Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security IT

Microsoft Discovers Supply Chain Attack at Unnamed Maker of PDF Software (bleepingcomputer.com) 31

Microsoft said today that hackers compromised a font package installed by a PDF editor app and used it to deploy a cryptocurrency miner on users' computers. From a report: The OS maker discovered the incident after its staff received alerts via the Windows Defender ATP, the commercial version of the Windows Defender antivirus. Microsoft employees say they investigated the alerts and determined that hackers breached the cloud server infrastructure of a software company providing font packages as MSI files. These MSI files were offered to other software companies. One of these downstream companies was using these font packages for its PDF editor app, which would download the MSI files from the original company's cloud servers during the editor's installation routine.
This discussion has been archived. No new comments can be posted.

Microsoft Discovers Supply Chain Attack at Unnamed Maker of PDF Software

Comments Filter:
  • comic sans? (Score:2, Funny)

    by Anonymous Coward

    was it comic sans?

  • To download full local install packages with their check sums. And that these cloud based (internet required) apps are great to force the continuous subscription profit model but not so secure or great for the end user.

    Just my 2 cents ;)
  • by theCat ( 36907 ) on Thursday July 26, 2018 @03:44PM (#57015234) Journal

    I was just this morning taking a security course required by my employer where they were stressing the importance of securing the supply chain.

    Oh and by-the-way, I think there must be some kind of quantum nature to all these exploits. And maybe if we would just stop looking for them, they would not come into existence at all and their eigenvalues would remain undefined. Worth a shot.

    Okay back to your regularly scheduled illusion.

    • I was just this morning taking a security course required by my employer where they were stressing the importance of securing the supply chain.

      Microsoft is an arrogant bunch, and take no notice of a situation not theirs.

      This exact thing happened two years ago to Linux Mint https://www.zdnet.com/article/... [zdnet.com]
      And the time my Email address became public domain.

  • Comment removed based on user account deletion
  • This is a very good move!
    Next time Microsoft will use MSI to provide wallpapers a audio notification too.
    And web pages...

  • by sad_ ( 7868 )

    only on windows you get a malicious payload when installing a fsck FONT PACK!

According to the latest official figures, 43% of all statistics are totally worthless.

Working...