Robin's Newsletter - Volume 5

Volume 5 of Robin’s Newsletter covers the year 2022.

December 2022

December 2022


Vol. 5, Iss. 52
Robin’s Newsletter #236
Vol. 5, Iss. 52

LastPass customer vault data stolen in breach. EternalBlue-style vulnerability in Windows. Okta source code stolen.


Vol. 5, Iss. 51
Robin’s Newsletter #235
Vol. 5, Iss. 51

Microsoft certs used to sign malware. AWS API exposed ability to modify, delete container images. BEC scammers are targeting sugar and milk powder.


Vol. 5, Iss. 50
Robin’s Newsletter #234
Vol. 5, Iss. 50

Apple offers encrypted iCloud backups. Medibank takes ysstems offline for security improvements. Attack on NZ MSP affects Justice and health bodies.


Vol. 5, Iss. 49
Robin’s Newsletter #233
Vol. 5, Iss. 49

UK managed security businesses to be regulated. Medibank attackers release data. Anker's Eufy smart camera 'local only' claims disputed.

November 2022

November 2022


Vol. 5, Iss. 48
Robin’s Newsletter #232
Vol. 5, Iss. 48

Massive UK fraud crackdown. Russia designated state sponsor of terrorism by EU Parliament. Cyber Partisans claim compromise of Roskomnadzor agency.


Vol. 5, Iss. 47
Robin’s Newsletter #231
Vol. 5, Iss. 47

Crypto-exchange FTX's governance failures. Medibank attackers release stolen mental health data. Majority of UK COBRA meetings are about ransomware.


Vol. 5, Iss. 46
Robin’s Newsletter #230
Vol. 5, Iss. 46

How Qatar hacked the World Cup. Calls for a law on 'failing to prevent fraud'. Australia's new offensive cybercrime team. Mistrust at a root CA.


Vol. 5, Iss. 45
Robin’s Newsletter #229
Vol. 5, Iss. 45

Slovkia's parliamentary business suspended. Mondelez & Zurich settle NotPetya insurance claim. US Treasury says ransomware losses are over $1 billion.

October 2022

October 2022


Vol. 5, Iss. 44
Robin’s Newsletter #228
Vol. 5, Iss. 44

Zero Truss: Former-PMs phone allegedly compromised by Russian intelligence. UK ICO says 'complacency' is biggest cyber risk. FTC sanctions Drizly CEO for breach.


Vol. 5, Iss. 43
Robin’s Newsletter #227
Vol. 5, Iss. 43

Microsoft leaves 2.4TB of 'business transaction data' in public Azure bucket. Head of Germany's cyber agency suspended for links to Russian intelligence. Optus unilaterally blocks data breach victim's passports.


Vol. 5, Iss. 42
Robin’s Newsletter #226
Vol. 5, Iss. 42

Critical authentication bypass in Fortinet devices. NHS vendor Advanced says cyberattack was LockBit 3.0 ransomware. CSAM Scanning rebuttal.


Vol. 5, Iss. 41
Robin’s Newsletter #225
Vol. 5, Iss. 41

Ex-Uber CSO found guilty of obstructing justice. Microsoft is botching 'ProxyNotShell' Exchange vulnerabilities. Australian man arrested in connection with Optus breach.


Vol. 5, Iss. 40
Robin’s Newsletter #224
Vol. 5, Iss. 40

Optus breach attacker retracts demands as attention grows. Rise in fake LinkedIn CISO profiles. Microsoft Exchange Zero-Day.

September 2022

September 2022


Vol. 5, Iss. 39
Robin’s Newsletter #223
Vol. 5, Iss. 39

Uber points the finger at Lapsus$; GTA games copmany rockstar, Aussie telco Optus, and fintech Revolut all suffer breaches.


Vol. 5, Iss. 38
Robin’s Newsletter #222
Vol. 5, Iss. 38

Welcome to 2022: Uber comprehensively owned via hardcoded PAM credentials, IHG password vault alleged secured using 'Qwerty1234'.


Vol. 5, Iss. 37
Robin’s Newsletter #221
Vol. 5, Iss. 37

Ex-Uber CISO trial underway for bug bounty handling of data breach. UK, US, Albania condemn Iranian cyber-attacks. China accuses NSA of spying.


