- Vulnerable U
- Posts
- š Vulnerable U | #018
š Vulnerable U | #018
The Myth of Arrival, SEC goes after SolarWinds CISO, Will AI Save the World?, and more...
Read Time: 5 minutes
Howdy friends!
Writing to you from a city where today the only place hotter was the Sahara desert. Trying to stay cool here in Texas and staring longingly at an Airbnb tab open in my browser at all times.
In my infinite wisdom, Iāve decided to stand out in this heat and light fire to charcoal and cook meat for hours. At least the payoff is worth the sweat, as it often is.
In this episode:
The Myth of Arrival
SEC Targets SolarWindsā CISO over Russia Hack
Hacktivists Steal Gov Files from Texas City of Fort Worth
Why AI Will Save The World
Top 10 Reasons We Donāt Hear About āWesternā Hacking
Metasploit Module added for MOVEit
AWS CloudTrail Cheat Sheet
I Shouldnāt Have to Accept Being in Deepfake Porn
LetMeSpy stalkerware provider, says it was hacked
Russian satellite telecom Dozer hit by hackers
FBI Creates a database to track swatting
White House Cybersecurity Priorities for 2025 Budget
Analysis of the saltwater backdoor used in Barracuda 0-day
Vulnerable U Blog of the Week:
Ah, the allure of success and accomplishment! We've been conditioned to believe that reaching certain milestones or achieving great heights will bring everlasting fulfillment and satisfaction. But let me tell you something I continually struggle to remember. Despite all the accolades, despite all the achievements, I can still find myself feeling incomplete and even downright unsatisfied.
Now, don't get me wrong. I'm not here to rain on anyone's parade or belittle the hard work and dedication that goes into accomplishing remarkable feats. But let's peel back the layers and uncover the harsh reality that lurks beneath the surface of successā¦
ā¦Letās start by defining this myth that seduces us with the promise of eternal contentment. The myth of arrival is a deceptive belief that once we achieve a certain level of success or check off all the boxes on societyās predetermined list of accomplishments, we will magically attain everlasting happiness and fulfillment.
Once we beat this level, weāll finally have unlocked all the trophies on the achievements screen.
Itās as if weāve reached the promised land, where all our desires are fulfilled, and we can bask in the glow of our accomplishments. But let me burst that bubble for you. Arrival is nothing more than a mirage, an imaginary oasis in the desert of life.
ICYMI
šļø Something I wrote: This tabletop scenario I posed on Twitter seemed to have struck a chord.
š§ļø Something I heard: One of my favorite comedians, Mike Birbiglia, had a great podcast episode with Elyse Meyers discussing storytelling.
š¤ Something I said: I was invited to Recon Infosecās Thursday Defensive Webcast. It was a great casual chat with a good crew.
š Something I read: Is AI Eating Itself? - Iāve noticed many of this article's points to be true.
Vulnerable News
Second CISO this year facing legal action after a breach. Uber was the first. A few assumptions Iām making are that there would have to be major negligence or proof of lying to authorities. Just getting outmaneuvered as a security team canāt start leading to legal repercussions. [Read More]
Iāve included stories about this breach when it originally happened. The part I find interesting now is they are saying nothing of value was stolen from this complete compromise.
Sounds like a new defensive technique to try out. Just donāt do business thatās sensitive. Imagine my embarrassment - āWe got hacked, all our files were stolen, and nothing of value was lost.ā [Read More]
This Twitter thread by Marc Andreessen got a lot of attention, and whatever you think about him personally, Iād recommend a read through the thread. It is one of the better long forms on the topic Iāve read, dissecting AI excitement and concerns. [Read More]
Looking into differing motives, such as CN APT going after IP, which The West has little need for, to differences in OPSEC practices between the hemispheres. [Read More]
In my years of vulnerability management and prioritization of remediation, Iāve learned a few things. One of them is CVSS sucks, and the real indicator of priority is āDoes a Metasploit module exist for this?ā [Read More]
Iām a sucker for a cheat sheet, and my head is in the clouds. [Read More]
I think this is a severely under-thought-about issue among the AI, Security, and Privacy crew. This former public official was the target of deepfake porn spreading around the Internet and has been in a battle against it. [Read More]
There is a trend here. Stalkerware apps that people use to spy on their children or spouses tend to have awful security practices themselves. So not only is this software spying on people, the softwareās author is now breached, and the victimās data leaked. [Read More]
Always fascinating watching what targets get hit harder than the rest in times of war. Satellite comms hit by attackers supposedly aligned with Wagnerās private military. [Read More]
Swatting has been a thing for a while. Itās faking an emergency somewhere while on the phone with law enforcement to trick them into busting down an unwitting victimās door, guns blazing. [Read More]
From zero trust to disrupting threat actors, interesting to see where .govās head is at. [Read More]
We covered this vuln in past issues, and Iāve talked a lot about it on Twitter. This is an incredibly detailed write-up of how this vuln works. [Read More]
Miscellaneous mattjay
The Airbnb collapse is real.
Revenues are down nearly 50% in cities like Phoenix and Austin.
Watch out for a wave of forced selling from Airbnb owners later this year in the areas hit hardest by the revenue collapse.
ā Nick Gerli (@nickgerli1)
7:25 PM ā¢ Jun 27, 2023
āLet us prepare our minds as if weād come to the very end of life. Let us postpone nothing. Let us balance lifeās books each day. ā¦ The one who puts the finishing touches on their life each day is never short of time.ā
Enjoying the new format?This stuff is hard to do in a vacuum. Appreciate feedback! I incorporated some changes based on last week's poll. Let me know if I hit the mark. Most of you like the direction. |
Extra Credit
Help us grow! If you know someone who might be interested in joining the Vulnerable U community, please share this newsletter with them!
Parting Thoughts:
Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.
Stay safe, Matt Johansen
@mattjay