And here comes another issue of the Sunday Weekly… On Mondays!
We start with Microsoft, announcing the availability of a great feature that will prevent the email storms. These occur when someone sends an email to a distribution list. Then another one replies to all asking to be removed from that distribution list, and after that, several people repeat the process, sending hundreds of emails.
If we start with data leakage news, we sadly have to say that Microsoft’s GitHub account was hacked, resulting in private repositories being stolen. You can read the whole story here.
Another data leakage is an incident with GoDaddy, a well-known domain registrar. In an email notification sent to the impacted customers, the company stated that, upon an investigation of the event, it was determined that an « unauthorized individual » had gained access to login credentials that meant they could « connect to SSH » on the affected hosting accounts.
I do not usually talk about Ramsonware hits here, but I have to make an exception for this case. Fresenius, a private hospital operator and provider of dialysis services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyberattack on its technology systems. Luckily, the incident has limited some of its operations, but that patient care continues according to the company. The worrisome part to me is that evidence indicates this attack might be part of a global campaign by the Snake ransomware group, who usually siphons data before proceeding with the encryption.
Do you remember Zoom Meetings? We have mentioned the services some times in the past, and at the time, I was wondering whether or not they were going to take the right path to secure their platform. They did by having Alex Stamos brought onboard, and some weeks later Alex announces this:
KeybaseIO is a secure instant messaging platform that does end to end encryption, so I guess it is an exciting move for Zoom. It remains unclear if it is the same case for KeybaseIO, though, since some users were stating they were deleting their accounts right after the operation was confirmed.
Let’s talk passwords now. Or better yet, no passwords. Last week we had World Password Day. Yes, do not be mad at yourself if you did not know. I did not know there was a Password Day either.
Microsoft had announced last year the option to log in to your Microsoft account without any password, and just use a physical token like a Yubikey Fido2 (I mentioned this technology in this blogpost). Well, it seems more and more people are using it:
Remember to follow me on Twitter and, as usual, stay safe!