Microsoft Security Updates Include Windows XP, Server 2003

This is frankly a rather compassionate move on the part of Microsoft to release patches for these unsupported platforms.  I do realize that the argument is often made that regulatory requirements and vendor platform requirements prevent companies from upgrading to the latest operating systems available, but in many situations, upgrades are not performed simply because of the hard and soft costs associated with such a project.  Microsoft is being borderline benevolent in providing these patches in a post-support world.

https://www.darkreading.com/endpoint/microsoft-security-updates-include-windows-xp-server-2003/d/d-id/1329139

Free Mac-Based Ransomware-as-a-Service MacRansom Surfaces

This particular threat has been widely reported over the last several days, and frankly it warrants the attention of all Mac users.  Based on the nature of the ransomware encryption algorithm, it is quite possible that once infected, there will be no way to decrypt files, even if the bitcoin ransom is paid.  Be very careful when opening any files, especially those unexpected or from an unknown source.

https://threatpost.com/free-mac-based-ransomware-as-a-service-macransom-surfaces/126204/

Krebs – OneLogin: Breach Exposed Ability to Decrypt Data

This is certainly a compromise of note, though according to the article, if you were affected, you have have already received notice from OneLogin.  In the comments/discussion section of Mr. Krebs blog, there is also an interesting conversation surrounding 2FA and how that could have mitigated the risk.  If multi-factor was in place for the individual sites a person accessed through OneLogin, then yes, it would have been beneficial.  Otherwise, decrypted credentials are the straw that breaks this particular camel’s back.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/