Unsupervised Learning NO. 369

Reddit Hack, Deepfake Scams, Embracing Change…

✅ Please subscribe to and give a 17-star review to this show on Apple Podcasts and Spotify. Thank you!

SECURITY

Reddit has confirmed it was hacked, and it's recommending users add 2FA. The attack started by phishing Reddit employees and stealing credentials and 2FA codes. After that point the attackers went after docs, code, and internal dashboards and support systems. They don't believe any primary production systems were breached at this time. ANNOUNCEMENT

An unknown threat actor is targeting companies in the US and Germany with a piece of custom, data-stealing malware. Proofpoint is tracking the campaigns as Screentime, and they say the group is financially motivated. They say the attacks started last October and often include office files with malicious macros or URLs with malicious JavaScript. MORE | REPORT

China is using deepfake news anchors to spread CCP propaganda. The fakes are good enough to convince most people at a glance, but analysis revealed they were likely generated by British AI company Synthesia. The actors used in the campaigns are actually featured on the Synthesia website as Anna and Jason. MORE | GRAPHICA ANALYSIS

Sponsor
 

 Why are unmanaged devices still a challenge for IT & Security teams?

Having a comprehensive asset inventory is foundational for every IT and security team, but there are many challenges. The one that looms largest is unmanaged devices and assets.

These devices pose a real risk to organizations for many reasons, such as running older vulnerable operating systems or software, using insecure protocols, or having nefarious intent. Plus, they can be difficult to discover or locate, sometimes using unmanaged subnets within a network.

In this article, we further discuss the risk and potential impact of having unmanaged devices on your network, the best methods for uncovering them, and how runZero can help.

How many unmanaged assets are hiding on your network? Scan your network now for free with runZero.
 

North Korea is funding their espionage efforts by hitting hospitals with ransomware. They need money to run the campaigns that steal data and IP from US and South Korean companies, so they're getting that money by ransoming hospitals and impersonating South Korean workers. It's insane and fascinating to me that this can be a strategy for a country . Hacking to survive. MORE

A security researcher was able to gain access to Toyota's supplier management system, giving him visibility into their global supply chain. He got in through a JWT bug that allowed access to anyone with a valid email address. MORE

The US added six more Chinese companies to the US Entity List because, "The PLA is utilizing High Altitude Balloons (HAB) for intelligence and reconnaissance activities." MORE

Deepfakes + Scams are about to be super nasty. Here's an example from Huberman and Rogan. MORE

The InfoSec Community Needs You (Yes, you!) — My Buddy Leif's epic blog on The InfoSec Community, and why you should take part. MORE

⚒️ Nuclei Cloud — Project Discovery just announced limited testing of their Nuclei Cloud product! It gives you remote scanning, scan history, scalable scans, full API control, notifications and webhooks, and integrations. You can sign up for the waitlist here. MORE | GET ON THE WAITLIST

⚒️ grep.app — Search across half a million git repos. TOOL 

✏️ Learning Semgrep — A fantastic intro to using Semgrep in an organized fashion. MORE | BY JOE ROZNER

Sponsor
 

CrowdSec — The Massively Collaborative Cyber Defense Solution
 

Discover CrowdSec, an open-source and collaborative intrusion detection and prevention solution. Analyze visitor behavior & remediate various attacks such as brute force, scans, scraping, scalping, and more.

Each time an IP is blocked, all community members are informed so they can also block it as well—making the solution not only reactive but also preventive.

Thanks to the collaborative CTI, CrowdSec users experience 90% fewer attacks on their servers. As of today, the tool is being used in 160+ countries, and the community flagged over 2 million malicious IPs.
 

TECHNOLOGY

Almost 30% of professionals say they've used ChatGPT at work. MORE

Twitter says its base API tier will cost $100 a month. MORE

Twilio is laying off 17%. MORE | LAYOFFS.FYI TRACKING

Benedict Evans just released his annual report for 2023. Always full of really interesting trends and stats. This year's theme is 'The New Gatekeepers'. MORE

David Guetta used AI to create a fake Eminem EDM track, and people loved it. MORE

⚒️ openai-to-sqlite — Provides utilities for interacting with OpenAI APIs and storing the results in a SQLite database. TOOL | by SIMONW

⚒️ chatgpt-arxiv-extension — A Chrome extension that summarizes arXiv papers using ChatGPT. TOOL | by HUNKIMFORKS

"One thing I usually do when I first meet a new startup is to listen to their explanation of what they do till I understand it, and then re-explain their startup back to them in the fewest possible words." BY PAUL GRAHAM


HUMANS

Interacting with AI will soon be the most important work skill. "I think that good prompting likely rewards divergent thinkers who find ways to experiment quickly. I think it rewards people with deep curiosities.” MORE

