go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu

Question, is the infrustructure of water and power the next to be attacked?

Lets start this post with a question. If you’re a first time reader of the blog, how many of you have ever thought of your water supply or your electricity being cut off because of what you find out later to be a cyberattack? We know this has happened a few years ago, but it isn’t common.

I have a hunch that this will end up changing. As people start to go back to work, even in the midst of the ongoing pandemic, attacks will continue on all types of infrustructure from IT specific attacks to hospitals and more.

I’m really saddened by the fact that they could not keep their word on not attacking the hospitals. I think I called that one and its absolutely sad.

What do you think will happen? Will the electric grid and power supplies be next and for longer periods?

Israeli official confirms attempted cyberattack on water systems is the article dealing with the news of the potential unsuccessful attack. My hunch is that its coming, and I don’t think the power companies are prepared. The water companies are not prepared. It’ll be a matter of time.

Comments (0)

Corona Virus attacks found to be spear phishing in nature: Indian company only part of the problem

While I try to catch up as I sent myself articles I thought would be relevant, a Google study indicates that spearphishing attacks are now the act of Indiana “hack for hire” firms being a part of the ordeal.

I’m sure that we’ve had dealings with different types of companies with differing experiences. Most of the time, we’re treated well, sometimes not so much. But if you’re any type of company that hires people to do any type of phishing, I believe you need to restructure the company.

There are many types of phishing, and you can learn about those. Not all of the phishing is called phishing, so be aware of terms like BEC attacks, Spearphishing, and other less terms in the phishing relm.

I did find the article quite interesting in regards to this Indian company, but I’m sure that there are other companies that could be engagaging in this type of behavior.

Want to read more? Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes is the article that I read which links to other stuff, so why not give it a look. Maybe you can get something out of it that’ll spark your interest.

Comments (0)

Last Week in Security News: news ending May 30, 2020

Where has the week gone? With several things I was supposed to do which I had to bow out of, to the protesting on the streets, to just being tired, I did read some of the news that is mentioned in this past week’s list. The biggest thing that caught my attention which I read was the article dealing with the Mac and trying to secure it the best way you can for your needs.

We all know that the Cyber Criminal element has changed, going from attacking the work infrustructure to the home infrustructure since people are now working in this capacity now. The other thing that catches my attention that I did not read is an article that the red cross is a part of asking the cyber criminals to stop attacking our hospitals, and urging the cybersecurity field to come together to help which they have.

Articles here and elsewhere have indicated that the criminals said they would not attack our hospitals during the crisis, but I had thought that they were just saying that to make themselves look good. Indeed, they have not stopped, and it shows.

Is there anything you want me to talk about that I didn’t highlight? Please feel free to send me an email, and I’ll be sure to hear what you have to say. Thanks for reading as always.

This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers is the article that you need to read.

Comments (0)

Another breach, this time, a home food chef delivery service

If you think the airlines are exempt, I also read an article talking about a home chef service that suffered a breach.

Home Chef food delivery service confirms breach, two weeks after stolen data went for sale is not what you want to have happen. Confirming a breach after it went for sale is the worst thing any company can do. If you learn about it afterwords, I can see that as a mistake, but if you knew, and you didn’t publish until afterword, then that isn’t good.

The number of customers that were effected by this breach are unknown.

The group that seems to be attributed to this hack is only known as Shiny Hunters. I think I’ve covered them once before, but even I don’t know much about them.

“We recently learned of a data security incident impacting select customer information, including names and emails, as well as limited customer account
information and encrypted passwords,” the company said in a statement. “We are taking action to investigate this situation and to strengthen our information
security defenses to prevent similar incidents from happening in the future.”

You are?

The company did not answer questions seeking clarification about when the breach occurred, how many of its users are affected and whether the stolen information
is being used for illicit purposes.

In the company’s defense, they may not know if the info is used ilicitly, but not disclosing how many customers may not be that good for them.

There are many companies like this one that deliver ingredients to be able to cook meals. One company who advertised on Twit at one point is Blue Apron. I’ve never heard of a problem like this with them, and I bet they have many customers they deliver ingredients to.

I shouldn’t be surprised that a company like this was breached, eventually all companies will, but the fact we don’t have a number in this case makes me a little concerned for other companies like this.

