I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously led BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.
I help businesses defend themselves from cyber crime and thrive in the digital world and have over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.
If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.
White House ransomware summit attended by over 30 countries. Client-side scanning (such as for CSAM) may undermine democracy. Don't view-source on Missouri state websites
Vol. 4 Iss. 42 17/10/2021 Robin Oldham
This week 30 countries discuss ransomware threat in White House-organised virtual meetings The White House organised convened a summit of over 30 countries this week to discuss how to tackle the threat of ransomware. Taking place over a series of virtual meetings over two days there was an agreement of the “escalating global security threat with serious economic and security consequences.” No formal treaty resulted from the meetings, though the UK, Australia, India and Germany will lead working groups to better co-ordinate and tighten the international response to ransomware.Read more… ( ~7 Min.)
Facebook's outage; compromise at major telco supplier; Twitch's massive breach; NSO Group spyware used to spy on Princess' divorce.
Vol. 4 Iss. 41 10/10/2021 Robin Oldham
This week Facebook outage may cost the firm $60M Facebook accidentally disconnected itself from the Internet this week, causing all of its services to be unavailable to its three billion users for six hours, as engineers scrambled to fix the issue. The outage was caused when the social network stopped advertising Border Gateway Protocol (BGP) routes that signpost how to get to its network. The company also hosts its Domain Name System (DNS) servers itself, and that meant that human-friendly names like ‘facebook.Read more… ( ~10 Min.)
Vol. 4 Iss. 40 03/10/2021 Robin Oldham
This week Azure AD wasn’t logging failed Seamless SSO login requests A ‘flaw’ in the design of Azure Active Directory allows repeated, unlogged, single-factor authentication attempts without a lockout, according to research from Secureworks. This would allow attackers to brute force passwords of user accounts without any knowledge of the target organisation. The issue, which exists in the Seamless Single Sign-On (SSO) process, was reported to Microsoft in June, who responded to the submission in July saying that the operation was “by design.Read more… ( ~7 Min.)
'Releasing the hounds' on ranomware actors, though FBI involvement in Kaseya shows offnseive operations may already be underway.
Vol. 4 Iss. 39 26/09/2021, last updated 14/10/2021 Robin Oldham
This week America needs to ‘release the hounds’ on ransomware “America Is Being Held for Ransom. It Needs to Fight Back.” Says CrowdStrike co-founder Dmitri Alperovitch in a New York Times op-ed piece this week. Citing a lack of evidence that diplomacy is yielding any results on ransomware, and previous successful campaigns disrupting and degrading the Islamic State’s ability to operate in cyber-space, Alperovitch suggests that “purely defensive strategies will fall short,” and that “the task is too big” to expect every hospital, school, and small business to be able to defend itself.Read more… ( ~6 Min.)
Azure Linux VMs being compromised. OWASP Top 10 draft updates. Microsoft goes passwordless. Learning from other professions.
Vol. 4 Iss. 38 19/09/2021 Robin Oldham
This week Vulns in Azure Linux VMs being actively exploited Security researchers from Wiz.io found vulnerabilities in Microsoft Open Management Infrastructure (OMI)project that can trivially be exploited and used to remotely execute code on Linux virtual machines running in Microsoft’s Azure cloud. By not providing an authentication token, the OMI agent on the VM would simply not perform an authentication check and default to running the commands as root. Oops.Read more… ( ~4 Min.)
Encryption backdoors, the NSA and Juniper. Proton Mail got served. Wireless charging side-channel attacks.
Vol. 4 Iss. 37 12/09/2021 Robin Oldham
This week Encryption backdoors, the NSA and Juniper New reporting on some older events that’s relevant in the current encryption debate and the need for backdoors. Sometimes simple commercial pressure can get your government encryption backdoor into commercial security products. The NSA developed an encryption standard called ‘Dual Elliptic Curve Deterministic Random Bit Generator’ (Dual EC CRBG), got NIST to include it in a standard (NIST SP-800-90A) and then leaned on US network vendors like Juniper, RSA and Cisco to implement it in their products.Read more… ( ~5 Min.)
Focus on proxyware, patch your confluence servers, the normalisation of surveillance, and interview with a ransomware negotiator.
Vol. 4 Iss. 36 05/09/2021 Robin Oldham
The next couple of newsletters will be a slightly condensed affair as I’m on holiday. This week Focus on proxyware Cisco Talos have a good write up on proxyware: tunnelling traffic to ‘share’ internet bandwidth with other users and make it appear to be coming from other networks - a bit like Tor - with those that install the software often being paid modest fees for running a node and participating in the network.Read more… ( ~6 Min.)
Microsoft's $20BN investment is on its own products, and they need the investment. Future of the UK's 'post-Brexit' data protection regime and new Information Commissioner. Samsung can remotely disable its smart TVs.
Vol. 4 Iss. 35 29/08/2021 Robin Oldham
This week Azure Cosmos DB data available for world + dog Security researchers at Wiz this week disclosed a vulnerability in Microsoft Azure’s Cosmos DB that gave read and write access to every database on the service. The vulnerability stems from a feature added by Microsoft in 2019 to allow interoperability with Jupiter Notebooks. Full details are not available yet, but involves privilege escalation that gives a user access to their, or any other Cosmos DB’s primary keys.Read more… ( ~10 Min.)
T-Mobile suffers *another* data breach. Pearson settles over misleading investors. Outrage in cyber risk. Anyone can post a LinkedIn job as pretty much any company.
Vol. 4 Iss. 34 22/08/2021 Robin Oldham
This week T-Mobile data breach exposes personal data of 47.8M people T-Mobile announced a data breach affecting 47.8M people this week after a post on a dark web marketplace advertised the data on ‘100 million people’ for sale. If it sounds familiar, that’s because this marks the fourth breach in four years for T-Mobile (vol. 3, iss. 10), making the claims that they “take our customers’ protection very seriously” increasingly hard to swallow.Read more… ( ~7 Min.)
Apple's damage-control on CSAM. Belarus' state security doxxing. Code poisoning ML models.
Vol. 4 Iss. 33 15/08/2021 Robin Oldham
This week Apple scrambles to contain fallout of new CSAM features Apple’s plans to tackle child sexual abuse material (CSAM) (vol. 4, iss. 32) on its platforms, namely iCloud and iMessage, has faced significant backlash and confusion. The protests also came internally, with Reuters reporting internal Apple communication tools having over 800 messages with concerns over the features and how they were introduced. Craig Federighi, senior vice president of software engineering at Apple, has given a lengthy video interview with The Wall Street Journal to try and clear up the confusion, though the piece is largely a consumer damage control piece rather than correcting a fundamental misunderstanding in the technical architecture being proposed.Read more… ( ~7 Min.)