Microsoft

September 2023

September 2023


Vol. 6, Iss. 37
Robin’s Newsletter #273
Vol. 6, Iss. 37

Results of Microsoft investigation into US government email compromise. Online Safety Bill E2EE clause to remain unenforced until 'technically feasible'.

August 2023

August 2023


Vol. 6, Iss. 32
Robin’s Newsletter #268
Vol. 6, Iss. 32

Capita breach costs rise. Microsoft under pressure for opaque security practices. Side channel attack identifies keystrokes from audio over Zoom calls

July 2023

July 2023


Vol. 6, Iss. 31
Robin’s Newsletter #267
Vol. 6, Iss. 31

SEC approves breach disclosure rules. Weak ciphers on export-versions of TETRA radios. Over 500 victims of Progress Software's MOVEit vulnerability.


Vol. 6, Iss. 30
Robin’s Newsletter #266
Vol. 6, Iss. 30

Microsoft responds to pressure over pay-for security logs. UK Online Safety Bill progresses through the Lords. PwC client data stolen in MOVEit breach.


Vol. 6, Iss. 29
Robin’s Newsletter #265
Vol. 6, Iss. 29

EU and US adopt new privacy framework for personal data transfers. Microsoft email systems breached by Chinese APT group. Poisoned AI models and disinformation.


Vol. 6, Iss. 28
Robin’s Newsletter #264
Vol. 6, Iss. 28

Japan's busiest port halted by ransomware. Academics write open letter over Online Safety Bill concerns. JumpCloud resets API keys.

March 2023

March 2023


Vol. 6, Iss. 12
Robin’s Newsletter #248
Vol. 6, Iss. 12

Critical vulnerabilities in Microsoft Outlook, Samsung chips in Android phones. ALPHV claims ransomware attack against Ring.

January 2023

January 2023


Vol. 6, Iss. 5
Robin’s Newsletter #241
Vol. 6, Iss. 5

Hive ransomware infrastructure seized by FBI. The concentration of the illicit crypto-currency market. GoTo confirms customer data stolen during November breach.

December 2022

December 2022


Vol. 5, Iss. 51
Robin’s Newsletter #235
Vol. 5, Iss. 51

Microsoft certs used to sign malware. AWS API exposed ability to modify, delete container images. BEC scammers are targeting sugar and milk powder.

October 2022

October 2022


Vol. 5, Iss. 43
Robin’s Newsletter #227
Vol. 5, Iss. 43

Microsoft leaves 2.4TB of 'business transaction data' in public Azure bucket. Head of Germany's cyber agency suspended for links to Russian intelligence. Optus unilaterally blocks data breach victim's passports.


Vol. 5, Iss. 40
Robin’s Newsletter #224
Vol. 5, Iss. 40

Optus breach attacker retracts demands as attention grows. Rise in fake LinkedIn CISO profiles. Microsoft Exchange Zero-Day.

June 2022

June 2022


Vol. 5, Iss. 23
Robin’s Newsletter #207
Vol. 5, Iss. 23

Zero-day vulnerabilities in Office/Windows and Confluence. New ransowmare tactics. US federal privacy law moves a step closer.

May 2022

May 2022


Vol. 5, Iss. 20
Robin’s Newsletter #204
Vol. 5, Iss. 20

Costa Rica declares state of emergency over ransomware incidents. Civil penalties proposed for Colonial Pipeline over safety breaches.

March 2022

March 2022


Vol. 5, Iss. 13
Robin’s Newsletter #197
Vol. 5, Iss. 13

The rise, and fall?, of Lapsus$ as Okta confirm breach. US CNI cyberattack warning. Build capabilities, not plans for resilience.

September 2021

September 2021


Vol. 4, Iss. 38
Robin’s Newsletter #170
Vol. 4, Iss. 38

Azure Linux VMs being compromised. OWASP Top 10 draft updates. Microsoft goes passwordless. Learning from other professions.

August 2021

August 2021


Vol. 4, Iss. 35
Robin’s Newsletter #167
Vol. 4, Iss. 35

Microsoft's $20BN investment is on its own products, and they need the investment. Future of the UK's 'post-Brexit' data protection regime and new Information Commissioner. Samsung can remotely disable its smart TVs.

March 2021

March 2021


Vol. 4, Iss. 12
Robin’s Newsletter #144
Vol. 4, Iss. 12

Rerouting a victims SMS for $16. UK defence review: nuclear response for cyber attack. Who is buying all the data generated by your car?


Vol. 4, Iss. 11
Robin’s Newsletter #143
Vol. 4, Iss. 11

Criminals jump on Hafnium/ProxyLogon. Hacktivists breach Verkada's 150K facial recognition cams. Apple's IP theft lawsuit. Google's Spectre exploit.


Vol. 4, Iss. 10
Robin’s Newsletter #142
Vol. 4, Iss. 10

Hafnium mass-exploitation of Microsoft Exchange servers. Google, Alliaz and MunichRe team up on cloud cyber insurance. Bitflipping may be more common than you think.

February 2021

February 2021


Vol. 4, Iss. 8
Robin’s Newsletter #140
Vol. 4, Iss. 8

Microsoft source code stolen by Russia in Solorigate attack. France uncovers campaign targeting IT providers. SIEM & ATT&CK. And Citibank's $500M UI gaff.

January 2021

January 2021


Vol. 4, Iss. 4
Robin’s Newsletter #136
Vol. 4, Iss. 4

Malwarebytes compromised in Solorigate; German company fined for video surveillance of staff; Intel publish financial results early due to leaked info


Vol. 4, Iss. 2
Robin’s Newsletter #134
Vol. 4, Iss. 2

Cyber implications of the Capitol insurrection. Solorigate 'likely' the work of Russia. SolarWinds hires Krebs Stamos Group. Microsoft throws some shade.


Vol. 4, Iss. 1
Robin’s Newsletter #133
Vol. 4, Iss. 1

Microsoft source code accessed in Solorigate attack. Plus advice on buying and selling second-hand devices from NCSC. And how much does cybercrime cost Russia?

October 2020

October 2020


Vol. 3, Iss. 42
Robin’s Newsletter #122
Vol. 3, Iss. 42

British Airways fined £20M for data breach; Businesses exploiting contact tracing data; Microsoft's trademark takedown of TrickBot.

August 2020

August 2020


Vol. 3, Iss. 32
Robin’s Newsletter #112
Vol. 3, Iss. 32

Bits from Black Hat (satellites, bug bounties and manipulating energy markets), plus Liam Fox's emails and the march of time on seized devices.

June 2020

June 2020


Vol. 3, Iss. 26
Robins Newsletter #106
Vol. 3, Iss. 26

Three years on from NotPetya. BlueLeaks and sector-specific aggregation of risk. Minimising harm in breach notification comms. Exfiltrating data using Google Analytics.


Vol. 3, Iss. 25
Robins Newsletter #105
Vol. 3, Iss. 25

COVID-19 cyber threat update; IoT device vulnerabilities; how to spot like-farming!

April 2020

April 2020


Vol. 3, Iss. 17
Robins Newsletter #97
Vol. 3, Iss. 17

Zero-click vulnerability in Apple's Mail app, surveillance and tracking COVID-19, UK MoD relaxes security requirements.


Vol. 3, Iss. 4
Robin’s Newsletter #84
Vol. 3, Iss. 4

Jeff Bezos' phone hacking; Microsoft's elastic search snafu; ClearView.AI and facial recognition tech.