Microsoft Discovers Supply Chain Attack at Unnamed Maker of PDF Software

Microsoft said today that hackers compromised a font package installed by a PDF editor app and used it to deploy a cryptocurrency miner on users' computers. From a report: The OS maker discovered the incident after its staff received alerts via the Windows Defender ATP, the commercial version of the Windows Defender antivirus. Microsoft employees say they investigated the alerts and determined that hackers breached the cloud server infrastructure of a software company providing font packages as MSI files. These MSI files were offered to other software companies. One of these downstream companies was using these font packages for its PDF editor app, which would download the MSI files from the original company's cloud servers during the editor's installation routine.

comic sans?

was it comic sans?

Sychronicity

[theCat]

I was just this morning taking a security course required by my employer where they were stressing the importance of securing the supply chain.

Oh and by-the-way, I think there must be some kind of quantum nature to all these exploits. And maybe if we would just stop looking for them, they would not come into existence at all and their eigenvalues would remain undefined. Worth a shot.

Okay back to your regularly scheduled illusion.