
Exploring the intersection of security, technology, and society—and what might be coming next...
Standard Web Edition | Ep. 279 | May 3, 2021
SECURITY NEWS FBI and CISA have released new tactics being used by Russia’s SVR. SVR is also known as APT29 and CozyBear, and are believed responsible for Solarwinds and other attacks. They’re believed to primarily target government networks, think tank and policy analysis organizations, and information technology companies. TTPs have moved from installing malware on networks to attacking cloud email services, such as Microsoft Office 365, password spraying, and targeting VPN services. More CISA has released an advisory regarding real-time OS (RTOS) ICS systems. More Industry experts have submitted an 81-page report to the Biden administration aimed at coordinating efforts to counter ransomware. They are looking to unify into a task force that helps disrupt the problem using a combination of techniques, including disrupting payments, prosecuting attackers, and disrupting services that support the ecosystem, including forums where services are sold. More Python library ipaddress is vulnerable to a critical IP address validation vulnerability first found in the netmask library earlier this year. It basically causes leading 0’s to be stripped off of addresses, leading to the ability to bypass filters. More Krebs says Experian had a leaky API that exposed most Americans’ credit scores. More Censys found more than 1.93 million databases exposed to the internet on cloud servers. Most it found were MySQL, followed by Postgres and Redis. More Kaspersky says it found new malware it believes was created by the CIA. More The NYPD has canceled the use of its robotic dog due to public backlash. More US Navy SEALs are shifting from counterterrorism to global skills such as electronic warfare and unmanned systems for the purposes of collecting intelligence. More Vulnerabilities:
TECHNOLOGY NEWS Google is going to be experimenting with new office designs as employees return from COVID. They’re targeting September for the first returns, and are going to be strongly encouraging—but not requiring—that returning people are vaccinated. In the meantime, they’ve saved $1 billion dollars by not having employees onsite, but that doesn’t factor in any productivity difference. More Amazon is spending $1 billion to raise operations workers’ pay by up to $3 dollars an hour. More Tesla is upgrading its Powerwall 2 systems to Powerwall+, which have the same capacity but higher surge output. More The Linux kernel now has over 1 million commits. More Companies
HUMAN NEWS Pfizer is currently testing a COVID cure with 60 individuals. If successful, this would be used in patients who already had COVID as opposed to the vaccine which is used to prevent getting it. More The measures taken to control the spread of COVID have nearly eliminated influenza worldwide. US deaths from flu in the 2020-2021 season was around 600, and in the years before it was 22,000 and 34,000. More California is looking to stop Nestlé from taking millions of gallons of its water. More Global electric vehicle sales grew 41% in 2020. More Soaring lumber prices are adding $36,000 to the cost of a new home. More Biden has proposed ARPA-H, a DARPA for cancer. Love it, but CARPA or HARPA makes more sense I think. More Over 3,000 cargo containers fell off ships last year, and we’re already past 1,000 in 2021 due to pressure to speed up deliveries causing more accidents. More There is now a Journal of Controversial Ideas (JCI). More A new study shows that consumption of sugar-sweetened beverages, and high BMI independently, are associated with lower testosterone in men. More CONTENT, IDEAS & ANALYSIS Explaining Threats, Threat Actors, Vulnerabilities, and Risk using a Real-world Scenario — My expansion of a tweet by Casey Ellis on how to think about these key infosec terms. More A Summary of Balaji Srinivasan’s Thoughts on the Future — My parsing of a fascinating 4-hour conversation between Balaji Srinivasan and Tim Ferriss about future trends. More Magnifying Big City Political Differences — One of the ideas Balaji Srinivasan talked about in the conversation I linked to with Tim Ferriss is the idea of cities becoming a lot more different from each other politically, and attracting completely different types of people. E.g., Austin seems to be tech + libertarianism. Portland seems to be hippy + anti-authority. Assuming people are mobile enough to pick up and move this could be a fascinating effect over time, with different cities becoming natural experiments around innovation and standard of living. NOTES I finished Our Mathematical Universe and I now think about greater existence in a completely different way. Highly recommended for anyone who likes Hawking, Sagan, Tyson, or anything related to Cosmology. More I’m currently re-reading The Red Queen, which is the UL Book of the Month. More Join Us! As you may have noticed already, we launched our new logo as part of our ongoing site design update. It isn’t just a new visual; it has a lot of meaning built in that I talk about in the launch post. More The UL Book Club is absolutely thriving, and we’re talking about doing more meetups, including a new mid-month meetup with a rotating topic. We’re also thinking about an in-person meetup at some point next year. Possibly a dinner at Blackhat/DEFCON and maybe a weekend getaway in Big Sur where we bring family (so we can get permission). Our monthly meet-up has become the favorite event of the month for a number of our members, me included. Turns out it’s a lot of fun to talk about interesting topics with a bunch of smart and pleasant people. It’s reminding me of the internet we were all promised but so often doesn’t materialize. You should come join us. DISCOVERY Profil3r — An OSINT tool for finding social network profiles. More Weather Spark — Get a remarkably accurate visual and description of the weather in any city. More My friend Alejandro Hernández at IOActive (where I used to work) has released new research on how stock prices are affected by vulnerabilities and breaches. He’s presenting his findings at Black Hat Asia. More THC-RELEASE: The World’s Smallest Backdoor More How the new US Federal CISO sees Zero Trust More It turns out we’ve all been using our trash bags incorrectly. They’re actually shipped inside-out so you can put them on like a hat. Then you just push the whole bag down the center. Insanity. Video The Army has new night-vision goggles, and their visuals look sci-fi/alien amazing, with outlines around objects and a crazy amount of detail. They also let you look through the scope of a rifle using wireless technology. More A list of Significant Cyber Incidents More All-cause Mortality Statistics for Each US State More Welcome to the YOLO Economy More How to make your voice sound more attractive and competent. Could also be the reason for Vocal Fry. More RECOMMENDATIONS If you like thinking about the future across tech, policy, government, etc., you really should listen to this conversation with Balaji Srinivasan on the Tim Ferriss podcast. It’s long, but if you’re into this stuff it’ll absolutely be worth it. More APHORISMS “Everyone you meet is fighting a battle you know nothing about. Be kind. Always.” ~ Robin Williams |