UL NO. 399: Wisdom Extraction From Any Text, Vegas Gets Cyber Jesus, AI Creativity Performance, Pentagon Cyber Strategy…

Unsupervised Learning is a Security, AI, and Meaning-focused podcast
that looks at how best to thrive as humans in a post-AI world. It combines
original ideas, analysis, and mental models to bring not just the news, but
why it matters and how to respond.

Happy Monday!

This week I’m struck by the value of having an aspect of humanity in
everything we do.

I’m reading a bunch of Victor Frankl, and in one book he was talking
about a patient calling him at like 2 a.m. in the morning, waking him from
sleep. She was about to kill herself, and he gave her a giant list of
reasons not to do it.

He saw her later in the office and said he was glad one of the reasons
was good enough for her. Her response? It wasn’t any of the reasons he
listed. It was the fact that he got woken up at 2 a.m., and he stayed on
the phone for 30 minutes with her without complaining.

She said she was happy to live in a world where that level of kindness
was still possible.

Be kind to people. It matters. And people need it now more than
ever.

MY WORK

🔒️ 🔥🤖 ExtWis: Using AI to Extract Wisdom From Any Text (MEMBERS)
One of the coolest things I’ve done so far with AI. My latest project
lets me automatically extract
what I would have written down manually from a piece of content (like
a conversation or presentation)
if I listened slowly and took meticulous notes. Insanely powerful,
here’s a sample output from extwis.

You have no idea how much I’m going to use this thing. And have used it
already. Prompt shared in the member post.
READ IT
|
GET ACCESS

An ExtWis capture of a piece of content

Why I Love Reading Biographies
All books have wisdom, but biographies are case studies in resilience
and believing in yourself.
READ IT

🎙️
Subscribe to the Podcast
I’ve moved podcast ads to the front of the podcast
so that you’ll no longer be interrupted once the content starts!
ADD UL TO YOUR CLIENT

📡 Connect via RSS
RSS is lyfe.
ADD UL TO YOUR RSS READER

SECURITY NEWS

Casino Cyberattacks 
I feel like Las Vegas is about to be paying a whole lot more
attention to BH/DC after MGM got hit by ransomware this week. Not because
they’re scared of the hackers there, but because they might want to buy some
products and services. Like maybe those infosec budget asks weren’t so
extreme after all?

Two of Las Vegas’s biggest casinos, MGM Resorts and Caesars
Entertainment, have been hit by cyberattacks, disrupting operations and
raising serious concerns about customer data security. The breaches have
shattered the perception of impenetrable casino security.

– The attacks began affecting MGM Resorts last Sunday, causing
disruptions in reservations and casino floors.
– Caesars Entertainment confirmed it had also been hit by a cyberattack
by Thursday.
– A hacker group emerged online, claiming responsibility for the attack
on Caesars Entertainment’s systems and demanded a $30 million ransom fee.
– Their ESX infrastructure may have been completely
encrypted, which is a technique we’ve seen used often
– The Scattered
Spider group is believed to be responsible, with the attack on Caesars
involving a social engineering attack on an outsourced IT support vendor.
THEREGISTER
|
SECURITYWEEK
|
MALWAREBYTES
|
CASINO.ORG
|
BLEEPINGCOMPUTER
|
GIZMODO 

Pentagon’s Cyber Strategy 
Cyber Strategy 2023 The Pentagon’s 2023 Cyber Strategy, published this
week, outlines plans for both offensive and defensive efforts, with a key
focus on boosting the cyber capabilities of allies and partners. The
strategy aims to augment the capacity of partners, expand their access to
cybersecurity infrastructure, and help them mature their cyber workforce
through training events and exercises. SECURITYWEEK 

Vulnerabilities:

• Tech Giants Patch 0-Day Bugs
  Microsoft, Adobe, Google Chrome, and Apple iOS are all patching up
  zero-day vulnerabilities that are already being exploited.
  KREBSONSECURITY

