Robin's Newsletter - Volume 3

Volume 3 of Robin’s Newsletter covers the year 2020.

December 2020

December 2020


Vol. 3, Iss. 52
Robin’s Newsletter #132 — 2020 Retrospective
Vol. 3, Iss. 52

Strap in and get ready for a recap of the things that I think have been most _interesting_ rather than _highest profile_, in 2020.


Vol. 3, Iss. 51
Robin’s Newsletter #131
Vol. 3, Iss. 51

SUNBURST attack on U.S. government is both huge, and nothing new. Google suffers multiple outages. Automated attacks on online banking.


Vol. 3, Iss. 50
Robin’s Newsletter #130
Vol. 3, Iss. 50

FireEye breached by sophisticated actor; $1TN reportedly lost to cybercrime in 2020; Zodiac killer cipher cracker after 51 years.


Vol. 3, Iss. 49
Robin’s Newsletter #129
Vol. 3, Iss. 49

TrickBot is recovering from CyberCom, Microsoft takedowns, gains UEFI/BIOS capabilities. 'Cold chain' of COVID-19 vaccine targeted. Zero-click exploit in Apple iPhone.

November 2020

November 2020


Vol. 3, Iss. 48
Robin’s Newsletter #128
Vol. 3, Iss. 48

RCEP, cyber cooperation and Asian data sovereignty; UK National Cyber Force; Microsoft's 'Pluton' and US Special Forces buying location tracking data


Vol. 3, Iss. 47
Robin’s Newsletter #127
Vol. 3, Iss. 47

RCEP, cyber cooperation and Asian data sovereignty; UK National Cyber Force; Microsoft's 'Pluton' and US Special Forces buying location tracking data


Vol. 3, Iss. 46
Robin’s Newsletter #126
Vol. 3, Iss. 46

No, Apple aren't logging every app you run, but they are brining privacy nutrition labels to AppStore. Tim Berners-Lee's Inrupt launches Solid server. Ticketmaster to appeal £1.25M data breach penalty.


Vol. 3, Iss. 45
Robin’s Newsletter #125
Vol. 3, Iss. 45

Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.


Vol. 3, Iss. 44
Robin’s Newsletter #124
Vol. 3, Iss. 44

Marriott's data breach penalty, how the Clean Network Program is changing 5G economics, reverse-engineering redaction and new ransom threat to health data. Plus company naming fun.

October 2020

October 2020


Vol. 3, Iss. 43
Robin’s Newsletter #123
Vol. 3, Iss. 43

DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.


Vol. 3, Iss. 42
Robin’s Newsletter #122
Vol. 3, Iss. 42

British Airways fined £20M for data breach; Businesses exploiting contact tracing data; Microsoft's trademark takedown of TrickBot.


Vol. 3, Iss. 41
Robin’s Newsletter #121
Vol. 3, Iss. 41

Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.


Vol. 3, Iss. 40
Robin’s Newsletter #120
Vol. 3, Iss. 40

US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.

September 2020

September 2020


Vol. 3, Iss. 39
Robin’s Newsletter #119
Vol. 3, Iss. 39

YOLOsec, FOMOsec, business value and commodity controls. Plus a couple of examples of how hactivism is evolving.


Vol. 3, Iss. 38
Robin’s Newsletter #118
Vol. 3, Iss. 38

Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(


Vol. 3, Iss. 37
Robin’s Newsletter #117
Vol. 3, Iss. 37

China's Global Initiative on Data Security; Ireland's data regulator 'unlikes' Facebook; Who is top of the Cyber Power Index?


Vol. 3, Iss. 36
Robin’s Newsletter #116
Vol. 3, Iss. 36

Benchmark data from Hiscox's Cyber Readiness Report 2020, MIT's SCRAM, US federal vulnerability disclosure policies, CEO responsibilities and Tesla's fleet-wide hack.

