Newsletters

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

US authorities have unsealed the indictment of two prolific state-sponsored Chinese hackers accused of a ten-year espionage and cybercrime spree that pilfered data from dozens of organisations across the globe.

The indictment details how Li Xiaoyu and Dong Jiazhi were routinely tasked by Guangdong State Security Department (part of China's Ministry of State Security) with the theft of secrets of national significance. Li and Dong were essentially independent contractors who also dabbled in cybercrime as a side-hustle.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

If it's any consolation, the most capable infosec teams in the world are having just as much trouble dealing with the current onslaught of high severity vulnerabilities as you are.

It's exceedingly rare for severe vulnerabilities in so many critical enterprise systems to be made public and actively exploited in such a compressed period of time.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

A critical, trivially exploitable vulnerability in the management interface of F5’s Big-IP devices (CVE-2020-5902) is the latest in a string of nasty bugs in networking equipment critical to enterprise computing.

Like last year’s Citrix NetScaler and Pulse Secure vulnerabilities, this one is going to hurt.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Three US Senators have put forward a bill that apes the powers of the UK Investigatory Powers Act and Australia's Assistance and Access Act, while omitting many of the (albeit weak) safeguards that protect that power from being abused.

The Lawful Access to Encrypted Data Act of 2020, introduced by Republican Senators Lindsay Graham, Tom Cotton and Marsha Blackburn, compels device manufacturers and digital service providers to provide access to user data when served with a warrant. It’s the Nike approach: Just do it!

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

The Australian Government has lost patience with the cyber shenanigans of its largest trading partner, prompting the Prime Minister to make it publicly known that government and industry are becoming more frequent targets of state-backed cyber espionage.

Prime Minister Scott Morrison told reporters that an unnamed state-based actor is engaged in a campaign targeting all levels of government and private sector entities. An accompanying set of indicators released by the Australian Cyber Security Centre left little doubt as to who is responsible for the attacks.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.

Three indicators of compromise released in the NSA's May 2020 advisory [pdf] on recent Sandworm activity reveal a lot more about Russia's formidable military hacking teams than a one-off, opportunistic campaign to hack vulnerable Exim mail transfer agents (MTAs).

Threat hunters studying those IoCs have used them to identify a large amount of infrastructure that looks custom-made to conduct credential phishing attacks against email and social media accounts used in Western countries.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Program at the Hewlett Foundation.

At the onset of the COVID-19 crisis, Risky Business predicted then tracked an increase in cyber-enabled espionage of medical research institutions.

We've been doing a lot of thinking about why. The urgent search for vaccines and treatments for the coronavirus appears a globally-organised, open and collaborative effort. Why do national governments feel compelled to hack research institutions to get the jump on progress? What national advantage does that information get them?

Your weekly dose of Seriously Risky Business news is supported by the Cyber Program at the Hewlett Foundation.

A US District Court has challenged the long-standing practice of using legal privilege to protect documents created during investigations into security incidents, by ruling that Capital One hand over a Mandiant IR report into its 2019 data breach.

Capital One argued that because its legal counsel commissioned the Mandiant report, the report's findings should be subject to legal privilege.

Your weekly dose of Seriously Risky Business news is supported by the Cyber Program at the Hewlett Foundation.

The United Kingdom has bowed to pressure from at home and abroad and agreed to remove Chinese vendors from its mobile telecommunications networks.

Prime Minister Boris Johnson's conservative government confirmed it will ask telcos to remove all Huawei equipment from UK networks by 2023. The move was motivated - in part - by US sanctions against Huawei, which are likely to force the company to swap out US and Taiwanese components in its equipment for Chinese-made chips.

Russia has some competition in the disinformation game.

The US administration's claim that the COVID-19 outbreak was caused by a laboratory accident was based on a report that has now been thoroughly debunked.

The Daily Beast asked Bellingcat and the Middlebury Institute to analyse a leaked 30-page report produced by DoD contractor Sierra Nevada Corporation, which circulated - and appears to have been taken seriously - by the White House and multiple Congressional committees. The Sierra Nevada report mined commercially-available cell phone location data to conclude that a disruptive event occurred at the Wuhan Institute of Virology in October 2019.  It casually attributed it to a coronavirus outbreak.