Being a voracious reader, I would share my interesting findings with friends and colleagues through email. Eventually, one politely asked that I save his inbox the stress and just send a single email aggregating all of the interesting links I had gathered over the week. Matt's Newsletter was born.
That was the first try. It is hard to keep interested in something when no one is paying attention. I stopped publishing after a few weeks of no feedback and no subscribers.
I never lost my appetite for reading and sharing my knowledge though. I started to collect and publish my writings on a write.as blog. When I learned about the newsletter service Substack, I wondered if I could combine my writing with a newsletter sharing the best news stories I had read over the previous week? Matt's Newsletter was re-born.
52 weeks later, and a name change, it's still going.
Welcome to the Threats Without Borders Newsletter - Issue ONE YEAR!
So what have I learned after publishing a newsletter every week for one year?
People are stingy with their email addresses. Subscribers are hard to get and you have to work for each one. The newsletter receives many more visits to the website every week than emails that go out to subscribers. The conversation usually goes like this:
I love your newsletter. Thanks, Do you subscribe? No, I just read it online. Can you please subscribe, it helps me with the Substack promotion algorithm? Oh, um, I don't like to clog up my email, I’ll just read it on the web. Ok, thanks for being a reader.
Readers appreciate my personal writing more than the shared links.
The cool tools are the most clicked links. By Far. The news articles get somewhere around a 4 to 16% click rate but the tools usually get at a click from at least 60% of readers. The jobs get high click rates too. One link for a job with Tesla had a 90% click rate.
Readers like snark.
Year two.
The newsletter will continue to be offered completely free of charge and I will never include a sponsored link. I promise to not sell your email address or spam your inbox. I’ll continue to release one issue per week.
I plan to include much more free-form writing to share my thoughts, observations, and experiences as a cyber-financial crime investigator and security practitioner.
How can you help?
SUBSCRIBE and SHARE. Please. I fell a little short of having 500 subscribers by the end of year one. Please subscribe and share with your colleagues. I know that is an audacious request, but the only way to grow the newsletter is through reaching new people.
When you do subscribe, please check your junk mailbox and make sure the newsletter isn't landing there.
Feel free to give feedback. You can reply to the newsletter email or twbnewsletter@protonmail.com
Thank you so much for reading. I hope to see you in another 52 weeks!
Matt
All Hail The King
“King of Fraud” Aleksandr Zuhukov was sentenced to 10 years in federal prison for operating the “Methbot” click-fraud campaign between 2014 an 2016. He raked in over 7 million dollars during the course of the campaign. He really was the first to bilk digital advertisers in a large scale scam. If you aren’t aware of the story, read this press release and then Internet search Methbot. Well worth your time. https://www.justice.gov/usao-edny/pr/russian-cybercriminal-sentenced-10-years-prison-digital-advertising-fraud-scheme
“Rules of the Road” they claim
Legislation introduced this week aims to set ransomware attack response "rules of road" for US financial institutions. The Ransomware and Financial Stability Act will require U.S. entities to seek approval before paying any ransom over $100,000. They also must notify FinCEN of the payment. https://www.bleepingcomputer.com/news/security/new-bill-sets-ransomware-attack-response-rules-for-us-financial-orgs/
It’s fraud…every time
If someone is directing you to make a payment through a cryptocurrency ATM…it is fraud. Every time. The FBI’s Internet Crime Complaint Center has issued a warning concerning the increased use of crypto ATM’s and QR codes to facilitate fraudulent financial transactions. The bureau warns “The scammers provide a QR code associated with the scammer’s cryptocurrency wallet for the victim to use during the transaction. The scammer then directs the victim to a physical cryptocurrency ATM to insert their money, purchase cryptocurrency, and use the provided QR code to auto-populate the recipient address”. https://www.ic3.gov/Media/Y2021/PSA211104
Be Brave
I left the Google Chrome browser over two years ago and moved to Firefox. The stupidity of the Mozilla organization moved me on to Brave. I could not be happier and this new report from the group PrivacyTests.org validates the decision. Obviously the TOR browser was found to be the most secure and respecting of privacy, but you’re a special person if you can use it as an everyday web browser. Who uses Opera? Seriously. https://privacytests.org/
The Rest…
The Google Threat Analysis Group issued a warning about a threat group using a watering hole attack to exploit a MacOS vulnerability. https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
Redhunt Labs found millions of improperly secured Docker containers involving over 1.6 million unique user accounts on Docker Hub. https://redhuntlabs.com/blog/scanning-millions-of-publicly-exposed-docker-containers-thousands-of-secrets-leaked.html
Security firm Zimperium found more than 1,000 Android users have been infected with newly discovered malware that surreptitiously records audio and video in real time, downloads files, and performs a variety of other creepy surveillance activities. https://arstechnica.com/gadgets/2021/11/1000-android-phones-found-infected-by-creepy-new-spyware/
Cool Tools
Every PDF tool you need - free - https://www.ilovepdf.com/
Verify a business in any state: https://cobaltintelligence.com/verify-a-business
Cool Jobs
Security Investigator - Rivian Automotive
https://boards.greenhouse.io/rivian/jobs/4738742003
Impertinent
Excellent journalism on the smuggling of fish and drugs in the Gulf of Mexico. https://www.texasmonthly.com/news-politics/red-snapper-poaching-gulf/
“IT’S OKAY TO BE BAD AT SOMETHING AND STILL ENJOY IT” - someone better than me at golf.
Thank you for opening the email and reading this weeks newsletter. See you next Tuesday!
Matt
Homophones are hard (You thought I forgot!)
Mask - a covering worn on the face to conceal ones identity
Masque - a dramatic composition written for entertainment