Comments (0)

Another Airline, another breach

While I’ve been under the weather, I ended up reading about yet another airline that suffered a breach. This time, Easy Jet, A U.K. airline, alerted authorities under the European laws. The number this time is a staggering9 million, small comparitively speaking. This number is no laughing matter, because the information taken includes travel information and email contact info.

Email contact info is not a surprise, as even with other breaches like the Capital One breaches of late, email address information was taken. I know, because one of the breaches Capital One had I was notified about. I’ve also had other problems, but it wasn’t Capital One’s problem, it was other problems.

Mistakes happen, but when are we oing to learn tht personal information is no sneezing matter to lose? Getting travel information can tell a criminal a lot on where someone is going so they can go and raid the victim’s house or place of business.

Easy Jet is not the first airline to have a serious problem, and I’m sure they won’t be the last. EasyJet announces breach impacting 9 million people is the article that I’ve read on this topic, this can’t be good.

Comments (0)

Judge rules Capital One must hand over Mandiant’s forensic data breach report

I’ve been monitoring the events of the Capital One breach that took place by the eledged suspect Page Thompson. In the article I’m using as my blog post, the judge has told Capital One to produce the report that the well-known security firm named in this article did on their network and other aspects of business.

This could be a good thing because we can learn as a whole what went wrong, and maybe we can all learn how to make ourselves better to even inside attacks although Page wasn’t a Capital One Employee. If you remember, Page was a former employee of Amazon, but that didn’t give her the right to access information that was not hers.

Want to read more? Judge rules Capital One must hand over Mandiant’s forensic data breach report is the article, and I hope that you find it of interest. Thanks so much for reading!

Comments (0)

Have a Mac? This article might be for you

While I’ve not been blogging much, I’ve been reading, and I’ve continued to look for items that may be of interest. I don’t really get a Mac article so when I saw this Mac article, I knew that people may be interested in it. It comes from Trend Micro who has products for the Mac to protect yourself from the nastys of the Internet.

Think you’re untouchable because you have a Mac? You were at once untouchable, but actors are targeting a wide variety of platforms and your Mac computer is no different. Keep in mind that each person is going to be different on how they use their Mac, and your instincts will tell you whats safe and what isn’t safe.

The debate of whether to use products like Trend Micro or any other company that can protect you by alerting you or blocking the suspicious behavior is up for debate. While the article I’m linking to indicates that you should install such software, the choice is yours. The tips within this 21-step protection article does include installing something but you need to start with basic computer work as well. This includes removing software that is problematic, out of date and unused software that could be abused, just to name a few.

To read all of the Ideas Trend Micro has about how to keep your mac safe, please read 21 Tips to Stay Secure, Private, and Productive as You Work from Home on Your Mac as a starting point, keeping your own needs in mind of course.

Comments (0)

State unemployment is being ridden, states have it all wrong

In a great Krebs piece, Brian talks about the massive uptick in unemployment fraud that is taking place across the country as the governors across the country had once ordered shutdowns of the states due to the covid-19 pandemic. While a study mentioned to me indicated that the shutdown has no correlation on the spread of the virus, we’ve definitely tried to do the best we can. I don’t have a link to this study, but suffice it to say, we were damned if we didn’t shut it down, or we were damned if we did.

Because the different governors across the country and the world chose to shut down their area of responsibility to curve the spread, fraudsters are not stopping because we are. In one case sited in this article, one state paid out $8,000 if not more to multiple accounts not belonging to anyone in that state! Are there not checks and balances to make sure money goes to their citizens who file properly? I think Brian’s article fits this best. Riding the State Unemployment Fraud ‘Wave’ is the article title and link to this very interesting story. What do you think of it? Lets discuss, as payments are being electronically dispursed now a days, it isn’t all paper checks anymore.

Comments (0)

xLast Week in Security News, news ending March 23, 2020

Hello all,

I’ve been dealing with some issues here health wise so sorry about the lack of posting this week. When I feel I’m getting better, I’ve got a setback but today I’m feeling better.

This post deals with the blog that was posted last week for Security News that Trend Micro writes up each week. Also, not covered at the beginning of this week, a webinar I got notified an hour prior and I attended and taped. More on that later.

Smart Factories may be our next target. The lead post is part 1 of a potential series, and it looks to be a good one.

