Robin's Newsletter - Volume 3
Volume 3 of Robin’s Newsletter covers the year 2020.
December 2020
December 2020
Vol. 3, Iss. 52
Robin’s Newsletter #132 — 2020 Retrospective
Strap in and get ready for a recap of the things that I think have been most _interesting_ rather than _highest profile_, in 2020.
Vol. 3, Iss. 51
Robin’s Newsletter #131
SUNBURST attack on U.S. government is both huge, and nothing new. Google suffers multiple outages. Automated attacks on online banking.
Vol. 3, Iss. 50
Robin’s Newsletter #130
FireEye breached by sophisticated actor; $1TN reportedly lost to cybercrime in 2020; Zodiac killer cipher cracker after 51 years.
Vol. 3, Iss. 49
Robin’s Newsletter #129
TrickBot is recovering from CyberCom, Microsoft takedowns, gains UEFI/BIOS capabilities. 'Cold chain' of COVID-19 vaccine targeted. Zero-click exploit in Apple iPhone.
November 2020
November 2020
Vol. 3, Iss. 48
Robin’s Newsletter #128
RCEP, cyber cooperation and Asian data sovereignty; UK National Cyber Force; Microsoft's 'Pluton' and US Special Forces buying location tracking data
Vol. 3, Iss. 47
Robin’s Newsletter #127
RCEP, cyber cooperation and Asian data sovereignty; UK National Cyber Force; Microsoft's 'Pluton' and US Special Forces buying location tracking data
Vol. 3, Iss. 46
Robin’s Newsletter #126
No, Apple aren't logging every app you run, but they are brining privacy nutrition labels to AppStore. Tim Berners-Lee's Inrupt launches Solid server. Ticketmaster to appeal £1.25M data breach penalty.
Vol. 3, Iss. 45
Robin’s Newsletter #125
Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.
Vol. 3, Iss. 44
Robin’s Newsletter #124
Marriott's data breach penalty, how the Clean Network Program is changing 5G economics, reverse-engineering redaction and new ransom threat to health data. Plus company naming fun.
October 2020
October 2020
Vol. 3, Iss. 43
Robin’s Newsletter #123
DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.
Vol. 3, Iss. 42
Robin’s Newsletter #122
British Airways fined £20M for data breach; Businesses exploiting contact tracing data; Microsoft's trademark takedown of TrickBot.
Vol. 3, Iss. 41
Robin’s Newsletter #121
Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.
Vol. 3, Iss. 40
Robin’s Newsletter #120
US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.
September 2020
September 2020
Vol. 3, Iss. 39
Robin’s Newsletter #119
YOLOsec, FOMOsec, business value and commodity controls. Plus a couple of examples of how hactivism is evolving.
Vol. 3, Iss. 38
Robin’s Newsletter #118
Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(
Vol. 3, Iss. 37
Robin’s Newsletter #117
China's Global Initiative on Data Security; Ireland's data regulator 'unlikes' Facebook; Who is top of the Cyber Power Index?
Vol. 3, Iss. 36
Robin’s Newsletter #116
Benchmark data from Hiscox's Cyber Readiness Report 2020, MIT's SCRAM, US federal vulnerability disclosure policies, CEO responsibilities and Tesla's fleet-wide hack.
August 2020
August 2020
Vol. 3, Iss. 35
Robin’s Newsletter #115
Attempted $1M bribe of Tesla employee in ransomware campaign. NZX trading suspended for four days due to DDOS. Supply and demand in security budgets.
Vol. 3, Iss. 34
Robin’s Newsletter #114
Personal liability for CISOs in data breach cover-ups, 'fraudulent data requests' at Experian and mailto: attachment vulnerability.
Vol. 3, Iss. 33
Robin’s Newsletter #113
Algorithms and accuracy in A-Level exame results. ReVoLTE over 4G misconfiguration. Vaccinating against Emotet.
Vol. 3, Iss. 32
Robin’s Newsletter #112
Bits from Black Hat (satellites, bug bounties and manipulating energy markets), plus Liam Fox's emails and the march of time on seized devices.
Vol. 3, Iss. 31
Robin’s Newsletter #111
Ransomware payments encourage more ransomware attacks. EU cyber sanctions. Three charged in Twitter crypto-scam.
July 2020
July 2020
Vol. 3, Iss. 30
Robin’s Newsletter #110
Garmin 'ran somewhere.' UK Test & Trace doesn't have a DPIA. Emotet serving up Hackerman memes.
Vol. 3, Iss. 29
Robin’s Newsletter #109
Schrems II, Huawei, and the battle for digital dominance. Plus the 'Great Twitter Hack,' and All. The. Vulnerabilities.
