Microsoft Transmits Malware and Back Doors to GNU/Linux Servers, Media Points the Finger at Everyone But Microsoft's Servers
The "supply chain" risk is Microsoft-controlled
First, some good news. For nearly a week now we've seen almost no slopfarms showing up in Google News. We are increasingly certain there's a cull going on. Like Microsoft, Google is beginning to openly and publicly recognise slop sucks. Wait till energy prices triple/treble (we're only at the start of it all!).
In worse news, Google News did boost lots of sites which speak of Microsoft NPM delivering malware and back doors while pointing the finger at everyone but Microsoft (the latest to take the blame is North Korea).
We've moreover notice the slopfarm linuxsecurity.com going ahead with another kind of misdirection ("The npm Supply Chain Problem: Why Installing Packages Executes Untrusted Code").
Well, this "Supply Chain" is Microsoft. Yet nobody in the media points the finger at it*. Maybe if it impacted NASA like Outlook did, more media site would point the finger in the right direction.
Is Microsoft too poor to vet and check what it hosts and transmits? If Mozilla and Automattic have enough "human resources" for this, why not Microsoft? █
_____
* This same media sure fancies painting Microsoft as a security hero. What a crock. From the latest security leftovers:
-
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments [Ed: When Microsoft covers "Linux"...]
-
Hacker News ☛ Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers [Ed: Microsoft looking for ways to demonise Linux instead of plugging Windows back doors]
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team.