Robin's Newsletter

I started writing my infosec newsletter in 2018. It covers the security and privacy topics that caught my attention each week, some interesting numbers or stats, and a summary of the news headlines. I’m current in the process of porting across the back catalogue from the previous two volumes. They’ll appear here over the coming weeks.

I love to hear from readers and welcome suggestions, feedback and tips ❤️

Hundreds of people are now subscribers and, every Sunday, get it direct to their inbox at 7:00pm. I recommend you join them! 👇

Subscribe to Robin's Newsletter

Previous Editions

19 September 2021 (Vol. 4, Iss. 38)
Robin’s Newsletter #170

Azure Linux VMs being compromised. OWASP Top 10 draft updates. Microsoft goes passwordless. Learning from other professions.

12 September 2021 (Vol. 4, Iss. 37)
Robin’s Newsletter #169

Encryption backdoors, the NSA and Juniper. Proton Mail got served. Wireless charging side-channel attacks.

5 September 2021 (Vol. 4, Iss. 36)
Robin’s Newsletter #168

Focus on proxyware, patch your confluence servers, the normalisation of surveillance, and interview with a ransomware negotiator.

29 August 2021 (Vol. 4, Iss. 35)
Robin’s Newsletter #167

Microsoft's $20BN investment is on its own products, and they need the investment. Future of the UK's 'post-Brexit' data protection regime and new Information Commissioner. Samsung can remotely disable its smart TVs.

22 August 2021 (Vol. 4, Iss. 34)
Robin’s Newsletter #166

T-Mobile suffers *another* data breach. Pearson settles over misleading investors. Outrage in cyber risk. Anyone can post a LinkedIn job as pretty much any company.

15 August 2021 (Vol. 4, Iss. 33)
Robin’s Newsletter #165

Apple's damage-control on CSAM. Belarus' state security doxxing. Code poisoning ML models.

8 August 2021 (Vol. 4, Iss. 32)
Robin’s Newsletter #164

Apple's plans to have iPhone continuously scan for child sexual abuse material are ripe for abuse.

1 August 2021 (Vol. 4, Iss. 31)
Robin’s Newsletter #163

Biden's 'real shooting war' comments. Amazon's €746M GDPR fine. Iran's fake social media profiles. Phantom flotillas.

25 July 2021 (Vol. 4, Iss. 30)
Robin’s Newsletter #162

China called out for state-sponsored cyber campaigns. NSO Group in the spotlight (again) for spyware. Questionable QA on Google Chrome OS update.

18 July 2021 (Vol. 4, Iss. 29)
Robin’s Newsletter #161

ICO raids two properties in Hancock CCTV investigation. Another Windows printer vuln. REvil's sites offline. Identity verification isn't the answer to online abuse.

11 July 2021 (Vol. 4, Iss. 28)
Robin’s Newsletter #160

More on Kaseya. The PrintNightmare continues. Farmers win 'right to repair' and Kaspersky's not-so-random number generator.

4 July 2021 (Vol. 4, Iss. 27)
Robin’s Newsletter #159

Kaseya VSA used to launch 'over 1,000' ransomware attacks. Security researchers cause PrintNightmare. EU grants UK data protection adequacy decision.

27 June 2021 (Vol. 4, Iss. 26)
Robin’s Newsletter #158

MITRE and NSA want to D3FEND your network. Aussie 'safety by design' toolkit. EU launches 'joint cyber unit' to coordinate 'nightmare' attacks.

20 June 2021 (Vol. 4, Iss. 25)
Robin’s Newsletter #157 — 3rd Birthday Edition 🥳

Suspected Cl0p members arrested. Ransomware is an 'urgent' threat to U.K. Balancing cyber supply and demand. And, Dear Intern...

13 June 2021 (Vol. 4, Iss. 24)
Robin’s Newsletter #156

EA games source code stolen. Apple's news privacy and security features. The FBI ran An0m encrypted comms app. Ransomware thinking.

