Robin's Newsletter - Volume 6

Volume 6 of Robin’s Newsletter covers the year 2023.

December 2023

December 2023


Vol. 6, Iss. 53
Robin’s Newsletter #289
Vol. 6, Iss. 53

Chinese group still targeting Barracuda ESGs. Kaspersky details on 'Trangulation' operation. A look back on 2023.


Vol. 6, Iss. 52
Robin’s Newsletter #288
Vol. 6, Iss. 52

Predatory Sparrow disrupts 70% of Iran's petrol pumps. New SEC breach rules come into force. Authories seize APLHV dark web site.


Vol. 6, Iss. 51
Robin’s Newsletter #287
Vol. 6, Iss. 51

Russian group claims responsibility for knocking out Ukraine's largest telco. National Grid removing Chinese tech from electricity network. PSNI breach expected to cost over £20M.


Vol. 6, Iss. 50
Robin’s Newsletter #286
Vol. 6, Iss. 50

23andMe data breach impacts grow. Pushing surveillance. Five Eyes detail Russian political meddling.


Vol. 6, Iss. 49
Robin’s Newsletter #285
Vol. 6, Iss. 49

Iranian attack on US water facility. Chinese espionage group in Netherlands chip maker for years. US

November 2023

November 2023


Vol. 6, Iss. 48
Robin’s Newsletter #284
Vol. 6, Iss. 48

Warning over Lazarus software supply-chain attacks. Australia cyber security strategy published.


Vol. 6, Iss. 47
Robin’s Newsletter #283
Vol. 6, Iss. 47

Australian port operations disrupted by cyber-attack. 16 Danish CNI orgs hit simultaneously earlier this year. Ransomware group files SEC complaint.


Vol. 6, Iss. 46
Robin’s Newsletter #282
Vol. 6, Iss. 46

LockBit behind attack on US arm of China's largest bank. Aonoymous Sudan DDOS disrupts ChatGPT. Sandworm's attack against Ukraine power grid.


Vol. 6, Iss. 45
Robin’s Newsletter #281
Vol. 6, Iss. 45

SEC charges SolarWinds CISO. Countries vow not to pay ransomware demands. Major updates to CVSS.

October 2023

October 2023


Vol. 6, Iss. 44
Robin’s Newsletter #280
Vol. 6, Iss. 44

1Password, Cloudflare amongst 170 caught up in Okta breach. UK Online Safety Bill becomes law. Lawful intercept against Russian chat service.


Vol. 6, Iss. 43
Robin’s Newsletter #279
Vol. 6, Iss. 43

Five Eyes security chiefs warn of espionage threat. Two ransomware gangs taken out. Thousands of Cisco devices compromised.


Vol. 6, Iss. 42
Robin’s Newsletter #278
Vol. 6, Iss. 42

Hacktivism increases surrounding Israel-Gaza war. Rapid Reset leads to largest ever DDOS attacks. SEC opens probe into MOVEit software developer.


Vol. 6, Iss. 41
Robin’s Newsletter #277
Vol. 6, Iss. 41

CISA publishes list of top 10 security misconfigurations. Red Cross sets out hacktivism rules of engagement. MGM Resorts says cyberattack will cost $100 million.


Vol. 6, Iss. 40
Robin’s Newsletter #276
Vol. 6, Iss. 40

Ukraine says Russia is going after war crimes data. US, Japan says China targeting routers for persistence. UK logistics firm goes under following ransomware attack.

September 2023

September 2023


Vol. 6, Iss. 39
Robin’s Newsletter #275
Vol. 6, Iss. 39

International Criminal Court breached by attackers. Cisco set to acquire Splunk in largest-ever acquisition. Agreement on UK-US data flows.


Vol. 6, Iss. 38
Robin’s Newsletter #274
Vol. 6, Iss. 38

Ransomware groups target Save the Children, and Las Vegas casinos, and the Sri Lankan government.


Vol. 6, Iss. 37
Robin’s Newsletter #273
Vol. 6, Iss. 37

Results of Microsoft investigation into US government email compromise. Online Safety Bill E2EE clause to remain unenforced until 'technically feasible'.


Vol. 6, Iss. 36
Robin’s Newsletter #272
Vol. 6, Iss. 36

FBI takes down Qakbot. Two arrested for Polish train disruption. Met Police supplier loses personal data of 47,000 officers.

