Robin's Newsletter - Volume 7

Volume 7 of Robin’s Newsletter covers the year 2024.

November 2024

November 2024


Vol. 7, Iss. 47
Robin’s Newsletter #336
Vol. 7, Iss. 47

Black Friday scam warning. Microsoft Windows changes announced following CrowdStrike outage. Facebook take down of 2 million pig butchering accounts.


Vol. 7, Iss. 46
Robin’s Newsletter #335
Vol. 7, Iss. 46

£100M air traffic incident caused by duplicate airport codes. CISA, FBI says China was after wiretap data.


Vol. 7, Iss. 45
Robin’s Newsletter #334
Vol. 7, Iss. 45

Okta auth bypass for long usernames. Copyright infringement notices used to drop infostealers. Schneider Electric attacker wants payment in baguettes.


Vol. 7, Iss. 44
Robin’s Newsletter #333
Vol. 7, Iss. 44

Delta sues CrowdStrike for outage. Strava leaks location of French President. JP Morgan ATMs allowed fraudulent withdrawals.

October 2024

October 2024


Vol. 7, Iss. 43
Robin’s Newsletter #332
Vol. 7, Iss. 43

SEC fines four companies over misleading breach filings. Change Healthcare breach affects over 100M people. Sophos acquires Secureworks for $859M.


Vol. 7, Iss. 42
Robin’s Newsletter #331
Vol. 7, Iss. 42

Chinese accusations of Intel backdoors. Microsoft loses customer security logs. Hong Kong arrests in multi-milloin deepfake video scams.


Vol. 7, Iss. 41
Robin’s Newsletter #330
Vol. 7, Iss. 41

Chinese actors compromised major US telcos. Marriott agrees to 20-year FTC settlement.


Vol. 7, Iss. 40
Robin’s Newsletter #329
Vol. 7, Iss. 40

LockBit arrests. Evil Corp linked to Russian intelligence. Meta Ray Bans used in creepy facial recognition concept.

September 2024

September 2024


Vol. 7, Iss. 39
Robin’s Newsletter #328
Vol. 7, Iss. 39

Linux CUPS vuln hype. UK railway wifi portal defaced. Kaspersky pulls switchero on US customers.


Vol. 7, Iss. 37
Robin’s Newsletter #327
Vol. 7, Iss. 37

US dismantles massive Chinese botnet. Confidence testing questions for CISOs. Bumper load of interesting reads.


Vol. 7, Iss. 37
Robin’s Newsletter #326
Vol. 7, Iss. 37

TfL admits customer data stolen, 17-year-old arrested. UK data centres classified as CNI. Cydea turns 5!


Vol. 7, Iss. 36
Robin’s Newsletter #325
Vol. 7, Iss. 36

Yubikey's can be cloned. Telegram chief admits 'not enough' done on content moderation. On-going TfL cyber incident.


Vol. 7, Iss. 35
Robin’s Newsletter #324
Vol. 7, Iss. 35

Telegram CEO charged in France for illegal activity on the platform. Ukraine launches cyber range. Chinese attackers compromise four ISPs.

August 2024

August 2024


Vol. 7, Iss. 34
Robin’s Newsletter #323
Vol. 7, Iss. 34

US intel says Iran behind Trump campaign hack. Man hacks death register to get out of child support payments. How not to run a phishing test.


Vol. 7, Iss. 33
Robin’s Newsletter #322
Vol. 7, Iss. 33

Large data set published from US Data broker. Trump campaign blames Iran for leaked emails. Critical zero-click TCP/IP vulnerability in Windows.


Vol. 7, Iss. 32
Robin’s Newsletter #321
Vol. 7, Iss. 32

CrowdStrike's underwhelming root cause analysis. Progress escapes SEC action. Dutch DPA rules data scraping has no legal basis.


Vol. 7, Iss. 31
Robin’s Newsletter #320
Vol. 7, Iss. 31

Electoral Commission slammed for 'basic errors'. CrowdStrike faces multiple legal challenges. $75 million record-breaking ransomware payment.

July 2024

July 2024


Vol. 7, Iss. 30
Robin’s Newsletter #319
Vol. 7, Iss. 30

Changes in the ransomware ecosystem. KnowBe4 hrired a North Korean IT worker. FrostyGoop used to cut heat to 600 homes.


Vol. 7, Iss. 29
Robin’s Newsletter #318
Vol. 7, Iss. 29

CrowdStrike. What happened. What is means. What can we learn?


Vol. 7, Iss. 28
Robin’s Newsletter #317
Vol. 7, Iss. 28

AT&T lost call and SMS records from 'nearly all' of its customers. German bans Chinese telco kit. Vulnerability in RADIUS protocol.


Vol. 7, Iss. 27
Robin’s Newsletter #316
Vol. 7, Iss. 27

Unauthenticated RCE in OpenSSH. ShinyHunters release phone numbers of 33 million Authy users. Japan wins the 'war' on floppy disks.

June 2024

June 2024


Vol. 7, Iss. 26
Robin’s Newsletter #315
Vol. 7, Iss. 26

TeamViewer says it was compromised by Cozy Bear. Thousands arrested in law enforcement crackdown on scammers. Two critical MOVEit vulnerabilities.


Vol. 7, Iss. 25
Robin’s Newsletter #314
Vol. 7, Iss. 25

Updates on significant healthcare incidents. US gov bans Kaspersky. Spoofing Microsoft.com emails.