6 June 2021 (Vol. 4, Iss. 23)
Robin’s Newsletter #155

The U.S. continues beef with Russian ransomware gangs. Colonial Pipeline was result of compromised creds. FireEye to divest name, products business.

30 May 2021 (Vol. 4, Iss. 22)
Robin’s Newsletter #154

Flashcards reveal the location of U.S. nuclear weapons. Email security tools are working? And fingerprints from photo leads to arrest.

23 May 2021 (Vol. 4, Iss. 21)
Robin’s Newsletter #153

Lots of ransomware: Ireland's HSE will not pay. Colonial coughed up $4.4M'. But there are Technology Detection Dogs. And they're very good dogs!

16 May 2021 (Vol. 4, Iss. 20)
Robin’s Newsletter #152

All the stats: it's DBIR time. Colonial Pipeline paid ransom, restored service and DarkSide disappeared. Being better at security engagement.

9 May 2021 (Vol. 4, Iss. 19)
Robin’s Newsletter #151

Responsible cyber power. Colonial Pipline shut down due to ransomware. Injecting malware C2 into legitimate traffic. Authentication using a severed thumb.

2 May 2021 (Vol. 4, Iss. 18)
Robin’s Newsletter #150

Babuk ransomware operators demand $50M from DC police. BoJo's phone number available online. Emotet deactivated. And, burrowing beavers.

25 April 2021 (Vol. 4, Iss. 17)
Robin’s Newsletter #149

Ransomware in Apple's supply chain. Facebook seeks to 'normalise' scraping. The balkanisation of the Internet has intelligence agencies worried. Cellebrite's iPhone unlocking system is full of vulnerabilities.

18 April 2021 (Vol. 4, Iss. 16)
Robin’s Newsletter #148

FBI gets a warrant to fix Hafnium web shells, becomes an MSSP. Sanctions for Russia over SolarWinds. Plus you cheddar believe there are some cheese puns.

11 April 2021 (Vol. 4, Iss. 15)
Robin’s Newsletter #147

Facebook's *ahem* 'data scraping' incident sets the stage for debate on responsible design and engineering. AWS bomb threat. Censorship by QoS. TUI's algorithm gender bias led to 'serious incident' calculating takeoff loads.

4 April 2021 (Vol. 4, Iss. 14)
Robin’s Newsletter #146

The long-tail of ransomware recovery. PHP source code compromise. Exploiting 'safe' file formats. Risk margins and early risk management decisions.

28 March 2021 (Vol. 4, Iss. 13)
Robin’s Newsletter #145

FatFace IR comms 'confidential' while loosing 200GB data. Cyber insurer CNA may have been targeted for policy info. OSINT on the Ever Given.

21 March 2021 (Vol. 4, Iss. 12)
Robin’s Newsletter #144

Rerouting a victims SMS for $16. UK defence review: nuclear response for cyber attack. Who is buying all the data generated by your car?

14 March 2021 (Vol. 4, Iss. 11)
Robin’s Newsletter #143

Criminals jump on Hafnium/ProxyLogon. Hacktivists breach Verkada's 150K facial recognition cams. Apple's IP theft lawsuit. Google's Spectre exploit.

7 March 2021 (Vol. 4, Iss. 10)
Robin’s Newsletter #142

Hafnium mass-exploitation of Microsoft Exchange servers. Google, Alliaz and MunichRe team up on cloud cyber insurance. Bitflipping may be more common than you think.

28 February 2021 (Vol. 4, Iss. 9)
Robin’s Newsletter #141

IABs charge just $7,100 for access to victims networks. Accellion file transfer appliances popped left, right, centre. Former SolarWinds CEO says it is all the interns fault.

21 February 2021 (Vol. 4, Iss. 8)
Robin’s Newsletter #140

Microsoft source code stolen by Russia in Solorigate attack. France uncovers campaign targeting IT providers. SIEM & ATT&CK. And Citibank's $500M UI gaff.

14 February 2021 (Vol. 4, Iss. 7)
Robin’s Newsletter #139

Dependency confusion: all up in your package manager and automated build process. Florida water treatment plant compromised. Details of cyber-attacks on Isis. Bloomberg back again with The ~~Big~~ Long Hack.