Vol. 5, Iss. 36
Robin’s Newsletter #220
Vol. 5, Iss. 36

The US gov simultaneously using, and suing a provider of, commercial geolocation data. Uncovering Russian agents in hacktivist data breaches.

August 2022

August 2022


Vol. 5, Iss. 35
Robin’s Newsletter #219
Vol. 5, Iss. 35

Lloyd's market bulletin tightens wording for cyber cover. Group behind Twilio attack has compromised 'over 130 organisations'. Mudge complaint alleges woeful security practices at Twitter.


Vol. 5, Iss. 34
Robin’s Newsletter #218
Vol. 5, Iss. 34

Cl0p ransomware gang mistakes attack on South Staffs Water for Thames Water. DigitalOcean caught up in latest Mailchimp breach. Apple security vulnerabilities.


Vol. 5, Iss. 33
Robin’s Newsletter #217
Vol. 5, Iss. 33

Twilio, Cloudflare & Cisco attacks also targeted employee's personal devices and accounts. NHS 111 outage may last weeks. Sanctions for Tornado Cash.


Vol. 5, Iss. 32
Robin’s Newsletter #216
Vol. 5, Iss. 32

Outage at NHS 111 service provider. Tory party balots delayed over security fears. Top malware strains. Peak inside a disinformation bot farm.

July 2022

July 2022


Vol. 5, Iss. 31
Robin’s Newsletter #215
Vol. 5, Iss. 31

Facial recognition use at Co-Op convenience stores and 'secret blacklists' challenged in the UK. The opportunity cost in action bias. And protestware, the 'insider threat' of hacktivism.


Vol. 5, Iss. 30
Robin’s Newsletter #214
Vol. 5, Iss. 30

Should climate change feature on cyber risk registers? FBI gets a warrant to force-unlock encrypted app. Alibaba execs hauled in by Shanghai police.


Vol. 5, Iss. 29
Robin’s Newsletter #213
Vol. 5, Iss. 29

False cyber security claims lands US defence contractor in $9 million settlement. Log4J features in the first Cyber Safety Review Board report.


Vol. 5, Iss. 28
Robin’s Newsletter #212
Vol. 5, Iss. 28

Apple's extreme 'Lockdown Mode' to protect against NSO Group. Apparent breach of 1 billion Chinese citizens data. Bad week for NPM ecosystem.


Vol. 5, Iss. 27
Robin’s Newsletter #211
Vol. 5, Iss. 27

'Hacktivists' execute cyber attack against Iranian steel works, 'mercenary hackers' swaying legal battles, and malicious insiders

June 2022

June 2022


Vol. 5, Iss. 26
Robin’s Newsletter #210
Vol. 5, Iss. 26

Infosec 2022 thoughts and trends. Privacy and reproductive rights. Cyber-warefare and lessons from the Ukraine conflict. Plus Cyber 911?


Vol. 5, Iss. 25
Robin’s Newsletter #209 — 4th Birthday Edition
Vol. 5, Iss. 25

Looking back over the last four years. US and UK proposed data protection changes. Interpol announces arrests of 2,000 scammers.


Vol. 5, Iss. 24
Robin’s Newsletter #208
Vol. 5, Iss. 24

LockBit distances themselves from Conti. Round-up from RSA Conference 2022. And 'predicting thunderstorms not lightning strikes'.


Vol. 5, Iss. 23
Robin’s Newsletter #207
Vol. 5, Iss. 23

Zero-day vulnerabilities in Office/Windows and Confluence. New ransowmare tactics. US federal privacy law moves a step closer.

May 2022

May 2022


Vol. 5, Iss. 22
Robin’s Newsletter #206
Vol. 5, Iss. 22

Verizon DBIR 2022. ICO fines Clearview AI. Suspected leader of 'SilverTerrier' arrested. Fake IDs for everyone!


Vol. 5, Iss. 21
Robin’s Newsletter #205
Vol. 5, Iss. 21

Conti increases its demands against Costa Rica while also restructuring. REvil potentially back on the scene. DoJ won't prosecute 'good faith' security research under CFAA.


Vol. 5, Iss. 20
Robin’s Newsletter #204
Vol. 5, Iss. 20

Costa Rica declares state of emergency over ransomware incidents. Civil penalties proposed for Colonial Pipeline over safety breaches.