August 2020

August 2020


Vol. 3, Iss. 35
Robin’s Newsletter #115
Vol. 3, Iss. 35

Attempted $1M bribe of Tesla employee in ransomware campaign. NZX trading suspended for four days due to DDOS. Supply and demand in security budgets.


Vol. 3, Iss. 34
Robin’s Newsletter #114
Vol. 3, Iss. 34

Personal liability for CISOs in data breach cover-ups, 'fraudulent data requests' at Experian and mailto: attachment vulnerability.


Vol. 3, Iss. 33
Robin’s Newsletter #113
Vol. 3, Iss. 33

Algorithms and accuracy in A-Level exame results. ReVoLTE over 4G misconfiguration. Vaccinating against Emotet.


Vol. 3, Iss. 32
Robin’s Newsletter #112
Vol. 3, Iss. 32

Bits from Black Hat (satellites, bug bounties and manipulating energy markets), plus Liam Fox's emails and the march of time on seized devices.


Vol. 3, Iss. 31
Robin’s Newsletter #111
Vol. 3, Iss. 31

Ransomware payments encourage more ransomware attacks. EU cyber sanctions. Three charged in Twitter crypto-scam.

July 2020

July 2020


Vol. 3, Iss. 30
Robin’s Newsletter #110
Vol. 3, Iss. 30

Garmin 'ran somewhere.' UK Test & Trace doesn't have a DPIA. Emotet serving up Hackerman memes.


Vol. 3, Iss. 29
Robin’s Newsletter #109
Vol. 3, Iss. 29

Schrems II, Huawei, and the battle for digital dominance. Plus the 'Great Twitter Hack,' and All. The. Vulnerabilities.


Vol. 3, Iss. 28
Robin’s Newsletter #108
Vol. 3, Iss. 28

Hong Kong's new national security law causes headaches for citizens, tech and finance companies. Steal the cash, not the painting. Cosmic Lynx and Russian cyber-criminals' 'synergistic value accelerative opportunity'


Vol. 3, Iss. 27
Robins Newsletter #107
Vol. 3, Iss. 27

Encrochat and evolving law enforcement tactics prove there is a different want to encryption backdoors. Explosion at Natanz doesn't mean 'Stuxnet 2.' And, don't host your website on Internet Archive.

June 2020

June 2020


Vol. 3, Iss. 26
Robins Newsletter #106
Vol. 3, Iss. 26

Three years on from NotPetya. BlueLeaks and sector-specific aggregation of risk. Minimising harm in breach notification comms. Exfiltrating data using Google Analytics.


Vol. 3, Iss. 25
Robins Newsletter #105
Vol. 3, Iss. 25

COVID-19 cyber threat update; IoT device vulnerabilities; how to spot like-farming!


Vol. 3, Iss. 24
Robins Newsletter #104
Vol. 3, Iss. 24

Snowstorm in a Dark Basin: Citizen Lab, MDR Cyber shine light on hackers for hire. Babylon Health breach and lessons from Apple, Amazon, and Google. How far do you go to protect against cyber-harm on your platform?


Vol. 3, Iss. 23
Robins Newsletter #103
Vol. 3, Iss. 23

REvil launch auction site, while Maze and LockBit team up to pool resources, know-how. Plus inside a BEC scam and DROP DATABASE tickets.

May 2020

May 2020


Vol. 3, Iss. 22
Robins Newsletter #102
Vol. 3, Iss. 22

Cybercrime is boring; Capital One IR report isn't legally privileged; and easyJet target of £18Bn legal action.


