TWINN #95 Time to re-evaluate Microsoft
Today is a day to seriously question any planned long-term usage of Windows and Microsoft 365 products. The dominance of Microsoft’s platform has made it so that prioritizing proper security hasn’t been essential to-date as it hasn’t affected their market share. The problem is that too many industries used to offer software solutions predominantly on a Microsoft stack. However, entire companies can be moved to Linux, or macOS, or to cloud solutions that don’t use Microsoft products, and can be run entirely from iOS devices.
Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious.
As we now know, Microsoft wasn’t even honest with their statement of “We are unable to provide the specific affected data from this issue” as those buckets were publicly indexed for months already, and anyone on the internet could find out what the data was that had been affected.
Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware.
“The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems.”\
VMware bug with 9.8 severity rating exploited to install witch’s brew of malware.
“If you haven’t patched CVE-2022-22954 yet, now would be an excellent time to do so.”
Text4Shell Vulnerability Exploitation Attempts Started Soon After Disclosure
This reminds us of the Log4Shell vulnerability but the likelihood of this one being exploited by criminals is quite different, given that proof-of-concept and technical details are available.
Did you know?
There are lots of reasons to consider networking to be cool again as explored in this techradar article.
As I’m traveling this week, I am skipping the video version of this one, but will be back next week.