Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.
Happy Monday!
This week I’m struck by the value of having an aspect of humanity in everything we do.
I’m reading a bunch of Victor Frankl, and in one book he was talking about a patient calling him at like 2 a.m. in the morning, waking him from sleep. She was about to kill herself, and he gave her a giant list of reasons not to do it.
He saw her later in the office and said he was glad one of the reasons was good enough for her. Her response? It wasn’t any of the reasons he listed. It was the fact that he got woken up at 2 a.m., and he stayed on the phone for 30 minutes with her without complaining.
She said she was happy to live in a world where that level of kindness was still possible.
Be kind to people. It matters. And people need it now more than ever.
MY WORK
🔒️ 🔥🤖 ExtWis: Using AI to Extract Wisdom From Any Text (MEMBERS)
One of the coolest things I’ve done so far with AI. My latest project lets me automatically extract what I would have written down manually from a piece of content (like a conversation or presentation) if I listened slowly and took meticulous notes. Insanely powerful, here’s a sample output from extwis
.
You have no idea how much I’m going to use this thing. And have used it already. Prompt shared in the member post. READ IT | GET ACCESS
SECURITY NEWS
Casino Cyberattacks
I feel like Las Vegas is about to be paying a whole lot more attention to BH/DC after MGM got hit by ransomware this week. Not because they’re scared of the hackers there, but because they might want to buy some products and services. Like maybe those infosec budget asks weren’t so extreme after all?
Two of Las Vegas's biggest casinos, MGM Resorts and Caesars Entertainment, have been hit by cyberattacks, disrupting operations and raising serious concerns about customer data security. The breaches have shattered the perception of impenetrable casino security.
- The attacks began affecting MGM Resorts last Sunday, causing disruptions in reservations and casino floors.
- Caesars Entertainment confirmed it had also been hit by a cyberattack by Thursday.
- A hacker group emerged online, claiming responsibility for the attack on Caesars Entertainment's systems and demanded a $30 million ransom fee.
- Their ESX infrastructure may have been completely encrypted, which is a technique we’ve seen used often
- The Scattered Spider group is believed to be responsible, with the attack on Caesars involving a social engineering attack on an outsourced IT support vendor. THEREGISTER | SECURITYWEEK | MALWAREBYTES | CASINO.ORG | BLEEPINGCOMPUTER | GIZMODO
Pentagon's Cyber Strategy
Cyber Strategy 2023 The Pentagon's 2023 Cyber Strategy, published this week, outlines plans for both offensive and defensive efforts, with a key focus on boosting the cyber capabilities of allies and partners. The strategy aims to augment the capacity of partners, expand their access to cybersecurity infrastructure, and help them mature their cyber workforce through training events and exercises. SECURITYWEEK
Vulnerabilities:
Tech Giants Patch 0-Day Bugs Microsoft, Adobe, Google Chrome, and Apple iOS are all patching up zero-day vulnerabilities that are already being exploited. KREBSONSECURITY
Kubernetes RCE Vulnerability A high-severity (8.8) vulnerability in Kubernetes allows for remote code execution on all Windows endpoints within the cluster. SECURITYWEEK
SAP Security Update SAP has released 13 new and five updated security notes as part of its September 2023 Security Patch Day, with one of them being a 9.9. SECURITYWEEK
Firefox Zero-Day Exploit Mozilla has urgently patched a critical zero-day vulnerability in Firefox and Thunderbird that was being actively exploited. THEHACKERNEWS
Chrome Zero-Day Alert Google's Chrome browser has a zero-day vulnerability that's being actively exploited. DECIPHER
