Read Time: 6 minutes

Howdy friends!

I left you off last week before going to see Blink-182 on their reunion tour here in ATX. It was awesome. The woman in front of me screamed at me: “I’m 39!” as she was jumping into the aisle head banging. That summed up the vibe for the night well.

It was 109 degrees here this week, so we’ve either been indoors or underwater. Barton Springs seemed like a good choice.

Sneak Peak at the Blog of the Week:

In this episode:

• Finding Your Moat

• Mitigation for China-Based Threat Actor Activity

• Microsoft Warns of Office Zero-Day Attacks, No Patch Available

• Here’s a reminder to make your Venmo transactions private, courtesy of Clarence Thomas

• FTC investigates OpenAI over data leak and ChatGPT’s inaccuracy

• A run through of an AT&T scam - not by a scam artist, but by a legit AT&T employee

• The Threat Actor Profile Guide for CTI Analysts

• UK Government’s Intelligence Report on China’s Influence

• APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure

ICYMI

🖊️ Something I wrote: A thread on things I wish I knew earlier in my career.

🎧️ Something I heard: 404 Security Not Found podcast - episode on the DBIR and startups/angel investing

📽️ Something I watched: Finetuning LLM models for your specific use cases

🔖 Something I read: 5 Things You Shouldn’t Do During A Depressive Episode (Because they make your depression worse)

Vulnerable News

Mitigation for China-Based Threat Actor Activity

Been hard to avoid folks talking about this one so I made sure it was the lead story this week. Microsoft released an incredibly detailed report about China-based threat actor group Storm-0558. Seems emergency patches going out ASAP by both Apple and Microsoft are related to this groups current campaigns. I’m betting we’ll hear more about this. Krebs has a great summary outside of Microsoft’s. [Read More]

Microsoft Warns of Office Zero-Day Attacks, No Patch Available

Been a wile week for Microsoft out of band reports. This one is about Russian threat actor group, Storm-0978, who are being tracked using phishing campaigns loaded with Microsoft Office 0days with no patch available. This group is also known as RomCom and Microsoft has a lot of info on their Tools & TTPs in this report that will be useful for anyone who’s threat model includes groups like this. [Read More]

Here’s a reminder to make your Venmo transactions private, courtesy of Clarence Thomas

It’s embarrassing enough to see my friends Venmoing each other for things publicly, but you’d think if you work for the Supreme Court you’d have a bit better OPSEC. Some lawyers who are appearing before the Supreme Court sent money to Clarence Thomas’ aide via Venmo. [Read More]

FTC investigates OpenAI over data leak and ChatGPT’s inaccuracy

Someone leaked the FTC subpoena into OpenAI. Seems to be broadly related to data leakage and ChatGPT inaccuracies which may harm consumers. Can’t help but think something else is motivating this investigation, otherwise all data breaches would be looked into like this. [Read More]

A run through of an AT&T scam - not by a scam artist, but by a legit AT&T employee

This scammer picked the wrong target, Michael Coates, former CISO of Twitter & Mozilla. I was reading this thinking it was a phishing scam but it turned out to be a sales rep at AT&T trying to make a sales quota by committing fraud. I smell a class action lawsuit here since I’m guessing it’s not an isolated incident. [Read More]

The Threat Actor Profile Guide for CTI Analysts

I’ve got a lot of respect for folks who run in Threat Intel circles. If you work in DFIR, a major superpower is having an organized intelligence strategy. If you like this kind of stuff, read my friend Scott Robert’s book. Here is another tool in that arsenal for keeping organized profiles on your threat actors. [Read More]

UK Government’s Intelligence Report on China’s Influence

I think this says it all: "There is effectively a global values struggle going on in which China is determined to assert itself as a world power … China is increasingly thinking of a future in which it could be the world power and that means that – if you think of UK interests as being in favour of good governance and transparency and good economic management, which … serve our national interest because it helps with trade, investment, prosperity and stability and so forth – then I think that China represents a risk on a pretty wide scale. – Chair of the Joint Intelligence Committee (JIC)" [Read More]

APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure

These are the kind of devices you don’t know about unless you REALLY know about. Rockwell ControlLogix EtherNet/IP communication modules seem to be under fire by an unnamed APT threat actor group. “Dragos has also analyzed the vulnerabilities and the exploit, warning that it could — depending on the targeted ControlLogix device’s configuration — allow attackers to cause “denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process.” [Read More]

Miscellaneous mattjay

Love this from Rainn Wilson. Reminder that no matter your success level, happiness is in the journey not the destination.

I read this quote last night and felt called to text it to some friends and family that I don’t always tell how grateful I am for them. Grateful for all of you here supporting me as well.

Cancer. All. Gone. 👏 

Extra Credit

Help us grow! If you know someone who might be interested in joining the Vulnerable U community, please share this newsletter with them!

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay