Newsletters

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber and founding corporate sponsors CyberCX and Proofpoint.

Apple has backflipped on its plan to implement on-device scanning for known Child Sexual Abuse Material (CSAM) with the introduction of iOS15.

"Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features," a company release read.

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber and founding corporate sponsors CyberCX and Proofpoint.

As this newsletter speculated in mid-August, there's mounting evidence an ongoing cyber campaign in Belarus is the work of genuine hacktivists. What's missing from all the media coverage we've seen, however, is a history lesson on all the hacktivism that wasn't.

State actors have an established record of pretending to be hacktivists and misattribution is common, at least initially. Structured analysis is useful when trying to understand what is actually going on.

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber and founding corporate sponsors CyberCX and Proofpoint.

It's been nearly four months since the DarkSide ransomware attack against America's Colonial Pipeline -- and all the tough talk from America resulting from that attack -- but there's little evidence much has changed since.

We polled several organisations that use different methods for tracking ransomware:

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber and founding corporate sponsors CyberCX and Proofpoint.

Multiple ransomware gangs are exploiting Microsoft's PrintNightmare bug.

There's confusion about what exactly PrintNightmare is, but in June, July and August a series of bugs were discovered relating to Windows printing functions and services that allowed either local or remote privilege escalation.

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber and founding corporate sponsors CyberCX and Proofpoint.

It's a bad time to be a Belarusian KGB agent.

An activist group calling itself the Belarusian Cyber Partisans has conducted escalating compromises since September 2020, aiming to disrupt the Belarusian security apparatus as citizens agitate for political change. This week the hacktivists revealed the extent of their compromise of information pertaining to the Belarusian security apparatus and, hoo boy, they really have the goods.

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber and founding corporate sponsors CyberCX and Proofpoint.

The US Government is backing away from its plan to conduct offensive operations against Russian ransomware crews.

The backdown came after Recorded Future's news website The Record published a softball interview with the BlackMatter ransomware crew in which it declared it would cease conducting attacks against critical infrastructure. BlackMatter is likely a reincarnation of DarkSide, the ransomware gang responsible for the Colonial Pipeline attack.

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber and founding corporate sponsors CyberCX and Proofpoint.

A small Catholic publication using commercially available data to out a US Catholic priest as a Grindr user highlights the security and intelligence risks posed by the data broker industry to -- in particular -- the United States and its interests.

The story was broken by The Pillar, a Catholic Substack publication, and relied on "anonymous" app data supplied to it by a third party.

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation and founding corporate sponsors CyberCX and Proofpoint.

In a largest-by-far joint condemnation of Chinese cyber activity, the US and its 5-Eyes allies, the European Union, all NATO members, and Japan and South Korea denounced the Chinese government over its involvement in the mass exploitation of Microsoft Exchange servers earlier this year.

European nations held China responsible for allowing 'malicious cyber activities to have been undertaken' from its territory, while 5-Eyes countries drew direct links between the Ministry of State Security and contract hackers responsible for numerous exploitation campaigns and intrusions.

I’m Tom Uren, the new editor of the Seriously Risky Business newsletter. We'll be firing off a new edition next Thursday, but before then I thought I should introduce myself.

My path into the security discipline, like many of yours, wasn't a straight line. My formal training was as a scientist: I have a degree in Biochemistry and Molecular Biology from the Australian National University.

In the early 2000s, after spending some time researching the molecular genetics of forest trees, I joined the Australian Signals Directorate, (known then as the Defence Signals Directorate). ASD is Australia’s information security and signals intelligence organisation, our version of the United State’s NSA or Britain’s GCHQ.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

A China-linked espionage campaign against select US targets has exploded into a frenzy of indiscriminate exploitation that has compromised tens of thousands of Microsoft Exchange servers across the globe.

The timeline of these attacks is worth exploring.