Adobe Zero-Day Alert Adobe has sounded the alarm about a new zero-day attack targeting its Acrobat and Reader products. The vulnerability, known as CVE-2023-26369, allows for arbitrary code execution and has been exploited in the wild. SECURITYWEEK
Lazarus Pulls $41 Million from Stake.com
North Korean Lazarus has taken $41 million in crytpo from online casino Stake.com. So far they’re already at around $200 million in virtual currency this year. SECURITYWEEK
Non-Profit Breach
The cybercrime group BianLian claims to have infiltrated the IT systems of Save The Children, saying they’ve stolen 6.8TB of data, including financial, health, and medical records. THEREGISTER
Ethereum SIM-Swap Attack
Ethereum co-founder Vitalik Buterin's Twitter account got hacked, and he says it was from a SIM-swap attack. How do we not have better protection against SIM Swapping yet? The hacker managed to take control of his T-Mobile account, leading to victims collectively losing over $691,000 due to a scam put out in his name. COINTELEGRAPH
Auto-GPT Vulnerabilities
Like we’ve been saying for months now, agents doing dangerous shit (ADDS) is going to be the #1 practical threat from AI for a long time. And parsing untrusted content and then executing discovered code is ground zero for the risk. Positive Security researchers have discovered vulnerabilities in Auto-GPT that an attacker could trick Auto-GPT into executing arbitrary code by using indirect prompt injection on an attacker-controlled website. They also found that self-built versions of the Auto-GPT docker image were susceptible to a docker escape to the host system. POSITIVESCURITY
Sponsor
Don’t Let Emails Lead To Blackmail
📰You might be one click away from making headlines. And not for the right reasons.
🐟From phishing and ransomware to credential theft and zero-day attacks, hackers have many tools in their arsenal to launch attacks. A lack of cybersecurity could put your employees and business at risk.
Email Domain Dangers
Using your own domain for email can be super risky if you're unable to renew it and someone else snags it up. The biggest risk is they can start receiving your emails and potentially resetting your passwords. BAUTISTA
Retool's 2FA Bypass Phishing Incident
Retool, a cloud-based software company, fell victim to a spear phishing attack that led to unauthorized access to 27 of their cloud customers' accounts. The attacker was able to bypass multiple layers of security controls, including multi-factor authentication (MFA), by exploiting a feature in Google Authenticator that syncs MFA codes to the cloud. RETOOL
Power Grid Breach
Chinese hacker group, RedFly, linked to APT41, has breached the computer network of an unnamed Asian country's national power grid. The breach, which began in February and lasted for at least six months, has raised concerns about China's potential to disrupt power generation or transmission. WIRED
UL Consulting
What actions would reduce the most risk to your company?
🗣️I am opening a few slots for my custom Security Efficacy Assessment, which is a broad-scope security assessment for a company focused on surviving real-world attacks.
🛡️ It leverages my nearly 25 years of security experience to prioritize the risks to your business from all causes—technical, process, personnel, etc.—and turn that into a list of findings, most likely threat scenarios, a list of specific recommendations, and a prioritized remediation plan.
What I do differently than most is start from my own dataset of how most companies are actually being hacked, and I use that to prioritize the findings, recommendations, and remediation strategy. If your company is interested in something like a pentest, but more business-focused around resilience to real-world attacks, you can reach out here or email me directly.