Not surprising, another covid-19 lure, this time, something called node.js is the vector and it has a low detection rate. It has something to do with the fact that it could have a fileless component with it, which is part of the problem.

One article this week talks about a group called Shiny Hunters. Shiny Hunters seems to be mentioned as part of many different breaches as of late.

Net Walker deals with filess detections I may have misspoke about something else that had it, but this one does have it, and that can be worrysome.

This is only some of what is in this article. Find something that you want to talk about? Get in touch! This Week in Security News: New Bluetooth Vulnerability Exposes Billions of Devices to Hackers and Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers is the article, and thanks for reading! I’ll be playing catchup for awhile throughout the next several days.

Comments (0)

This Service Helps Malware Authors Fix Flaws in their Code

I read this article which I’m using as the title of the blog post. The article is entitled This Service Helps Malware Authors Fix Flaws in their Code and it amused me. It talks about software that is used for bad being full of holes. That wouldn’t necessarily surprise me. The article goes in to a service that is run to do just that. People pay for code reviews, then its published after the fix is in place. For more, read Brian’s article It was quite interesting.

Comments (0)

Apple Releases iOS 13.5 and iPadOS 13.5 With Exposure Notification API and Face Mask Detection for Face ID

On May 20, 2020: Apple released a new version of IOS which includes the Ipad. Looks like several different things are fixed in regards to this that we’ll want to take note of.

  • • Temporary banners now correctly disappear after a few seconds.
  • • VoiceOver no longer wrongly reports some blocks of text as being editable text fields.
  • Apple appears to have made some improvements to the bug which prevented websites from inverting colors when both Dark Mode and Smart Invert are enabled.
    Our testing suggests that there are still instances when websites will not invert.

I’ve seen two of the three, and the third I’ve not seen because I don’t use invert colors. This is welcome news, and I’m happy they’ve finally fixed that ugly bug with the notifications not going away. That was strange.

For the full article including links, Apple Releases iOS 13.5 and iPadOS 13.5 With Exposure Notification API and Face Mask Detection for Face ID and thanks applevis for posting this information for the community to have.

Comments (0)

Los Angeles Metro gets rid of Go Metro as official app: endorses Transit App

For a long time, Los Angeles Metro has had their own application which I’ve demoed on this podcast when I first got my iphone and was needing an application to get me my bus. It never seemed right to me, and the interface I felt could use an improvement.

Someone told me about Transit App which I really enjoy. At one point, voice over was doing something strange, and they were willing as a small company to get on skype or some sort of call as I showed them what it was doing. Whatever it was, the problem was fixed.

I’ve demoed Transit App while in transit, and I also have talked about recent updates although I’ve not demoed the recent changes.

What does this have to do with Los Angeles Metro? It has plenty, because at an event I attended, people were asking which app to use, and the Metro representative happened to mention Transit App and not their own. Go Metro, Metro’s application, has not been updated and lacks features like the stop announcements, and the real time data, both Transit App and even Move it has. Move it has stop announcements, but the interface is accessible but confusing at times, and the rating of the real time data of when you’ll get off is not all that great. I also think that moveit, while it does have the same data, has not true realtime data, although I like their stop announcement features.

A recent blog post from Los Angeles Metro caught my attention, and I went to go call one of my contacts yesterday. He was thinking that Metro was going to roll Transit App’s features in to their own, but I had another hunch before I even read the article which I did read.

“The improved app is very timely given the ongoing pandemic as we can no longer rely on transit data from the past,” said Conan Cheung, Senior Executive
Officer in Metro Operations. “There is a new normal in terms of transit demand and Transit gives us the ability to quickly get an impression of how the
system is being used. That, in turn, allows us to quickly make service adjustments when and where needed.”

In the past, Metro developed its own app, which was time and resource intensive. We’re now pivoting to using an existing app that we think already works
great. Ultimately, we chose to work with Transit because the app is well-designed and the trip planner is intuitive and easy to use. We believe Transit
does a great job of taking something that can be confusing by nature —  navigating a complex city via transit — and making it a straightforward experience.

The contract with Transit, which was selected through a competitive Request for Proposals process, costs zero dollars and the partnership is expected to
save Metro $240,000 per year in app maintenance and development costs.

The last paragraph is the key! This move costs nothing, and Metro already provides data openly, so why not recommend something that already works?

