Newsletters

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

In late September, private sector threat analysts planning a takedown of the TrickBot botnet were surprised to discover that somebody was already a step ahead of them.

On September 22 and again on October 1, an unknown party pushed a new configuration file to TrickBot infected-devices that redirected command and control (C2) traffic back to the infected machine's own loopback address (127.0.0.1). The attacker also fed bogus records into TrickBot's database of infected devices.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Over 250 hospitals across the United States have resorted to pen and paper for the last nine days after the corporate network of Universal Health Services (UHS) was infected with Ryuk ransomware last Sunday.

The Wall Street Journal reported that UHS decommissioned systems used for "medical records, laboratories and pharmacies" at 250 US sites as a preventative measure after detecting the malware infection.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The US Department of Justice has doxxed over 50 state-sponsored hackers from China and Iran in a spree of indictments and sanctions.

The indictments exposed 'front companies' for intelligence services in both countries that engage in cybercrime and espionage operations. They included:

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Despite repeated attempts by this newsletter to rename CISA the "Critical Infrastructure Security Agency", the stubborn bureaucrats and LOSERS in Congress want to stick with "Cybersecurity and Infrastructure Security Agency". Our name works better, but whatever. (Apologies for the repeated error).

Eight weeks out from the 2020 Presidential election, the United States hasn't had to contend with the 'hack and leak' operations that marred the lead-up to the 2016 election. Yet.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Chile's national CSIRT placed the country on 'high alert' yesterday after one of the country's largest banks was crippled by a ransomware attack.

On Sunday, Banco Estado announced that malicious software has been detected on its systems over the weekend. The bank reassured clients that digital channels (ATMs, websites, apps) were unaffected but encouraged them to avoid branches the following day. Despite these assurances, hundreds of users complained on social media that some online banking features were not working.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The US Government has stepped up its campaign to expose North Korea's state-backed cybercrime operations, this week doxxing malware the DPRK uses to cash out attacks on banks and the techniques it uses to launder funds stolen from cryptocurrency exchanges.

Four US Government agencies co-authored an update to a 2018 report on how North Korea's "BeagleBoyz" steals funds from ATMs. “BeagleBoyz” is IC-speak for a cybercrime unit within North Korea's General Reconnaissance Bureau accused of stealing up to US$2 billion for Kim Jong-Un's regime.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Uber's former chief security officer Joe Sullivan has been charged with obstruction and misprision (concealing evidence of a felony) over his role in Uber's handling of a 2016 data breach.

The US Department of Justice alleges in a criminal complaint that while Uber CSO, Sullivan withheld information about an ongoing security incident from Federal Trade Commission (FTC) investigators, who were investigating the ride-sharing company over a 2014 breach that pre-dated Sullivan's tenure.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The NSA’s exposure of Linux malware developed by Russia’s GRU is capturing the lion’s share of attention this week, but the issue affecting everyone right now is something less flashy but a lot more urgent: OAuth phishing.

This week we learned that attackers stole 28,000 emails from the SANS Institute after tricking one of its employees into installing a malicious Microsoft 365 app that allowed access to their mailbox.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

A US-China trade war and a global pandemic have in a few short months accelerated a drift into 'network sovereignty': a world in which the internet is no longer a truly open, global network.

US President Donald Trump signed two executive orders on Friday that will ban Americans from “transacting” with WeChat and TikTok, two consumer apps used by well over a billion people.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

CORRECTION(S): Last week's newsletter erroneously reported that the US ordered two Chinese consulates to close down. Only one Chinese consulate, in Houston, was subject to this order. A second consulate was ordered closed: the US consulate in Chengdu was shuttered by the Chinese government. The same story misspelled ‘Guangdong’ province. A big thanks to the readers that spotted these clangers so quickly.

Donald Trump’s personal involvement in threats to ban TikTok is distracting from any legitimate national security concerns the video sharing app might present to the United States.