• Kubernetes RCE Vulnerability
  A high-severity (8.8) vulnerability in Kubernetes allows for remote code
  execution on all Windows endpoints within the cluster.
  SECURITYWEEK

• SAP Security Update
  SAP has released 13 new and five updated security notes as part of its
  September 2023 Security Patch Day, with one of them being a 9.9.
  SECURITYWEEK

• Firefox Zero-Day Exploit
  Mozilla has urgently patched a critical zero-day vulnerability in
  Firefox and Thunderbird that was being actively exploited.
  THEHACKERNEWS 

• Chrome Zero-Day Alert
  Google’s Chrome browser has a zero-day vulnerability that’s being
  actively exploited.
  DECIPHER

• Adobe Zero-Day Alert
  Adobe has sounded the alarm about a new zero-day attack targeting its
  Acrobat and Reader products. The vulnerability, known as CVE-2023-26369,
  allows for arbitrary code execution and has been exploited in the wild.
  SECURITYWEEK 

Sponsor

Cloud Visibility?

Cloud-first security teams are leading the pack in adopting Cloud Native
Application Protection Platforms (CNAPP). This CNAPP Buyer’s Guide contains everything you need to know to make sure you’re adapting to the evolving threatscape and staying ahead of attackers, including:

• What exactly is CNAPP

• Why Gartner predicts that 80% of teams will move to CNAPP by 2026 

• How leading security orgs are consolidating their security stack (CSPM, CWPP, CIEM, CDR)

• Bonus: An RFP template with a scorecard to assess potential
  solutions

Get the complete breakdown in the CNAPP Buyer’s Guide.

👉wiz.io/lp/cnapp-buyers-guide👈

Download Now

   

Lazarus Pulls $41 Million from Stake.com
North Korean Lazarus has taken $41 million in crytpo from online
casino Stake.com. So far they’re already at around $200 million in virtual
currency this year.
SECURITYWEEK

Non-Profit Breach 
The cybercrime group BianLian claims to have infiltrated the IT
systems of Save The Children, saying they’ve stolen 6.8TB of data, including
financial, health, and medical records.
THEREGISTER

Ethereum SIM-Swap Attack 
Ethereum co-founder Vitalik Buterin’s Twitter account got
hacked, and he says it was from a SIM-swap attack. How do we not have better
protection against SIM Swapping yet? The hacker managed to take control of
his T-Mobile account, leading to victims collectively losing over $691,000
due to a scam put out in his name.
COINTELEGRAPH

Auto-GPT Vulnerabilities 
Like we’ve been saying for months now, agents doing dangerous
shit (ADDS) is going to be the #1 practical threat from AI for a long time.
And parsing untrusted content and then executing discovered code is ground
zero for the risk. Positive Security researchers have discovered
vulnerabilities in Auto-GPT that an attacker could trick Auto-GPT into
executing arbitrary code by using indirect prompt injection on an
attacker-controlled website. They also found that self-built versions of the
Auto-GPT docker image were susceptible to a docker escape to the host
system.
POSITIVESCURITY 

Sponsor

Don’t Let Emails Lead To Blackmail

📰You might be one click away from making headlines. And not for the right
reasons.

🐟From phishing and ransomware to credential theft and zero-day attacks, hackers have many tools in their arsenal to launch attacks. A lack of
cybersecurity could put your employees and business at risk.

Mimecast has the industry’s best threat detection. We use AI to scan over a billion emails daily, with built-in prompts to catch the most common threats. It also has the ability to identify newer threats and stop them from doing any damage.