August 2023

August 2023


Vol. 6, Iss. 35
Robin’s Newsletter #271
Vol. 6, Iss. 35

Lapsus$ group pair court verdict. Ransomware dwell times are down. Cloud providers looses all their customers data in ransomware incident.


Vol. 6, Iss. 34
Robin’s Newsletter #270
Vol. 6, Iss. 34

The importance of using representative test data. Another UK police breach. Critical vulnerabilities in Citrix, Ivanti and WinRAR products.


Vol. 6, Iss. 33
Robin’s Newsletter #269
Vol. 6, Iss. 33

UK Elections watchdog comopromsed two years ago. Detials of Northern Ireland police staff accidentally published. Zoom backtracks on AI training in terms of service.


Vol. 6, Iss. 32
Robin’s Newsletter #268
Vol. 6, Iss. 32

Capita breach costs rise. Microsoft under pressure for opaque security practices. Side channel attack identifies keystrokes from audio over Zoom calls

July 2023

July 2023


Vol. 6, Iss. 31
Robin’s Newsletter #267
Vol. 6, Iss. 31

SEC approves breach disclosure rules. Weak ciphers on export-versions of TETRA radios. Over 500 victims of Progress Software's MOVEit vulnerability.


Vol. 6, Iss. 30
Robin’s Newsletter #266
Vol. 6, Iss. 30

Microsoft responds to pressure over pay-for security logs. UK Online Safety Bill progresses through the Lords. PwC client data stolen in MOVEit breach.


Vol. 6, Iss. 29
Robin’s Newsletter #265
Vol. 6, Iss. 29

EU and US adopt new privacy framework for personal data transfers. Microsoft email systems breached by Chinese APT group. Poisoned AI models and disinformation.


Vol. 6, Iss. 28
Robin’s Newsletter #264
Vol. 6, Iss. 28

Japan's busiest port halted by ransomware. Academics write open letter over Online Safety Bill concerns. JumpCloud resets API keys.


Vol. 6, Iss. 27
Robin’s Newsletter #263
Vol. 6, Iss. 27

SEC issues noticed to SolarWinds CFO, CISO. Apple opposed Online Safety Bill. US Supreme Court rejects cyberstalking case.

June 2023

June 2023


Vol. 6, Iss. 26
Robin’s Newsletter #262
Vol. 6, Iss. 26

More organisations caught up in MOVEit. Alphv/BlackCat has been all up in a lot of business. PlugWalkJoe gets 5-year sentence for Twitter crypto scam.


Vol. 6, Iss. 25
Robin’s Newsletter #261
Vol. 6, Iss. 25

More MOVEit victims and a $10 million bounty on Clop. Fortinet VPN vulnerability. A couple of cool side-channel techniques.


Vol. 6, Iss. 24
Robin’s Newsletter #260
Vol. 6, Iss. 24

Clop ransomware beaches MOVEit file transfer systems. Barracuda urges rip-and-replace of their email security gateways. Snowden leaks, ten years on.


Vol. 6, Iss. 23
Robin’s Newsletter #259
Vol. 6, Iss. 23

Kaspersky says it was compromised using zero-click iMessage exploit. Russia blames the NSA. Amazon settles Ring2 'lax privacy' case.

May 2023

May 2023


Vol. 6, Iss. 22
Robin’s Newsletter #258
Vol. 6, Iss. 22

Meta fine €1.2 billion. US-China cyber tensions. Brute-forcing biometric authentication. Insider threat fail.


Vol. 6, Iss. 21
Robin’s Newsletter #257
Vol. 6, Iss. 21

Montana bans TikTok. Ransomware as activitsm. Fallout from Capita breaches escalate.


Vol. 6, Iss. 20
Robin’s Newsletter #256
Vol. 6, Iss. 20

Russian APT malware disabled. MSI compromise included important crypto keys. EU CSAM plans may be unlawful.


Vol. 6, Iss. 19
Robin’s Newsletter #255
Vol. 6, Iss. 19

The figurative and literal jury is in on SolarWinds, Merck's NotPetya claim, Uber's data breach cover-up.

