Robin's Newsletter - Volume 5
Volume 5 of Robin’s Newsletter covers the year 2022.
December 2022
December 2022
Vol. 5, Iss. 52
Robin’s Newsletter #236
LastPass customer vault data stolen in breach. EternalBlue-style vulnerability in Windows. Okta source code stolen.
Vol. 5, Iss. 51
Robin’s Newsletter #235
Microsoft certs used to sign malware. AWS API exposed ability to modify, delete container images. BEC scammers are targeting sugar and milk powder.
Vol. 5, Iss. 50
Robin’s Newsletter #234
Apple offers encrypted iCloud backups. Medibank takes ysstems offline for security improvements. Attack on NZ MSP affects Justice and health bodies.
Vol. 5, Iss. 49
Robin’s Newsletter #233
UK managed security businesses to be regulated. Medibank attackers release data. Anker's Eufy smart camera 'local only' claims disputed.
November 2022
November 2022
Vol. 5, Iss. 48
Robin’s Newsletter #232
Massive UK fraud crackdown. Russia designated state sponsor of terrorism by EU Parliament. Cyber Partisans claim compromise of Roskomnadzor agency.
Vol. 5, Iss. 47
Robin’s Newsletter #231
Crypto-exchange FTX's governance failures. Medibank attackers release stolen mental health data. Majority of UK COBRA meetings are about ransomware.
Vol. 5, Iss. 46
Robin’s Newsletter #230
How Qatar hacked the World Cup. Calls for a law on 'failing to prevent fraud'. Australia's new offensive cybercrime team. Mistrust at a root CA.
Vol. 5, Iss. 45
Robin’s Newsletter #229
Slovkia's parliamentary business suspended. Mondelez & Zurich settle NotPetya insurance claim. US Treasury says ransomware losses are over $1 billion.
October 2022
October 2022
Vol. 5, Iss. 44
Robin’s Newsletter #228
Zero Truss: Former-PMs phone allegedly compromised by Russian intelligence. UK ICO says 'complacency' is biggest cyber risk. FTC sanctions Drizly CEO for breach.
Vol. 5, Iss. 43
Robin’s Newsletter #227
Microsoft leaves 2.4TB of 'business transaction data' in public Azure bucket. Head of Germany's cyber agency suspended for links to Russian intelligence. Optus unilaterally blocks data breach victim's passports.
Vol. 5, Iss. 42
Robin’s Newsletter #226
Critical authentication bypass in Fortinet devices. NHS vendor Advanced says cyberattack was LockBit 3.0 ransomware. CSAM Scanning rebuttal.
Vol. 5, Iss. 41
Robin’s Newsletter #225
Ex-Uber CSO found guilty of obstructing justice. Microsoft is botching 'ProxyNotShell' Exchange vulnerabilities. Australian man arrested in connection with Optus breach.
Vol. 5, Iss. 40
Robin’s Newsletter #224
Optus breach attacker retracts demands as attention grows. Rise in fake LinkedIn CISO profiles. Microsoft Exchange Zero-Day.
September 2022
September 2022
Vol. 5, Iss. 39
Robin’s Newsletter #223
Uber points the finger at Lapsus$; GTA games copmany rockstar, Aussie telco Optus, and fintech Revolut all suffer breaches.
Vol. 5, Iss. 38
Robin’s Newsletter #222
Welcome to 2022: Uber comprehensively owned via hardcoded PAM credentials, IHG password vault alleged secured using 'Qwerty1234'.
Vol. 5, Iss. 37
Robin’s Newsletter #221
Ex-Uber CISO trial underway for bug bounty handling of data breach. UK, US, Albania condemn Iranian cyber-attacks. China accuses NSA of spying.
Vol. 5, Iss. 36
Robin’s Newsletter #220
The US gov simultaneously using, and suing a provider of, commercial geolocation data. Uncovering Russian agents in hacktivist data breaches.
August 2022
August 2022
Vol. 5, Iss. 35
Robin’s Newsletter #219
Lloyd's market bulletin tightens wording for cyber cover. Group behind Twilio attack has compromised 'over 130 organisations'. Mudge complaint alleges woeful security practices at Twitter.
Vol. 5, Iss. 34
Robin’s Newsletter #218
Cl0p ransomware gang mistakes attack on South Staffs Water for Thames Water. DigitalOcean caught up in latest Mailchimp breach. Apple security vulnerabilities.
Vol. 5, Iss. 33
Robin’s Newsletter #217
Twilio, Cloudflare & Cisco attacks also targeted employee's personal devices and accounts. NHS 111 outage may last weeks. Sanctions for Tornado Cash.
Vol. 5, Iss. 32
Robin’s Newsletter #216
Outage at NHS 111 service provider. Tory party balots delayed over security fears. Top malware strains. Peak inside a disinformation bot farm.
July 2022
July 2022
Vol. 5, Iss. 31
Robin’s Newsletter #215
Facial recognition use at Co-Op convenience stores and 'secret blacklists' challenged in the UK. The opportunity cost in action bias. And protestware, the 'insider threat' of hacktivism.
Vol. 5, Iss. 30
Robin’s Newsletter #214
Should climate change feature on cyber risk registers? FBI gets a warrant to force-unlock encrypted app. Alibaba execs hauled in by Shanghai police.
Vol. 5, Iss. 29
Robin’s Newsletter #213
False cyber security claims lands US defence contractor in $9 million settlement. Log4J features in the first Cyber Safety Review Board report.