As a public agency, Metro is committed to providing open data to the public. If you prefer Google Maps or Apple Maps, for example, the agency is still
pushing our latest data to anyone who wants it.

I’ve tried Google for transit, it was not all that useful to me at all. Never did get it to work. Neither did Apple, although their maps feature got me to the train station from an unfamiliar place, so I mainly use it for that.

Thank you Metro for listening. I’ve been promoting this transit app linked here for awhile now, and never mentioned go Metro. I really like your move.

To read the full announcement from Los Angeles Metro, head over to the source and read the blog: Metro partners with Transit app to making riding and trip planning easier and more accurate. Thanks for reading!

Comments (0)

Catfishing, Catphishing, what are they?

Hello folks,

Today, I want to talk a little bit about something I don’t think we’ve ever covered on any blog or podcast. This is a term entitled catfishing spelled with an F as in the fish you eat. There is also catphishing which is defined with a PH as in the Phishing attempts we’re getting now trying to get information online.

According to Bad romance: catphishing explained they define both of these terms.

You’ve heard or read about some variant of this story before: Girl meets Boy on a dating website. Girl falls in love. Boy claims he does, too. Girl is
excited to meet Boy soon. But at the last minute, Girl finds out that Boy (1) had an accident and broke a hip; (2) has a very sick relative he needs to
look after; (3) is going away to a secluded place to “find himself”—you’re not the problem, he is, right?; or (4) (through a helpful and mournful friend)
is dead.
Suddenly suspect, Girl digs a little deeper. Girl finds out that Boy isn’t the dreamboat he portrays himself to be. Boy is, in fact, her female colleague’s
timid 13-year old son whom she met once at a work function.

Another version covers the PH aspect of catphishing.

Two months ago, Deloitte revealed that it was breached by hackers,
who most likely already had access to compromised servers since November 2016. Around the same time, a cybersecurity staffer at Deloitte was convinced to open a booby-trapped Excel file from a female friend he met on Facebook months before. Her name was “Mia Ash,” a London-based photographer. She was described as
lovely and disarming. She was also 100 percent fake.

Two other names were used in this Scheme, Robin Sage, and Emily Williams.

Something else we need to know which has happened to me. People have come to me on other social media such as Facebook or Twitter and asked for a boyfriend. They have asked me for information about what I do, how much I make, and the like. The most recent was someone who I thought I knew of in the disability community, according to the name.

I asked the person why we meeded to move to hangouts and explained that I’ve been potentially scammed before. They asked why and I explained. I didn’t think it was a big deal, but I knew that going from one platform to another without really knowing them first was a bad idea. Messenger allows for calls, so it wasn’t a big deal. What really tipped me off too was that they claimed to be using their sister’s phone, because their phone was broken.

As disabled people, it is important to talk to the person, not just type to someone, especially if we’re going to have a relationship.

What is catphishing?

Catfishing (spelled with an “f”) is a kind of online deception wherein a person creates a presence in social networks as a sock puppet or a fictional online persona for the purpose of luring someone into a relationship—usually a romantic one—in order to get money, gifts, or attention.

Catphishing (spelled with a “ph”) is similar, but with the intent of gaining rapport and (consequently) access to information and/or resources that the unknowing target has rights to.

The one with an F is to break your heart, the PH wants data

Malwarebytes Accessed May 19, 2020

I’ve talked about numerous instances, the one that sticks out is in podcast 289 where we have a person who started on Twitter and then moved to hangouts. They wanted me to set up a bank account, gbut yet asked for money. You can go to the the RSS feed of this podcast and search for that episode.

Catfishing media has been produced, often centering around victims who wish to identify their catfisher. Celebrities have been targeted,
which has brought media attention to catfishing practices.
catfishing (accessed May 19, 2020)

Why are you talking about this?

There is a very good reason that we’re bringing this up. Cyberscoop has an article that talks about this in light of today.

Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, is a busy man. He oversees vast, technical surveillance
efforts in the U.S. and abroad, while also commanding a military outfit charged with launching cyberattacks.

Emailing random women from an outpost in Syria is probably not on his to-do list.

So when, Susan, a woman from the New York City area, started receiving correspondence from a “Paul Nakasone” this week, she wondered why the self-proclaimed
“head of U.S. Army Cyber Command” was trying to flirt with her.

