Open Source Intelligence to track down nearly impossible clues to solve mysteries. If you're into OSINT, Recon, Intelligence, or anything of the like—you'll love this. More >
APHORISMS
"Character is simply a habit long continued."
~ Plutarch
Thank you for supporting this work.