I started writing my infosec newsletter in 2018. It covers the security and privacy topics that caught my attention each week, some interesting numbers or stats, and a summary of the news headlines. I’m current in the process of porting across the back catalogue from the previous two volumes. They’ll appear here over the coming weeks.
I love to hear from readers and welcome suggestions, feedback and tips ❤️
Hundreds of people are now subscribers and, every Sunday, get it direct to their inbox at 7:00pm. I recommend you join them! 👇
Subscribe to Robin's Newsletter
No, Apple aren't logging every app you run, but they are brining privacy nutrition labels to AppStore. Tim Berners-Lee's Inrupt launches Solid server. Ticketmaster to appeal £1.25M data breach penalty.
Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.
Marriott's data breach penalty, how the Clean Network Program is changing 5G economics, reverse-engineering redaction and new ransom threat to health data. Plus company naming fun.
DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.
British Airways fined £20M for data breach; Businesses exploiting contact tracing data; Microsoft's trademark takedown of TrickBot.
Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.
US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.
YOLOsec, FOMOsec, business value and commodity controls. Plus a couple of examples of how hactivism is evolving.
Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(
China's Global Initiative on Data Security; Ireland's data regulator 'unlikes' Facebook; Who is top of the Cyber Power Index?
Benchmark data from Hiscox's Cyber Readiness Report 2020, MIT's SCRAM, US federal vulnerability disclosure policies, CEO responsibilities and Tesla's fleet-wide hack.
Attempted $1M bribe of Tesla employee in ransomware campaign. NZX trading suspended for four days due to DDOS. Supply and demand in security budgets.
Personal liability for CISOs in data breach cover-ups, 'fraudulent data requests' at Experian and mailto: attachment vulnerability.
Algorithms and accuracy in A-Level exame results. ReVoLTE over 4G misconfiguration. Vaccinating against Emotet.
Bits from Black Hat (satellites, bug bounties and manipulating energy markets), plus Liam Fox's emails and the march of time on seized devices.
Ransomware payments encourage more ransomware attacks. EU cyber sanctions. Three charged in Twitter crypto-scam.
Garmin 'ran somewhere.' UK Test & Trace doesn't have a DPIA. Emotet serving up Hackerman memes.
Schrems II, Huawei, and the battle for digital dominance. Plus the 'Great Twitter Hack,' and All. The. Vulnerabilities.
Hong Kong's new national security law causes headaches for citizens, tech and finance companies. Steal the cash, not the painting. Cosmic Lynx and Russian cyber-criminals' 'synergistic value accelerative opportunity'
Encrochat and evolving law enforcement tactics prove there is a different want to encryption backdoors. Explosion at Natanz doesn't mean 'Stuxnet 2.' And, don't host your website on Internet Archive.
Three years on from NotPetya. BlueLeaks and sector-specific aggregation of risk. Minimising harm in breach notification comms. Exfiltrating data using Google Analytics.
COVID-19 cyber threat update; IoT device vulnerabilities; how to spot like-farming!
Snowstorm in a Dark Basin: Citizen Lab, MDR Cyber shine light on hackers for hire. Babylon Health breach and lessons from Apple, Amazon, and Google. How far do you go to protect against cyber-harm on your platform?
REvil launch auction site, while Maze and LockBit team up to pool resources, know-how. Plus inside a BEC scam and DROP DATABASE tickets.
Cybercrime is boring; Capital One IR report isn't legally privileged; and easyJet target of £18Bn legal action.
The annual DBIR data-fest, looking in to EasyJet's breach, the importance of audit trails, and Trump's banking details
Pricing cyber risk from external data, attack on 'UK electricity system' and mining crypocurrency with supercomputers
Contact tracing apps, password reuse stats, law firm ransomware, and the integrity of systems
Mobile device management as a vector, turning antivirus against itself and ransomware's long game
Zero-click vulnerability in Apple's Mail app, surveillance and tracking COVID-19, UK MoD relaxes security requirements.
Compliance risk and the German state of North Rhine-Westphalia’s loss of €30M-€100M #COVID19 aid because of poor identity verification. Plus DoD and measuring meaningful things. And jumping air-gaps with computer fans.
Cyber-crime economics of Coronavirus; US Senate bans Zoom; China Telecom and BGP hijacks
All the Zoom news distilled, plus Marriott data breach, Morrisons' supreme court win, cloud availability, bug bounty non-disclosures and COVID-19 CTI.
FBI COVID-19 scam warning; FIN7 mailing malware USB keys; predicting attacks from Russian APTs.
Government cyber advice, examples of phishing campaigns, and things you should patch in the times of COVID-19.
Future U.S. cyber strategy; Whisper not-so-secret; wormable Microsoft vulnerability in SMB
Cashing in on loyalty points; scam certificate pages and the CIAs password
Security awareness without fear; Android malware stealing 2FA codes; click here to sue everybody.
Georgia defacement attribution; misusing anti-abuse; Pipeline ransomware.
Huawei, Crypto AG, and all the nations doin' all the cybers; plus Emotet.
Simon Weckert's Google Maps art installation; IKEA's data promise; and valentine's security awareness.
Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.
Jeff Bezos' phone hacking; Microsoft's elastic search snafu; ClearView.AI and facial recognition tech.
Changing the economics of cybercrime; Windows crypto vulnerability; and rival groups exploiting Citrix.
Travelex's ongoing response; £500K penalty for DSG Retail; No patch for Citrix vulnerabilities until end of month.
California's Consumer Privacy Act; Travelex systems still offline; the rise of 'data exposures'.