7 February 2021 (Vol. 4, Iss. 6)
Robin’s Newsletter #138

SolarWinds caught up in second campaign against U.S. gov tied to China. Plus an interview with a ransomware operator and Canada declares Clearview AI is 'illegal'.

31 January 2021 (Vol. 4, Iss. 5)
Robin’s Newsletter #137

Law enforcement's Emotet takedown and NetWalker leak site seized. Got root? Sudo vuln will get you there. North Korea goes after security researchers for 0-day.

24 January 2021 (Vol. 4, Iss. 4)
Robin’s Newsletter #136

Malwarebytes compromised in Solorigate; German company fined for video surveillance of staff; Intel publish financial results early due to leaked info

17 January 2021 (Vol. 4, Iss. 3)
Robin’s Newsletter #135

WhatsApp bungles privacy policy update; U.K. police unintentionally delete 213,000 records; and 'imposing costs' the 'Brexit means Brexit' or cyber.

10 January 2021 (Vol. 4, Iss. 2)
Robin’s Newsletter #134

Cyber implications of the Capitol insurrection. Solorigate 'likely' the work of Russia. SolarWinds hires Krebs Stamos Group. Microsoft throws some shade.

3 January 2021 (Vol. 4, Iss. 1)
Robin’s Newsletter #133

Microsoft source code accessed in Solorigate attack. Plus advice on buying and selling second-hand devices from NCSC. And how much does cybercrime cost Russia?

27 December 2020 (Vol. 3, Iss. 52)
Robin’s Newsletter #132 — 2020 Retrospective

Strap in and get ready for a recap of the things that I think have been most _interesting_ rather than _highest profile_, in 2020.

20 December 2020 (Vol. 3, Iss. 51)
Robin’s Newsletter #131

SUNBURST attack on U.S. government is both huge, and nothing new. Google suffers multiple outages. Automated attacks on online banking.

13 December 2020 (Vol. 3, Iss. 50)
Robin’s Newsletter #130

FireEye breached by sophisticated actor; $1TN reportedly lost to cybercrime in 2020; Zodiac killer cipher cracker after 51 years.

6 December 2020 (Vol. 3, Iss. 49)
Robin’s Newsletter #129

TrickBot is recovering from CyberCom, Microsoft takedowns, gains UEFI/BIOS capabilities. 'Cold chain' of COVID-19 vaccine targeted. Zero-click exploit in Apple iPhone.

29 November 2020 (Vol. 3, Iss. 48)
Robin’s Newsletter #128

RCEP, cyber cooperation and Asian data sovereignty; UK National Cyber Force; Microsoft's 'Pluton' and US Special Forces buying location tracking data

22 November 2020 (Vol. 3, Iss. 47)
Robin’s Newsletter #127

RCEP, cyber cooperation and Asian data sovereignty; UK National Cyber Force; Microsoft's 'Pluton' and US Special Forces buying location tracking data

15 November 2020 (Vol. 3, Iss. 46)
Robin’s Newsletter #126

No, Apple aren't logging every app you run, but they are brining privacy nutrition labels to AppStore. Tim Berners-Lee's Inrupt launches Solid server. Ticketmaster to appeal £1.25M data breach penalty.

8 November 2020 (Vol. 3, Iss. 45)
Robin’s Newsletter #125

Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.

1 November 2020 (Vol. 3, Iss. 44)
Robin’s Newsletter #124

Marriott's data breach penalty, how the Clean Network Program is changing 5G economics, reverse-engineering redaction and new ransom threat to health data. Plus company naming fun.

25 October 2020 (Vol. 3, Iss. 43)
Robin’s Newsletter #123

DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.

18 October 2020 (Vol. 3, Iss. 42)
Robin’s Newsletter #122

British Airways fined £20M for data breach; Businesses exploiting contact tracing data; Microsoft's trademark takedown of TrickBot.

11 October 2020 (Vol. 3, Iss. 41)
Robin’s Newsletter #121

Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.

