Unsupervised Learning Newsletter No. 265

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I've found in the last week to around 50,000 people. It'll save you tons of time. 
 

STANDARD EDITION | Ep. 265 | January 25, 2021 

SECURITY NEWS

FireEye has published the technical details around the SolarWinds hack, and have released a free tool to detect indicators. More

There's an argument that cyberinsurance providers are funding organized crime by paying ransomware claims. More

The FBI is tracking down people who were near the Capitol when it was attacked. They're going through cell tower ping data and just brute-forcing through the list. Great police work, and I think for a good reason this time, but a lot of people are worried about the precedent. More

Netscout says Windows RDP servers are being used to launch DDoS attacks. They said the magnification factor for RDP is 85.9, so a small request could result in a 1,260 byte reply. More

Palantir stock has jumped over 250% since its IPO, but I'm not going near it. Its valuation is over 28x its sales, and there is no clear narrative explaining why. Could be an amazing investment, could be the dumbest thing ever to put money into. I can see both arguments clearly, so I'm staying out. More

Scammers are sending fake job offers on LinkedIn to get people to enter bank details. This is almost as ingenious as fake shipping updates for Amazon and UPS. Job offers and package deliveries are two things people generally click on. More

DDoS is increasingly being used as part of ransomware attacks, where the attacker contacts the victim and says they will allow the site to function if they pay. The real danger will come, however, when groups are sophisticated enough to combine all the different interaction scripts, leverage types, payment infrastructures, etc. So, good cop vs. bad cop, encrypting the data vs. leaking it vs. DDoS, etc. More

Ransomware evidently made up 81% of all financially motivated attacks in 2020. More

A Chinese hacking group being called Chimera, which is suspected to be working for the Chinese state, has been hacking the airline industry for months. A member of the Unsupervised Learning Slack community had a great way of describing this type of activity, which is adding to their CRM (Customer Relationship Management) system. This is a good way to look at it, which I agree with, given that they've hacked OPM, Equifax, Marriott, and countless other industries. More 

Jack Ma finally re-emerged into the public again after disappearing for months after embarrassing China's government. The government stopped his massive IPO, he disappeared, and they announced that many of his companies are being taken over by the state. Ma showed up virtually to recognize rural teachers, and said that he intended to focus more on philanthropy and revitalizing the countryside—which are all CCP themes. I bet he's willing to say and do anything at this point. More

Navalny, the ex-FSB operative who was poisoned by Putin, is waging a PR war against him. He runs an anti-corruption group that just published a full report on a billion-dollar mansion that they say belongs to Putin, putting even more pressure on the Russian president while much of the country struggles to survive. Navalny has been arrested again, and there are now major protests pushing for his release. More 

Vulnerabilities:

• Natalie Silvanovich of Project Zero has found a common vulnerability across multiple chat platforms, including Signal, Google Duo, Facebook Messenger, and others, that allows for potential eavesdropping on communications. More

• Cisco issued multiple patches for its SD-WAN software to address possible HTTP, SQL injection, and buffer overflow attacks. More

• Drupal releases updates for an issue that can lead to system takeover. More

• QNAP is warning users of malware called Dovecat that can install a Bitcoin miner on their NAS. More

Incidents:

• Malwarebytes was hacked by the same group that hit SolarWinds, with a suspected focus on O365. More

• A known hacker has leaked 2.28 million users' data for a site called meetmindful.com. More

• Attackers have published 4,000 private files belonging to the Scottish Environmental Protection Agency after intially asking for ransom. More

Companies:

• Swimlane has raised $40 million to continue automating security operations. More

TECHNOLOGY NEWS

Toyota is getting ready to release its solid-state battery technology that reportedly charges in 1/3 the time and has twice the capacity. More

Forbes is going heavy into paid newsletters, and they're hiring up to 30 writers who already have large followings to kick it off. More

Australia is asking Google to pay royalties to publishers, and Google is threatening to pull out of the country if they force the issue. More

CentOS is dead, but Red Hat is making RHEL free for up to 16 production servers. More

If you feed text mentioning Muslims to GPT-3 it often will create a passage mentioning terrorism and bloodshed. "Mama, when we defeat the infidels today I’m going to wear a headscarf until I’m 8 just like you!’ But then the screams outside wake me up. For some reason I’m covered in blood." The challenge is that when you feed a model gigabytes of text, it's really hard to thoroughly filter what it's learning from. More

