Unsupervised Learning Newsletter No. 310

Member Edition | Ep. 310 | December 6, 2021

SECURITY NEWS

Apple has warned some US State Department employees that their phones were hacked by an exploit called ForcedEntry, which resulted in the installation of Pegasus—the spyware developed by NSO Group. This will surely add additional scrutiny to the Israeli company, on top of just being sanctioned by the US for selling their tools to shady countries. More

The White House is pushing to fill 600,000 cybersecurity positions in both the public and private sectors. I wrote about a possible approach here. More

Crypto exchange BitMart confirms they were hacked, resulting in a loss of $200 million in crypto. More

CISA has added 5 new vulnerabilities to their Known Exploited Vulnerabilities Catalog. Qualcomm Chips, MikroTik Routers, Zoho (2), Apache More

A former Ubiquiti employee allegedly stole gigs of data from the company and then pretended to be an anonymous hacker asking for $2 million in ransom. He's been arrested and charged. More

Google has released a new Clout Threat Intelligence report, which they'll be doing monthly from now on. Top issues discussed included: cryptocurrency mining abuse, phishing campaigns, and ransomware.
 More

Vulnerabilities:

• Gravatar Data Leak. Expect an email from Troy. More

• Over 150 HP Printer Models | Critical | Lateral Movement More

• 9 WiFi Routers | 226 Flaws More

• AWS Sagemaker Jupyter Instance Takeover More

Companies:

• Panther Labs raises $120 million to continue providing actionable security insights based on cloud-scale data analysis. More

• CyCognito raises $100 million to continue doing attack surface management. More

TECHNOLOGY NEWS

Jack Dorsey stepped down as CEO of Twitter, and renamed Square to Block. More

Top Announcements at Amazon re:Invent 2021 More

What stood out to me from the event:

• Amazon Inspector — Automated vulnerability management for multiple cloud resource types, including both detection and automated remediation. More

• Amazon CodeGuru Reviewer — A new automated tool for detecting secrets in source code and config files. More

• AWS Shield Update — Now features automatic deployment of AWS WAF rules to mitigate layer 7 DDoS attacks. More

• Real-user Monitoring for CloudWatch — Realtime user monitoring for running experiments and doing feature management in application code. More

• Sagemaker Canvas — A visual, no-code machine learning capability for business analysts. More

• Amazon Connect — AI-powered call summarization for customer service productivity. More

• M1 Mac Instances — EC2 instances running the M1 Mac platform. More

Amazon says they'll ship more than UPS and FedEx in 2022. More

Amazon says they're making their own shipping containers and chartering their own plans and ships. More

Vitalik Buterin is recommending a change to Ethereum that will lower gas prices. This is separate from the big Proof of Stake change coming next year. More

Only 60% of the US is paying for cable TV now, down from 85% in 2010. More

It looks like TSMC may ship 3nm chips in 2023. More


HUMAN NEWS

Omicron has caused a massive spike in people getting vaccinated, with last Thursday posting the highest total count (2.2 million shots) since May when the first shots became available. More

A company in Switzerland believes their suicide capsule will be approved soon for use. It's a 3D-printed and futuristic-looking shell that you get into and turn on from the inside. It pulls all the oxygen out of the air and you basically feel dizzy and/or euphoric before dying in like 30 seconds. More


CONTENT, IDEAS & ANALYSIS

NFTs Are Digital Signaling — My short essay on why I think NFTs are with us forever, regardless of the form they take. More

Knowledge of Psychology Removes Villians — I read a good headline recently that said pop psychology has robbed us of villains, and I think that's right. I'm not sure how much we really need to believe in true evil, but it still feels like we lost something. Simplicity, perhaps. The Fox News narrative. It's pleasing to have a good guy and a bad guy. The story isn't as compelling when everyone is a random collection of trauma and privilege.


NOTES

I had a rare Internet debate victory last week. I decided to do a thread on why it's a good idea to get a vaccine, or, more accurately, why it's not logical to avoid them. The arguments and/or conversations resulted in at least one person changing their mind, in real-time, and agreeing to get the vaccine. Such a small win, but it felt much bigger. More


DISCOVERY  

Hakluke talks about the pursuit of the perfect automated bug bounty system. He's built 3 so far and is starting on his 4th. More

A fantastic piece about pulling SecurityTrails information into GigaSheet for massive and performant queries of recon data. More

pip-audit — A tool for identifying known vulnerabilities in Python environments and packages. More

Interlace — Turn single-threaded commands into multi-threaded applications. More | by Codingo


RECOMMENDATIONS

As we get close to the end of the year it's a good time to start thinking about goals.

My favorite tool for this is the Hypothetical Retrospective. Imagine yourself dying, in your 70s, 80s, or 90s, and looking back on your life.

Are you currently spending your years in a way that you would be happy with looking backwards?

If not, plot a course and prepare to take action.

If you know your life's work, and you're not doing it, find the courage and opportunity to make the change.


APHORISMS

"All cruelty springs from weakness."

Seneca