Iranian Spray Attacks
An Iranian-backed threat group, known as APT33, has been launching password spray attacks against thousands of organizations globally since February 2023. The group, active since 2013, has shown particular interest in the satellite, defense, and pharmaceutical sectors. BLEEPINGCOMPUTER
SSH Tunnel Detection
SSH tunnels, while often used for legitimate purposes, can also create blind spots for Network Security Monitoring tools. The article discusses how SSH tunnels can bypass NSM and Firewall/NAT sentries, and how they can be used to hide HTTP activity. TRISUL
China's Military Show
China's been flexing its military in the Western Pacific this week, with a big show involving an aircraft carrier, naval ships, and warplanes. The drills seem to be a simulated blockade of Taiwan. I honestly hope their government falls on its face and crumbles, leading to their people demanding a better government. Either that, or all their best people just leave and come to the US, UK, and Canada. So tired of their hacking and warmongering. And yes, I understand the irony of an American saying that. Yay Chinese people. Boo Chinese government. OODALOOP
TECHNOLOGY NEWS
AI Outperforms Humans in Creativity
AI chatbots are now scoring higher than humans in creativity tests, according to a study published in Nature Scientific Reports. The study involved AI chatbots like OpenAI's ChatGPT and GPT-4, and Copy.Ai, built on GPT-3, coming up with creative uses for common objects. TECHREVIEW
Also, remember:
AI isn't competing with Einstein and Tolstoy and House. AI is competing with:
1. The task not being done at all
2. It being done poorly
3. It being done inconsistently
4. It being done slowly
5. It costing too muchIn other words, most things.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Sep 12, 2023
AI Revolutionizing Science
Artificial Intelligence (AI) is being touted as a game-changer in scientific discovery, with the potential to accelerate progress in fields like medicine, climate science, and green technology. AI tools are now being applied in almost every field of science, with 7.2% of physics and astronomy papers published in 2022 involving AI. This is exactly what Joseph Thacker and I have been on about, and what I wrote about here. ECONOMIST
DHS AI Guidelines
The Department of Homeland Security (DHS) has released new guidelines on AI use, promising not to collect or disseminate data used in AI activities and to thoroughly test all facial recognition technologies. THEHILL
AI Revolution Predicted
Just as UL predicted way back in March, Goldman Sachs is also predicting a major tech boom on the horizon. The company's research shows that the valuations of leading tech stocks are not as stretched as in previous periods like the 2000 internet bubble, and these companies have unusually strong balance sheets and returns on investment. LFG! OODALOOP
Salesforce CEO's Remote Work
Salesforce CEO, Marc Benioff, has revealed that he's always been a remote worker and doesn't work well in an office. But the Salesforce policy still requires employees to come in. :( FORTUNE
AI in Game Development
Generative AI will dominate 50% of game development in 5-10 years, per Bain & Company. The study discovered that AI can improve game quality and speed up development. VENTUREBEAT
Lyft's Gender Preference
Lyft has launched a new feature, Women Plus Connect, that allows women and nonbinary drivers to prioritize matches with women and nonbinary riders. I hope Uber gets this too. THEVERGE
TikTok Shopping
TikTok has launched its in-app shopping feature, TikTok Shop, in the US, allowing users to buy products directly from videos. I’ve already bought a few things myself. And no, I’m not worried about China stealing my data. I save them the trouble and just bundle up my latest PII every year and email it to the CCP directly. I value efficiency. THEVERGE
HUMAN NEWS
After-Work Schmoozing Declines
Maybe Covid made us love our homes too much. People are spending way less time hanging out after work. WSJ
Fentanyl Crisis Escalates
The fourth wave of the opioid epidemic is hitting the US hard, with fentanyl overdoses claiming more lives than ever across all communities. A recent study reveals that in 2021, drug overdoses killed over 100,000 people in the US, with more than 66% of these deaths linked to fentanyl, a synthetic opioid 50 times more potent than heroin. BBC
Blood Pressure Misconceptions
A new study by the American Heart Association shows that doctors might not be catching important health problems by only checking patients' blood pressure when they are sitting up. The study, which lasted almost 30 years, suggests that doctors should also check blood pressure when patients are lying down. STUDYFINDS | HEART.ORG
Age Limit for Politicians
Most Americans think there should be a maximum age limit for elected officials, according to a recent CBS News/YouGov survey. 77% of those surveyed believe in age limits for politicians, with 45% suggesting the maximum age should be 70. Yep. AXIOS
Viral Exhalation Peaks
COVID patients exhale up to 1,000 copies of the virus per minute during the first eight days of symptoms, according to a Northwestern Medicine study. This is the first longitudinal, direct measure of the number of SARS-CoV-2 viral copies exhaled per minute over the course of the infection. NORTHWESTERN
Latest Covid Booster
The CDC is recommending more Americans to get the latest Covid booster. Tons of my friends aren’t doing it. Here’s why I’m probably getting it:
I’m not trying to avoid Covid. I’m trying to avoid long-term negative effects from Covid. Same reason I wear a mask. I’m not looking for silver bullets. I’m looking for likelihood and impact reduction.
