Newsletters

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

US government agencies and infosec vendors are among the many entities compromised in a nine-month cyber espionage operation, discovered by FireEye and attributed to Russia's SVR.

The campaign unravelled after researchers discovered a tainted software update from network monitoring vendor SolarWinds.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

WeChat censors in China have removed a post by Australia's Prime Minister Scott Morrison as diplomatic tensions between the two countries dramatically escalated this week.

Morrison's Chinese-language WeChat post, addressed to Chinese Australians, had attempted to defend Australia's handling of an inquiry into war crimes committed by its special forces in Afghanistan. WeChat is the primary way the Chinese diaspora communicates with family and friends, as it's among the few messaging apps allowed to traverse China's "great firewall".

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

Ransomware attacks are so rife and so costly that insurers are exploring ways to exclude ransom payments from their policies.

Seriously Risky Biz understands some providers are attempting to shelter themselves from these losses, either by excluding extortion events from standard cyber insurance coverage or by introducing onerous new conditions on policyholders.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

The UK Government has thrown a coming out party for its National Cyber Force (NCF), a military unit with a similar remit to US Cyber Command, confirming that the capability can be used in offensive security operations against criminal targets.

Established in April 2020 after two years of planning, the National Cyber Force comprises defence and intelligence personnel but can be used to disrupt cyber-enabled crime. British Prime Minister Boris Johnson included "organised crime" in a list of targets the NCF is authorised to pursue during a speech to the UK Parliament. The UK Government also noted that the NCF could be used to disrupt infrastructure used for the dissemination of child exploitation material.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited byPatrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

As his options for legal appeals thin out, Donald Trump is doing his utmost to undermine confidence in the 2020 election results. And yes, he's blaming computers.

We're not talking about the fanciful notion of an all-powerful "Hammer and Scorecard" supercomputer flipping votes, which Pat covered in last week's podcast. Trumpworld's latest claim is that "tabulating software glitches" in voting machines "owned by a Radical Left privately owned company" Dominion Systems resulted in Trump votes being "flipped" to Biden in key states. The claims are easily debunked, but they'll probably stick with his base.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

Exploits demonstrated at a China-based competition to poke holes in the world's most popular technologies bode poorly for future US dominance in exploit development.

The CCP-endorsed 2020 Tianfu Cup paid out a US$1 million prize pool to domestic hacking teams that could exploit the world's most popular operating systems (Windows, Android, iOS, CentOS), web browsers (Chrome and Safari), smartphones (iPhones and Samsung Galaxy), software infrastructure (VMware ESXi, Docker-CE, QEMU-KVM), apps and home routers.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

You might have noticed this newsletter has arrived later than usual. We held back this week on the off-chance something big would happen during the election, but it turns out it was for nought. The result is looking clearer by the hour and we can confidently say that cyber shenanigans played no part in the outcome.

Officials from CISA, the agency charged with overseeing election security, described election day as "just another Tuesday on the Internet."

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The FBI and CISA are taking measured steps to control the narrative around interference in the US election, going public this week with a detailed account of recent US intrusions by a Russian espionage actor.

As forecast in last week's newsletter (see "Recent US Government intrusions had a Russian energy about them"), attacks now attributed to Energetic/Berserk Bear (aka DragonFly) were described in impressive detail in a CISA advisory that offers defenders a trove of indicators to work with.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The US Department of Justice has unsealed charges against six members of Russia's GRU military intelligence Unit 74455, the group known as "Sandworm", connecting them to several of the most destructive and impactful cyber attacks in history.

The indictment accuses Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin of contributing to:

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

In late September, private sector threat analysts planning a takedown of the TrickBot botnet were surprised to discover that somebody was already a step ahead of them.

On September 22 and again on October 1, an unknown party pushed a new configuration file to TrickBot infected-devices that redirected command and control (C2) traffic back to the infected machine's own loopback address (127.0.0.1). The attacker also fed bogus records into TrickBot's database of infected devices.