Unsupervised Learning NO. 390


Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Hopefully your week is starting off better than Siri handles AC requests.

I honestly don’t know how the Apple Maps guy got fired but Siri still sucks this bad after all these years.

Anyway, we put out a new piece of member content this weekend, I’m working on slides for talks, and progress continues on the product we’re building. I also up-leveled my hummingbird feeder game to four of these.

I hope you’re doing well,

Let’s get into the week!

Unsupervised Learning NO. 390

🚨 VoiceFake Scams on the Rise
🔑 FrontView Mirror, 2024 Edition: Trends and Preparations
🎙️ AI and Content Creation: A Discussion on The Phillip Wylie Show
🔒 Chinese Email Hack: A Sophisticated Espionage Effort
🌐 Transatlantic Data Flow: A New EU-US Data Privacy Framework
🔍 Docker Security Flaws: Sensitive Data in Docker Images
🏥 HCA Healthcare Breach: Impacting 11 Million Patients
⚖️ Orca Suing Wiz: A Case of Patent Infringement
🤖 AI-Enabled Cybercrime: The Rise of WormGPT
🐦 Twitter Struggles: Ad Revenue Plummets by Nearly 50%
🎵 TikTok Music Launches: A New Competitor for Apple Music and Spotify

🚨AI Voice Scams Being Deployed — I know at least 3 normal (non-infosec) people who have been targeted by scams using AI fakes of family member voices in the last two weeks. The latest was a mother receiving one of the daughter, probably faked using her voicemail. You and I are not likely to fall for this, but be sure to tell your family and friends about the trend so they don’t fall victim.

⚠️ Office Zero Day
Microsoft has disclosed an unpatched zero-day security bug in Windows and Office products, exploited to gain remote code execution via malicious Office documents. The vulnerability, known as CVE-2023-36884, was used in high-complexity attacks targeting the NATO Summit in Vilnius, Lithuania. MORE

🇨🇳 Chinese Email Hack 📧
Chinese hackers, suspected to be part of an intelligence operation, have breached US government email accounts, as disclosed by Microsoft. The attack was not a broad-brush intrusion but a targeted one, focusing on specific accounts and went undetected for a month, suggesting a sophisticated espionage effort.

– The hackers used forged authentication tokens to gain access.

– Approximately 25 organizations, including government agencies, were compromised in the attack.

– The breach could potentially exacerbate already strained US-China relations.

– The US government has been transitioning data to the cloud for better access and improved security.

– The breach has prompted a review of government security requirements and protocols. MORE

Transatlantic Data Flow
The European Union and the United States have finally struck a deal that allows companies to freely transfer data across the Atlantic, potentially putting an end to a three-year period of legal limbo that has affected tech behemoths like Facebook and Google. This new agreement, dubbed the EU-US Data Privacy Framework, comes in the wake of the EU’s top court striking down the previous data agreement, known as Privacy Shield, due to concerns that US intelligence agencies had too much freedom to access Europeans’ personal data. MORE

🛡️ Secure Your Cloud Future! ☁️

AWS Security Foundations are no longer a nice-to-have. As data, apps, and services ascend to the cloud, you need to know more than just how to get to the cloud, but how to do it securely.

🚀 Take off with our FREE eBook, your ultimate guide to AWS security. Discover the key principles to fortify your AWS environment, all in a digestible, jargon-free format.

💡 Illuminate your cloud journey. Secure your business. Protect your customers. All this knowledge, just a click away.

Docker Security Flaws
Researchers at RWTH Aachen University in Germany have discovered that approximately 8.5% of Docker images hosted on Docker Hub contain sensitive data such as private keys and API secrets. MORE 

HCA Healthcare Breach
HCA Healthcare, one of the largest healthcare services providers in the US, announced a significant data breach impacting approximately 11 million patients. The breach was discovered on July 5, when a threat actor posted a list of stolen personal information on an underground forum, including names, addresses, birth dates, and appointment dates. MORE

AI-Enabled Cybercrime
A new tool, WormGPT, is being advertised on underground forums, enabling even novice cybercriminals to launch phishing and BEC attacks swiftly and at scale. MORE

Orca Suing Wiz
Orca is suing Wiz for patent infringement. As a non-expert with exposure to both tools, this seems like the desperate measure by someone getting trounced in the marketplace. All I heard from others when I used Orca was how much better Wiz was. Note: Wiz has also sponsored the show before, and I think Orca has as well. MORE

Twitter Struggling
Despite aggressive cost-cutting measures, including laying off half of the company’s 7,500 staff, Musk says Twitter’s ad revenue has plummeted by nearly 50%. Too early to say, but I might end up being wrong about him turning this around. It’s looking pretty bleak, and I don’t see any signs of him getting better at listening. Meanwhile, Threads. MORE

Chinese AI Rivalry
China’s search engine pioneer, Sogou founder Wang Xiaochuan, has launched an open-source large language model, Baichuan-13B, through his startup Baichuan Intelligence. This model, touted as one of China’s most promising, is based on the Transformer architecture and trained on Chinese and English data. MORE 

Musk’s AI Startup xAI
Elon Musk has unveiled his latest venture—an artificial intelligence startup named xAI, staffed with engineers from renowned companies like OpenAI and Google. Musk, known for his cautious stance on AI, has previously advocated for a pause in AI development and the establishment of regulatory measures to ensure its safe progression.

– xAI’s goal is to “understand the true nature of the universe.”

– Musk was one of the original backers of OpenAI.

– He has criticized ChatGPT for having a liberal bias.

