🎓 Vulnerable U | #018

The Myth of Arrival, SEC goes after SolarWinds CISO, Will AI Save the World?, and more...

Read Time: 5 minutes

Howdy friends!

Writing to you from a city where today the only place hotter was the Sahara desert. Trying to stay cool here in Texas and staring longingly at an Airbnb tab open in my browser at all times.

In my infinite wisdom, I’ve decided to stand out in this heat and light fire to charcoal and cook meat for hours. At least the payoff is worth the sweat, as it often is.

In this episode:

  • The Myth of Arrival

  • SEC Targets SolarWinds’ CISO over Russia Hack

  • Hacktivists Steal Gov Files from Texas City of Fort Worth

  • Why AI Will Save The World

  • Top 10 Reasons We Don’t Hear About “Western” Hacking

  • Metasploit Module added for MOVEit

  • AWS CloudTrail Cheat Sheet

  • I Shouldn’t Have to Accept Being in Deepfake Porn

  • LetMeSpy stalkerware provider, says it was hacked

  • Russian satellite telecom Dozer hit by hackers

  • FBI Creates a database to track swatting

  • White House Cybersecurity Priorities for 2025 Budget

  • Analysis of the saltwater backdoor used in Barracuda 0-day

Vulnerable U Blog of the Week:

Ah, the allure of success and accomplishment! We've been conditioned to believe that reaching certain milestones or achieving great heights will bring everlasting fulfillment and satisfaction. But let me tell you something I continually struggle to remember. Despite all the accolades, despite all the achievements, I can still find myself feeling incomplete and even downright unsatisfied.

Now, don't get me wrong. I'm not here to rain on anyone's parade or belittle the hard work and dedication that goes into accomplishing remarkable feats. But let's peel back the layers and uncover the harsh reality that lurks beneath the surface of success…

…Let’s start by defining this myth that seduces us with the promise of eternal contentment. The myth of arrival is a deceptive belief that once we achieve a certain level of success or check off all the boxes on society’s predetermined list of accomplishments, we will magically attain everlasting happiness and fulfillment.

Once we beat this level, we’ll finally have unlocked all the trophies on the achievements screen.

It’s as if we’ve reached the promised land, where all our desires are fulfilled, and we can bask in the glow of our accomplishments. But let me burst that bubble for you. Arrival is nothing more than a mirage, an imaginary oasis in the desert of life.

ICYMI

🖊️ Something I wrote: This tabletop scenario I posed on Twitter seemed to have struck a chord.

🎧️ Something I heard: One of my favorite comedians, Mike Birbiglia, had a great podcast episode with Elyse Meyers discussing storytelling.

🎤 Something I said: I was invited to Recon Infosec’s Thursday Defensive Webcast. It was a great casual chat with a good crew.

🔖 Something I read: Is AI Eating Itself? - I’ve noticed many of this article's points to be true.

Vulnerable News

Second CISO this year facing legal action after a breach. Uber was the first. A few assumptions I’m making are that there would have to be major negligence or proof of lying to authorities. Just getting outmaneuvered as a security team can’t start leading to legal repercussions. [Read More]

I’ve included stories about this breach when it originally happened. The part I find interesting now is they are saying nothing of value was stolen from this complete compromise.

Sounds like a new defensive technique to try out. Just don’t do business that’s sensitive. Imagine my embarrassment - “We got hacked, all our files were stolen, and nothing of value was lost.” [Read More]

This Twitter thread by Marc Andreessen got a lot of attention, and whatever you think about him personally, I’d recommend a read through the thread. It is one of the better long forms on the topic I’ve read, dissecting AI excitement and concerns. [Read More]

Looking into differing motives, such as CN APT going after IP, which The West has little need for, to differences in OPSEC practices between the hemispheres. [Read More]

In my years of vulnerability management and prioritization of remediation, I’ve learned a few things. One of them is CVSS sucks, and the real indicator of priority is “Does a Metasploit module exist for this?” [Read More]

I’m a sucker for a cheat sheet, and my head is in the clouds. [Read More]

I think this is a severely under-thought-about issue among the AI, Security, and Privacy crew. This former public official was the target of deepfake porn spreading around the Internet and has been in a battle against it. [Read More]

There is a trend here. Stalkerware apps that people use to spy on their children or spouses tend to have awful security practices themselves. So not only is this software spying on people, the software’s author is now breached, and the victim’s data leaked. [Read More]

Always fascinating watching what targets get hit harder than the rest in times of war. Satellite comms hit by attackers supposedly aligned with Wagner’s private military. [Read More]

Swatting has been a thing for a while. It’s faking an emergency somewhere while on the phone with law enforcement to trick them into busting down an unwitting victim’s door, guns blazing. [Read More]

From zero trust to disrupting threat actors, interesting to see where .gov’s head is at. [Read More]

We covered this vuln in past issues, and I’ve talked a lot about it on Twitter. This is an incredibly detailed write-up of how this vuln works. [Read More]

Miscellaneous mattjay

Let us prepare our minds as if we’d come to the very end of life. Let us postpone nothing. Let us balance life’s books each day. … The one who puts the finishing touches on their life each day is never short of time.

Seneca

Enjoying the new format?

This stuff is hard to do in a vacuum. Appreciate feedback! I incorporated some changes based on last week's poll. Let me know if I hit the mark. Most of you like the direction.

Login or Subscribe to participate in polls.

Extra Credit

Help us grow! If you know someone who might be interested in joining the Vulnerable U community, please share this newsletter with them!

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay