Apple fixed 224 vulnerabilities across MacOS, iOS, and Safari. Link
A researcher named Rafael Scheel has found a way to hack many smart TVs remotely using DVB-T signals. He is able to transmit exploits to the TV over this DVB signal and get root on the device. Link
Facial recognition on the new Samsung S8 can be tricked using nothing more than a photo. Many of these techniques can be broken; we're going to need composites of many factors before long. Link
A bot campaign is targeting the gift cards from around 1,000 websites. It's basically figuring out the account number format and brute forcing the numbers until it finds valid ones with balances. It then uses them to buy things, which is basically anonymous. This is why so many scams use gift cards as currency. Link
Researchers have found a way to imperceptibly alter images so that they're no longer recognizable by machine learning. Tom, meet Jerry. Expect this type of cat and mouse to become increasingly common, with counters to the counter to follow. Link
The FBI is warning people that attackers are targeting medical and dental business FTP servers looking for sensitive data. This continues the trend of high sensitivity data stored by companies with little security expertise. Link
Developers on GitHub have been targeted in a phishing campaign that attempts to distribute a Powershell-based trojan named Dimnie. Link
A NAID study of 250 devices in second-hand markets found that 40% of them had PII still on them. Make sure deprovisioning is part of your data protection strategy. Link
Skype is evidently pushing fake Flash update ads that point to ransomware. Link
1.4 billion data records were exposed in 2016 breaches, which was an 86% increase over 2015. Link
Germany has created a separate military group for cybersecurity, as it sees a massive number of allegedly Russia-based attacks in the beginning of 2017. Link
New policy around laptops on flights may force companies to strengthen their policies on endpoint data security. I'd also be a bit cautious about what you're doing on temporary laptops given by airlines. Link
VMware has patched some nasty arbitrary code execution bugs in its ESX and Fusion products. If you have any, get them patched. Link
Wells Fargo is deploying Apple Pay based ATMs later this year. Anything to avoid the magnetic stripe please, thank you. Link
Researchers egress data from a network using a scanner and a drone-mounted laser. Link
OpenDNS (Cisco) has released a tool called DNSCrypt to encrypt all your DNS queries from you to OpenDNS. Link
Someone popped the McDonald's Canada jobs website and stole around 100,000 applicants' PII. Link
Technology news
Amazon Connect is Amazon's cloud-based contact center that uses Alexa technologies to help businesses run a successful support function. Link
This ML technology can identify a handgun being held in extreme low quality images. Link
Uber is using subtle psychological manipulation to make drivers do what they want using the driver app. Link
A new traffic routing algorithm aims to defeat traffic jams, and only requires 10% of vehicles to be autonomous. Link
Google has consolidated all of its open source projects under a new website. Link
Facebook has launched a location sharing feature called Live Location. It works within Messenger, making it easier to coordinate with someone you're talking to. It times out in 60 minutes. Link
Cisco is being pressured to decouple their networking software from their high-end hardware. Link
Apple has hired a veteran YouTube executive to enhance their video game. Link
Researchers are building AI to replace video game testers. Link
The U.S. military is experimenting with using brain stimulation to improve performance in soldiers. Improvements have been seen in focus, learning, intelligence, and even strength and stamina. Link
A new material absorbs 99.96% of light, making objects painted with it look two-dimensional. Link
Netflix might pay people to translate subtitles. Get in soon, before computers can do it better. Link
Desperate farmers are installing hacked Ukrainian firmware on their John Deere tractors. Link
49% of goods that Amazon ships are sold by third parties, and that's creating a dynamic, stock-market-like economy of price surges and crashes. Link
Right after my influencer piece last week, Amazon has launched an exclusive influencer affiliate program. Link
Human news
Harvard Business Review reminds us that reading makes people successful, and gives us advice on how to read more. Link
The director of The Fifth Element, La Femme Nikita, and The Professional, is coming out with a new sci-fi film called Valerian and the City of a Thousand Planets after 10 years of preparation. Link
The National Bureau of Economic Research said that between 1990 and 2007 when one or more industrial robots were introduced into the workforce it led to the elimination of 6.2 human jobs in the local area. Link
A 3,800 year-old intact and untouched tomb has been found in Egypt, complete with pottery, wooden models, and other scenes from daily life. Link
A Japanese man has become the first person to receive reprogrammed stem cells from another person. The goal was to improve his macular degeneration. Link
The number of people using heroin in the United States has increased by 5x in the last decade. Link
One of my favorite talks from ENIGMA 2017 about extracting private information from humans through subliminal stimuli and biometric data capture. Brilliant research that's about to get far more important. Link
An insightful post by Benedict Evans on the effects autonomous vehicles will have on cities. Link
A fantastic talk by Ian Haken of Netflix on securing secrets at scale, so basically the ability to stand up boxes very quickly with a full trust scaffolding in place. Link
Foursquare is now offering a brick and mortar foot traffic analytics product. If you thought they died a long time ago, you're not alone, but they actually successfully transitioned to being a data provider company. Link
The Grugq's latest piece on Russia's continuing information campaigns in France, Germany, and elsewhere. Link
A list of considerations for choosing a good personal VPN provider. Link
A remarkably good CNN documentary called, Vladamir Putin: The Most Powerful Man in the World. Link
Carnegie Mellon's breakdown of Cyber Intelligence Analyst skills. Link
A deep learning Python environment in a fully contained VM for learning. Link
Use this link to delete voice and audio conversations that Google has of yours. Link
A study showing 77% of the Alexa Top 5,000 use at least one vulnerable JS library. Link
DHCPig --- A DHCP exhaustion tool for DOSing a network. Seems like it'd work well with a MiTM tool as well. Link
Inquisitor --- An OSINT gathering tool for companies and organization, written by my friend Jon Peñafiel. Link
AutOSINT --- A tool to automate common OSINT gathering tasks. Link
OSINATO --- A network traffic generator and analyzer. Wireshark, in reverse. Link
Squidmagic --- Analyze web based network traffic for signs of malware. Link
MimiPenguin --- A tool for dumping the login password for the current Linux user. Link
Noiszy --- A plugin that generates massive amounts of browsing noise to make it harder for people to know what you're doing if they're observing you. Link
Infosec Awesome Lists --- A collection of online courses, academic courses, labs, CTFs, books, video playlists, other awesome lists, and more. A brilliant collection. Link
I'm still reading Homo Deus, and I just started part 3 (chapter 8). It's so remarkably good that I'm recommending that anyone who likes what I write about, or this newsletter, put this book on the top of their list. You won't be disappointed. Link
Still working on the OSINT primer. I keep finding and exploring more and more tools.
I asked Twitter what TV I should be watching since I've not watched anything since Westworld finished. Answers included: The Expanse, Rick and Morty, Last Week Tonight, Chef's Table, Blacklist, Preacher, and 3%. Any other recommendations? Link
Recommendations
You probably don't need 0day defenses, threat intelligence, or AI-powered SOCs. Focus instead on Asset Management, Patching, Limiting Admin on Workstations, Logging/Monitoring/response, DNS Hygiene, and Egress Control.
Aphorism
"I prefer the errors of enthusiasm to the indifference of wisdom." ~ Anatole France
Get my new book on the predictable way in which timeless
human drives will manifest through technology, The Real Internet of Things.
