Newsletters

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber and founding corporate sponsors CyberCX and Proofpoint.

The US Government is backing away from its plan to conduct offensive operations against Russian ransomware crews.

The backdown came after Recorded Future's news website The Record published a softball interview with the BlackMatter ransomware crew in which it declared it would cease conducting attacks against critical infrastructure. BlackMatter is likely a reincarnation of DarkSide, the ransomware gang responsible for the Colonial Pipeline attack.

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber and founding corporate sponsors CyberCX and Proofpoint.

A small Catholic publication using commercially available data to out a US Catholic priest as a Grindr user highlights the security and intelligence risks posed by the data broker industry to -- in particular -- the United States and its interests.

The story was broken by The Pillar, a Catholic Substack publication, and relied on "anonymous" app data supplied to it by a third party.

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation and founding corporate sponsors CyberCX and Proofpoint.

In a largest-by-far joint condemnation of Chinese cyber activity, the US and its 5-Eyes allies, the European Union, all NATO members, and Japan and South Korea denounced the Chinese government over its involvement in the mass exploitation of Microsoft Exchange servers earlier this year.

European nations held China responsible for allowing 'malicious cyber activities to have been undertaken' from its territory, while 5-Eyes countries drew direct links between the Ministry of State Security and contract hackers responsible for numerous exploitation campaigns and intrusions.

I’m Tom Uren, the new editor of the Seriously Risky Business newsletter. We'll be firing off a new edition next Thursday, but before then I thought I should introduce myself.

My path into the security discipline, like many of yours, wasn't a straight line. My formal training was as a scientist: I have a degree in Biochemistry and Molecular Biology from the Australian National University.

In the early 2000s, after spending some time researching the molecular genetics of forest trees, I joined the Australian Signals Directorate, (known then as the Defence Signals Directorate). ASD is Australia’s information security and signals intelligence organisation, our version of the United State’s NSA or Britain’s GCHQ.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

A China-linked espionage campaign against select US targets has exploded into a frenzy of indiscriminate exploitation that has compromised tens of thousands of Microsoft Exchange servers across the globe.

The timeline of these attacks is worth exploring.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

Lawmakers are warming to a Microsoft request for Congress to pass laws that would compel private sector companies to notify the US Government about security incidents.

The full scope of the idea hasn't to our knowledge been fleshed out in any meaningful way. The idea was put forward to a Congressional hearing by Microsoft's legal and government affairs lead, Brad Smith, when he was asked how the United States could best defend itself against an actor like Russia's SVR.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

The five most recent listings on the leak site of the CL0P ransomware group have two things in common. One, and most obviously, they are being extorted. And two, they've deployed Accellion file transfer appliances to send large files in their recent past.

Singapore's state-owned carrier SingTel, the American Bureau of Shipping, global law firm Jones Day, Netherlands-based Fugro and life sciences company Danaher were  added to CL0P's leak site over the last week.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

Hackers have attempted to poison water supplies in Oldsmar, Florida after accessing a control system at its water treatment plant, according to the town's local sheriff.

A plant operator monitoring the control system watched as a user twice initiated remote access to it during his shift on Friday. The operator first assumed it was his supervisor, who often uses the TeamViewer remote access tool for troubleshooting, but grew concerned a few hours later when he saw the mouse cursor navigate through several program functions before dialling up the amount of sodium hydroxide (lye) the system distributes into the water supply to dangerous levels (from 100 parts per million to 11,100 parts per million).

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

Attacks on file transfer appliances sold by Silicon Valley-based Accellion have made headlines in Australia and New Zealand, but it was crickets elsewhere until this week.

As previously reported in this newsletter (see third item here), attackers have been helping themselves to files stored on Accellion file transfer appliances (FTAs), with New Zealand's Reserve Bank, Australia's corporate regulator and Allens, a large law firm, the first to disclose breaches in late December and early January.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

SonicWall customers are on high alert after the company disclosed its internal network was compromised in an attack that abused vulnerabilities in its own SSL-VPN remote access products.

The company released an urgent statement late on Friday, disclosing that its internal systems were breached in an attack that exploited "probable zero-day vulnerabilities on certain SonicWall secure remote access products".

SonicWall staff spent the weekend working through each of its product lines to figure out which are susceptible to the yet-to-be-disclosed vulnerabilities. By Saturday night, the company concluded that the vulnerability was limited to its SMA 100 series SSL VPNs.