Ransomware
August 2022
August 2022
Vol. 5, Iss. 34
Robin’s Newsletter #218
Cl0p ransomware gang mistakes attack on South Staffs Water for Thames Water. DigitalOcean caught up in latest Mailchimp breach. Apple security vulnerabilities.
Vol. 5, Iss. 33
Robin’s Newsletter #217
Twilio, Cloudflare & Cisco attacks also targeted employee's personal devices and accounts. NHS 111 outage may last weeks. Sanctions for Tornado Cash.
May 2022
May 2022
Vol. 5, Iss. 20
Robin’s Newsletter #204
Costa Rica declares state of emergency over ransomware incidents. Civil penalties proposed for Colonial Pipeline over safety breaches.
Vol. 5, Iss. 18
Robin’s Newsletter #202
Conti ransomware gang targets Costa Rica following election. Timeline of Russian cyberatacks against Ukraine. Facebook doesn't know where your data flows.
March 2022
March 2022
Vol. 5, Iss. 13
Robin’s Newsletter #197
The rise, and fall?, of Lapsus$ as Okta confirm breach. US CNI cyberattack warning. Build capabilities, not plans for resilience.
Vol. 5, Iss. 12
Robin’s Newsletter #196
Russia/Ukraine roundup. Mysterious incident affecting satcom terminals. Ransomware group adds wiper capability. Law firm gets GDPR fine for not patching.
February 2022
February 2022
Vol. 5, Iss. 7
Robin’s Newsletter #191
Slovenian TV disruption. 500 ecommerce sites compromised by MageCart. 2021 was a bumper year for cyber M&A.
January 2022
January 2022
Vol. 5, Iss. 5
Robin’s Newsletter #189
Activists ransomware Belarus' state-woned railway company. New UK cyber strategy for government. Let's Encrypt re-issuing 2M certs.
Vol. 5, Iss. 3
Robin’s Newsletter #187
Russian authorities scoop up members of REvil. Google Analytics and GDPR. Using a cyberattack to accelerate dgitial transformation.
Vol. 5, Iss. 2
Robin’s Newsletter #186
Potential FTC legal action over Log4shell. Phishing using Google Docs. New UK Information Commissioner. Reframing cybersecurity.
October 2021
October 2021
Vol. 4, Iss. 43
Robin’s Newsletter #175
US bans sales of offensive cyber tools to authoritarian governments. REvil taken offline in multi-national operation. The MoD's economic warefare unit.
Vol. 4, Iss. 42
Robin’s Newsletter #174
White House ransomware summit attended by over 30 countries. Client-side scanning (such as for CSAM) may undermine democracy. Don't view-source on Missouri state websites
Vol. 4, Iss. 40
Robin’s Newsletter #172
Azure AD wasn't logging all failed SSO requests. Ransomware crew gets pissy. 'Monoculture' cyber risk.
September 2021
September 2021
Vol. 4, Iss. 39
Robin’s Newsletter #171
'Releasing the hounds' on ranomware actors, though FBI involvement in Kaseya shows offnseive operations may already be underway.
July 2021
July 2021
Vol. 4, Iss. 28
Robin’s Newsletter #160
More on Kaseya. The PrintNightmare continues. Farmers win 'right to repair' and Kaspersky's not-so-random number generator.
Vol. 4, Iss. 27
Robin’s Newsletter #159
Kaseya VSA used to launch 'over 1,000' ransomware attacks. Security researchers cause PrintNightmare. EU grants UK data protection adequacy decision.
June 2021
June 2021
Vol. 4, Iss. 25
Robin’s Newsletter #157 — 3rd Birthday Edition 🥳
Suspected Cl0p members arrested. Ransomware is an 'urgent' threat to U.K. Balancing cyber supply and demand. And, Dear Intern...
Vol. 4, Iss. 24
Robin’s Newsletter #156
EA games source code stolen. Apple's news privacy and security features. The FBI ran An0m encrypted comms app. Ransomware thinking.
Vol. 4, Iss. 23
Robin’s Newsletter #155
The U.S. continues beef with Russian ransomware gangs. Colonial Pipeline was result of compromised creds. FireEye to divest name, products business.
