If you do not have automatic updates enabled for your browser environments, then please review your platforms and patch accordingly.
This is frankly a rather compassionate move on the part of Microsoft to release patches for these unsupported platforms. I do realize that the argument is often made that regulatory requirements and vendor platform requirements prevent companies from upgrading to the latest operating systems available, but in many situations, upgrades are not performed simply because of the hard and soft costs associated with such a project. Microsoft is being borderline benevolent in providing these patches in a post-support world.
This particular threat has been widely reported over the last several days, and frankly it warrants the attention of all Mac users. Based on the nature of the ransomware encryption algorithm, it is quite possible that once infected, there will be no way to decrypt files, even if the bitcoin ransom is paid. Be very careful when opening any files, especially those unexpected or from an unknown source.
This delay in notification is sad and frankly ridiculous. GameStop missed the point of breach notifications – giving consumers warning and time to react!
This is certainly a compromise of note, though according to the article, if you were affected, you have have already received notice from OneLogin. In the comments/discussion section of Mr. Krebs blog, there is also an interesting conversation surrounding 2FA and how that could have mitigated the risk. If multi-factor was in place for the individual sites a person accessed through OneLogin, then yes, it would have been beneficial. Otherwise, decrypted credentials are the straw that breaks this particular camel’s back.