👉mimecast.com/work-protected👈

Start a Free Trial to Work Protected

   

Email Domain Dangers 
Using your own domain for email can be super risky if you’re
unable to renew it and someone else snags it up. The biggest risk is they
can start receiving your emails and potentially resetting your passwords.
BAUTISTA 

Retool’s 2FA Bypass Phishing Incident 
Retool, a cloud-based software company, fell victim to a spear
phishing attack that led to unauthorized access to 27 of their cloud
customers’ accounts. The attacker was able to bypass multiple layers of
security controls, including multi-factor authentication (MFA), by
exploiting a feature in Google Authenticator that syncs MFA codes to the
cloud.
RETOOL 

Power Grid Breach 
Chinese hacker group, RedFly, linked to APT41, has breached the
computer network of an unnamed Asian country’s national power grid. The
breach, which began in February and lasted for at least six months, has
raised concerns about China’s potential to disrupt power generation or
transmission.
WIRED 

UL Consulting

What actions would reduce the most risk to your company?

🗣️I am opening a few slots for my custom Security Efficacy Assessment,
which is a broad-scope security assessment for a company focused on
surviving real-world attacks.

🛡️
It leverages my nearly 25 years of security experience to prioritize the
risks to your business from all causes—technical, process, personnel,
etc.—and turn that into a list of findings, most likely threat scenarios,
a list of specific recommendations, and a prioritized remediation plan.

What I do differently than most is start from my own dataset of how most companies are actually being hacked, and I use that to prioritize the findings, recommendations, and
remediation strategy. If your company is interested in something like a
pentest, but more business-focused around resilience to real-world
attacks, you can reach out here or email me directly.

Reduce Your Company’s Risk From Real-world Attack

   

Iranian Spray Attacks 
An Iranian-backed threat group, known as APT33, has been
launching password spray attacks against thousands of organizations globally
since February 2023. The group, active since 2013, has shown particular
interest in the satellite, defense, and pharmaceutical sectors. BLEEPINGCOMPUTER

SSH Tunnel Detection 
SSH tunnels, while often used for legitimate purposes, can also
create blind spots for Network Security Monitoring tools. The article
discusses how SSH tunnels can bypass NSM and Firewall/NAT sentries, and how
they can be used to hide HTTP activity.
TRISUL

China’s Military Show 
China’s been flexing its military in the Western Pacific this
week, with a big show involving an aircraft carrier, naval ships, and
warplanes. The drills seem to be a simulated blockade of Taiwan. I honestly
hope their government falls on its face and crumbles, leading to their
people demanding a better government. Either that, or all their best people
just leave and come to the US, UK, and Canada. So tired of their hacking and
warmongering. And yes, I understand the irony of an American saying that.
Yay Chinese people. Boo Chinese government.
OODALOOP

TECHNOLOGY NEWS

AI Outperforms Humans in Creativity
AI chatbots are now scoring higher than humans in creativity tests,
according to a study published in Nature Scientific Reports. The study
involved AI chatbots like OpenAI’s ChatGPT and GPT-4, and Copy.Ai, built on
GPT-3, coming up with creative uses for common objects.
TECHREVIEW

Also, remember:

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️
@DanielMiessler

AI isn’t competing with Einstein and Tolstoy and House. AI is competing
with:

1. The task not being done at all
2. It being done poorly
3.
It being done inconsistently
4. It being done slowly
5. It
costing too much

In other words, most things.

 

1:04 AM • Sep 12, 2023

  

132 Likes  
35 Retweets  

9 Replies

AI Revolutionizing Science 
Artificial Intelligence (AI) is being touted as a game-changer
in scientific discovery, with the potential to accelerate progress in fields
like medicine, climate science, and green technology. AI tools are now being
applied in almost every field of science, with 7.2% of physics and astronomy
papers published in 2022 involving AI. This is exactly what Joseph Thacker
and I have been on about, and what I wrote about
here.
ECONOMIST

DHS AI Guidelines 
The Department of Homeland Security (DHS) has released new
guidelines on AI use, promising not to collect or disseminate data used in
AI activities and to thoroughly test all facial recognition technologies.
THEHILL