Vol. 5, Iss. 28
Robin’s Newsletter #212
Apple's extreme 'Lockdown Mode' to protect against NSO Group. Apparent breach of 1 billion Chinese citizens data. Bad week for NPM ecosystem.
Vol. 5, Iss. 27
Robin’s Newsletter #211
'Hacktivists' execute cyber attack against Iranian steel works, 'mercenary hackers' swaying legal battles, and malicious insiders
June 2022
June 2022
Vol. 5, Iss. 26
Robin’s Newsletter #210
Infosec 2022 thoughts and trends. Privacy and reproductive rights. Cyber-warefare and lessons from the Ukraine conflict. Plus Cyber 911?
Vol. 5, Iss. 25
Robin’s Newsletter #209 — 4th Birthday Edition
Looking back over the last four years. US and UK proposed data protection changes. Interpol announces arrests of 2,000 scammers.
Vol. 5, Iss. 24
Robin’s Newsletter #208
LockBit distances themselves from Conti. Round-up from RSA Conference 2022. And 'predicting thunderstorms not lightning strikes'.
Vol. 5, Iss. 23
Robin’s Newsletter #207
Zero-day vulnerabilities in Office/Windows and Confluence. New ransowmare tactics. US federal privacy law moves a step closer.
May 2022
May 2022
Vol. 5, Iss. 22
Robin’s Newsletter #206
Verizon DBIR 2022. ICO fines Clearview AI. Suspected leader of 'SilverTerrier' arrested. Fake IDs for everyone!
Vol. 5, Iss. 21
Robin’s Newsletter #205
Conti increases its demands against Costa Rica while also restructuring. REvil potentially back on the scene. DoJ won't prosecute 'good faith' security research under CFAA.
Vol. 5, Iss. 20
Robin’s Newsletter #204
Costa Rica declares state of emergency over ransomware incidents. Civil penalties proposed for Colonial Pipeline over safety breaches.
Vol. 5, Iss. 19
Robin’s Newsletter #203
Mandiant identified stealthy APT actor targeting M&A teams in large corporates. Heroku mishandles breach of customer paswords, environment secrets. $1.6 billion of cryptocurrency has been stolen so far this year.
Vol. 5, Iss. 18
Robin’s Newsletter #202
Conti ransomware gang targets Costa Rica following election. Timeline of Russian cyberatacks against Ukraine. Facebook doesn't know where your data flows.
April 2022
April 2022
Vol. 5, Iss. 17
Robin’s Newsletter #201
Okta breach affected two customers. Russian invasion leaves it 'fair game' for cyberattacks. Java’s ‘psychic signatures’ and conceptualising cybercrimes.
Vol. 5, Iss. 16
Robin’s Newsletter #200
Industroyer2: Cyberattack on Ukraine power grid averted. $600 million crypto-heist linked to North Korea's Lazarus group. RaidForums seized by UA authorities.
Vol. 5, Iss. 15
Robin’s Newsletter #199
Russian 'Cyclops Blink' botnet disrupted by the US. The value of Mailchimp distribution lists. Fundemental security metrics.
Vol. 5, Iss. 14
Robin’s Newsletter #198
Okta says it made a mistake. Wiper malware used against Viasat modems during Russian invasion of Ukraine. DCMS' cyber survey stats.
March 2022
March 2022
Vol. 5, Iss. 13
Robin’s Newsletter #197
The rise, and fall?, of Lapsus$ as Okta confirm breach. US CNI cyberattack warning. Build capabilities, not plans for resilience.
Vol. 5, Iss. 12
Robin’s Newsletter #196
Russia/Ukraine roundup. Mysterious incident affecting satcom terminals. Ransomware group adds wiper capability. Law firm gets GDPR fine for not patching.
Vol. 5, Iss. 11
Robin’s Newsletter #195
Conti's involvement in crypto 'rug pulls'. Unintended consequences of isolating Russia from the Internet.
Vol. 5, Iss. 10
February 2022
February 2022
Vol. 5, Iss. 9
Vol. 5, Iss. 8
Robin’s Newsletter #192
DDoS attacks on Ukraine MoD and banks. French signal jamming. New version of 27002 security control framework.
Vol. 5, Iss. 7
Robin’s Newsletter #191
Slovenian TV disruption. 500 ecommerce sites compromised by MageCart. 2021 was a bumper year for cyber M&A.
Vol. 5, Iss. 6
Robin’s Newsletter #190
News Corp targeted in 'advanced persistent' attack. US launches Cyber Safety Review Board. One guy knocks North Korea off the 'net.
January 2022
January 2022
Vol. 5, Iss. 5
Robin’s Newsletter #189
Activists ransomware Belarus' state-woned railway company. New UK cyber strategy for government. Let's Encrypt re-issuing 2M certs.
Vol. 5, Iss. 4
Robin’s Newsletter #188
UK government advertising campaign against E2EE. Merck win 'act of war' cyber insurance lawsuit. More Russian action against cyber crims.
Vol. 5, Iss. 3
Robin’s Newsletter #187
Russian authorities scoop up members of REvil. Google Analytics and GDPR. Using a cyberattack to accelerate dgitial transformation.
Vol. 5, Iss. 2
Robin’s Newsletter #186
Potential FTC legal action over Log4shell. Phishing using Google Docs. New UK Information Commissioner. Reframing cybersecurity.
Vol. 5, Iss. 1