Newsletters

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

SonicWall customers are on high alert after the company disclosed its internal network was compromised in an attack that abused vulnerabilities in its own SSL-VPN remote access products.

The company released an urgent statement late on Friday, disclosing that its internal systems were breached in an attack that exploited "probable zero-day vulnerabilities on certain SonicWall secure remote access products".

SonicWall staff spent the weekend working through each of its product lines to figure out which are susceptible to the yet-to-be-disclosed vulnerabilities. By Saturday night, the company concluded that the vulnerability was limited to its SMA 100 series SSL VPNs.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

COVID-19 vaccine documents stolen from Europe's pharmaceutical regulator were altered before being published in a cybercrime forum, in what now looks like an effort to erode trust in Europe's COVID-19 vaccination program.

The European Medicines Agency confirmed that a subset of the documents stolen during a December 2020 attack have been published online.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

Two of America's most respected mastheads allege that attackers were able to poison a SolarWinds software update in early 2020 via the company's use of JetBrains TeamCity.

The thinly sourced and somewhat confusing stories were published in New York Times and the Wall Street Journal and repeated by Reuters.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

US government agencies and infosec vendors are among the many entities compromised in a nine-month cyber espionage operation, discovered by FireEye and attributed to Russia's SVR.

The campaign unravelled after researchers discovered a tainted software update from network monitoring vendor SolarWinds.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

WeChat censors in China have removed a post by Australia's Prime Minister Scott Morrison as diplomatic tensions between the two countries dramatically escalated this week.

Morrison's Chinese-language WeChat post, addressed to Chinese Australians, had attempted to defend Australia's handling of an inquiry into war crimes committed by its special forces in Afghanistan. WeChat is the primary way the Chinese diaspora communicates with family and friends, as it's among the few messaging apps allowed to traverse China's "great firewall".

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

Ransomware attacks are so rife and so costly that insurers are exploring ways to exclude ransom payments from their policies.

Seriously Risky Biz understands some providers are attempting to shelter themselves from these losses, either by excluding extortion events from standard cyber insurance coverage or by introducing onerous new conditions on policyholders.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

The UK Government has thrown a coming out party for its National Cyber Force (NCF), a military unit with a similar remit to US Cyber Command, confirming that the capability can be used in offensive security operations against criminal targets.

Established in April 2020 after two years of planning, the National Cyber Force comprises defence and intelligence personnel but can be used to disrupt cyber-enabled crime. British Prime Minister Boris Johnson included "organised crime" in a list of targets the NCF is authorised to pursue during a speech to the UK Parliament. The UK Government also noted that the NCF could be used to disrupt infrastructure used for the dissemination of child exploitation material.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited byPatrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

As his options for legal appeals thin out, Donald Trump is doing his utmost to undermine confidence in the 2020 election results. And yes, he's blaming computers.

We're not talking about the fanciful notion of an all-powerful "Hammer and Scorecard" supercomputer flipping votes, which Pat covered in last week's podcast. Trumpworld's latest claim is that "tabulating software glitches" in voting machines "owned by a Radical Left privately owned company" Dominion Systems resulted in Trump votes being "flipped" to Biden in key states. The claims are easily debunked, but they'll probably stick with his base.

Your weekly dose of Seriously Risky Business news is written by Brett Winterford, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation.

Exploits demonstrated at a China-based competition to poke holes in the world's most popular technologies bode poorly for future US dominance in exploit development.

The CCP-endorsed 2020 Tianfu Cup paid out a US$1 million prize pool to domestic hacking teams that could exploit the world's most popular operating systems (Windows, Android, iOS, CentOS), web browsers (Chrome and Safari), smartphones (iPhones and Samsung Galaxy), software infrastructure (VMware ESXi, Docker-CE, QEMU-KVM), apps and home routers.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

You might have noticed this newsletter has arrived later than usual. We held back this week on the off-chance something big would happen during the election, but it turns out it was for nought. The result is looking clearer by the hour and we can confidently say that cyber shenanigans played no part in the outcome.

Officials from CISA, the agency charged with overseeing election security, described election day as "just another Tuesday on the Internet."