May 2021
May 2021
Vol. 4, Iss. 21
Robin’s Newsletter #153
Lots of ransomware: Ireland's HSE will not pay. Colonial coughed up $4.4M'. But there are Technology Detection Dogs. And they're very good dogs!
Vol. 4, Iss. 20
Robin’s Newsletter #152
All the stats: it's DBIR time. Colonial Pipeline paid ransom, restored service and DarkSide disappeared. Being better at security engagement.
Vol. 4, Iss. 19
Robin’s Newsletter #151
Responsible cyber power. Colonial Pipline shut down due to ransomware. Injecting malware C2 into legitimate traffic. Authentication using a severed thumb.
Vol. 4, Iss. 18
Robin’s Newsletter #150
Babuk ransomware operators demand $50M from DC police. BoJo's phone number available online. Emotet deactivated. And, burrowing beavers.
April 2021
April 2021
Vol. 4, Iss. 17
Robin’s Newsletter #149
Ransomware in Apple's supply chain. Facebook seeks to 'normalise' scraping. The balkanisation of the Internet has intelligence agencies worried. Cellebrite's iPhone unlocking system is full of vulnerabilities.
Vol. 4, Iss. 16
Robin’s Newsletter #148
FBI gets a warrant to fix Hafnium web shells, becomes an MSSP. Sanctions for Russia over SolarWinds. Plus you cheddar believe there are some cheese puns.
Vol. 4, Iss. 14
Robin’s Newsletter #146
The long-tail of ransomware recovery. PHP source code compromise. Exploiting 'safe' file formats. Risk margins and early risk management decisions.
March 2021
March 2021
Vol. 4, Iss. 13
Robin’s Newsletter #145
FatFace IR comms 'confidential' while loosing 200GB data. Cyber insurer CNA may have been targeted for policy info. OSINT on the Ever Given.
February 2021
February 2021
Vol. 4, Iss. 6
Robin’s Newsletter #138
SolarWinds caught up in second campaign against U.S. gov tied to China. Plus an interview with a ransomware operator and Canada declares Clearview AI is 'illegal'.
November 2020
November 2020
Vol. 3, Iss. 45
Robin’s Newsletter #125
Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.
October 2020
October 2020
Vol. 3, Iss. 43
Robin’s Newsletter #123
DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.
Vol. 3, Iss. 41
Robin’s Newsletter #121
Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.
Vol. 3, Iss. 40
Robin’s Newsletter #120
US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.
September 2020
September 2020
Vol. 3, Iss. 38
Robin’s Newsletter #118
Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(
August 2020
August 2020
Vol. 3, Iss. 35
Robin’s Newsletter #115
Attempted $1M bribe of Tesla employee in ransomware campaign. NZX trading suspended for four days due to DDOS. Supply and demand in security budgets.
Vol. 3, Iss. 31
Robin’s Newsletter #111
Ransomware payments encourage more ransomware attacks. EU cyber sanctions. Three charged in Twitter crypto-scam.
July 2020
July 2020
Vol. 3, Iss. 30
Robin’s Newsletter #110
Garmin 'ran somewhere.' UK Test & Trace doesn't have a DPIA. Emotet serving up Hackerman memes.
June 2020
June 2020
Vol. 3, Iss. 23
Robins Newsletter #103
REvil launch auction site, while Maze and LockBit team up to pool resources, know-how. Plus inside a BEC scam and DROP DATABASE tickets.
May 2020
May 2020
Vol. 3, Iss. 20
Robins Newsletter #100
Pricing cyber risk from external data, attack on 'UK electricity system' and mining crypocurrency with supercomputers
Vol. 3, Iss. 19
Robins Newsletter #99
Contact tracing apps, password reuse stats, law firm ransomware, and the integrity of systems
Vol. 3, Iss. 18
Robins Newsletter #98
Mobile device management as a vector, turning antivirus against itself and ransomware's long game
April 2020
April 2020
Vol. 3, Iss. 5
Robin’s Newsletter #85
Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.