– Musk signed an open letter calling for a pause to “Giant AI Experiments”. MORE

TikTok Music Launches
TikTok is stepping in to compete with Apple Music and Spotify with its new platform, TikTok Music. Initially available only in Brazil and Indonesia, the service offers unique features like song recommendations based on viral TikTok videos. MORE

Long COVID Gene
Researchers have identified a gene linked to long COVID in a genome-wide study. The gene, FOXP4, is active in the lungs and some immune cells, and was found in an analysis of 6,450 patients across 16 countries. I wonder if 23andMe tracks this one. MORE 

Migration Backlash
Waves of migrants taking dangerous, unauthorized passages to Europe and the U.S. are sparking a new rush of anti-immigrant policies and deepening political divisions in several wealthy countries. The UN reports that last year, a record-breaking 2.9 million new asylum applications were submitted, the highest number since at least 2000.
– 40% of the new applications were from Latin America and the Caribbean
– There’s been a surge in Europe, driven by migrants from Syria, northern Africa, Iraq, Turkey
– In the U.S., almost every 2024 Republican presidential candidate has embraced a tough stance on border security
– In Europe, far-right politicians are demanding tighter immigration policies
– The Netherlands’ government collapsed over disagreements on refugee restrictions MORE 

Banking Boom
Major US banks, including JPMorgan, Wells Fargo, and Citigroup, have reported quarterly profits that have exceeded expectations, suggesting a robust US economy despite interest rate hikes. The Wall Street Journal reports that these banks have seen a combined growth of 31% in income from interest on loans compared to the previous year. MORE

Atomic vs. Molecular Ideas: On-ramps and Off-ramps
A buddy and I were talking last week about a really cool idea I am pretty sure I’ve written about before. Basically, there are individual ideas, like ‘we should protect the freedom of speech’, and then there are ideologies, like socialism and facism. The conversation we had was around slippery people using benign ideas to onramp into a gross ideology. Example: SolarPunk being a benign idea around breaking off from greater society and technology, and returning to the foundational pleasures of working land, being close to nature, raising your own food, etc. That’s used as an onramp to a TRAD ideology in which women and minorities end up subservient to men, who often somehow end up being white. So the ideas are the atoms, and the molecules are the ideologies. And you can’t really have impactful atoms. It’s their combination that becomes something consequential. In the case of negative ideologies the discussion was about how to defend people against specious arguments that start with attractive atomic ideas, like SolarPunk, and to teach them how to watch for the onramps to harmful TRAD ideologies. Then, if someone has already been captured by such a system, what are the off-ramps? How can we break that molecule up into its individual atoms and show how it’s possible to keep the good components while discarding the bad?

So happy for my friend Tae’lur for landing her first job in InfoSec! Welcome to the field!

Congrats to my buddy Jason Haddix for completing his first full paid hacking courses! He did it over two weekends with hundreds of attendees and the reviews are INSANE as expected. Can’t wait to see more courses from you friend! MORE

We’re putting together a UL meetup in Vegas. If you’re going to be around between Monday and Sunday, stay tuned for details in UL Chat.

I cannot recommend this book on Stoicism enough. I recommend you read all the various canonical books if you get into Stoicism, but this one remains my favorite. MORE

⚒️ CodeBox — Code Interpreter, but available via API. I’ve been waiting for this. MORE | CODE

⚒️ LazyVim — A fully NeoVim setup that gives you the Vim experience with the power of a full IDE. I personally don’t use one of these environments because I’d rather do things myself, but it does give you an instant feeling for NeoVim’s potential when configured. MORE

⚒️ GPT Prompt Engineer — Simply input a description of your task and some test cases, and the system will generate, test, and rank a multitude of prompts to find the ones that perform the best. MORE

⚒️ FindMyTakeover — Detects dangling DNS record in a multi cloud environment by scanning all the DNS zones and the infrastructure present within the configured cloud service provider and finding the DNS record for which the infrastructure behind it does not exist anymore rather than using a wordlist. MORE

⚒️ JSLuice — A Bishop Fox tool written by @tomnomnom for extracting URLs, paths, secrets, and other juicy nuggets from JavaScript. MORE

How to securely build product features using AI APIs MORE

Why does virtually every action hero’s name start with J? MORE

Hacking LangChain for fun and profit MORE

How to Do Great Work (Paul Graham) MORE

Nobody cares about your blog, but that’s ok MORE

RECOMMENDATION OF THE WEEK

Go play with OpenAI’s Code Interpreter. What is it? It’s basically an AI agent combined with tons of analysis tools, and when you upload files or code to it you can ask it to find patterns, make graphs, and do all kinds of crazy stuff.

  • Do your taxes

  • Find patterns in lots of data

  • Clean up your data

  • Modify data in a certain way

  • Create visualizations for complex data

  • Tell a story about data

  • Produce video and GIFs from images

  • Convert files from one format to another

  • Analyze and debug code

It’s best to think about it as an independent AI system with access to tons of tools. Like ChatGPT, except with octopus hands and the ability to code. When I talk about getting ready for the future, and I talk about being able to use AI tools fluently, this is the type of thing I’m talking about. And even better if you a use it through an API. MORE 

💡Pro Tip: If the file you want to work with is too large, you can zip it up and send that instead! Including a whole directory! Code Interpreter will unzip it and consume it!

The highest form of ignorance is when you reject something you don’t know anything about.

Wayne Dyer

Thank you for reading! See you next week!

Unsupervised Learning NO. 390





Source link