Submitted via IRC for BoyceMagooglyMonkey
Microsoft said today that hackers compromised a font package installed by a PDF editor app and used it to deploy a cryptocurrency miner on users' computers.
The OS maker discovered the incident after its staff received alerts via the Windows Defender ATP, the commercial version of the Windows Defender antivirus.
Microsoft employees say they investigated the alerts and determined that hackers breached the cloud server infrastructure of a software company providing font packages as MSI files. These MSI files were offered to other software companies.
One of these downstream companies was using these font packages for its PDF editor app, which would download the MSI files from the original company's cloud servers during the editor's installation routine.
[...] Microsoft did not reveal the names of the two software companies involved in this incident. The OS maker says the compromise lasted between January and March 2018, and affected only a small number of users, suggesting the hacked companies aren't big names on the PDF software market.
Indicators of compromise are available in Microsoft's report on the attack, here.
(Score: 5, Insightful) by Rosco P. Coltrane on Saturday July 28 2018, @05:25AM (1 child)
The only real message in that "annoucement" from Microsoft is that only Microsoft Windows Defender ATP detected the attack, and you should purchase a license too if you care about your computerv - because ooh, look at the big bad malware it's caught!
No real information on the unspecified PDF editor that was targeted (I'd like to know so I can avoid installing ir perhaps), the exact font package I should avoid, or the cloud provider that was supposedly breached...
But hey, Windows Defender ATP is great!
(Score: 1, Funny) by Anonymous Coward on Saturday July 28 2018, @10:46AM
"Installing Microsoft Windows Defender ATP ... please wait"
"Downloading font packages ... please wait"
"Enter your Bitcoin wallet ID for authentication ... please wait"
(Score: 0) by Anonymous Coward on Saturday July 28 2018, @10:06AM (2 children)
Either a public facing system could sign packages, or the packages were unsigned.
In either case the company, and all those downstream in the case of unsigned packages, should be named and shamed.
(Score: 0) by Anonymous Coward on Saturday July 28 2018, @10:50AM (1 child)
From TFA:
(Score: 0) by Anonymous Coward on Saturday July 28 2018, @11:32AM
Lameness filter encountered. Post aborted!
Filter error: Missing Comment.
(Score: 3, Interesting) by leftover on Saturday July 28 2018, @04:03PM (1 child)
Another facet of this general problem is that every damned thing now wants to be "active", to contain code that is run automatically. Themes are another example. IMHO this is sloppy design, probably just inheriting capabilities from imported libraries then starting to use them. Font packages should contain font shape and kerning data in static data structures, period. Font rendering code should expect those structures and throw errors at anything else.
Bent, folded, spindled, and mutilated.
(Score: 0) by Anonymous Coward on Saturday July 28 2018, @06:27PM
No idea if they actually are (and if so, why the fuck they are), or if this is just more retarded lawmaking.
https://www.fsf.org/blogs/licensing/20050425novalis [fsf.org]
(Score: 0) by Anonymous Coward on Friday August 03 2018, @07:05PM
I'll just go ahead and uninstall unnamed PDF software!