AI Revolution Predicted 
Just as UL predicted way back in March, Goldman Sachs is also
predicting a major tech boom on the horizon. The company’s research shows
that the valuations of leading tech stocks are not as stretched as in
previous periods like the 2000 internet bubble, and these companies have
unusually strong balance sheets and returns on investment. LFG!
OODALOOP

Salesforce CEO’s Remote Work 
Salesforce CEO, Marc Benioff, has revealed that he’s always
been a remote worker and doesn’t work well in an office. But the Salesforce
policy still requires employees to come in. 🙁
FORTUNE

AI in Game Development 
Generative AI will dominate 50% of game development in 5-10
years, per Bain & Company. The study discovered that AI can improve game
quality and speed up development.
VENTUREBEAT

Lyft’s Gender Preference 
Lyft has launched a new feature, Women Plus Connect, that
allows women and nonbinary drivers to prioritize matches with women and
nonbinary riders. I hope Uber gets this too.
THEVERGE

TikTok Shopping 
TikTok has launched its in-app shopping feature, TikTok Shop,
in the US, allowing users to buy products directly from videos. I’ve already
bought a few things myself. And no, I’m not worried about China stealing my
data. I save them the trouble and just bundle up my latest PII every year
and email it to the CCP directly. I value efficiency.
THEVERGE

HUMAN NEWS

After-Work Schmoozing Declines 
Maybe Covid made us love our homes too much. People are
spending way less time hanging out after work.
WSJ 

Fentanyl Crisis Escalates 
The fourth wave of the opioid epidemic is hitting the US hard,
with fentanyl overdoses claiming more lives than ever across all
communities. A recent study reveals that in 2021, drug overdoses killed over
100,000 people in the US, with more than 66% of these deaths linked to
fentanyl, a synthetic opioid 50 times more potent than heroin.
BBC

Libya Flood Tragedy 
Over 5,000 people have died in Libya’s flooding, and thousands
are missing.
OODALOOP

Blood Pressure Misconceptions 
A new study by the American Heart Association shows that
doctors might not be catching important health problems by only checking
patients’ blood pressure when they are sitting up. The study, which lasted
almost 30 years, suggests that doctors should also check blood pressure when
patients are lying down.
STUDYFINDS
|
HEART.ORG

Age Limit for Politicians 
Most Americans think there should be a maximum age limit for
elected officials, according to a recent CBS News/YouGov survey. 77% of
those surveyed believe in age limits for politicians, with 45% suggesting
the maximum age should be 70. Yep.
AXIOS

Viral Exhalation Peaks 
COVID patients exhale up to 1,000 copies of the virus per
minute during the first eight days of symptoms, according to a Northwestern
Medicine study. This is the first longitudinal, direct measure of the number
of SARS-CoV-2 viral copies exhaled per minute over the course of the
infection.
NORTHWESTERN 

Latest Covid Booster 
The CDC is recommending more Americans to get the latest Covid
booster. Tons of my friends aren’t doing it. Here’s why I’m probably getting
it:

• I’m not trying to avoid Covid. I’m trying to avoid long-term negative
  effects from Covid. Same reason I wear a mask. I’m not looking for
  silver bullets. I’m looking for likelihood and impact reduction.

• Yes, it seems that vaccines cause myocarditis. I believe it did in me as
  well. But guess what causes it WAY worse? Covid.

• The data are
  pretty clear
  that regions that were vaccinated had better outcomes than those that
  weren’t.
  NYTIMES 

IDEAS & ANALYSIS

Isaacson’s Musk Biography Criticism 
Walter Isaacson’s latest biography on Elon Musk has been
criticized for being more of a softball than a critical analysis. I
disagree. I read the whole thing this week and I didn’t come away with a
glowing opinion of Musk. I also think Elon is likely to be quite annoyed
with Isaacson about it. To me it was quite balanced with negative and
positive. It seemed very real, and gave me a lot to think about regarding
leadership, mental illness, the role of trauma in innovation, and lots of
other topics. It also reminded me how much I learn from biographies.
Not just about the subject, but about life in general.
THEINFORMATION

NOTES

My buddy
Mike Privette
shares a phenomenal list of 25 things he’s learned in nearly 20 years of
infosec.
RETURNONSECURITY

I need an AI search bot for the entire website, including all newsletters.
If you know of anyone building such things, or the best service out there
for this, let me know. I know of a few, but I’m looking for the best.