Vol. 3, Iss. 28
Robin’s Newsletter #108
Hong Kong's new national security law causes headaches for citizens, tech and finance companies. Steal the cash, not the painting. Cosmic Lynx and Russian cyber-criminals' 'synergistic value accelerative opportunity'
Vol. 3, Iss. 27
Robins Newsletter #107
Encrochat and evolving law enforcement tactics prove there is a different want to encryption backdoors. Explosion at Natanz doesn't mean 'Stuxnet 2.' And, don't host your website on Internet Archive.
June 2020
June 2020
Vol. 3, Iss. 26
Robins Newsletter #106
Three years on from NotPetya. BlueLeaks and sector-specific aggregation of risk. Minimising harm in breach notification comms. Exfiltrating data using Google Analytics.
Vol. 3, Iss. 25
Robins Newsletter #105
COVID-19 cyber threat update; IoT device vulnerabilities; how to spot like-farming!
Vol. 3, Iss. 24
Robins Newsletter #104
Snowstorm in a Dark Basin: Citizen Lab, MDR Cyber shine light on hackers for hire. Babylon Health breach and lessons from Apple, Amazon, and Google. How far do you go to protect against cyber-harm on your platform?
Vol. 3, Iss. 23
Robins Newsletter #103
REvil launch auction site, while Maze and LockBit team up to pool resources, know-how. Plus inside a BEC scam and DROP DATABASE tickets.
May 2020
May 2020
Vol. 3, Iss. 22
Robins Newsletter #102
Cybercrime is boring; Capital One IR report isn't legally privileged; and easyJet target of £18Bn legal action.
Vol. 3, Iss. 21
Robins Newsletter #101
The annual DBIR data-fest, looking in to EasyJet's breach, the importance of audit trails, and Trump's banking details
Vol. 3, Iss. 20
Robins Newsletter #100
Pricing cyber risk from external data, attack on 'UK electricity system' and mining crypocurrency with supercomputers
Vol. 3, Iss. 19
Robins Newsletter #99
Contact tracing apps, password reuse stats, law firm ransomware, and the integrity of systems
Vol. 3, Iss. 18
Robins Newsletter #98
Mobile device management as a vector, turning antivirus against itself and ransomware's long game
April 2020
April 2020
Vol. 3, Iss. 17
Robins Newsletter #97
Zero-click vulnerability in Apple's Mail app, surveillance and tracking COVID-19, UK MoD relaxes security requirements.
Vol. 3, Iss. 16
Robins Newsletter #96
Compliance risk and the German state of North Rhine-Westphalia’s loss of €30M-€100M #COVID19 aid because of poor identity verification. Plus DoD and measuring meaningful things. And jumping air-gaps with computer fans.
Vol. 3, Iss. 15
Robins Newsletter #95
Cyber-crime economics of Coronavirus; US Senate bans Zoom; China Telecom and BGP hijacks
Vol. 3, Iss. 1
Robin’s Newsletter #81
California's Consumer Privacy Act; Travelex systems still offline; the rise of 'data exposures'.
Vol. 3, Iss. 2
Robin’s Newsletter #82
Travelex's ongoing response; £500K penalty for DSG Retail; No patch for Citrix vulnerabilities until end of month.
Vol. 3, Iss. 3
Robin’s Newsletter #83
Changing the economics of cybercrime; Windows crypto vulnerability; and rival groups exploiting Citrix.
Vol. 3, Iss. 4
Robin’s Newsletter #84
Jeff Bezos' phone hacking; Microsoft's elastic search snafu; ClearView.AI and facial recognition tech.
Vol. 3, Iss. 5
Robin’s Newsletter #85
Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.
Vol. 3, Iss. 6
Robin’s Newsletter #86
Simon Weckert's Google Maps art installation; IKEA's data promise; and valentine's security awareness.
Vol. 3, Iss. 7
Robin’s Newsletter #87
Huawei, Crypto AG, and all the nations doin' all the cybers; plus Emotet.
Vol. 3, Iss. 8
Robin’s Newsletter #88
Georgia defacement attribution; misusing anti-abuse; Pipeline ransomware.
Vol. 3, Iss. 9
Robin’s Newsletter #89
Security awareness without fear; Android malware stealing 2FA codes; click here to sue everybody.
Vol. 3, Iss. 10
Robin’s Newsletter #90
Cashing in on loyalty points; scam certificate pages and the CIAs password
Vol. 3, Iss. 11
Robin’s Newsletter #91
Future U.S. cyber strategy; Whisper not-so-secret; wormable Microsoft vulnerability in SMB
Vol. 3, Iss. 12
Robin’s Newsletter #92
Government cyber advice, examples of phishing campaigns, and things you should patch in the times of COVID-19.
Vol. 3, Iss. 13
Robin’s Newsletter #93
FBI COVID-19 scam warning; FIN7 mailing malware USB keys; predicting attacks from Russian APTs.
Vol. 3, Iss. 14
Robin’s Newsletter #94
All the Zoom news distilled, plus Marriott data breach, Morrisons' supreme court win, cloud availability, bug bounty non-disclosures and COVID-19 CTI.