Researchers have found 27 genetic variants linked to ADHD. MORE

How Do You Serve a Friend in Despair? MORE

I Thought I Was Saving Trans Kids. Now I'm Blowing the Whistle. MORE

📊 35% of Americans say they're better off than a year ago, while 50% say they're worse off. These are the worst numbers since 2009. MORE


IDEAS & ANALYSIS

🔥 🗒️ Custom Models Are AI's Killer App… POST | THREAD

🧵 ChatGPT didn't create Google's fragility, it merely exposed it… THREAD

🧵 Being a Vendor or Virtual CISO vs. the real thing… THREAD

🧵 I asked GPT to caricature a NYT story intro… THREAD

🧵 You'll soon be able to instantly write as any author… THREAD

🧵 The fit and finish will soon be done for you… THREAD

Bard Highlights Google's Innovation Disadvantage
Google botched the launch of their Bard competitor to ChatGPT. The demo was rushed, had multiple hiccups, and clearly showed a company outside their element. Then one output from Bard showed the wrong answer to a question, further showing it was half-baked, and the company lost $100 billion dollars in value as a result. The entire situation highlights the Innovator's Dilemma, which says small companies are actually far more capable of innovation because they're unhampered by success. Or more specifically, that it's really hard to get a company to build competence in any area that's not their main thing, and especially if it's seen as counter to the main thing. It's even worse when a company simply loses the ability to innovate because the main thing has been so easy and dominant for them for so long. And I think that's exactly where Google is right now. MORE

What's Up With All the UFO Shootdowns?
Here's my current analysis on the UFO/Balloon shootdowns. Is shootdown even a word? Anyway. Seems to me there are only a few options. 1) malicious other countries' equipment, 2) benign other countries' equipment, 3) our own stuff and we're really bad at internal government communication, 4) aliens. I don't have any particular insight on this, but #1 seems most likely. Feels like this has likely been a common occurrence, and there's been a policy that said "let them do it" in the past. But with the first balloon situation now it's in the public and governmental eye, so the policy has changed. So now we're shooting them down as a message that this is no longer cool. #3 would be sad. #4 is the spiciest, obviously. Honestly I don't see it as that impossible that there are aliens here about to intervene when the nukes start flying. Our doomsday clock is closer than ever to midnight, and I could see there being a space force dedicated to not letting idiots with nukes destroy themselves. But to be clear, out of the choices #1 is probably 99.9% it for me. Aliens is a VERY small chance in my view, but I also wouldn't be surprised. Meaning, as an explanation for all the recent sightings everywhere, not for these in particular, which seem a lot more like #1. DISCUSS IN UL | SIGN UP

Medium's Decline
Everything I said about Medium in 2015, 2016, and 2017 is now coming true. Keep. Your. Content. On. Your. Own. Domain. This applies to Substack as well, which is today's Medium. Feel free to use the software platform as long as you like the URL structure and it's easy to export and migrate, but always make sure you host on your own domain. MORE | HN DISCUSSION

Patriotic Superbowl?
I thought Rihanna's halftime show was quite patriotic. The whole setup seemed to be red, white, and blue to model the American flag. And there was a ton of patriotism and Jesus stuff throughout the entire production as well. As an atheist I still found it refreshing. I prefer almost any messaging of kindness and unity over the division-based propaganda we've had in the last several years. Plus I think the US has a lot to be proud of in the metrics that matter. DISCUSS IN UL | SIGN UP

 FOLLOW ON TWITTER


NOTES

I just got to hang with two of my closest friends this week and weekend, and it was glorious. It was one of those situations where I could have done it or not done it, and I made the decision based on having more homie time. It's pretty much always the right decision.

I'm about to drop the first video in a series called 'Practical AI'.

If you were ever into Magic, this new set might be worth looking at. MORE


RECOMMENDATION OF THE WEEK

This week's recommendation is going to be quite forceful. Ready?

Do not let yourself fall into the Luddite Trap with regard to AI, AI prompts, or ChatGPT. Do not do this. I know it's tempting, and especially for people in security and people who appreciate the liberal arts. Don't do it.

First, at the high-end, i.e., the top of the K, this tech is going to magnify creativity and curiosity and art, not destroy it. It'll take out a lot of people that are creativity-adjacent for sure. But if you're a true creative, writer or artist of any sort, you'll be able to use these tools to magnify your work.

Second, if you become a curmudgeon about this stuff you will fast-track yourself to the bottom of the K. Not just you, but your peer group. You'll become the old guys yelling at people on his lawn. Don't be that guy. Invite the new kids in for kool-aid. Learn the new lingo. Stay young. Stay curious.

Lean into this. Don't be the person screaming at the printing press. It not only won't help you, but it won't make a dent. This is coming regardless of what anyone has to say about it.
 

APHORISM OF THE WEEK

"The only way to make sense out of change is to plunge into it, move with it, and join the dance."

Alan Watts