And here comes another issue of the Sunday Weekly… On Mondays!
I have the feeling that malware hits are here to stay, and the proof is that every single week I mention, at least, a ransomware attack. This time is Stadler, a swiss rail vehicle manufacturer that disclosed last Monday a security breach that might have also allowed the attackers to steal company data. The offenders have tried to extort a large amount of money from Stadler and threaten the company with a potential publication of data to harm them.
Some ransomware can be prevented by just keeping your systems up to date, ensuring security bugs are resolved. Following that, Microsoft released last Tuesday their monthly patching, so make sure you follow up and, after testing, deploy them as fast as you can. You have an excellent analysis of the critical fixes here or here.
The next item is not security news, although some might say the security and privacy implications are profound. Facebook has paid USD 400 Million to acquire Giphy, a search engine that allows users to search for and share short looping videos with no sound. Like I said, no big deal unless you look at the privacy side. What can Facebook get with Giphy? A lot of GIF files that are worth USD 400 Million? Let’s look deeper. Every time we use Giphy through the API, we are giving some pieces of information, and Facebook wants that to get metrics about who uses the services, how often, what type of GIFs, and a long list. And that’s more data to use for ad targeting. And that is worth USD 400 Million, or maybe more. It could also be the reason why Signal, a secure text messaging service, is explaining how they are going to prevent Giphy from knowing that much. I strongly recommend reading this.
Have you heard enough news regarding COVID-19? Well, I guess you must be saturated, but this one is good. Microsoft has decided to share all COVID-19 threat intelligence, no matter whether you are a customer using their solutions or not. They are doing that to raise awareness of attackers’ shift in techniques, how to spot them, and how to enable your own custom hunting. You can see all the details in this post. I believe this is the way, sharing knowledge.
I bet that if you read until the end, and if you are a Mandalorian fan, when you read the previous sentence you automatically thought of this:
Remember to follow me on Twitter and, as usual, stay safe!