Vol. 5, Iss. 19
Robin’s Newsletter #203
Vol. 5, Iss. 19

Mandiant identified stealthy APT actor targeting M&A teams in large corporates. Heroku mishandles breach of customer paswords, environment secrets. $1.6 billion of cryptocurrency has been stolen so far this year.


Vol. 5, Iss. 18
Robin’s Newsletter #202
Vol. 5, Iss. 18

Conti ransomware gang targets Costa Rica following election. Timeline of Russian cyberatacks against Ukraine. Facebook doesn't know where your data flows.

April 2022

April 2022


Vol. 5, Iss. 17
Robin’s Newsletter #201
Vol. 5, Iss. 17

Okta breach affected two customers. Russian invasion leaves it 'fair game' for cyberattacks. Java’s ‘psychic signatures’ and conceptualising cybercrimes.


Vol. 5, Iss. 16
Robin’s Newsletter #200
Vol. 5, Iss. 16

Industroyer2: Cyberattack on Ukraine power grid averted. $600 million crypto-heist linked to North Korea's Lazarus group. RaidForums seized by UA authorities.


Vol. 5, Iss. 15
Robin’s Newsletter #199
Vol. 5, Iss. 15

Russian 'Cyclops Blink' botnet disrupted by the US. The value of Mailchimp distribution lists. Fundemental security metrics.


Vol. 5, Iss. 14
Robin’s Newsletter #198
Vol. 5, Iss. 14

Okta says it made a mistake. Wiper malware used against Viasat modems during Russian invasion of Ukraine. DCMS' cyber survey stats.

March 2022

March 2022


Vol. 5, Iss. 13
Robin’s Newsletter #197
Vol. 5, Iss. 13

The rise, and fall?, of Lapsus$ as Okta confirm breach. US CNI cyberattack warning. Build capabilities, not plans for resilience.


Vol. 5, Iss. 12
Robin’s Newsletter #196
Vol. 5, Iss. 12

Russia/Ukraine roundup. Mysterious incident affecting satcom terminals. Ransomware group adds wiper capability. Law firm gets GDPR fine for not patching.


Vol. 5, Iss. 11
Robin’s Newsletter #195
Vol. 5, Iss. 11

Conti's involvement in crypto 'rug pulls'. Unintended consequences of isolating Russia from the Internet.


Vol. 5, Iss. 10
Robin’s Newsletter #194
Vol. 5, Iss. 10

The 'pandemonium' of modern warfare.

February 2022

February 2022


Vol. 5, Iss. 9
Robin’s Newsletter #193
Vol. 5, Iss. 9

Russia invades Ukraine.


Vol. 5, Iss. 8
Robin’s Newsletter #192
Vol. 5, Iss. 8

DDoS attacks on Ukraine MoD and banks. French signal jamming. New version of 27002 security control framework.


Vol. 5, Iss. 7
Robin’s Newsletter #191
Vol. 5, Iss. 7

Slovenian TV disruption. 500 ecommerce sites compromised by MageCart. 2021 was a bumper year for cyber M&A.


Vol. 5, Iss. 6
Robin’s Newsletter #190
Vol. 5, Iss. 6

News Corp targeted in 'advanced persistent' attack. US launches Cyber Safety Review Board. One guy knocks North Korea off the 'net.

January 2022

January 2022


Vol. 5, Iss. 5
Robin’s Newsletter #189
Vol. 5, Iss. 5

Activists ransomware Belarus' state-woned railway company. New UK cyber strategy for government. Let's Encrypt re-issuing 2M certs.


Vol. 5, Iss. 4
Robin’s Newsletter #188
Vol. 5, Iss. 4

UK government advertising campaign against E2EE. Merck win 'act of war' cyber insurance lawsuit. More Russian action against cyber crims.


Vol. 5, Iss. 3
Robin’s Newsletter #187
Vol. 5, Iss. 3

Russian authorities scoop up members of REvil. Google Analytics and GDPR. Using a cyberattack to accelerate dgitial transformation.


Vol. 5, Iss. 2
Robin’s Newsletter #186
Vol. 5, Iss. 2

Potential FTC legal action over Log4shell. Phishing using Google Docs. New UK Information Commissioner. Reframing cybersecurity.


Vol. 5, Iss. 1
Robin’s Newsletter #185 — 2022 Forecast
Vol. 5, Iss. 1

What does 2022 hold for cyber and the world?