We've had a busy week, and I'm sure you did, too. From the completion of the Impeachment Hearing to Google's download mixup, it's been exciting. In case you've been too busy to review this week's important stories, let's take a look.
Table of Contents
Google Accidentally Sent Users' Private Videos to People
In a security warning, Google informed that some users' private videos stored in Google Photos were sent to other users who had requested a download. This error was announced on Twitter, where Jon Oberheide highlighted the issue with a message received from Google.
While the cause has been identified and resolved, Google's not sure how many files it affected. Still, it is less than 0.01% of users who exported their content during the affected period. Mainly this was a mixup caused when one download was somehow tagged to the wrong user causing the download to go to the wrong person.
Google has notified the affected users with an email, as they informed in a statement to 9to5google. Still, if you hadn't requested a download between November 21st and November 25th, 2019 through the Takeout service of Google Photos, you're in the clear.
Microsoft Teams Down Due to Expired Certificate
Embarrassingly, the platform of Microsoft Teams went down on February 3rd due to an expired certificate. Users of the Slack competitor, Microsoft Teams, were met with error messages when they attempted to sign in to the service on Monday morning. Microsoft had it back up and running by the end of the day, but the timing couldn't have been worse.
When Microsoft makes an application like System Center Operations Manager that checks for things like certificate expiration, it was a bit surprising to find that it had missed renewing a key certificate for Teams. Since it had just launched a series of commercials to promote the flagship office collaboration product, it is especially embarrassing for Microsoft.
Cloud Computing Market
Recently, Google Cloud reported $2.6 billion in revenue compared to $1.7 billion a year earlier. That brings Google to a 53% growth rate. While Google still ranks as 3rd in revenue, industry leaders see its growth as a significant indicator that it may not stay there for long.
Google's cloud results weren't terrible by any means, even though they may have disappointed some, Billy Duberstein, a contributor for The Motley Fool, wrote in a column. "The cloud race is shaping up to be a decades-long race between these three large providers, and one quarter's specific numbers probably won't matter in the long run." So, even though Google is behind Amazon Web Services and Microsoft Azure, the future looks promising.
Cybersecurity and Vulnerability Identification and Notification Act of 2020
The House Homeland Security Committee has approved legislation that would give the Cyber and Infrastructure Security Agency (CISA) power to subpoena data from internet service providers on critical infrastructure vulnerabilities. "This legislation is based on a simple premise we've all become familiar with: if you see something, say something," said Representative Jim Langevin (D-RI). The bill may not have much chance to pass the Senate.
According to Skopos Labs, an automated platform that predicts things like this, the legislation only has a 6% chance of being passed. Under this new bill, as long as CISA considers it to be a potential risk for critical infrastructure, it can use its subpoena power. However, it is still not certain how CISA will define or assess this risk.
Emotet Virus and the Coronavirus
Ransomware attacks are circulating using Coronavirus fears. Researchers from IBM X-Force have found emails that contain malicious Microsoft Word attachments that seem to be primarily targeting Japan. However, cybersecurity professionals believe such attacks may spread to broader geographics as the coronavirus also spreads.
In Japan, the emails appear as though they are coming from local disability welfare service providers. The message states that there have been reports of coronavirus patients in the area with attachments that appear to me images of the outbreak areas. Due to the nature of the email, recipients were supposed to click on the attached files for more information.
The Emotet virus started as financial Trojan malware or ransomware. Its goal was to install additional code on endpoints it infected, as well for ransomware purposes. It can scrape a destination's computers, and due to this, it's an excellent vehicle for bot infections.
Synoptek Ransomware Attack
California based MSP, was the latest victim of a ransomware attack. Recent reports show that MSPs have become an increasing target. Synoptek reportedly paid an unspecified ransom sum to restore operations as quickly as possible, and this is an apart to how we usually see MSPs handling the situation. It's employees confirmed that it was hit with the Sodinokibi ransomware strain. It was installed via a remote management tool that encrypts data while demanding a cryptocurrency payment.
Complete Technology, an IT services company, based in Colorado, was also attacked by Sodinokibi ransomware earlier in December. These attacks show how important it is to have increased cybersecurity measures and, in particular, MSPs since they have become targets.
The article exposes vulnerabilities in TeamViewer where passwords are stored on the computer and can be decrypted using just a couple of steps. Since it's not the first time, the main contributors are advising that TeamViewer is insecure while others say so long as passwords aren't stored locally on the computer, it should be ok. There are many other options, aside from TeamViewer, but if they also have security deficiencies, they may not be better.
MSPs should review and be careful about using TeamViewer and other similar products.
After Hours On-Call Solutions
Helpdesk on-call solutions can be confusing with most articles on referring to correct ways, legality, or whether it’s worth it. This write-up suggests a few methods of doing it, and the writer short lists PagerDuty, VictorOps, and OpsGenie.
Providing some information on using Powershell scripting to create documentation using IT Glue for Microsoft AzureAD and the usual documentation method. They include:
- The regular users in the Azure AD;
- All guest users in the Azure AD;
- All domain admins in the Azure AD;
- The Applications registered in the AzureAD (This also helps in preventing OAuth2 fraud);
- The devices registered in the AzureAD;
- All domains attached to the AzureAD.
Monitoring with Powershell
In computing, "Break Glass" is the act of checking out a system account password to bypass routine access controls procedures for a critical emergency. This method provides the user immediate access to an account that they may not typically be authorized to access. It is frequently used for the highest level system accounts. A root account for Unix or SYS/SA for a database is a good example.
The worry about these accounts is typically how to check they haven't been compromised or used in any way. Keven Tegelaar of Cyber Drain provides a script to be used in Powershell just for this purpose. Read the thread here.
That's A Wrap
That's the week in summary. I hope this overview has been helpful. MSP360 is your resource for MSP news. Check back next week for more highlights.