“I Googled this guy and I’m like, ‘Are you kidding me?’” Susan, who asked to be identified by only her first name, told CyberScoop. “And it was very flirtatious,
but I’m a married woman.”

The article goes on, and the long of the short of it, the actor is able to answer a question that was thrown at them by just “googling it” which “googling it” was termed before the turn of the century or shortly after it.

Meanwhile, Cindy was corresponding with a similar account, claiming to be Stephen Lyons. The emails were of a similar nature: flirtatious messages and
requests to download Google Hangouts.

Susan alerted CyberScoop about the Nakasone email address after being unable to contact Facebook about the Lyons account.

There’s more to this facinating story, and I think people need to read the article that I read on cyberscoop which I’ve quoted some of. We all need to learn about this, and I’ve got experience with this. The article indicates that they’ll start small like gift cards and other items, and then ask for bigger items. The fact that none of these people ever called me, one threatened me with their attorney, and the other most recent dropped off after they said they’d go to their room and do as I said. It never happened folks, none of them. They don’t want to call, they want their money, and that’s the most important thing I can give you.

Someone is trying to catfish women by pretending to be Paul Nakasone was read on May 18, 2020 and portions quoted on May 19th for publication. Let me know what you think of this one. Has this happened to you?

Comments (0)

Last week in Security News, news ending May 16, 2020

I’ve been neglecting the blog for a little bit, part of that has been my health, but there are two items I’m going to post while I’m thinking about it. The first of course is going to be the news for last week that is compiled by Trend Micro.

The top story is one we’ve covered on the blog in regards to how two researchers were able to make a factory like environment, then commandeer the robots to do whatever they want. Of course, we can’t forget the Microsoft ordeal with the third month with over 100 patches fixed in their roll-up.

Another item that caught my attention is a package delivery service I’ve actually never heard of that got owned and breached. The company is named Pitney Bowes .

Finally, Texas courts did not pay any ransome, after being attacked with ransomware.

This Week in Security News: How Researchers Used an App Store to Demonstrate Hacks on a Factory and Microsoft Again Surpasses 100 Vulnerabilities on Patch

Next, we posted two articles in an earlier blog post that talked about Windows Update. On Friday, Trend Micro came out with their post, and it still is worth posting. 16 of these patches are critical while the rest are not “so bad” if you rate important less severe.

May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released

Find anything in the last batch of news items or something in the patch Tuesday you want to talk about? Why not comment or send me an email?

Comments (0)

Its Windows Update time, time to start patching

This week is Windows Update week. We’ve got two articles and one from a very unlikely source.

This is the first time I can recall that Cyberscoop has covered Windows Update.

Krebs on Security and Cyberscoop have similar writing on all of the various patches from Microsoft and Adobe for this month.

If you want to learn more about the different updates, pick the article that interests you.

At the time of writing, I have not seen Trend Micro with their writeup. The reason I like their writeup is because they go in to some detail, and I’m sure it’ll be out soon. When it does, I’ll be sure to put it up for everyone to peruse.

This is the third month that 100 patches or more are available from the big tech giant, Microsoft. With the Corona virus in full swing, actors are at work exposing problems lthough both articles I link in here say that they have not gone after these in wide spread ways yet. I am under the assumption that this will change within the next week.


Comments (0)

Ransomware Hit ATM Giant Diebold Nixdorf

When I read this on Monday, I got to thinking about the company Diebold who made election software or machines who were criticized on their lack of insecurity or shall I say security.

Krebs on Security has this full article Ransomware Hit ATM Giant Diebold Nixdorf which I’m passing along.

Comments (0)

Targeted Ransomware only hits Taiwan, not wide spread

Besides the wide array of sending mail out to see if you can hit someone with some type of malware or ransomware, there can be a thing called targeted attacks, and this time it is ransomware related. It hit organizations in Taiwan, which is outside the United States for those who do not know.

In an article that Trend Micro wrote on the blog recently, I spotted this, and wanted to highlight this so that people can see what’s out there.

A new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially
destructive as the ransomware appears to target databases and email servers for encryption.

The information we gathered indicates that this attack started hitting organizations in early May. Analysis of the malware points to similarities between
ColdLock and two previously known ransomware families, specifically
Lockergoga, Freezing, and the EDA2 “educational” ransomware kit. There have been no indications that this attack has hit any other organization outside of those targeted; we do not believe
that this family is currently in widespread use.

