šŸŽ“ Vulnerable U | #018

The Myth of Arrival, SEC goes after SolarWinds CISO, Will AI Save the World?, and more...

Author

Matt Johansen
June 30, 2023

Read Time: 5 minutes

Howdy friends!

Writing to you from a city where today the only place hotter was the Sahara desert. Trying to stay cool here in Texas and staring longingly at an Airbnb tab open in my browser at all times.

In my infinite wisdom, Iā€™ve decided to stand out in this heat and light fire to charcoal and cook meat for hours. At least the payoff is worth the sweat, as it often is.

In this episode:

  • The Myth of Arrival

  • SEC Targets SolarWindsā€™ CISO over Russia Hack

  • Hacktivists Steal Gov Files from Texas City of Fort Worth

  • Why AI Will Save The World

  • Top 10 Reasons We Donā€™t Hear About ā€œWesternā€ Hacking

  • Metasploit Module added for MOVEit

  • AWS CloudTrail Cheat Sheet

  • I Shouldnā€™t Have to Accept Being in Deepfake Porn

  • LetMeSpy stalkerware provider, says it was hacked

  • Russian satellite telecom Dozer hit by hackers

  • FBI Creates a database to track swatting

  • White House Cybersecurity Priorities for 2025 Budget

  • Analysis of the saltwater backdoor used in Barracuda 0-day

Vulnerable U Blog of the Week:

Ah, the allure of success and accomplishment! We've been conditioned to believe that reaching certain milestones or achieving great heights will bring everlasting fulfillment and satisfaction. But let me tell you something I continually struggle to remember. Despite all the accolades, despite all the achievements, I can still find myself feeling incomplete and even downright unsatisfied.

Now, don't get me wrong. I'm not here to rain on anyone's parade or belittle the hard work and dedication that goes into accomplishing remarkable feats. But let's peel back the layers and uncover the harsh reality that lurks beneath the surface of successā€¦

ā€¦Letā€™s start by defining this myth that seduces us with the promise of eternal contentment. The myth of arrival is a deceptive belief that once we achieve a certain level of success or check off all the boxes on societyā€™s predetermined list of accomplishments, we will magically attain everlasting happiness and fulfillment.

Once we beat this level, weā€™ll finally have unlocked all the trophies on the achievements screen.

Itā€™s as if weā€™ve reached the promised land, where all our desires are fulfilled, and we can bask in the glow of our accomplishments. But let me burst that bubble for you. Arrival is nothing more than a mirage, an imaginary oasis in the desert of life.

ICYMI

šŸ–Šļø Something I wrote: This tabletop scenario I posed on Twitter seemed to have struck a chord.

šŸŽ§ļø Something I heard: One of my favorite comedians, Mike Birbiglia, had a great podcast episode with Elyse Meyers discussing storytelling.

šŸŽ¤ Something I said: I was invited to Recon Infosecā€™s Thursday Defensive Webcast. It was a great casual chat with a good crew.

šŸ”– Something I read: Is AI Eating Itself? - Iā€™ve noticed many of this article's points to be true.

Vulnerable News

Second CISO this year facing legal action after a breach. Uber was the first. A few assumptions Iā€™m making are that there would have to be major negligence or proof of lying to authorities. Just getting outmaneuvered as a security team canā€™t start leading to legal repercussions. [Read More]

Iā€™ve included stories about this breach when it originally happened. The part I find interesting now is they are saying nothing of value was stolen from this complete compromise.

Sounds like a new defensive technique to try out. Just donā€™t do business thatā€™s sensitive. Imagine my embarrassment - ā€œWe got hacked, all our files were stolen, and nothing of value was lost.ā€ [Read More]

This Twitter thread by Marc Andreessen got a lot of attention, and whatever you think about him personally, Iā€™d recommend a read through the thread. It is one of the better long forms on the topic Iā€™ve read, dissecting AI excitement and concerns. [Read More]

Looking into differing motives, such as CN APT going after IP, which The West has little need for, to differences in OPSEC practices between the hemispheres. [Read More]

In my years of vulnerability management and prioritization of remediation, Iā€™ve learned a few things. One of them is CVSS sucks, and the real indicator of priority is ā€œDoes a Metasploit module exist for this?ā€ [Read More]

Iā€™m a sucker for a cheat sheet, and my head is in the clouds. [Read More]

I think this is a severely under-thought-about issue among the AI, Security, and Privacy crew. This former public official was the target of deepfake porn spreading around the Internet and has been in a battle against it. [Read More]

There is a trend here. Stalkerware apps that people use to spy on their children or spouses tend to have awful security practices themselves. So not only is this software spying on people, the softwareā€™s author is now breached, and the victimā€™s data leaked. [Read More]

Always fascinating watching what targets get hit harder than the rest in times of war. Satellite comms hit by attackers supposedly aligned with Wagnerā€™s private military. [Read More]

Swatting has been a thing for a while. Itā€™s faking an emergency somewhere while on the phone with law enforcement to trick them into busting down an unwitting victimā€™s door, guns blazing. [Read More]

From zero trust to disrupting threat actors, interesting to see where .govā€™s head is at. [Read More]

We covered this vuln in past issues, and Iā€™ve talked a lot about it on Twitter. This is an incredibly detailed write-up of how this vuln works. [Read More]

Miscellaneous mattjay

Lesson #15: Emotional intelligence is your best friend

Emotional intelligence, like many other things, is something you need to practice on the regular but can really make or break a working experience for your team.

www.engineeringleadership.xyz/p/lesson-15-emotional-intelligence

ā€œLet us prepare our minds as if weā€™d come to the very end of life. Let us postpone nothing. Let us balance lifeā€™s books each day. ā€¦ The one who puts the finishing touches on their life each day is never short of time.ā€

Seneca

Enjoying the new format?

This stuff is hard to do in a vacuum. Appreciate feedback! I incorporated some changes based on last week's poll. Let me know if I hit the mark. Most of you like the direction.

Login or Subscribe to participate in polls.

Extra Credit

Help us grow! If you know someone who might be interested in joining the Vulnerable U community, please share this newsletter with them!

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay