As much as I loathe m$, the one thing they got right was forcing casual users (windows home) to install security updates as top priority, whether they like it or not. I know we all hate on windows, and rightly so, but that policy does nullify this particular vector and that is great for the consumer-level users.
(… for the sake of argument lets just pretend windows doesnt have 10,000 other vulns the malware devs can just exploit instead)
I don’t want to install security updates. You cannot and will not force me. Case closed.
Did I miss the bit where they said how it was delivered?
Seems it’s exploiting vulnerabilities in some software called “Ivanti Connect Secure VPN”, so unless you’re running that, you’re safe I guess. Says in the past they used vulnerabilities in “Qlik Sense” and Adobe “Magento”. Never heard of any of those, but I guess maybe some businesses use them?
Ivanti Connect Secure VPN
So its spreading via a closed source VPN software. Why should you even use that when there is great VPN software available on Linux which works reliable for decades?
Well of course you miss zero trust connections, multi-cloud readiness, award‑winning security and proven secure corporate access …
