Unsupervised Learning is my weekly curation of the most interesting stories and ideas in infosec, technology, and humans.
There is no podcast for this issue.
Infosec news
A zero-day in Microsoft SMB has received a maximum CVSS score of 10/10, and it applies to Windows 8 and 10. There's no fix until February 14th, so make sure you have ports 139, 445, 137, and 138 blocked, including outbound. Link
Hacker releases alleged Cellebrite hacking tools, sends message that this is why you don't build backdoors into systems. Link
The IRS is warning of a tax-related phishing campaign where attackers spoof a company executive and ask for W-2 forms and/or bank transfers. It's been quite successful and it's picking up again due to tax season. Link
Up to 150,000 internet-connected printers all over the world have been probed by an attacker who sent messages saying they'd been pwned. Link
Gitlab has had some major drama after losing significant data when they discovered their backups were not usable. Someone had run the infamous rm -rf command. Link
Vulnerabilities have been discovered in some Honeywell web-based SCADA controllers. Using the issues attackers can access a certain URL and extract cleartext passwords that can be used to access the networks those devices reside on. Link
A British man and Swedish woman have been arrested for attacking Washington D.C. surveillance cameras with ransomware. 123 of 187 network video recorders were rendered non-functional. Link
HTTPS has crossed the historic milestone of being used on 50% of sites, according to Mozilla. Link
Technology news
Apple has purchased VocalIQ, a company working to bring deep context to conversations with machines. Link
Planet has purchased Terra Bella from Google. Link
Researchers can extract audio from a video where none was recorded, simply by watching how surfaces vibrated. Link
Amazon now has more than 340K employees, having added over 110K just this year. Link
Human news
Researchers have data mined 1,700 of the most popular stories of all time and discovered that they tend to follow six main story arcs. Link
A framework of consequences when you have unhappy developers. Link
Notes
I'll be giving a talk at RSA on Wednesday at 1:30pm at Moscone West, Room 2005. The talk is on using Adaptive Testing Methodologies to test medical devices. Link
I'll also be spending a good amount of time during the conference at IOActive's IOAsis, which is right down the street from Moscone. It's like a sanctuary away from the show floor where you can come talk about security, get a massage, etc. Stop by and say hello. Link
I've finished Lexicon, and I can virtually guarantee that anyone who likes this newsletter will love this book. It's in my top 5 fiction books for sure. Link
I just started reading Hamilton's Biography, Alexander Hamilton. Link
There's no sister podcast for this issue.
Recommendations
Consider filing your taxes as quickly as possible, and having your loved ones do the same, as it will make you less likely to be a victim of the tax fraud that's going around.
Aphorism
"Life is not lost by dying; life is lost minute by minute, day by dragging day, in all the thousand small and uncaring ways." ~ Stephen Vincent Benét
Get my new book on the predictable way in which timeless human drives will manifest through technology, The Real Internet of Things.