The names of these other families are links within the article, so you aught to check these out if you are interested in this. Since it isn’t in wide spread use, that may be a good thing within itself, but something to highlight just the same.

I am so happy that this type of activity has not hit the disabled community to my knowledge, although what started me on this journey of talking about things like this goes all the way back to 2006 and episode 3 of this podcast. On that podcast, it was known then as only a virus, but it did hit the blind community more than other disabilities. I can share that podcast at some point, with the understanding that the audio is different, and I don’t believe I kept extensive notes like I do now.

The long of the short of that podcast is that this community was hit with a file claiming to be an app update to a program no longer in existance. Some blind people installed it, and the computer became useless.

I would hate to find out what Ransomware would do to our machines because we use access technology. I think this was a one time thing too, I’ve never heard anything more.

Back then, i had an article written on the now defunked about web site which was nice. I’d hate to see what ransomware would do to our computers if something like a program to disguise an update to a program that we use for whatever the reason is.

Are you interested in this Taiwan article dealing with Ransomware? Targeted Ransomware Attack Hits Taiwanese Organizations is the article, and I hope you enjoy this one.

Comments (0)

Smart Manufacturing not secured?

Trend Micro has a very nice article talking about smart manufacturing. Robots can do the job all day without a problem knowing that they can communicate a failure within the network and stop if thre is a problem. I don’t know if this is the case, but research says that this can be broken, and if it is, it isn’t going to be very good.

If an actor were to try this, the entire platform could be told to do something else by manipulation.

I’d say lets learn what the research is teaching us, and read this forward thinking article Securing Smart Manufacturing and we’re going to have to see what plays out on this one.

Comments (0)

Web Monitoring Rat bundled in an installer of Zoom? Have fun with this one

I recently read an article that talks about a web monitor Rat that comes bundled in a Zoom installer. The normal Zoom installer which I ended up running once comes with nothing to be concerned about.

Actors decided to make their own installer of Zoom, and put this thing in it. This is why it is important to get applications from their official stores or web sites, and not from some shady actor who says you need an update or an installer.

When I went to go to a zoom conference, I went to the link from the site I was on that was advertising this meeting. From there, I installed the application, and tried the link again. It let me in, and I was able to listen to the meeting. I chose not to participate by asking questions, but I found that session interesting.

Plenty of malware variants pose as legitimate applications to conceal their malicious intent. Zoom is not the only app used for this type of threat, as
many other apps have been used for this attack as well.  For this particular instance, cybercriminals may have repackaged the legitimate installers with
WebMonitor RAT and released these repackaged installers in malicious sites.

The article also talks about the fact that official stores and sites should be used and problematic apps do not come from these channels. This can’t be stressed enough.

To show how much of a threat this think can do, here are the things it collects according to the Trend Micro article.

• Battery Information
• Computer Information
• Desktop Monitor Information
• Memory Information
• Network Adapter Configuration
• OS Information
• Processor Information
• Video Controller Information

Itt doesn’t seem to be a whole lot, but it sends it to an IP you may not even be aware of, to a particular php file which is mentioned within the article. You really don’t know what actors could do with this info, and I hope we don’t get targeted with this thing, either by email or by accident somewhere.

WebMonitor RAT Bundled with Zoom Installer is the article if you wish to learn more about this stealthy way of getting things on machines. Enjoy!

Comments (0)

Microsoft’s GitHub Account Hacked – 500 GB Of Microsoft’s Private GitHub Repositories Data Stolen

On May 10th 2020: an article entitled Microsoft’s GitHub Account Hacked – 500 GB Of Microsoft’s Private GitHub Repositories Data Stolen was published to bleeping computer and tweeted out. I read the article closely, to determine whether I should talk about this or not.

I have one problem with this article. If it was confirmed to be not harmful, and the actor(s) behind it decided to put it out instead of selling it, why talk about it? From what I’m reading, Microsoft is releasing code after 30 days, so is there a breach here or what? I’m kind of confused about this.

I’m using the same article title on my blog and linking to this article and I’m curious what people think of this. Was there a genuine leak, or is there something else going on?

Comments (3)

Older Posts »

go to sections menu

navigation menu

go to sections menu