Vol. 7, Iss. 24
Robin’s Newsletter #313
Vol. 7, Iss. 24

Six years! Wow. Thanks for subscribing 😊 (now go donate blood to help the NHS respond to a ransomware attack)


Vol. 7, Iss. 23
Robin’s Newsletter #312
Vol. 7, Iss. 23

Ransomware attack at NHS London supplier disrupts operations. Microsoft recalls Recall, promises improved security and privacy. Plus a puzzle for you.


Vol. 7, Iss. 22
Robin’s Newsletter #311
Vol. 7, Iss. 22

Ticket Master, Santander breached; Snowflake Possibly not? Plus Op Endgame takedown of 100 malware servers.

May 2024

May 2024


Vol. 7, Iss. 21
Robin’s Newsletter #310
Vol. 7, Iss. 21

Microsoft Recall is a 'privacy nightmare'. UK/China threat not being takn seriously. FBI says Scattered Spiter is ~1,000 people.


Vol. 7, Iss. 20
Robin’s Newsletter #309
Vol. 7, Iss. 20

NCSC software resilience call-to-arms. Ebury malware and the Linux kernel organisation. Arizona woman's role in North Korean IT worker scheme.


Vol. 7, Iss. 19
Robin’s Newsletter #308
Vol. 7, Iss. 19

RSA 2024 Recap. New US international cyber strategy. Three fascinating incidents.


Vol. 7, Iss. 18
Robin’s Newsletter #307
Vol. 7, Iss. 18

Microsoft ties exec pay to security. Change Healthcare paid $22M ransom. The UK bans default passwords for smart tech.

April 2024

April 2024


Vol. 7, Iss. 17
Robin’s Newsletter #306
Vol. 7, Iss. 17

US tries to force sell-off of TikTok. UnitedHealth says it paid a ransom, 'substantial portion' of America affected. Darktrace agrees deal to go private.


Vol. 7, Iss. 16
Robin’s Newsletter #305
Vol. 7, Iss. 16

Significant breach at data analytics firm Sisense. UK trade unions targeted. Perfect 10 vulnerability in Palo's GlobalProtect VPN product.


Vol. 7, Iss. 15
Robin’s Newsletter #304
Vol. 7, Iss. 15

Significant breach at data analytics firm Sisense. UK trade unions targeted. Perfect 10 vulnerability in Palo's GlobalProtect VPN product.


Vol. 7, Iss. 14
Robin’s Newsletter #303
Vol. 7, Iss. 14

CSRB slams Microsoft over 'preventable' Storm-558 breach that 'should never have occured'.

March 2024

March 2024


Vol. 7, Iss. 13
Robin’s Newsletter #302
Vol. 7, Iss. 13

Open-source project compromised to allow SSH backdoor. UK, US accuse China of targeting politicians. Facebook AiTM'd users to spy on Snapchat usage.


Vol. 7, Iss. 12
Robin’s Newsletter #301
Vol. 7, Iss. 12

3 million hotel door locks vulnerable. Esports tournament suspended after compromise. New variant of AcidRain satellite malware discovered.


Vol. 7, Iss. 11
Robin’s Newsletter #300
Vol. 7, Iss. 11

British Library lessons learned. Personal info of 43 million French citizens may have been leaked. McDonlad's outage caused by third-party configuration error.


Vol. 7, Iss. 10
Robin’s Newsletter #299
Vol. 7, Iss. 10

ALPHV pulls an exit scam after Change Healthcare seems to make ransom payment.


Vol. 7, Iss. 9
Robin’s Newsletter #298
Vol. 7, Iss. 9

Change Healthcare outage persists as ALPHV claims responsibility. Morris II GenAI worm. NIST CSF v2 launched.

February 2024

February 2024


Vol. 7, Iss. 8
Robin’s Newsletter #297
Vol. 7, Iss. 8

LockBit comprehensively pwned by UK, US and EU law enforcement. Leak at Chiense security copmany gives insight into outsourcing of government attacks.


Vol. 7, Iss. 7
Robin’s Newsletter #296
Vol. 7, Iss. 7

FBI disrupts GRU botnet. Dozens of Romanian hospitals impacted by ransomware. European court rules on encryption backdoors.


Vol. 7, Iss. 6
Robin’s Newsletter #295
Vol. 7, Iss. 6

No, 3 million toothbrushes didn't DDoS anything. But... Deepfake video used in CFO scam to steal £20 million. TfL has been trialling AI surveillance.


Vol. 7, Iss. 5
Robin’s Newsletter #294
Vol. 7, Iss. 5

FBI disrupted Volt Typhoon activity. Moody's downgrades UK water sector due to cyber threat. Stolen FTX millions linked to US SIM swapping ring.

January 2024

January 2024


Vol. 7, Iss. 4
Robin’s Newsletter #293
Vol. 7, Iss. 4

Australia names Medibank attacker. Microsoft comes under criticism for config blunder that let Russia snoop on mailboxes.


Vol. 7, Iss. 3
Robin’s Newsletter #292
Vol. 7, Iss. 3

Microsoft email accounts compromised by Russian espionage group. Bumper password dump added to HIBP? Gaza phone services out for a week.


Vol. 7, Iss. 2
Robin’s Newsletter #291
Vol. 7, Iss. 2

SEC Twitter account compromised; used to swing Bitcoin price. Pro-Ukraine group launches retaliatory attack on Russian ISP.


Vol. 7, Iss. 1
Robin’s Newsletter #290
Vol. 7, Iss. 1

Sandworm was in Kyivstar for at least seven months. British Library will spend 40% of reserves rebuilding after ransomware attack. Mandiant Twitter account compromised.