Microsoft
September 2023
September 2023
Vol. 6, Iss. 37
Robin’s Newsletter #273
Results of Microsoft investigation into US government email compromise. Online Safety Bill E2EE clause to remain unenforced until 'technically feasible'.
August 2023
August 2023
Vol. 6, Iss. 32
Robin’s Newsletter #268
Capita breach costs rise. Microsoft under pressure for opaque security practices. Side channel attack identifies keystrokes from audio over Zoom calls
July 2023
July 2023
Vol. 6, Iss. 31
Robin’s Newsletter #267
SEC approves breach disclosure rules. Weak ciphers on export-versions of TETRA radios. Over 500 victims of Progress Software's MOVEit vulnerability.
Vol. 6, Iss. 30
Robin’s Newsletter #266
Microsoft responds to pressure over pay-for security logs. UK Online Safety Bill progresses through the Lords. PwC client data stolen in MOVEit breach.
Vol. 6, Iss. 29
Robin’s Newsletter #265
EU and US adopt new privacy framework for personal data transfers. Microsoft email systems breached by Chinese APT group. Poisoned AI models and disinformation.
Vol. 6, Iss. 28
Robin’s Newsletter #264
Japan's busiest port halted by ransomware. Academics write open letter over Online Safety Bill concerns. JumpCloud resets API keys.
March 2023
March 2023
Vol. 6, Iss. 12
Robin’s Newsletter #248
Critical vulnerabilities in Microsoft Outlook, Samsung chips in Android phones. ALPHV claims ransomware attack against Ring.
January 2023
January 2023
Vol. 6, Iss. 5
Robin’s Newsletter #241
Hive ransomware infrastructure seized by FBI. The concentration of the illicit crypto-currency market. GoTo confirms customer data stolen during November breach.
December 2022
December 2022
Vol. 5, Iss. 51
Robin’s Newsletter #235
Microsoft certs used to sign malware. AWS API exposed ability to modify, delete container images. BEC scammers are targeting sugar and milk powder.
October 2022
October 2022
Vol. 5, Iss. 43
Robin’s Newsletter #227
Microsoft leaves 2.4TB of 'business transaction data' in public Azure bucket. Head of Germany's cyber agency suspended for links to Russian intelligence. Optus unilaterally blocks data breach victim's passports.
Vol. 5, Iss. 40
Robin’s Newsletter #224
Optus breach attacker retracts demands as attention grows. Rise in fake LinkedIn CISO profiles. Microsoft Exchange Zero-Day.
June 2022
June 2022
Vol. 5, Iss. 23
Robin’s Newsletter #207
Zero-day vulnerabilities in Office/Windows and Confluence. New ransowmare tactics. US federal privacy law moves a step closer.
May 2022
May 2022
Vol. 5, Iss. 20
Robin’s Newsletter #204
Costa Rica declares state of emergency over ransomware incidents. Civil penalties proposed for Colonial Pipeline over safety breaches.
March 2022
March 2022
Vol. 5, Iss. 13
Robin’s Newsletter #197
The rise, and fall?, of Lapsus$ as Okta confirm breach. US CNI cyberattack warning. Build capabilities, not plans for resilience.
September 2021
September 2021
Vol. 4, Iss. 38
Robin’s Newsletter #170
Azure Linux VMs being compromised. OWASP Top 10 draft updates. Microsoft goes passwordless. Learning from other professions.
August 2021
August 2021
Vol. 4, Iss. 35
Robin’s Newsletter #167
Microsoft's $20BN investment is on its own products, and they need the investment. Future of the UK's 'post-Brexit' data protection regime and new Information Commissioner. Samsung can remotely disable its smart TVs.
March 2021
March 2021
Vol. 4, Iss. 12
Robin’s Newsletter #144
Rerouting a victims SMS for $16. UK defence review: nuclear response for cyber attack. Who is buying all the data generated by your car?
Vol. 4, Iss. 11
Robin’s Newsletter #143
Criminals jump on Hafnium/ProxyLogon. Hacktivists breach Verkada's 150K facial recognition cams. Apple's IP theft lawsuit. Google's Spectre exploit.
Vol. 4, Iss. 10
Robin’s Newsletter #142
Hafnium mass-exploitation of Microsoft Exchange servers. Google, Alliaz and MunichRe team up on cloud cyber insurance. Bitflipping may be more common than you think.
February 2021
February 2021
Vol. 4, Iss. 8
Robin’s Newsletter #140
Microsoft source code stolen by Russia in Solorigate attack. France uncovers campaign targeting IT providers. SIEM & ATT&CK. And Citibank's $500M UI gaff.
January 2021
January 2021
Vol. 4, Iss. 4
Robin’s Newsletter #136
Malwarebytes compromised in Solorigate; German company fined for video surveillance of staff; Intel publish financial results early due to leaked info
Vol. 4, Iss. 2
Robin’s Newsletter #134
Cyber implications of the Capitol insurrection. Solorigate 'likely' the work of Russia. SolarWinds hires Krebs Stamos Group. Microsoft throws some shade.
Vol. 4, Iss. 1
Robin’s Newsletter #133
Microsoft source code accessed in Solorigate attack. Plus advice on buying and selling second-hand devices from NCSC. And how much does cybercrime cost Russia?
October 2020
October 2020
Vol. 3, Iss. 42
Robin’s Newsletter #122
British Airways fined £20M for data breach; Businesses exploiting contact tracing data; Microsoft's trademark takedown of TrickBot.
August 2020
August 2020
Vol. 3, Iss. 32
Robin’s Newsletter #112
Bits from Black Hat (satellites, bug bounties and manipulating energy markets), plus Liam Fox's emails and the march of time on seized devices.
June 2020
June 2020
Vol. 3, Iss. 26
Robins Newsletter #106
Three years on from NotPetya. BlueLeaks and sector-specific aggregation of risk. Minimising harm in breach notification comms. Exfiltrating data using Google Analytics.
Vol. 3, Iss. 25
Robins Newsletter #105
COVID-19 cyber threat update; IoT device vulnerabilities; how to spot like-farming!
April 2020
April 2020
Vol. 3, Iss. 17
Robins Newsletter #97
Zero-click vulnerability in Apple's Mail app, surveillance and tracking COVID-19, UK MoD relaxes security requirements.
Vol. 3, Iss. 4
Robin’s Newsletter #84
Jeff Bezos' phone hacking; Microsoft's elastic search snafu; ClearView.AI and facial recognition tech.