DISCOVERY

⚒️
Instagraph
— One of the sickest knowledge visualization tools I’ve ever seen. This tool
takes text or a URL and turns the summary into a mindmap. | by
Yohei
|
TWITTER 

⚒️
Einstein Copilot Unveiled
— Salesforce demoed their Einstein AI system and it’s completely nuts. This
is basically
SPQA
for sales, just like we’ve been talking about. Surprised it’s coming this
fast.
TWITTER

⚒️
Stable Audio Launch
— Stability AI has now launched a text-to-audio generative AI platform
called Stable Audio. The platform, trained with over 800,000 audio files,
allows users to generate songs or background audio
that you can use royalty-free in your projects.
THEVERGE 

⚒️
Gamma.app
— Put in an idea for a presentation, or a paper, or whatever, and it’ll come
up with a full design and even content. I’m most impressed with the
presentations it builds, which you can actually export to PowerPoint or
Keynote or Google Slides.
GAMMAAPP
|
SCREENSHOT

⚒️
MAC Lookup Tool
— MACLookup is a handy tool that lets you find out who made a device’s
chipset by using its MAC address prefix. It pulls info from several
well-known databases, and even offers a free MAC address database and a
quick REST API for easy integration.
HACKERNEWS

🛠️
Character.ai
is catching up to ChatGPT in mobile usage. It lets you create AI characters.
TECHCRUNCH
|
HACKERNEWS 

 📼 DEFCON 31 Videos Are Now Available! YOUTUBE

A new prompting technique called Chain of Destiny focused on summarization.
TWITTER

The iPhone’s 5G speeds are supposed to be up to 25% faster than the 14 due
to a new modem.
9TO5MAC

Amazon now provides AI to help people write product descriptions.
ABOUTAMAZON

Top Engineer Secrets
ENGINEERCODEX

Diamond prices are falling massively.
ECONOMIST 

A $2.70 wine got a gold medal because some cheeky folks changed the labels
and the judges couldn’t tell.
ODDITYCENTRAL

Blackmagic releases an iPhone app for pro photography.
9TO5MAC

How much garden would you need to survive on?
LIFEHACKER

Managing Your Family Data Warehouse
HACKERNEWS

Completely insane APOD shot of a fireball meteor during the Icelandic
Aurora.
APOD

Webb has a picture of a new star that looks just like our sun when it was no
more than a few tens of thousands of years old.
PETAPIXEL 

Why are women still changing their last names?
NYTIMES

WTF happened in 1971?
HACKERNEWS 

A look at Apple’s new text predictor model JACKCOOK

❤️ Viktor Frankl argues that idealists are the real realists. He believes
that those who strive for ideals are more in touch with reality than cynics.
Very similar to my old piece about
treating people like A-players.
YOUTUBE 

The “Two Health Bar” theory of burnout
SUBSTACK

RECOMMENDATION OF THE WEEK

Read
The Will to Meaning, by Victor Frankl.

It’s like an extension of
Man’s Search for Meaning
in that it elaborates on Logotherapy, his system for helping people become
more healthy by helping them find their meaning in life.

This philosophy, combined with Stoicism, has been my approach to life for
over a decade now, and I’m just so elated that he identified the same
problem back in the 1920’s. Literally a hundred years ago.

APHORISM OF THE WEEK

❝  

Life is never made unbearable by circumstances, but only by lack of
meaning and purpose.

  Victor Frankl