🎓 Vulnerable U | #018
The Myth of Arrival, SEC goes after SolarWinds CISO, Will AI Save the World?, and more...
Read Time: 5 minutes
Writing to you from a city where today the only place hotter was the Sahara desert. Trying to stay cool here in Texas and staring longingly at an Airbnb tab open in my browser at all times.
In my infinite wisdom, I’ve decided to stand out in this heat and light fire to charcoal and cook meat for hours. At least the payoff is worth the sweat, as it often is.
In this episode:
The Myth of Arrival
SEC Targets SolarWinds’ CISO over Russia Hack
Hacktivists Steal Gov Files from Texas City of Fort Worth
Why AI Will Save The World
Top 10 Reasons We Don’t Hear About “Western” Hacking
Metasploit Module added for MOVEit
AWS CloudTrail Cheat Sheet
I Shouldn’t Have to Accept Being in Deepfake Porn
LetMeSpy stalkerware provider, says it was hacked
Russian satellite telecom Dozer hit by hackers
FBI Creates a database to track swatting
White House Cybersecurity Priorities for 2025 Budget
Analysis of the saltwater backdoor used in Barracuda 0-day
Vulnerable U Blog of the Week:
🖊️ Something I wrote: This tabletop scenario I posed on Twitter seemed to have struck a chord.
🎧️ Something I heard: One of my favorite comedians, Mike Birbiglia, had a great podcast episode with Elyse Meyers discussing storytelling.
🎤 Something I said: I was invited to Recon Infosec’s Thursday Defensive Webcast. It was a great casual chat with a good crew.
🔖 Something I read: Is AI Eating Itself? - I’ve noticed many of this article's points to be true.
Second CISO this year facing legal action after a breach. Uber was the first. A few assumptions I’m making are that there would have to be major negligence or proof of lying to authorities. Just getting outmaneuvered as a security team can’t start leading to legal repercussions. [Read More]
I’ve included stories about this breach when it originally happened. The part I find interesting now is they are saying nothing of value was stolen from this complete compromise.
Sounds like a new defensive technique to try out. Just don’t do business that’s sensitive. Imagine my embarrassment - “We got hacked, all our files were stolen, and nothing of value was lost.” [Read More]
This Twitter thread by Marc Andreessen got a lot of attention, and whatever you think about him personally, I’d recommend a read through the thread. It is one of the better long forms on the topic I’ve read, dissecting AI excitement and concerns. [Read More]
Looking into differing motives, such as CN APT going after IP, which The West has little need for, to differences in OPSEC practices between the hemispheres. [Read More]
In my years of vulnerability management and prioritization of remediation, I’ve learned a few things. One of them is CVSS sucks, and the real indicator of priority is “Does a Metasploit module exist for this?” [Read More]
I’m a sucker for a cheat sheet, and my head is in the clouds. [Read More]
I think this is a severely under-thought-about issue among the AI, Security, and Privacy crew. This former public official was the target of deepfake porn spreading around the Internet and has been in a battle against it. [Read More]
There is a trend here. Stalkerware apps that people use to spy on their children or spouses tend to have awful security practices themselves. So not only is this software spying on people, the software’s author is now breached, and the victim’s data leaked. [Read More]
Always fascinating watching what targets get hit harder than the rest in times of war. Satellite comms hit by attackers supposedly aligned with Wagner’s private military. [Read More]
Swatting has been a thing for a while. It’s faking an emergency somewhere while on the phone with law enforcement to trick them into busting down an unwitting victim’s door, guns blazing. [Read More]
From zero trust to disrupting threat actors, interesting to see where .gov’s head is at. [Read More]
We covered this vuln in past issues, and I’ve talked a lot about it on Twitter. This is an incredibly detailed write-up of how this vuln works. [Read More]
The Airbnb collapse is real.
Revenues are down nearly 50% in cities like Phoenix and Austin.
Watch out for a wave of forced selling from Airbnb owners later this year in the areas hit hardest by the revenue collapse.
— Nick Gerli (@nickgerli1)
Jun 27, 2023
Enjoying the new format?
This stuff is hard to do in a vacuum. Appreciate feedback! I incorporated some changes based on last week's poll. Let me know if I hit the mark. Most of you like the direction.
Help us grow! If you know someone who might be interested in joining the Vulnerable U community, please share this newsletter with them!
Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.
Stay safe, Matt Johansen