Unsupervised Learning Newsletter No. 288

News & Analysis

MEMBER EDITION | Monday: July 5, 2021 | No. 288

SECURITY NEWS

REvil, a Russian cybergang, has launched a massive ransomware campaign (called Kaseya based on the software it attacks) against many thousands of systems across 17 countries worldwide, making it the largest ransomware attack on record. The attack targets the update mechanism of Kaseya, an IT services company, which has software running in thousands of customers' networks via MSP relationships. So they make the tool, which they then sell to other companies which gets used by even more companies. This fractal nature of the impact is what makes supply chain attacks so dangerous. REvil is asking for $70 million in Bitcoin to publish the decryptor key for all affected organizations and systems. FBI and CISA are saying you should disable any VSA servers immediately. More | CISA Recommendations | Kaseya VSA Detection Tool

Staying in Russia, APT28 (Fancy Bear) has been launching a widespread brute force attack against hundreds of organizations in the US and UK according to the NSA, CISA, and FBI. Targets include government, military, political parties, political consultancies, defense contractors, energy firms, logistics companies, think tanks, and other high-value organizations. More

CISA released a new ransomware self-assessment security audit tool, which is a new module for its Cyber Security Evaluation Tool (CSET). It looks at an organization's IT, OT, or ICS assets and assesses how equipped you are to defend against attacks. More

APT29 (Cozy Bear) successfully compromised a Microsoft customer support representative's account and used that access to attempt to attack customer accounts. This is the same group responsible for Solarwinds, and they evidently only got a few VIP accounts. More

The US Secret Service has brought back its cyber most wanted list. More Most Wanted

Israel logged the first known use of a fully autonomous drone swarm to track and attack Hamas militants. They were able to find and attack their targets with zero human interaction. If you're into this topic, you really should read Daniel Suarez's book, Kill Decision. More

Cyber insurance costs have risen 32% in the last year, and appear poised to continue. Not only are premiums increasing, but additional stipulations are being added to policies as well. More

Proofpoint says Cobalt Strike has shown a 161% increase in usage by attackers vs. last year. More

Vulnerabilities:

  • Microsoft has found new vulnerabilities in NETGEAR firmware. More

  • QNAP fixed more bugs. More

Incidents:

  • LinkedIn has had another data loss incident, this one affecting 700 million users. More

  • GETTR, Trump's new social media platform launched and was hacked on July 4th, with several VIP accounts being compromised and defaced. More

Companies:

  • Greynoise just got some In=Q-Tel money. Congrats to Andrew and team! More

  • Noname Security raises $60 million in their Series B to continue doing API security. More


TECHNOLOGY NEWS

Facebook announced its competitor to Substack, called Bulletin. The biggest difference over the rest of the field is that they're not initially taking a cut off what people make. More

Foxconn earnings were up 20% on high demand from Apple. More

TikTok is extending its video length limit from one minute to three minutes. More

Companies:

  • Obviously AI is a no-code AI tool for data analysts, and they just increased their seed round to $4.7 million. More


HUMAN NEWS

Over a hundred people are dead in Oregon, Canada, and other places in northern parts of North America as temperatures hit 116 degrees Fahrenheit. I know someone who was visiting Seattle from Austin and they arrived to much hotter weather than where they left. In July. More

70% of San Francisco residents say the quality of life in the city has declined. More

Iceland says their 4-day workweek trial was an "overwhelming" success, with most people being less burned out and productivity staying the same or improving. More

Asimov's Foundation is coming to AppleTV in September. Looks really good. More


CONTENT, IDEAS & ANALYSIS

The American Flag as a Hate Symbol — I think a lot about how to attack things (I'm in security), and one of those things is the United States. It's the only way to know how to defend. One of the most devastating attacks I've ever thought of was launching a massive campaign to convince Americans that the US is, and always has been, a country of hatred, and that the flag is a symbol of that hate. Well, somehow that's exactly where we are heading. The US women's soccer team just had some of their members turn their backs while a veteran in his 90s played the national anthem on harmonica before a game. A game where they were there representing that same country. When you look at how we're going to face a rising China, or a rising Russia, it's a daunting task by itself, but it's made nearly impossible if we're a country where half of us think we've never done anything wrong and half thinks we're the worst country ever. The truth is in the middle. We've done some horrible shit in our history, but we're currently one of the best places in the world for people of color, or people in the LGBTQ communities to live normal lives and thrive. That's not easy to do for Black or gay people in much of Asia or South America, or in Africa. In other words, most of the world is still outwardly hostile to races and sexual identities other than what exists there natively, and the US is one of the few exceptions. We should remember that, and be proud of it, even as we reflect on how we made mistakes in the past, and as we continue our work of improving. More


NOTES

I'm already done with our UL Bookclub book of the month. It's unbelievably good, and I can't wait to talk about it with you all!

Big news for me: I closed on my house and am slowly moving into it. So that's two massive items happening in the same week.

I woke early on Newsletter Day to add the Recommendation of the Week and ship it out, only to discover that either Mailchimp or my browser ate around 30% of my content. Luckily I was already done with the security section, but I lost probably three hours of work (and stories) in Technology, Human news, and Discovery. Turns out the adage of "safe often" still applies. Ughhh.

DISCOVERY  

The Most Precious Resource is Agency More


RECOMMENDATIONS

When you make big life decisions, don't just compare upsides and downsides. Also ask yourself which one feels safe vs. scary. Often times—but not always—the one that makes you feel safe is a bad choice. This is especially true if you're younger, or you have fewer external responsibilities. Doing the safe thing is far more likely to result in mediocrity, and doing the scary thing is far more likely to result in something wonderful. There's risk there, of course, but you have to think about it from a whole-life perspective. Most people regret what they didn't do, not what they did.


APHORISMS

“When people talk, listen completely. Most people never listen.”

~ Earnest Hemingway