Hello, welcome to the Thursday, November 19th, 2020 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

Quick tip from Xavier today.

He found on Virus Total, actually, some emails from users that apparently try to bypass some security

controls. A lot of companies make it difficult to attach files to email, so users try to find

alternative ways to transmit files. They need to transmit for business. In this particular case, a user did upload it

to an own cloud account, which in itself is not bad, but apparently the recipient didn't have access

to the own cloud system. And as a result, the sender just sent their credentials along and essentially shared the account.

Shared accounts are always bad.

I've seen it similarly happen actually in one organization that had a big breach.

As a result, didn't allow any email attachments, which then of course led to everybody using their

personal email address in order to receive email, which now totally went outside any kind

of corporate email policy enforcement.

Then a couple of updates about browsers.

Google released a new version of Chrome fixing 11 vulnerabilities rated as high and

a number of other medium and low vulnerabilities.

Secondly, we do have an update for Firefox, Firefox,

and it takes the interesting step to introduce a Secondly, we do have an update for Firefox, Firefox 83,

and it takes the interesting step to introduce an HTTP only mode.

Now, similar behavior has been available in the past as plugins for your browser,

but what essentially does is when you're connecting to a website,

it will connect to HTTPDPS by default,

...