News & Analysis | No. 287 - Daniel Miessler

Exploring the intersection of security, technology, and society—and what might be coming next...

Standard Web Edition | Ep. 287 | June 27, 2021

SECURITY NEWS

MITRE has released D3FEND, a defensive counterpart to its offensive ATT&CK framework. It not only has its own separate ontology for defensive activities but also maps them to their offensive counterparts. “In other words, see what stops what.” More D3FEND

The cyberinsurance market is facing major headwinds right now, largely due to a surge in ransomware payouts. The average paid loss went from $145,000 to $358,000 in the last year, and the DCC metric that looks at direct loss plus defense and cost containment jumped from 42% to 73%. This is forcing companies to raise their premiums to cover some of those costs. More

Ant Group is in talks with China’s state-owned company infrastructure to use Ant’s massive datasets for credit scoring. Another example of China’s government flexing on the private sector. More

Microsoft mistakenly signed a rootkit package that’s being used in gaming environments. It’s called “netfilter”, and it has been seen communicating to Chinese C2 servers. More

GroupSesnse says Monero is rising in popularity with ransomware gangs due to it being harder to track. More

HIPAA allows hospitals to sell patient data as long as it’s anonymized. So lots of companies are looking at how to make money off all that data. What could go wrong? Improper anonymization, for one. More

The STIR/SHAKEN technology to stop robocalls is set to become enforceable on June 30th. On that date the major carriers (AT&T, Verizon, T-Mobile, Comcast) will need to start authenticating the source of calls to ensure CallerID isn’t being spoofed. More

Vulnerabilities:

There’s a CISCO ASA vulnerability that’s being actively exploited. More
Zyxel firewalls and VPNs are under active attack. More
If you own a MyBook Live network storage device from Western Digital, you’ll want to take it offline before it gets compromised/erased. More
VMware has released security updates. More

Incidents:

New York City’s law department was penetrated due to an email password. Data lost include childrens’ criminal records, medical records, and personal data for thousands of employees. More

Companies:

Bit Discovery has raised $4 million in the Attack Surface space. Congrats to Jeremiah and team! More
Splunk launched Splunk Cloud Security, and pulled $1 billion from Silver Lake. More
PagerDuty is getting into remediation. More
Illumio has raised $225 million to protect multicloud and edge. More
Graylog pulls $18 million to manage and analyze log data. More

TECHNOLOGY NEWS

Microsoft announced Windows 11, which has a clean new glassy interface, and claims to focus on freedom and choice. It will be a free upgrade. They’re building Teams into the OS, which doesn’t make sense given the fact that 1) nobody seems to like Teams, and 2) what happened to Skype that they paid like $9 billion for? More More

Andreessen Horowitz has launched a new $2.2 billion crypto fund. More

Microsoft has closed above a $2 trillion market cap for the first time ever. More

A new study out of MIT and Boston University says that automation caused up to 70% of middle-class job loss in the US in recent decades. Hardest hit were vehicle manufacturing, printing and publishing, and the manufacture of rubber and plastic products. More

Google has decided not to stop using third-party cookies until 2023. More

A number of Google executives are becoming worried about the company’s future. More

iTV has a story saying Amazon destroys millions of items each year rather than finding something productive to do with them. More

Amazon has acquired Wikr, an end-to-end encrypted communication technology. More

Companies:

SafeAI raises $21 million to retrofit dump trucks, bulldozers, and similar with autonomous tech. More
Rasgo is a Github-like repository that helps data scientists explore, clean, join, and and transform data sets for machine learning models. More

HUMAN NEWS

The US economy is up 6.4% in Q, and estimates are that Q2 will be even higher. More

The Labor Department says a record 4 million people quit their jobs in April. More

McKinsey has identified 56 foundational skills that will help citizens thrive in the future of work. They’re broken into 4 categories and 13 skill groups. More

DeepMind says Reinforcement Learning is powerful enough of a technology to create AGI over time. In short, they believe that if you game smart AI against itself, in different types of scenarios, it’ll eventually learn how to do enough to be considered generally intelligent. The paper talks about “instantaneous calculation” and “perfect memory”, allowing computers to outperform humans at almost any task. This is big. More

In a survey of over 200 police departments, retirements were up 45% and resignations were up 18% compared with the previous 12 months. More

Nearly all US COVID deaths are now unvaccinated people. 150/18,000 of the deaths in May were vaccinated, or .008%. More

Belong Gaming has opened the US’s first esports gaming center in Houston. More

California is paying off all COVID-related past due rent. More

A survey has found that men are losing their close friends. In 1990, 3% of men said they had no close friends, and that’s now 15% in 2021. And just 15% say they have 10 or more close friends, as opposed to 40% in 1990. More

China is sending people to Mars in 2033, with plans to build a base there in a second phase. I’m happy to hear it, but I think Musk and others will be there by then. More

Amazon is continuing its rollout of “grab and walk” grocery stores in London. This includes larger stores, not just the little ones. Scan your app, walk in, take what you need, and walk out. More

Oakland, CA is redirecting $17 million from their police budget, which translates to around 50 police officers. I think defunding police is a horrible idea that mostly affects communities that need police the most. More

CONTENT, IDEAS & ANALYSIS

Summary: NOISE — My summary of Daniel Kahneman’s latest book, NOISE. It’s all about how things like medicine, hiring, and all types of judgment are plagued by inconsistency, and what you can do about it. 10/10. More

NOTES

We had Book Club on Sunday, and it was brilliant. Lots of great discussion about Speaker for the Dead, and we picked our next book as well. Come join us for the next one!

DISCOVERY

[ Sponsored Discovery ] Privacy.com — Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. This is great for paying subscriptions or one-time payments, especially if you’ve had issues with card compromises in the past. Head to privacy.com/u nsupervisedlearning and get $5 when you sign up. More

DJ3D Louvre — Walk around the Louvre as a 3D MMORPG. More

Realtime Voice Cloning — An implementation of multiple papers that allow you to clone a voice using Pytorch. More

Key Differences Between TLS 1.2 and 1.3 More

How Reddit uses its millions of users to moderate content. More

How to Properly Build Remote Teams More

A group of academics partnered with the military to try to predict the next war using novels. More

A history of all Googles’ various messaging apps. More

Nightmare — A reverse engineering course based around binary exploitation, built into a CTF structure. More

RECOMMENDATIONS

NOISE — The latest book by Daniel Kahneman on how there’s often far more variation and error in expert judgments than we think. And how to address it. This along with Thinking Fast and Slow and Superforecasters are my new Holy Trinity of books on clear thinking. More

APHORISMS

“It’s simple to be happy, but hard to be simple.”

~ Rabindranath Tagore

Recommended

Tutorials

Projects