Robin's Newsletter - Volume 4
Volume 4 of Robin’s Newsletter covers the year 2021.
December 2021
December 2021
Vol. 4, Iss. 52
Robin’s Newsletter #184 — 2021 Retrospective
Join me on a look back through some of the biggest and most interesting infosec stories and 12 cyber stats that made 2021.
Vol. 4, Iss. 51
Robin’s Newsletter #183
Over 100 VMware apps are affected by Log4j, as a second patch is released to address 'Log4Shell' vuln. £2.6B UK cyber strategy unveiled. Plus interesting results in long-term phishing study.
Vol. 4, Iss. 50
Robin’s Newsletter #182
Huge AWS outage. Vulnerability in Log4j library affecting a lot of apps. Google Tag Manager being used in MageCart attacks.
Vol. 4, Iss. 49
Robin’s Newsletter #181
Cyber Essentials changes coming very soon. The future of the infosec profession. DfT domain hosting porn.
November 2021
November 2021
Vol. 4, Iss. 48
Robin’s Newsletter #180
Big penalties associated with UK's IoT security legislation. Tardigrade malware targeting biomanufacturing. Databreach of 1.2M GoDaddy customer details. Lloyd's insurance policy wording on cyber war.
Vol. 4, Iss. 47
Robin’s Newsletter #179
Rowhammer returns. Intel chips vulnerable to physical debug attack. Tesla owners locked out. How a bank runs their PKI.
Vol. 4, Iss. 46
Robin’s Newsletter #178
The balance of public/private responsibility for cyber security. FBI app sends spoof emails. Learning from how the aviation sector handles incidents.
Vol. 4, Iss. 45
Robin’s Newsletter #177
Trojan source vulnerbaility in the way compilers handle Unicode characters. Meta/Facebook to disable facial recnogition feature and delete faceprints.
October 2021
October 2021
Vol. 4, Iss. 44
Robin’s Newsletter #176
FCC revokes China Telecom license; Creating minimum viable secure products; ENISA threat landscape report.
Vol. 4, Iss. 43
Robin’s Newsletter #175
US bans sales of offensive cyber tools to authoritarian governments. REvil taken offline in multi-national operation. The MoD's economic warefare unit.
Vol. 4, Iss. 42
Robin’s Newsletter #174
White House ransomware summit attended by over 30 countries. Client-side scanning (such as for CSAM) may undermine democracy. Don't view-source on Missouri state websites
Vol. 4, Iss. 41
Robin’s Newsletter #173
Facebook's outage; compromise at major telco supplier; Twitch's massive breach; NSO Group spyware used to spy on Princess' divorce.
Vol. 4, Iss. 40
Robin’s Newsletter #172
Azure AD wasn't logging all failed SSO requests. Ransomware crew gets pissy. 'Monoculture' cyber risk.
September 2021
September 2021
Vol. 4, Iss. 39
Robin’s Newsletter #171
'Releasing the hounds' on ranomware actors, though FBI involvement in Kaseya shows offnseive operations may already be underway.
Vol. 4, Iss. 38
Robin’s Newsletter #170
Azure Linux VMs being compromised. OWASP Top 10 draft updates. Microsoft goes passwordless. Learning from other professions.
Vol. 4, Iss. 37
Robin’s Newsletter #169
Encryption backdoors, the NSA and Juniper. Proton Mail got served. Wireless charging side-channel attacks.
Vol. 4, Iss. 36
Robin’s Newsletter #168
Focus on proxyware, patch your confluence servers, the normalisation of surveillance, and interview with a ransomware negotiator.
August 2021
August 2021
Vol. 4, Iss. 35
Robin’s Newsletter #167
Microsoft's $20BN investment is on its own products, and they need the investment. Future of the UK's 'post-Brexit' data protection regime and new Information Commissioner. Samsung can remotely disable its smart TVs.
Vol. 4, Iss. 34
Robin’s Newsletter #166
T-Mobile suffers *another* data breach. Pearson settles over misleading investors. Outrage in cyber risk. Anyone can post a LinkedIn job as pretty much any company.
Vol. 4, Iss. 33
Robin’s Newsletter #165
Apple's damage-control on CSAM. Belarus' state security doxxing. Code poisoning ML models.
Vol. 4, Iss. 32
Robin’s Newsletter #164
Apple's plans to have iPhone continuously scan for child sexual abuse material are ripe for abuse.
Vol. 4, Iss. 31
Robin’s Newsletter #163
Biden's 'real shooting war' comments. Amazon's €746M GDPR fine. Iran's fake social media profiles. Phantom flotillas.
July 2021
July 2021
Vol. 4, Iss. 30
Robin’s Newsletter #162
China called out for state-sponsored cyber campaigns. NSO Group in the spotlight (again) for spyware. Questionable QA on Google Chrome OS update.
Vol. 4, Iss. 29
Robin’s Newsletter #161
ICO raids two properties in Hancock CCTV investigation. Another Windows printer vuln. REvil's sites offline. Identity verification isn't the answer to online abuse.
Vol. 4, Iss. 28
Robin’s Newsletter #160
More on Kaseya. The PrintNightmare continues. Farmers win 'right to repair' and Kaspersky's not-so-random number generator.
Vol. 4, Iss. 27
Robin’s Newsletter #159
Kaseya VSA used to launch 'over 1,000' ransomware attacks. Security researchers cause PrintNightmare. EU grants UK data protection adequacy decision.
June 2021
June 2021
Vol. 4, Iss. 26
Robin’s Newsletter #158
MITRE and NSA want to D3FEND your network. Aussie 'safety by design' toolkit. EU launches 'joint cyber unit' to coordinate 'nightmare' attacks.