4 October 2020 (Vol. 3, Iss. 40)
Robin’s Newsletter #120

US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.

27 September 2020 (Vol. 3, Iss. 39)
Robin’s Newsletter #119

YOLOsec, FOMOsec, business value and commodity controls. Plus a couple of examples of how hactivism is evolving.

20 September 2020 (Vol. 3, Iss. 38)
Robin’s Newsletter #118

Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(

13 September 2020 (Vol. 3, Iss. 37)
Robin’s Newsletter #117

China's Global Initiative on Data Security; Ireland's data regulator 'unlikes' Facebook; Who is top of the Cyber Power Index?

6 September 2020 (Vol. 3, Iss. 36)
Robin’s Newsletter #116

Benchmark data from Hiscox's Cyber Readiness Report 2020, MIT's SCRAM, US federal vulnerability disclosure policies, CEO responsibilities and Tesla's fleet-wide hack.

30 August 2020 (Vol. 3, Iss. 35)
Robin’s Newsletter #115

Attempted $1M bribe of Tesla employee in ransomware campaign. NZX trading suspended for four days due to DDOS. Supply and demand in security budgets.

23 August 2020 (Vol. 3, Iss. 34)
Robin’s Newsletter #114

Personal liability for CISOs in data breach cover-ups, 'fraudulent data requests' at Experian and mailto: attachment vulnerability.

16 August 2020 (Vol. 3, Iss. 33)
Robin’s Newsletter #113

Algorithms and accuracy in A-Level exame results. ReVoLTE over 4G misconfiguration. Vaccinating against Emotet.

9 August 2020 (Vol. 3, Iss. 32)
Robin’s Newsletter #112

Bits from Black Hat (satellites, bug bounties and manipulating energy markets), plus Liam Fox's emails and the march of time on seized devices.

2 August 2020 (Vol. 3, Iss. 31)
Robin’s Newsletter #111

Ransomware payments encourage more ransomware attacks. EU cyber sanctions. Three charged in Twitter crypto-scam.

26 July 2020 (Vol. 3, Iss. 30)
Robin’s Newsletter #110

Garmin 'ran somewhere.' UK Test & Trace doesn't have a DPIA. Emotet serving up Hackerman memes.

19 July 2020 (Vol. 3, Iss. 29)
Robin’s Newsletter #109

Schrems II, Huawei, and the battle for digital dominance. Plus the 'Great Twitter Hack,' and All. The. Vulnerabilities.

12 July 2020 (Vol. 3, Iss. 28)
Robin’s Newsletter #108

Hong Kong's new national security law causes headaches for citizens, tech and finance companies. Steal the cash, not the painting. Cosmic Lynx and Russian cyber-criminals' 'synergistic value accelerative opportunity'

5 July 2020 (Vol. 3, Iss. 27)
Robins Newsletter #107

Encrochat and evolving law enforcement tactics prove there is a different want to encryption backdoors. Explosion at Natanz doesn't mean 'Stuxnet 2.' And, don't host your website on Internet Archive.

28 June 2020 (Vol. 3, Iss. 26)
Robins Newsletter #106

Three years on from NotPetya. BlueLeaks and sector-specific aggregation of risk. Minimising harm in breach notification comms. Exfiltrating data using Google Analytics.

21 June 2020 (Vol. 3, Iss. 25)
Robins Newsletter #105

COVID-19 cyber threat update; IoT device vulnerabilities; how to spot like-farming!

14 June 2020 (Vol. 3, Iss. 24)
Robins Newsletter #104

Snowstorm in a Dark Basin: Citizen Lab, MDR Cyber shine light on hackers for hire. Babylon Health breach and lessons from Apple, Amazon, and Google. How far do you go to protect against cyber-harm on your platform?

7 June 2020 (Vol. 3, Iss. 23)
Robins Newsletter #103

REvil launch auction site, while Maze and LockBit team up to pool resources, know-how. Plus inside a BEC scam and DROP DATABASE tickets.

31 May 2020 (Vol. 3, Iss. 22)
Robins Newsletter #102

Cybercrime is boring; Capital One IR report isn't legally privileged; and easyJet target of £18Bn legal action.