Yes, it seems that vaccines cause myocarditis. I believe it did in me as well. But guess what causes it WAY worse? Covid.
The data are pretty clear that regions that were vaccinated had better outcomes than those that weren’t. NYTIMES
IDEAS & ANALYSIS
Isaacson's Musk Biography Criticism
Walter Isaacson's latest biography on Elon Musk has been criticized for being more of a softball than a critical analysis. I disagree. I read the whole thing this week and I didn’t come away with a glowing opinion of Musk. I also think Elon is likely to be quite annoyed with Isaacson about it. To me it was quite balanced with negative and positive. It seemed very real, and gave me a lot to think about regarding leadership, mental illness, the role of trauma in innovation, and lots of other topics. It also reminded me how much I learn from biographies. Not just about the subject, but about life in general. THEINFORMATION
NOTES
My buddy Mike Privette shares a phenomenal list of 25 things he’s learned in nearly 20 years of infosec. RETURNONSECURITY
I need an AI search bot for the entire website, including all newsletters. If you know of anyone building such things, or the best service out there for this, let me know. I know of a few, but I’m looking for the best.
DISCOVERY
⚒️ Instagraph — One of the sickest knowledge visualization tools I’ve ever seen. This tool takes text or a URL and turns the summary into a mindmap. | by Yohei | TWITTER
⚒️ Einstein Copilot Unveiled — Salesforce demoed their Einstein AI system and it’s completely nuts. This is basically SPQA for sales, just like we’ve been talking about. Surprised it’s coming this fast. TWITTER
⚒️ Stable Audio Launch — Stability AI has now launched a text-to-audio generative AI platform called Stable Audio. The platform, trained with over 800,000 audio files, allows users to generate songs or background audio that you can use royalty-free in your projects. THEVERGE
⚒️ Gamma.app — Put in an idea for a presentation, or a paper, or whatever, and it’ll come up with a full design and even content. I’m most impressed with the presentations it builds, which you can actually export to PowerPoint or Keynote or Google Slides. GAMMAAPP | SCREENSHOT
⚒️ MAC Lookup Tool — MACLookup is a handy tool that lets you find out who made a device's chipset by using its MAC address prefix. It pulls info from several well-known databases, and even offers a free MAC address database and a quick REST API for easy integration. HACKERNEWS
📼 DEFCON 31 Videos Are Now Available! YOUTUBE
A new prompting technique called Chain of Destiny focused on summarization. TWITTER
The iPhone’s 5G speeds are supposed to be up to 25% faster than the 14 due to a new modem. 9TO5MAC
Amazon now provides AI to help people write product descriptions. ABOUTAMAZON
Diamond prices are falling massively. ECONOMIST
A $2.70 wine got a gold medal because some cheeky folks changed the labels and the judges couldn’t tell. ODDITYCENTRAL
Blackmagic releases an iPhone app for pro photography. 9TO5MAC
How much garden would you need to survive on? LIFEHACKER
Managing Your Family Data Warehouse HACKERNEWS
Completely insane APOD shot of a fireball meteor during the Icelandic Aurora. APOD
Webb has a picture of a new star that looks just like our sun when it was no more than a few tens of thousands of years old. PETAPIXEL
Why are women still changing their last names? NYTIMES
A look at Apple's new text predictor model JACKCOOK
❤️ Viktor Frankl argues that idealists are the real realists. He believes that those who strive for ideals are more in touch with reality than cynics. Very similar to my old piece about treating people like A-players. YOUTUBE
The “Two Health Bar" theory of burnout SUBSTACK
RECOMMENDATION OF THE WEEK
It’s like an extension of Man’s Search for Meaning in that it elaborates on Logotherapy, his system for helping people become more healthy by helping them find their meaning in life.
This philosophy, combined with Stoicism, has been my approach to life for over a decade now, and I’m just so elated that he identified the same problem back in the 1920’s. Literally a hundred years ago.
APHORISM OF THE WEEK
❝
Life is never made unbearable by circumstances, but only by lack of meaning and purpose.
Victor Frankl