|
Weekly roundup time, everyone's favorite time of the week. On the podcast this week: a very weird story about Apple Podcasts gone haywire, and a map of Ukraine was manipulated in order to win a bet on Polymarket. In the section for subscribers at the Supporter level, how half of the U.S. now requires a face or ID scan to watch porn. And in this week’s interview episode, Joseph speaks to Michael Bobbitt, a former FBI official who worked directly on Operation Trojan Shield. Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube.
|
|
|
|
|
Attack surfaces are expanding fast—driven by shadow IT, supply chains and rapid cloud adoption. Intruder’s 2025 Exposure Management Index—built from data across 3,000+ organizations—reveals how security teams are adapting to this new reality. Key findings: - AI is helping attackers weaponize the back catalog of CVEs, turning old vulnerabilities into new opportunities for exploitation.
- In a reversal from 2024, European organizations are pulling ahead of North America in critical vulnerability management, facing fewer critical issues.
- Thousands of CVEs are published each year, but only a handful truly matter. We’ve identified the five vulnerabilities that defined 2025 and what they teach defenders about real-world risk.
Discover how exposure management is evolving and where your peers stand in 2025.
|
|
|
|
BLOCKBUSTER COULD NEVER As prices for streaming subscriptions continue to soar and finding movies to watch, new and old, is becoming harder as the number of streaming services continues to grow, people are turning to the unexpected last stronghold of physical media: the public library. Some libraries are now intentionally using iconic Blockbuster branding to recall the hours visitors once spent looking for something to rent on Friday and Saturday nights. John Scalzo, audiovisual collection librarian with a public library in western New York, says that despite an observed drop-off in DVD, Blu-ray, and 4K Ultra disc circulation in 2019, interest in physical media is coming back around. “People really seem to want physical media,” Scalzo told 404 Media.  Unsplash FINANCIALIZED EVERYTHINGA live map that tracks frontlines of the war in Ukraine was edited to show a fake Russian advance on the city of Myrnohrad on November 15. The edit coincided with the resolution of a bet on Polymarket, a site where users can bet on anything from basketball games to presidential election and ongoing conflicts. If Russia captured Myrnohrad by the middle of November, then some gamblers would make money. According to the map that Polymarket relies on, they secured the town just before 10:48 UTC on November 15. The bet resolved and then, mysteriously, the map was edited again and the Russian advance vanished.  Image via ISW COOL MILESTONE ALERTAs of this week, half of the states in the U.S. are under restrictive age verification laws that require adults to hand over their biometric and personal identification to access legal porn. Missouri became the 25th state to enact its own age verification law on Sunday. As it’s done in multiple other states, Pornhub and its network of sister sites—some of the largest adult content platforms in the world—pulled service in Missouri, replacing their homepages with a video of performer Cherie DeVille speaking about the privacy risks and chilling effects of age verification.  Credit: Courtesy of Missouri State Archives on Flickr OUTSOURCED SURVEILLANCEFlock, the automatic license plate reader and AI-powered camera company, uses overseas workers from Upwork to train its machine learning algorithms, with training material telling workers how to review and categorize footage including images people and vehicles in the U.S., according to material reviewed by 404 Media that was accidentally exposed by the company. The findings bring up questions about who exactly has access to footage collected by Flock surveillance cameras and where people reviewing the footage may be based. Flock has become a pervasive technology in the U.S., with its cameras present in thousands of communities that cops use everyday to investigate things like car jackings. Local police have also performed numerous lookups for ICE in the system.  A screenshot from the exposed material READ MOREIn response to Half of the US Now Requires You to Upload Your ID or Scan Your Face to Watch Porn, TT writes: “I'm not going to pretend like I was good enough at IT to say definitively that it would be impossible to ban and block VPNs in America without breaking the tech stack of literally every business, but I think any law that they would pass could only have as much teeth as a legal ban on farting.”
IRL lol. And replying to ‘Atoms for Algorithms:’ The Trump Administration’s Top Nuclear Scientists Think AI Can Replace Humans in Power Plants, Anthony Bucci writes: “Integrating critical infrastructure systems more and more tightly by making them all digital and dependent on digital infrastructure increases the risk of catastrophic failure cascades. The risk profile has a phase transition with respect to increasing interconnectivity that, once crossed, makes such failure cascades comparatively highly likely. The effect is not unlike nuclear fission reactions, which require a certain density of fissile material before they'll be self-sustaining. An event that'd just sputter out at one density might become an out-of-control explosion at a slightly higher density. Likewise, what might be a small and isolated component fault at one level of connectivity could be a catastrophic cascading critical infrastructure failure at a slightly higher level of connectivity. The possibility of cascading failures in the nuclear power system seems like something we should be putting considerable resources into avoiding, rather than actively courting. The ‘virtuous cycle’ this scientist is suggesting is potentially a death spiral.”
Subscribers at the Supporter level get commenting privileges, so check your membership status and get in there! BEHIND THE BLOGThis is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss PC woes, voice deepfakes, and mutual aid. JOSEPH: Today I’m speaking at the Digital Vulnerabilities in the Age of AI Summit (DIVAS) (good name) on a panel about the financial risks of AI. The way I see it, that applies to the scams and are being powered by AI. As soon as a new technology is launched, I typically think of ways it might be abused. Sometimes I cover this, sometimes not, but the thought always crosses my mind. One example that did lead to coverage was back at Motherboard in 2023 with an article called How I Broke Into a Bank Account With an AI-Generated Voice. Read the rest of Joseph's Behind the Blog, as well as Sam, Emanuel, and Jason's, by becoming a paid subscriber.
|