24 May 2020 (Vol. 3, Iss. 21)
Robins Newsletter #101

The annual DBIR data-fest, looking in to EasyJet's breach, the importance of audit trails, and Trump's banking details

17 May 2020 (Vol. 3, Iss. 20)
Robins Newsletter #100

Pricing cyber risk from external data, attack on 'UK electricity system' and mining crypocurrency with supercomputers

10 May 2020 (Vol. 3, Iss. 19)
Robins Newsletter #99

Contact tracing apps, password reuse stats, law firm ransomware, and the integrity of systems

3 May 2020 (Vol. 3, Iss. 18)
Robins Newsletter #98

Mobile device management as a vector, turning antivirus against itself and ransomware's long game

26 April 2020 (Vol. 3, Iss. 17)
Robins Newsletter #97

Zero-click vulnerability in Apple's Mail app, surveillance and tracking COVID-19, UK MoD relaxes security requirements.

19 April 2020 (Vol. 3, Iss. 16)
Robins Newsletter #96

Compliance risk and the German state of North Rhine-Westphalia’s loss of €30M-€100M #COVID19 aid because of poor identity verification. Plus DoD and measuring meaningful things. And jumping air-gaps with computer fans.

12 April 2020 (Vol. 3, Iss. 15)
Robins Newsletter #95

Cyber-crime economics of Coronavirus; US Senate bans Zoom; China Telecom and BGP hijacks

5 April 2020 (Vol. 3, Iss. 14)
Robin's Newsletter #94

All the Zoom news distilled, plus Marriott data breach, Morrisons' supreme court win, cloud availability, bug bounty non-disclosures and COVID-19 CTI.

29 March 2020 (Vol. 3, Iss. 13)
Robin's Newsletter #93

FBI COVID-19 scam warning; FIN7 mailing malware USB keys; predicting attacks from Russian APTs.

22 March 2020 (Vol. 3, Iss. 12)
Robin's Newsletter #92

Government cyber advice, examples of phishing campaigns, and things you should patch in the times of COVID-19.

15 March 2020 (Vol. 3, Iss. 11)
Robin's Newsletter #91

Future U.S. cyber strategy; Whisper not-so-secret; wormable Microsoft vulnerability in SMB

8 March 2020 (Vol. 3, Iss. 10)
Robin's Newsletter #90

Cashing in on loyalty points; scam certificate pages and the CIAs password

1 March 2020 (Vol. 3, Iss. 9)
Robin's Newsletter #89

Security awareness without fear; Android malware stealing 2FA codes; click here to sue everybody.

23 February 2020 (Vol. 3, Iss. 8)
Robin's Newsletter #88

Georgia defacement attribution; misusing anti-abuse; Pipeline ransomware.

16 February 2020 (Vol. 3, Iss. 7)
Robin's Newsletter #87

Huawei, Crypto AG, and all the nations doin' all the cybers; plus Emotet.

9 February 2020 (Vol. 3, Iss. 6)
Robin's Newsletter #86

Simon Weckert's Google Maps art installation; IKEA's data promise; and valentine's security awareness.

2 February 2020 (Vol. 3, Iss. 5)
Robin's Newsletter #85

Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.

26 January 2020 (Vol. 3, Iss. 4)
Robin's Newsletter #84

Jeff Bezos' phone hacking; Microsoft's elastic search snafu; ClearView.AI and facial recognition tech.

19 January 2020 (Vol. 3, Iss. 3)
Robin's Newsletter #83

Changing the economics of cybercrime; Windows crypto vulnerability; and rival groups exploiting Citrix.

12 January 2020 (Vol. 3, Iss. 2)
Robin's Newsletter #82

Travelex's ongoing response; £500K penalty for DSG Retail; No patch for Citrix vulnerabilities until end of month.

5 January 2020 (Vol. 3, Iss. 1)
Robin's Newsletter #81

California's Consumer Privacy Act; Travelex systems still offline; the rise of 'data exposures'.