Vol. 3, Iss. 21
Robins Newsletter #101
Vol. 3, Iss. 21

The annual DBIR data-fest, looking in to EasyJet's breach, the importance of audit trails, and Trump's banking details


Vol. 3, Iss. 20
Robins Newsletter #100
Vol. 3, Iss. 20

Pricing cyber risk from external data, attack on 'UK electricity system' and mining crypocurrency with supercomputers


Vol. 3, Iss. 19
Robins Newsletter #99
Vol. 3, Iss. 19

Contact tracing apps, password reuse stats, law firm ransomware, and the integrity of systems


Vol. 3, Iss. 18
Robins Newsletter #98
Vol. 3, Iss. 18

Mobile device management as a vector, turning antivirus against itself and ransomware's long game

April 2020

April 2020


Vol. 3, Iss. 17
Robins Newsletter #97
Vol. 3, Iss. 17

Zero-click vulnerability in Apple's Mail app, surveillance and tracking COVID-19, UK MoD relaxes security requirements.


Vol. 3, Iss. 16
Robins Newsletter #96
Vol. 3, Iss. 16

Compliance risk and the German state of North Rhine-Westphalia’s loss of €30M-€100M #COVID19 aid because of poor identity verification. Plus DoD and measuring meaningful things. And jumping air-gaps with computer fans.


Vol. 3, Iss. 15
Robins Newsletter #95
Vol. 3, Iss. 15

Cyber-crime economics of Coronavirus; US Senate bans Zoom; China Telecom and BGP hijacks


Vol. 3, Iss. 1
Robin’s Newsletter #81
Vol. 3, Iss. 1

California's Consumer Privacy Act; Travelex systems still offline; the rise of 'data exposures'.


Vol. 3, Iss. 2
Robin’s Newsletter #82
Vol. 3, Iss. 2

Travelex's ongoing response; £500K penalty for DSG Retail; No patch for Citrix vulnerabilities until end of month.


Vol. 3, Iss. 3
Robin’s Newsletter #83
Vol. 3, Iss. 3

Changing the economics of cybercrime; Windows crypto vulnerability; and rival groups exploiting Citrix.


Vol. 3, Iss. 4
Robin’s Newsletter #84
Vol. 3, Iss. 4

Jeff Bezos' phone hacking; Microsoft's elastic search snafu; ClearView.AI and facial recognition tech.


Vol. 3, Iss. 5
Robin’s Newsletter #85
Vol. 3, Iss. 5

Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.


Vol. 3, Iss. 6
Robin’s Newsletter #86
Vol. 3, Iss. 6

Simon Weckert's Google Maps art installation; IKEA's data promise; and valentine's security awareness.


Vol. 3, Iss. 7
Robin’s Newsletter #87
Vol. 3, Iss. 7

Huawei, Crypto AG, and all the nations doin' all the cybers; plus Emotet.


Vol. 3, Iss. 8
Robin’s Newsletter #88
Vol. 3, Iss. 8

Georgia defacement attribution; misusing anti-abuse; Pipeline ransomware.


Vol. 3, Iss. 9
Robin’s Newsletter #89
Vol. 3, Iss. 9

Security awareness without fear; Android malware stealing 2FA codes; click here to sue everybody.


Vol. 3, Iss. 10
Robin’s Newsletter #90
Vol. 3, Iss. 10

Cashing in on loyalty points; scam certificate pages and the CIAs password


Vol. 3, Iss. 11
Robin’s Newsletter #91
Vol. 3, Iss. 11

Future U.S. cyber strategy; Whisper not-so-secret; wormable Microsoft vulnerability in SMB


Vol. 3, Iss. 12
Robin’s Newsletter #92
Vol. 3, Iss. 12

Government cyber advice, examples of phishing campaigns, and things you should patch in the times of COVID-19.


Vol. 3, Iss. 13
Robin’s Newsletter #93
Vol. 3, Iss. 13

FBI COVID-19 scam warning; FIN7 mailing malware USB keys; predicting attacks from Russian APTs.


Vol. 3, Iss. 14
Robin’s Newsletter #94
Vol. 3, Iss. 14

All the Zoom news distilled, plus Marriott data breach, Morrisons' supreme court win, cloud availability, bug bounty non-disclosures and COVID-19 CTI.