Vol. 4, Iss. 25
Robin’s Newsletter #157 — 3rd Birthday Edition 🥳
Suspected Cl0p members arrested. Ransomware is an 'urgent' threat to U.K. Balancing cyber supply and demand. And, Dear Intern...
Vol. 4, Iss. 24
Robin’s Newsletter #156
EA games source code stolen. Apple's news privacy and security features. The FBI ran An0m encrypted comms app. Ransomware thinking.
Vol. 4, Iss. 23
Robin’s Newsletter #155
The U.S. continues beef with Russian ransomware gangs. Colonial Pipeline was result of compromised creds. FireEye to divest name, products business.
May 2021
May 2021
Vol. 4, Iss. 22
Robin’s Newsletter #154
Flashcards reveal the location of U.S. nuclear weapons. Email security tools are working? And fingerprints from photo leads to arrest.
Vol. 4, Iss. 21
Robin’s Newsletter #153
Lots of ransomware: Ireland's HSE will not pay. Colonial coughed up $4.4M'. But there are Technology Detection Dogs. And they're very good dogs!
Vol. 4, Iss. 20
Robin’s Newsletter #152
All the stats: it's DBIR time. Colonial Pipeline paid ransom, restored service and DarkSide disappeared. Being better at security engagement.
Vol. 4, Iss. 19
Robin’s Newsletter #151
Responsible cyber power. Colonial Pipline shut down due to ransomware. Injecting malware C2 into legitimate traffic. Authentication using a severed thumb.
Vol. 4, Iss. 18
Robin’s Newsletter #150
Babuk ransomware operators demand $50M from DC police. BoJo's phone number available online. Emotet deactivated. And, burrowing beavers.
April 2021
April 2021
Vol. 4, Iss. 17
Robin’s Newsletter #149
Ransomware in Apple's supply chain. Facebook seeks to 'normalise' scraping. The balkanisation of the Internet has intelligence agencies worried. Cellebrite's iPhone unlocking system is full of vulnerabilities.
Vol. 4, Iss. 16
Robin’s Newsletter #148
FBI gets a warrant to fix Hafnium web shells, becomes an MSSP. Sanctions for Russia over SolarWinds. Plus you cheddar believe there are some cheese puns.
Vol. 4, Iss. 15
Robin’s Newsletter #147
Facebook's *ahem* 'data scraping' incident sets the stage for debate on responsible design and engineering. AWS bomb threat. Censorship by QoS. TUI's algorithm gender bias led to 'serious incident' calculating takeoff loads.
Vol. 4, Iss. 14
Robin’s Newsletter #146
The long-tail of ransomware recovery. PHP source code compromise. Exploiting 'safe' file formats. Risk margins and early risk management decisions.
March 2021
March 2021
Vol. 4, Iss. 13
Robin’s Newsletter #145
FatFace IR comms 'confidential' while loosing 200GB data. Cyber insurer CNA may have been targeted for policy info. OSINT on the Ever Given.
Vol. 4, Iss. 12
Robin’s Newsletter #144
Rerouting a victims SMS for $16. UK defence review: nuclear response for cyber attack. Who is buying all the data generated by your car?
Vol. 4, Iss. 11
Robin’s Newsletter #143
Criminals jump on Hafnium/ProxyLogon. Hacktivists breach Verkada's 150K facial recognition cams. Apple's IP theft lawsuit. Google's Spectre exploit.
Vol. 4, Iss. 10
Robin’s Newsletter #142
Hafnium mass-exploitation of Microsoft Exchange servers. Google, Alliaz and MunichRe team up on cloud cyber insurance. Bitflipping may be more common than you think.
February 2021
February 2021
Vol. 4, Iss. 9
Robin’s Newsletter #141
IABs charge just $7,100 for access to victims networks. Accellion file transfer appliances popped left, right, centre. Former SolarWinds CEO says it is all the interns fault.
Vol. 4, Iss. 8
Robin’s Newsletter #140
Microsoft source code stolen by Russia in Solorigate attack. France uncovers campaign targeting IT providers. SIEM & ATT&CK. And Citibank's $500M UI gaff.
Vol. 4, Iss. 7
Robin’s Newsletter #139
Dependency confusion: all up in your package manager and automated build process. Florida water treatment plant compromised. Details of cyber-attacks on Isis. Bloomberg back again with The ~~Big~~ Long Hack.
Vol. 4, Iss. 6
Robin’s Newsletter #138
SolarWinds caught up in second campaign against U.S. gov tied to China. Plus an interview with a ransomware operator and Canada declares Clearview AI is 'illegal'.
January 2021
January 2021
Vol. 4, Iss. 5
Robin’s Newsletter #137
Law enforcement's Emotet takedown and NetWalker leak site seized. Got root? Sudo vuln will get you there. North Korea goes after security researchers for 0-day.
Vol. 4, Iss. 4
Robin’s Newsletter #136
Malwarebytes compromised in Solorigate; German company fined for video surveillance of staff; Intel publish financial results early due to leaked info
Vol. 4, Iss. 3
Robin’s Newsletter #135
WhatsApp bungles privacy policy update; U.K. police unintentionally delete 213,000 records; and 'imposing costs' the 'Brexit means Brexit' or cyber.
Vol. 4, Iss. 2
Robin’s Newsletter #134
Cyber implications of the Capitol insurrection. Solorigate 'likely' the work of Russia. SolarWinds hires Krebs Stamos Group. Microsoft throws some shade.
Vol. 4, Iss. 1
Robin’s Newsletter #133
Microsoft source code accessed in Solorigate attack. Plus advice on buying and selling second-hand devices from NCSC. And how much does cybercrime cost Russia?