News, Analysis, and Discovery | NO. 356


Exploring the intersection of security, technology, and society—and what might be coming next…

Standard Web Edition | Ep. 356 | November 7, 2022

SECURITY NEWS


TikTok has now admitted, after denying last week, that Chinese staff can in fact read European TikTok data. Pressure is increasing across the US government to outright ban the app, but it’s quickly becoming national infrastructure so many young people. MORE | FCC COMMISSIONER CALLS FOR BAN

Security company Lookout says mobile-based phishing attacks against federal government employees increased 47% between 2020 and 2021, which is roughly half of local, state, and federal government employees. MORE | THE LOOKOUT REPORT

Microsoft says between June 2020 and June 2021, 20% of all nation-state attacks were aimed at critical infrastructure, and that percentage grew to 40% between 2021 and 2022. MORE | THE FULL REPORT

CISA is pushing organizations to implement not just MFA, but phishing-resistant MFA, which today mostly means FIDO2 / WebAuthn. MORE | CISA GUIDE TO PHISHING-RESISTANT MFA

An attacker injected malicious code into a benign JavaScript file deployed on hundreds of US newspapers, and that malware was then pushed to all their users. The company targeted was undisclosed, but the malware was the SocGholish, which deploys fake updates that are actually malware. MORE

Musk is launching a new Twitter Blue offering for $8/month that gives anyone a blue checkmark without checking to see if they’re a real person. His counter to the security problem is to permanently ban any account that impersonates another. But he also talked about “widespread verification” in another tweet. I hope he means an actual identity confirmation. MORE | MY ANALYSIS OF THE RECENT EVENTS

Rewind.ai is an app that records everything you have seen, said, or heard on your Mac so you can remind yourself if necessary. Cool idea, theoretically. And likely a security/privacy hellscape. MORE

Dropbox got compromised by a phishing campaign which gave attackers access to 130 of their private Github repositories. MORE

Vulnerabilities:

  • Fortinet: 6 High issues. MORE
  • Splunk: 9 High issues. MORE
  • Cisco: Multiple, up to system takeover. MORE

 


Sponsor

Benchmark your cloud configuration in minutes with JupiterOne
 

See how your cloud configuration compares against CIS Foundations benchmarks in just a few clicks. Once your cloud provider is integrated with JupiterOne, this framework is automatically imported based on which cloud provider you use, giving you a greater understanding of how to improve your configuration and security posture.

News, Analysis, and Discovery | NO. 356
 

TECHNOLOGY NEWS


Matter launched last week, which is basically a new, shared language that allows all your smart home devices to speak to and control each other. THE VERGE SUMMARY 

TSMC is approaching 1nm due to a breakthrough in 2D materials. MORE

Shubhro Saha figured out how to run GPT-3 prompts in Google Sheets, allowing you to automatically sanitize data, categorize feedback, etc. MORE 

OpenAI has released the public DALL-E API in beta. So now you can automate the creation of generative images. MORE

Musk is supposedly looking at some kind of OnlyFans clone for Twitter. That’ll be hard to do if the brand is trusted information. MORE

Amazon’s entire music library is now available to Prime subscribers for free. MORE

Meta built an AI-powered audio codec that can supposedly compress audio 10x tighter than MP3. MORE

Starlink is soft-capping residential users at 1TB per month. MORE

Layoffs and Freezes:

  • Lyft: 13% MORE
  • Stripe: 14% MORE
  • Meta: Reportedly thousands this week. MORE
  • Apple: Hiring Freeze MORE
  • Track the layoffs with layoffs.fyi MORE

HUMAN NEWS


There’s a newish narrative going around that says it makes no sense to recycle plastic, and that you might as well throw it away. I’m skeptical only because it matches my intuition and sounds like it could be some kind of propaganda effort. MORE

Human trials have started for lab grown blood. They’re starting with a couple of spoonfuls to see how it does in the body. MORE

Gas prices in Europe are thankfully much lower than expected due to a mild autumn. MORE

IDEAS & ANALYSIS


✍️ AI Art Just Opened The Threat to Human Work We Were Expecting from AGI READ

✍️ My Prediction for Twitter READ

Build Your Own Stuff
Substack just launched their own chat service so that people could chat with creators. Sounds pretty cool right? So did Medium. So did LiveJournal. So did Tumblr. So did MySpace. So did a dozen other services. I’ve had a blog since 1999, and I have seen so many platforms rise and fall. Trust me on this. Your domain is your brand. Keep your own blog, on your own domain. And make sure you are using universal enough tech that you can take your backups and go anywhere else if you neded to. Your domain is what matters. Don’t rely on the Mediums and Substacks of the world. They’ll be gone tomorrow. SO YOU WANT TO START A BLOG

NOTES


I’m getting into video. Mostly YouTube, but probably some TikTok too. And not like ham in front of the camera type stuff, but some of that combined with mostly having video and visual support to whatever I’m talking about. Basically, video > text for most people, so I am going to master that medium and make sure most of my content has a video element going forward. 

Westworld has been cancelled. Not surprising to me. I couldn’t even get into the last season because they lost the plot. Couldn’t tell who the good or bad guys were. Oh well, seaons 1 and 3 were masterpieces. MORE

I continue to spin up all the UL umbrella threads. Consulting, the products I’m building, and tons more work on the show (which members have been seeing most of all). So much additional energy happening in the community, more member content, more meetups, a new UL Principles document, and tons more. Elated with the progress.

This month’s bookclub book is The Science of Storytelling, by Will Storr. MORE

DISCOVERY


Awesome Cybersecurity Newsletters — A massive collection of newsletters about the cybers. MORE | BY TAL ELIYAHU

🔭 [ Sponsor ] JupiterOne — See how your cloud configuration compares against CIS Foundations benchmarks in just a few clicks. GET STARTED WITH YOUR FREE ACCOUNT

The Immutable Laws of Security MORE

🔥 The Best of AI Twitter MORE

How to Get Paid Slack Features For Free MORE

What I Learned from Reading 217 Subdomain Takeover Reports MORE | BY NYNAN

What Happens After Everything Becomes TikTok? MORE

Threat Model Examples  MORE | BY TAL ELIYAHU

Helping Elon Speed Run the Content Moderation Curve MORE

Running Lego Engines With Air MORE

My Simple Kubernetes Setup for Side Projects MORE | BY BAS STEINS

Advice That Worked For Me MORE

How to Set Your Google Calendar to Private MORE

RECOMMENDATION OF THE WEEK


Keep abreast of the AI Art stuff and the companies that spin off of it to do other things. That doesn’t mean look at 34 different art engines and their pictures. But pay attention to the companies that are using transformer tech to solve other kinds of problems. And make sure the people you care about are aware of what’s happening. This thing that’s about to happen to tech, that’s starting right now, is bigger than anything before it. Bigger than the internet. Maybe the printing press. It’s the creation of agents that can do most of our cognitive work better than us. It’s big. MORE

APHORISM OF THE WEEK


“I visualize a time when we will be to robots what dogs are to humans, and I’m rooting for the machines.”

Claude Shannon





Source link