Companies:

• Rivian raises $2.65 billion as it gets ready to make its electric pickup. More

HUMAN NEWS

Electric car sales increased by 43% in 2020. More

A new study out of Stanford has found a compound that reverses the effects of brain aging in mice. “More striking, the compounds reversed mice’s age-related cognitive decline. Older mice who received them performed as well on tests of recall and spatial navigation as young adult mice.” It's a remarkable time to be aging. More

Bolsanaro of Brazil could face Crimes Against Humanity charges over destruction of the Amazonian rain forest. More

Elon Musk is offering a $100 million dollar prize for carbon capture tech. More

Lack of sleep and the presence of stress can lead to concussion-like symptoms. More

A new study says exercise can help slightly with cardiovascular risk if you're obese, but it doesn't help nearly as much as lowering your weight—basically contradicting the idea of 'fat but healthy'. More

2020 had the highest number of US homicides in over two decades. Increases by city include: Seattle (74%), New Orleans (62%), Atlanta (58%), Portland (52%), New York (39%), and San Francisco (32%). More Dataviz

Audi is moving all of its A4, A6, and A8 models to electric. More

IDEAS & ANALYSIS

Parler and Russian Intelligence Operations — So, Parler has partially come back online, protected by DDoS-guard, a company run by a couple of Russian guys. And as it turns out, one of the founders happens to have a Russian wife who likes to make fun of the idea that she's a Russian spy. This Twitter thread describing the whole scenario and timeline is too unbelievable for fiction. Reminds me a lot of Maria Butina and the NRA. But the best part is where she posts her (American) kid's social security card showing off her nationality, while having other posts about how much she loves the show The Americans. And yes, this could still absolutely be a red herring; I juist think it's unlikely at this point. A primary goal of Russian intelligence is to create internal division within the United States, and they seem to have a clear hand in the rise of Parler, which seems to have been used extensively to unify and organize the movement to attack the Capitol building. Think about how close they came to starting a civil war in the US. Let me just state this plainly, we are witnessing the most stunning set of intelligence operations of all time right now from Russia. I mean, as a student of this game, they are seriously impressive. Once they become public the intelligence community will be studying these operations for centuries to come. More Thread

It's Not About Left and Right — "Our lesson cannot be that Trump supporters are bad, or that Hitler was bad, and to watch out for them. The lesson has to be that a weak strongman playing off a population’s desire for pride is a dangerous pattern that repeats." Tweet This

MY UPDATES

Currently finishing Homeland, which is our UL Book Club book of the month for January 2021.

Reading Homeland has made me want to try to write fiction again. Specifically, fiction that describes a possible future world. I feel like this is mostly what Doctorow is doing. He's describing a setting more than a story.

DISCOVERY

Thinkst Canary — See high-signal attacker activity on your network using physical, VM, or cloud-based tokens. [SUP] More

Someone's made an easier version of Markdown called Dumbdown. More

The new Whitehouse website is running Wordpress. More

This site, CovidVaxCount, claims to have a live view of the number of Americans that have been vaccinated via scraping the CDC, which currently sits at around 6%. More

Tailwind CSS Blocks More

7 Threat Hunting Tools Everyone In the Industry Should Be Using More

Jeff Bezos has a rule that says the best decisions are made with 70% of the information. Any less and you're underinformed, and any more and you're wasting time with diminishing returns. More

What Parler Saw During the Attack on the Capitol — A stunningly well put together collection of videos posted by Parler users on the day of the attack, broken down by location, such as around DC, outside the Capitol, and inside the Capitol. More

A great look at Palantir's assistance in Afghanistan. More

Pup — A Go-based command-line HTML parser that can filter based on CSS selectors. More

Snort 3.0 has been released, with significant improvements to processing and rule management. More

Ffuf 1.2.0 has been released, which includes rate limiting and config file support. More

RECOMMENDATIONS

Make sure you don't miss Rachel Tobac's InfoSec Sea Shanty. More

APHORISMS

“To understand how something works, figure out how to break it.”

~ Nassim Taleb