Long term value of a company is inversely correlated to the frequency with which its leaders feel like they can't speak the truth.

Political executives who care more about how they look than the truth destroy value. Yet, business school churn out so many of these people.

Since Apple is now notifying even more victims of spyware, let me resurface this article about Apple's Lockdown Mode, an opt-in iOS/iPadOS/macOS feature to defend against such attacks. glitchcat.xyz/p/four-things-…

Already excited for this.

Are these Crowdstrike or Microsoft threat actor names?

Fascinating deck on the challenges commercial surveillance vendors and exploit vendors are facing and how it looks from their side.

Nice to see TAG and Mandiant report referenced on slide 56. Let's keep up the pressure.

We're expanding our team in Google Málaga!

Open positions:

Security Engineering Manager, Product Security Engineering, Cloud CISO
google.com/about/careers/…
Information Security Engineer, Product Security Engineering, Cloud CISO. Apply now!
google.com/about/careers/…

Apply now!

This is incredible.

From Jamie Lane where AirBnBs are fully booked next week.

Everyone forgets New Zealand

So much of this right now

Comprehensive report from Google's threat intelligence teams on 2023 observed 0 day in the wild.

There's protections we can apply now but we all need to continue to invest to make 0day harder and our systems safer countering these threats.

If you change your Mac's locale to 'English (Australia)' 'Trash' is renamed to 'Bin'.

Nice attention to detail.

APT29 (Midnight Blizzard/Cozy Bear) is targeting German political parties. The SVR has been on a tear lately and their mission of keeping Putin up to date on the West's thinking is especially important at this critical moment in the war. 1/2 mandiant.com/resources/blog…

In a complex system, there isn’t a “safety” knob that you can just turn to the right to increase safety. Safety features increase complexity (new failure modes!) and have opportunity costs (finite resources!). Every intervention involves a tradeoff.

NEW: Russian government hackers (Midnight Blizzard/SVR) keep hacking into Microsoft systems, the company revealed today.

The hackers are using information stolen last year to continue their attacks targeting source code and company systems.

techcrunch.com/2024/03/08/mic…

New: Inside Microsoft's Bing search engine in China, which is censoring information on human rights, democracy, climate change & much more to satisfy China's authoritarian government: bloomberg.com/news/features/…

Quick stopover at Houston Space Center on my way to NYC.

Space stuff does reignite in me the optimism I had as a child that eventually led me to tech.

Thank you, Google Search Generative AI, very informative!

NEW: Spyware maker Variston has lost staff and is shutting down, according to former employees and sources close to the surveillance industry.

The company’s apparent demise came after Google “burned” Variston's name publicly, exposing its hacking tools.

techcrunch.com/2024/02/15/var…

'Three former employees said Google’s report in 2022 blew the lid on Variston’s secrecy. One of the employees said the Google report exposing Variston “might have been the beginning of the end” for the spyware maker.'

Anyway...

techcrunch.com/2024/02/15/var…

This is interesting research that's worth reading. I'd encourage readers to also consider what's NOT here - these groups didn't use LLMs to make new malware or find zero-days. They used them to help research and write scripts. I'm not panicking about this...