- Unsupervised Learning
- Posts
- Unsupervised Learning Newsletter NO. 346
🗞️ NO. 346 | AUG 29 2022
Greetings!
I hope you're doing well. But you're probably not doing as great as Matt LeBlanc starring in the new DUNE.
— Daniel
SECURITY NEWS
Twitter's ex-head of security, Mudge, released a searing whistleblower report saying Twitter leadership was willfully negligent in dealing with security issues. This caused Twitter executives to attack Mudge directly, which was stupid. More | Read His Report | My Analysis
The Twillio breach keeps growing—or at least our knowledge of its impact. It's now affected Okta's one-time MFA passwords, Authy credentials, Doordash, and many other services. What we've learned: 1) phishing still works, 2) 2FA attacks cut deep, and 3) we need to move to passwordless. More
LastPass announced a breach last week that included the loss of source code. As I said on Twitter, it's not about whether you got breached; it's about how you handle it and adapt. More | My Comment
Sponsor
🔭 Crytica Closes the “Dwell Time” Detection Gap
It's fair to say we are all on high alert when it comes to protecting our sensitive data. Having to wait an average of more than 180 days to identify a data breach on your network is both unsettling and unacceptable.
Enter Crytica Security. Its Zero-Day Detection™ technology detects Zero-Day attacks immediately: at the time of injection, at the time of infection, and when Dwell Time begins. It's Zero Day detection not in hours, but in 180 seconds or less. Schedule a demo to see how Crytica is the missing piece of your Detection Defense.
Iranian attackers are using log4j as part of a lateral movement strategy within Israeli targets. Microsoft detailed TTPs for the Umbrella threat actor believed to be part of the Iranian Intelligence apparatus. More
Over 80,000 Chinese-manufactured (Hikvision) cameras are available online and exploitable to information leakage via a 9.8 severity command-injection flaw. More | Research
Bellingcat found another Russian spy, this one living in Italy and targeting NATO officials. More | Report
Plex had a breach that exposed usernames, emails, and encrypted passwords. More
Attacker groups that used to be heavy on Cobalt Strike are increasingly moving to the Sliver C2 Framework by Bishop Fox. The primary reason being that so many defensive tools are now good at looking for Cobalt Strike, so it's harder to use quietly. More | The Silver Framework (Bishop Fox)
The Pentagon is warning that China will surpass us in space unless we take unified, coordinated action now. More | The Report
Vulnerabilities
TECHNOLOGY NEWS
It looks like we're about to have satellite phones on our regular mobile phones. It's rumored that Apple will announce something like this soon, and both SpaceX and T-Mobile are talking about it as well. Basically you go outside and your phone will connect to a new generation of satellites, and you'll be able to do voice calls and text messaging. Insanely cool. More
Google's releasing another RSS reader! It's in early form right now, but it sounds promising. More
There's a third major player in the AI Art Generation race now, called Stable Diffusion. Its biggest difference is that it's open source, and it tends to be more like Midjourney than DALL-E 2 in terms of ease-of-good-results. More | Try It Out | Comparing DALL-E, Midjourney, and Stable Diffusion
Overburdened restaurants are starting to use voice bots to take orders. First, it's scalable when 65% of restaurants say they don't have enough people, and second the bots are consistent no matter how stressful things are on a slammed Friday night. More
Ethereum's migration to Proof of Stake is set to start on September 6th, with an end date between the 10th and 20th. The upgrade will make it much cheaper and faster to use the network, which proponents hope will dramatically increase adoption. More
HUMAN NEWS
The US central bank chair said he's going to have to keep raising rates for the foreseeable future to keep inflation in check. It crashed the markets, but better that we take the hit now than we're surprised later. More
The US is going back to the moon, starting today with the Artemis 1 mission. First, we'll launch an unmanned probe around the moon, then we take humans around the moon, then we land them on it again around 2025. More
The US is pushing to make all research publications open to the public. Publications already had to open releases within a year, but this new legislation requires them to open access immediately. More | More
