Unsupervised Learning Newsletter No. 284

MEMBER EDITION | Ep. 284 | Monday: June 7, 2021

SECURITY NEWS

The US is elevating ransomware to the level of terrorism. This comes during the fallout from the Colonial incident, which did result in the shutting down of a key US oil pipeline, but turns out wasn't a cyberattack. Many are worried this escalation in focus could result in an escalation in responses, and make kinetic conflict more likely. More

The FBI has issued a flash warning regarding the exploitation of Fortinet vulnerabilities by APT groups. More

Attackers are actively scanning for the VMware vCenter vulnerability. The best time to patch was last week; the second-best time is right now. More

The US has seized two domains used by APT29 (Cozy Bear), which is associated with Russia's SRV. The domains were used to host phishing sites that impersonated USAID and prompted users to download the attacker's Cobalt Strike payload. More

CISA has released best practices for mapping to MITRE ATT&CK. More

Google's released a new experimental tool at deps.dev that maps dependencies for software components. Covers NPM, Go, Maven, Cargo, and others. More

A Fortinet survey found that 90% of OT organizations have experienced a cyber incident in the last year. More

TikTok just changed its privacy policy to allow itself to "collect biometric identifiers and biometric data" from its users, including "faceprints and voiceprints". That would imply camera and mic access. Yikes. More

The FBI is trying to get the IPs, phone numbers, and other data on people who read a USA Today article within a specific, 35-minute timeframe. USA Today is fighting the request. More

Iran lost its largest warship after it caught fire and sunk in the Gulf of Oman. There was also a major fire at an oil refinery serving Tehran. Israel had no comment. More

A consultant at Mandiant says the Colonial network was initially compromised through a hacked password on a VPN with no 2FA. More

The FBI is currently investigating around 100 different types of ransomware. More

You only have one day left to opt your Amazon devices out of Amazon Sidewalk, which joins certain Amazon devices with those of your neighbors, allowing the devices to share internet access. Sidewalk is basically a neighborhood mesh network that will be used to do all sorts of cool stuff in the future. To be clear, I think the tech is super exciting, but I don't much like the idea of being automatically enrolled. More

Cobalt Strike is one of the most popular security-originated tools being used by attackers. More

Police requests for Amazon Ring camera footage will now be required to be public. More

Vulnerabilities:

• Cisco releases updates for multiple products due to a SAML implementation issue. More

Companies

• SentinelOne has filed for a $100 million dollar IPO. More

• FireEye and Mandiant have split apart in a $1.2 billion dollar private equity deal. More

• Redacted is a monitoring and response company that's come out of stealth and taken another $35 million in funding. More

TECHNOLOGY NEWS

Micorosoft is announcing the next major version of Windows on June 24th. More

Ben Thompson of Stratechery has launched a new service called Passport, which is a technology platform that others would use to run a service like Stratechery. It's his replacement for Memberful and Mailchimp it seems (which is what this show uses), but It's not clear whether or not it's available to others yet. More

Lemonade, which uses AI to price home/renter insurance, is moving into car insurance. More

The US military is looking at SpaceX's Starship project as an option for sending supplies around the planet using rockets. "A rocket can get around the world in 90 minutes, and an airplane cannot." More

KPMG says carmakers will lose $100 billion in revenue in 2021 due to the semiconductor shortage. More

Companies:

• Lansweeper has raised $158 million to continue doing IT asset management. More

• Project44 raised $202 million to work on supply chain insights. More

• Dirac raised $17.3 million to innovate in software-based audio solutions. More 

HUMAN NEWS

US jobless claims have dropped to 385,000—another pandemic low—dropping unemployment nationwide to 5.8%. More More

Israeli scientists have increased the lifespan of mice by 23% by increasing a protein that wanes during aging. They're looking to reproduce the results in humans within 2-3 years. More

New research out of Georgia Tech indicates that one's baseline pupil size is correlated their intelligence. More

A new study has found that employees often feel vulnerable and paranoid when they feel powerless, and this can cause them to lash out at co-workers or family members. This definitely corresponds to my thoughts on management, which prioritizes enablement and psychological safety. More

France has imported America's culture wars, including a far-right news channel and cancel culture, and it's not going well for them. More

California is moving quickly to legalize certain hallucinogens, with MDMA and psilocybin likely becoming legal soon . I think this is going to be a boon for mental health, honestly, but also for medical practices that are able to prescribe these substances in concert with therapy. More


CONTENT, IDEAS & ANALYSIS

I Really Hope It's Aliens — The government says there's no evidence that the strangely-acting UAPs they've been seeing are alien in origin, but can't explain them either. I for one really hope they're alien. If they are, they could have killed us a long time ago—if they wanted to—which means they're probably benign. If they're not, we're being severely trounced by Russia or China in drone technology. My guess is unfortunately that the latter is far more likely. More


NOTES

I'm really looking forward to re-reading Speaker for the Dead for Book Club this month!

I'm also looking forward to reading Noise, by Daniel Kahneman and crew.

I'm still finishing the few that I"m wrapping up now, and wondering why it's still so cool in the Bay Area.


DISCOVERY  

OhShitGit — A website that describes how to fix your Git mistakes. More

Page Fetch — Detectify has released a Go-based headless Chrome client to be used for security testing. More

WheyCewler — A tool that crawls a website and creates a custom wordlist for use in security testing. More

NocoDB — Turn a database into a smart spreadsheet. More

Kubernetes Goat — An intentionally vulnerable cluster environment for the purpose of learning Kubernetes security. More

Modern Bastion Hosts More

You May Live a Lot Longer More

James Hoffmann's Guide to Coffee Grinders More


RECOMMENDATIONS

Read my book summary of Mark Manson's, The Subtle Art of Not Giving a F*ck. The book, and my summary of it, are much better than I remember. Very high wisdom density. More


APHORISMS

“What most people — especially educated, pampered middle-class white people — consider “life problems” are really just side effects of not having anything more important to worry about.”

~ Mark Manson