Unsupervised Learning Newsletter NO. 318

MEMBER EDITION  | NO. 318 | FEB 14 2022

SECURITY NEWS

China is suspected of hacking into News Corp via a BEC attack, with the goal of targeting journalists for their access to information and sources. The attack was evidently successful against several targets, and Mandiant has been brought on to help with the investigation. More 

Google says they see 50% fewer compromises on accounts they enroll to use 2FA. That's fantastic, but honestly I'm surprised the number isn't much higher. More

Apple released iOS 15.3.1 to address an actively exploited flaw in Safari that can lead to code execution. More

Two US senators have gone public with evidence that the CIA had a massive bulk data collection program called Deep Dive that was run without oversight. The senators, the EFF, and others are requesting the declassification of the program so Americans can see what was collected. More

Zoom users running on Mac have been reporting that the microphone light has been staying on, even when they weren't actively using the application. Zoom issued an update to address it, but one fix is to make sure you fully quit Zoom when you're not using it. More

Cloudflare Tunnel lets you SSH to machines that aren't listening on the internet. They catch the requests, authenticate you, and send you back to the protected machine. More

Cloudflare has acquired Vectrix to play in the CASB space as part of its SASE (Secure Access Service Edge) offering. The startup focuses on visibility and control of data at rest in SaaS applications. More

CVS says they've seen a 300% increase in retail theft from stores since the pandemic began. Rite Aid and other stores are closing locations hit hardest, and one employee said, "They come in every day, sometimes twice a day, with laundry bags and just load up on stuff." More

Vulnerabilities:

• Magento | 9.8 | Code Execution More

• Siemens PLCs | 27 Vulnerabilities | High | Denial of Service More

• Adobe | Multiple Products | System Takeover More

Incidents

• The San Francisco 49ers have been hit by a Blackbyte ransomware attack. The attack has evidently caused disruptions on part of their IT network. More

Companies:

• Vicarius | Cloud-first Vulnerability Management | $24 million More

TECHNOLOGY NEWS

Amazon has increased its base pay by more than double—going from a max of $160,000/year to $350,000/year. This was a reason a lot of people never looked at Amazon, so if you're a hiring manager expect to lose more candidates to them for a while. More

Intel is looking to roll out energy-efficient crypto-mining chips. This is cool, but it feels like all this blockchain focus is a desperatete response to being crushed ARM. More

Coinbase QR code Super Bowl ad was so successful it crashed the Coinbase app. As a security guy I'm horrified that we just trained millions of people to scan arbitrary QR codes. More

Someone created a Twitter tracker (@ElonJet) that follows Elon Musk's private jet. They tried to pay him $5K to stop, but $5K wasn't enough. More


HUMAN NEWS

A new study has shown that Selenium may be key to new neuron formation, and could be used to help keep people sharp as they age. More

Much of the US is removing mask mandates for indoor events, including indoor restaurant eating. This is for places that haven't already. Notably, California, New York, and New Jersey are making the change soon. This comes as deaths per day are still quite high, at over 2,400 a day last Friday according to the New York Times. This shows how much risk tolerance comes down to familiarity and the desire to do the risky activity. People are tired of lockdowns, so the sentiment has shifted from panic at a few people dying to being ok with almost a 9/11 per day. More

The inability to exercise is emerging as one of the most common symptoms of Long Covid. More

A new study has shown that the chance of heart disease increases significantly for up to a year after infection with Covid, including with mild cases and for people under 65 without significant risk factors. They showed a 52% increased chance of stroke and 72% increased chance of heart failure. More
 

CONTENT, IDEAS & ANALYSIS

My Favorite Vim Commands in Chrome — A quick piece on my favorite keyboard shortcuts within the Vimium extension for Chrome. Essentially, navigate within Chrome using familiar Vim commands. More

Bradbury's Dystopia — We've all heard about the comparison of Orwell's or Huxley's dystopias, where in one case we're worried about authoritarianism, and in the other we're worried about a lack of ambition. Bradbury offers another model, which is based on the elimination of complex thought because it's difficult. This is what Fox News and CNN do, in my opinion. They provide clear good guys and bad guys, removing the nuance and layered nature of reality. Burning books that inspire too much thinking is one way to get there. More

Behavior Shaping — Here's a crazy idea. Since TikTok is a content surfacing and rewarding platform, and it's Chinese-controlled, wouldn't it be interesting if they rewarded different behavior for different populations? What if they rewarded science and engineering and creativity in China, but in Europe and the US they rewarded promiscuity, anti-government, or hate-oriented content? Wouldn't that be an ingenious way to incentivize the raising of your own society while contributing to the downfall of an enemy? I wonder if anyone's done any analysis of what gets surfaced or rewarded in different geographies.

NOTES

I went on the Barely Conscious podcast with Justin Adams last week and had a blast. We talked about the future of sentient AI, AI suicide, and how to approach meaning in a world without supernatural belief or free will. More

Enjoying this week's UL book of the month, The Sovereign Individual.

I'm in the second book of The Stormlight Archives and I feel committed at this point. So. Many. Books. Though.
 

DISCOVERY

Maybe we're not in an Orwell or Huxley dystopia, but one based on Bradbury. More

Google's search engine is jumping the shark. More

A lot of security people talking about getting into Crypto/Web3 are really just talking about doing appsec audits. More

Git in one image. More

A reminder that it's somewhat strange to hold AI to explainability standards when most people can't explain their own beliefs or actions. More

Rekt — A list of crypto-related security incidents. More

🔥 The simplest and most important dashboard for early-stage startups. More

[ DETECTION & RESPONSE ] AWS Canary Tokens — Sprinkle these throughout the environment and if someone tries to use them you'll have strong signal you have a compromise. More | by Thinkst

[ OSINT ] Radar Interference Tracker — An open-source tool to locate active military radar systems. More

[ AVAILABILITY ] HaveIBeenExpired — Monitor your websites for expiring certificates. More

[ UTILITIES ] RGA — Ripgrep All: It's ripgrep, but for tons of extra filetypes, including pdf, docx, sqllite, jpg, movies, etc. More | by Phiresky

[ REVERSE ENGINEERING ] A video tutorial on reversing and patching a crackmes.one binary. More | by Bursa Demir

[ OFFSEC ] SecLists is at Release 2022.1. More | Thanks to g0tmi1k!

RECOMMENDATION

One of the best explanations for strategy I've ever heard is to find a really hard thing and to bring a solution that doesn't yet exist. The worse the problem without being clearly articulated, and the better your approach vs. competitors, the better your strategy. So, if you run a small business, ask yourself this: "What big problem are we solving, and how much better is our solution than our competitors?"


APHORISM

“The most personal is the most creative.”

— Martin Scorsese