Unsupervised Learning Newsletter NO. 352

SECURITY NEWS

CISA, FBI, and NSA say an attacker broke into a US military contractor, stole data, and stayed persistent for months. A note in the advisory originally described how to stay safe from Russia, but has since been removed. MORE

CISA, FBI, and NSA also released a list of the top CVEs being actively exploited by state-sponsored attackers in China. MORE | THE LIST

CISA is ordering federal agencies to track assets and vulnerabilities. OMG thank you. Love this. MORE | SPECIFIC GUIDANCE

Criminals are starting to use de-authers and jammers to stop wireless cameras like Ring from recording them. MORE

Uber's former security chief has been convicted for concealing a felony. MORE

MITRE is about to release its ATT&CK Campaigns, which, "describe a grouping of intrusion activity conducted over a specific period of time with common targets and objectives." MORE | ATT&CKCON 3.0 TALK

Chainalysis estimates that $2 billion in cryptocurrency has been stolen across 13 separate cross-chain bridge hacks, the majority of which was stolen this year. MORE

China's great firewall (which is both tech and an organization to support it) has been upgraded to detect more TLS-based censorship-bypasses. Just in time for "elections". MORE

It's now entirely too easy to implant false memories in adults. MORE

The US's FCC is moving to ban spam text messages. MORE

Incidents

• Lloyd's of London is investigating a possible cyberattack after detecting "unusual activity". MORE

• Celsius is going through a bankruptcy and just filed a 14,532 page report. Unfortunately that report included the names of all customers and their recent transactions. Including all their executives. MORE

Companies

• Congratulations to Crowdsec for raising $14 million for Crowdsourced Threat Intelligence! They're a long-time sponsor and friend of UL, and I'm going to be doing a demo video of their solution soon! MORE

• Eclypsium raises $25 million to continue doing firmware security. MORE

TECHNOLOGY NEWS

US Twitter users are about to start seeing crowdsource fact checks on Tweets. Select people will be able to add notes to a tweet to give it context. MORE

The recent Chess cheating scandal has been highlighting something known but ignored: humans suck really bad compared to computers. Like, 2800 vs. 3500, which is almost like an untrained child vs. a skilled adult. MORE

Elon just re-requested that his buyout of Twitter moves forward. To me he's just become a giant troll (at least in some respects), and he's quickly losing credibility. This reminds me of a pillow fight where you say you're done at the end, lower your pillow, and when your opponent does the same you wallop the shit out of them. In other words, more stalling and diversion while he readies his troops. MORE

Elon's new thing is talking about "The Everything App", which is basically a clone of WeChat in China. Basically, think a single app that does everything from shopping (Amazon), home food delivery (Doordash), rides (Uber), social media (TikTok, Facebook), messaging (Messages, Text, Facebook), etc. All in one app. MORE


HUMAN NEWS

The US manufacturing sector added nearly 500,000 jobs in the last year, and is growing the fastest it has since 1984. Now the problem is finding enough workers. MORE

The Biden administration has pardoned federal cannabis offenses, and he's called on states to do the same. Unfortunately, there aren't many people in trouble for cannabis at the federal level. It's very much a state thing, so we'll see who implements it. MORE

GenZ is using TikTok as its search engine. MORE


IDEAS & ANALYSIS

✍️ Something is Wrong with Meritocracy
My latest essay on a rotten assumption within meritocracy that not enough people are talking about. READ 

Reverse Sugar Babies
There's a thing called Sugardaddies and Sugarbabies where rich men pay for the attention of young, attractive women. Bari Weiss has found a related phenomenon where the sugarbabies are co-eds at elite colleges, and the men don't make that much money. And here's the question: when it's a regular guy sending money to a woman who has all the options in the world, and will likely live a very good life no matter what, who in this situation—if anyone—is being taken advantage of? I'm reminded of the fact that prostitution is not legal in many advanced countries. Well, not for the woman. It's illegal to purchase prostitution in those countries, not to provide it. Anyway, not really the same thing. It's not easy for me to find a villain or a victim in this Stanford sugarbabie situation, but it still reeks of unhealth. And to me the punchline is a recurring one: loneliness. MORE