California is banning gas cars after 2035. Elon has issues, but I'm thankful to him for almost single-handedly making this tight of a pivot possible. More
We pointed the James Webb Space Telescope at Jupiter, yielding some truly spectacular shots. Images
Uhura's ashes are going into space on a Vulcan rocket. More
CONTENT, IDEAS & ANALYSIS
Quiet Quitting — This is a new trend that's big enough to have a label, and it basically doing the very minimum (or maybe less?) at a job to avoid burnout and/or to preserve your mental health. What's interesting is that companies like Meta, Apple, and Google are claiming that people are doing this, which is why they're getting more strict on standards and trying to push people into physical offices. So I think companies are somewhat correct in identifying the behavior; I just don't think bringing people into the office is going to fix it. Also note that this is highly correlated to The Great Resignation, perhaps as an alternative to quitting or as the step right before. Quiet Quitting | The TikTok Video
The LastPass Breach — I don’t use ‘breach or no breach’ as my metric for trusting a security vendor. My metric is around the quality, transparency, and humility of the announcement. And the follow-up that comes after. Nearly everyone’s been hacked, whether they know it or not. More
NOTES
I have a bookshelf in my living room that I'm turning into my Top 50 Books display. This has two purposes: I want to be able to start conversations based on those books, which won't be obscure, never-read titles designed to make me look smart, but rather my actual favorites that I can talk about for hours. And second, I can walk over there at any time and pick one up and re-read it, and it will be a good use of my time. I'm even going to put the most re-readable titles on the top shelf for both discussion and use. I'm turning the list of books into a member post, complete with a picture of the bookshelf as requested in our latest book club. :)
We had a great book club this week, but not because we loved the book. It was more the conversations that erupted after talking about the current book and picking the next one. We also discussed the plans for more community activities, which I'm super excited about.
I ordered my first drone, which is the DJI Mini Pro 3. I got it so I can do some aerial photography of the area around my house. Plus I've always wanted to have the feeling of flying, which would be better served by a FPV drone, but their batteries don't last long enough. Maybe in a couple of years I'll switch over.
Anyone know how to get birds to visit your birdfeeder? I set one up but there are no birds around. 🤷🏼♂️
DISCOVERY
🔥🔥🔥 ⚙️ RECON | Hakscale (⭐️ 23 )
Distribute your scans across multiple systems without spinning up boxes. Uses a queuing system to manage the tasks taken up by multiple workers, and then sends the output back to the calling source. Ben Binmead's Axiom does the same thing using new cloud instances, but this method runs the commands directly on pre-existing boxes. Tool | by Luke Stephens
⚙️ RED TEAM | Silver (⭐️ 3.6K )
The Sliver red team framework emulates real-world attackers for testing of the blue team. Includes dynamic code generation, compile-time obfuscation, multiplayer mode, and tons of other features. Tool | by Bishop Fox
⚙️ VULN MANAGEMENT | Vision2 (⭐️ 144 )
Parses Nmap XML output and looks for CVE information, basically making Nmap a rudimentary vuln scanner. Tool | by CoolerVoid
⚙️ CLI SECURITY | Shellclear (⭐️ 65 )
Find and clean up sensitive entries in your shell's command history. Tool | by Rusty Ferris Club
Using TouchID (or your Apple Watch!) to authenticate sudo on macOS More
A strong Twitter thread discussing the Covid threat model for eating indoors. More
Some stunning images of Iceland's volcanic activity from above. Images
MANGA onsite ML interview questions. More
Zuckerberg went on Rogan and things were said. Worth listening to the whole thing. More
Tyler Cowen's approach to reading a lot. More
Is ARR Per Employee (APE) the killer metric? More
My buddy Joseph Thacker (rez0) on how to increase your luck when playing Bug Bounty. More
We're getting closer to a freshwater crisis. More | Follow Tim Tyler
RECOMMENDATION
Go through your reading list and purge the ones that you tried to read but couldn't get into. It's ok to quit books. Stop feeling guilty about it. Purge your list, bubble up the most important ones to the top, and dive back in.
APHORISM
"It is what you read when you don't have to that determines what you will be when you can't help it."
Oscar Wilde