April 2023

April 2023


Vol. 6, Iss. 18
Robin’s Newsletter #254
Vol. 6, Iss. 18

RSA Conference 2023 takeaways. Data-driven decision making. IoT and Digital Services legislation.


Vol. 6, Iss. 17
Robin’s Newsletter #253
Vol. 6, Iss. 17

Customer data stolen in Capita breach. 3CX was a 'cascading' supply-chain breach. UK faces 'Wagner-like' cyber threat.


Vol. 6, Iss. 16
Robin’s Newsletter #252
Vol. 6, Iss. 16

US classified documents leaked on Discord. UK Online Safety Bill may 'damage reputation'. The 2019 Oldsmar ICS incident was human error.


Vol. 6, Iss. 15
Robin’s Newsletter #251
Vol. 6, Iss. 15

Genesis Market seizure leads to 119 arrests. The UK on being a responsible cyber power. Security and privacy risks of AI chatbots.


Vol. 6, Iss. 14
Robin’s Newsletter #250
Vol. 6, Iss. 14

Security Copilot brings AI assistant to security investigations. North Korea compromise of VOIP provider 3CX.

March 2023

March 2023


Vol. 6, Iss. 13
Robin’s Newsletter #249
Vol. 6, Iss. 13

TikTok bans continue, Russia bans iPhones from Putin’s inner circle, China & Russia set sights on tech sovereignty


Vol. 6, Iss. 12
Robin’s Newsletter #248
Vol. 6, Iss. 12

Critical vulnerabilities in Microsoft Outlook, Samsung chips in Android phones. ALPHV claims ransomware attack against Ring.


Vol. 6, Iss. 11
Robin’s Newsletter #247
Vol. 6, Iss. 11

BlackLotus malware can circumvent Secure Boot, infect UEFI. The FBI has been buying US citizen's location data. People are better at identifying fake news if you pay them.


Vol. 6, Iss. 10
Robin’s Newsletter #246
Vol. 6, Iss. 10

LastPass breach was via engineer's home device. The White House wants to shift cyber liability.

February 2023

February 2023


Vol. 6, Iss. 9
Robin’s Newsletter #245
Vol. 6, Iss. 9

USSOCCOM Email server left exposed. Critical vulnerability in another file transfer app. Signal says it would exit UK market.


Vol. 6, Iss. 8
Robin’s Newsletter #244
Vol. 6, Iss. 8

Twitter to charge for SMS MFA. 'Anonymous' ideological attacks. GoDaddy discloses multi-year breach. The proliferation of 'risk dashboards'.


Vol. 6, Iss. 7
Robin’s Newsletter #243
Vol. 6, Iss. 7

Sanctions for TrickBot as ransomware declared tier 1 national security risk. Hacking ChatGPT with prompt injection attacks. ESXiArgs ransomare spree continues. Dutch police bring down Exclu encrypted phone service.


Vol. 6, Iss. 6
Robin’s Newsletter #242
Vol. 6, Iss. 6

JD Sports expose PII of 10 million. Redcar council told to 'keep quiet' over ransomware attack. Zero-tolerance policy wipes over 2,000 devices.

January 2023

January 2023


Vol. 6, Iss. 5
Robin’s Newsletter #241
Vol. 6, Iss. 5

Hive ransomware infrastructure seized by FBI. The concentration of the illicit crypto-currency market. GoTo confirms customer data stolen during November breach.


Vol. 6, Iss. 4
Robin’s Newsletter #240
Vol. 6, Iss. 4

Ransomware payments fell 40% in 2022. T-Mobile suffers *another* breach; 37 million accounts affected. Credential stuffing attacks against Norton Password Manager, PayPal.


Vol. 6, Iss. 3
Robin’s Newsletter #239
Vol. 6, Iss. 3

LastPass silent on breach. Royal Mail ransomware attack. FAA system outage grounds flights. Exfiltrating data from Google Sheets.


Vol. 6, Iss. 2
Robin’s Newsletter #238
Vol. 6, Iss. 2

Details of 200 million Twitter users posted online. Cracking 2048-bit RSA encryption. Turla co-opting old malware.


Vol. 6, Iss. 1
Robin’s Newsletter #237 — 2023 Forecast
Vol. 6, Iss. 1

My thoughts on the broad outlook and specific predictions for the world of cyber in 2023.