Uber CISCO Conviction
Uber's former CISO has been convicted, and a lot of the security community seems to think this is bad for CISOs because it places blame on them for hacks. That's not my read, however, because this guy wasn't convicted for getting hacked. Or at least not according to the jury. He was convicted of hiding the hack. Big difference. The center of the issue was the ambiguity around whether or not external researchers were extoring them or doing more of a bounty thing. Most (including the jury evidently) seem to believe it was more like extortion and should have been reported as a hack/incident, which it wasn't. MORE

Revolutionary New DIRAC Coming
There's a new technology coming out soon that audiophiles will absolutely love. It's a total phase-change for getting good sound from speakers in a room. Not evolutionary; revolutionary. So the problem with speakers in rooms is that when you listen you're largely listening to the room as much or more than the speakers. Because sound bounces off of stuff, most importantly walls. The way we've dealt with this in the past is by 1) equalization to counteract the bounces, 2) absorbing or diffusing the bounces, and most recently, 3) which is using DSP to do the equalization for you (which his what I use). The leader in that DSP-based space is DIRAC, and it works by sampling places all over your room, listening to the direct sound plus your reflections, and then building the perfect sound modification profile within your music source. Well, now DIRAC is about to do something completely wicked: they're going to include a new tool into the game, which is active dampening. So rather than just doing filtering and equalizing, they're going to detect the bounces that are hitting various speakers, and then play countering sounds from the various speakers to nullify them! So now you'll have much more like a super-high-quality room within which to do normal DIRAC tuning. It's not out yet, but I can't wait for it!

Population Crisis?
There's a lot of disagreement about what's happening to total global population. Elon thinks there's an underpopulation threat, but even most demographers that disagree with him think the total population will peak in the second half of this century, before stabilizing or starting to decline. Remember, Elon also thought FSD would be easy, and that we'd be on Mars by Friday. Smart doesn't always mean measured, but I do find it fascinating that we aren't facing this runaway train of exponential growth like I grew up hearing. Turns out, people having better conditions just equates to fewer children. Of course that's assuming we don't kill ourselves in the meantime. MORE


NOTES

I am experimenting with doing shorter summaries of news stories in the news sections—like 1-3 sentences max—and then taking my analysis into the IDEAS & ANALYSIS section. I get a lot of comments saying how much they like my one-liner summaries, but a lot of people want the analysis too. Maybe this is a way to do both? DISCUSS IN MEMBER SLACK | SIGN UP


DISCOVERY

🛠️ gitfive | RECON | (169⭐️)
gitfive is an OSINT tool for investigating various data about people through their Github profiles. TOOL | by MXRCH | Follow mxrch on Twitter

🛠️ arsenal | RECON | (55⭐️)
arsenal is a simple shell script (Bash) used to install the most important tools and requirements for your environment and save time in installing all these tools. TOOL | by MICRO0X00 | Follow Micro0x00 on Twitter

🔭 [Sponsor] JupiterOne: Know What You're Defending — Consolidate everything you're defending into a single, graph-based system of record that allows you to ask complex Attack Surface Questions. START YOUR FREE ACCOUNT TODAY

Max Tegmark thinks there's a 1 in 6 chance of nuclear armageddon. MORE

Automating C2 Infrastructure Using Terraform, Nebula, Caddy, and Cobalt Strike MORE

Moving files in ZSH using zmv MORE

There's a webcam in San Francisco that's been running since 1994. MORE

Earth's rotation captured beautifully by a video that locks onto a fixed point in the sky. MORE

The AI Spell-casting Metaphor MORE

The Crisis of Men and Boys MORE

Secure Your Machine Learning with Semgrep MORE

Stable Diffusion Illustrated MORE


RECOMMENDATION OF THE WEEK

Consider re-reading some of your favorite books. You're a different person each time, which makes it a different book each time.


APHORISM OF THE WEEK

"Life is neither good or evil, but a container for good or evil."

Marcus Aurelius