Don't open that WhatsApp message, Microsoft warns Be careful what you click on. Miscreants are abusing WhatsApp messages in a multi-stage attack that delivers malicious Microsoft Installer (MSI) packages, allowing criminals to control victims' machines and access all of their data. The campaign began in late February, we're told, and the attack chain starts with a WhatsApp …
No, actually, it doesn't. Installing a sane email system, one which doesn't provide the flaw of directly running programs arriving by email, has got to take priority.
Failing that, setting options to prevent the running of such programs has got to be possible.
Saying "training tops the list" is unjustly to transfer the blame for the situation from Microsoft to the users.
What "flaw of directly running programs arriving by email" are you on about? There isn't one. The sender has to trick the user into running them manually.
And options to prevent people executing them manually? Yes, the IT department can do that and have been able to for years. Not Microsoft, the local admins who have the control over what users are allowed to do. Either they haven't because users sometimes need to execute unknown things, in which case you have to train users, or they haven't but have no reason not to, in which case you have to train IT employees.
Normal email systems, such as most users use, just block VBS out-of-hand.
As a programmer, I found it annoying that most email systems would block even something as harmless as raw c code - not executable in any sane common user environment - but I've got to wonder if WhatsApp is sanitized at all?
I fondly remember being able, decades ago, to be able to run some extremely amusing Display Postscript on NeXT beasties, that did things like melt the users screen (visually) when they opened emails. Highly amusing to my tiny mind at the time. That got fixed, bu MS as you say did have a wee problem for a while
I’m sorry, but this is a nonsense.
Employee training is absolutely the single best strategy to assist in preventing malware and social engineering attacks.
Where I work it’s taken incredibly seriously.
Everyone gets training and there’s periodic fake scam email tests. We have an extra button in our email software to report dodgy emails.
The detection rate by staff has increased from around 55% to nearly 90% in 2 years.
We’ve also all had to go through multiple sets of security training depending on role and some of these have been intense and very educational.
We're starting to use Whatsapp quite a bit at work. I think it's because people on site aren't always being given a company mobile, so if you email them they don't get it until they can get to their laptop - which might be in the site office or even at home. But with Whatsapp they can send you a photo of the broken kit from wherever it is, and they can read the datasheet or manuals you send them back. it's not quite gone far enough that I've installed it on my PC - but I can see that happening, if I end up using it as much as one of my colleagues.
We're even looking at the possibility of connecting Whatsapp to our CRM system - so we can send people copies of quotes.
"the concrete melts into the abstract and no one seems able to think of turns of speech that are not hackneyed: prose consists less and less of words chosen for the sake of their meaning, and more and more of phrases tacked together like the sections of a prefabricated hen-house"
https://www.orwellfoundation.com/the-orwell-foundation/orwell/essays-and-other-works/politics-and-the-english-language/
Why say:
> Malware scanners can use this to detect dodgy files hiding under a legitimate name
... when you can say:
> This means Microsoft Defender and other security solutions can leverage this metadata discrepancy as a detection signal, flagging instances where a file's name does not match its embedded OriginalFileName
Anyone who sends me any message with ''reach out'' or other such nonsense in it gets the message binned.
I look after a small catch all email account for our volunteer first response team and I get a load from companies trying to sell us stuff, which is parasitic enough but when they are full of buzzword bullshite it automatically puts those twats off my purchasing list.
In my professional role I have to deal with a lot of contracts managers who love the wanker-speak so I put them right at the start. I inform them pretty bluntly in the next site meeting that if they want me to read their emails they write in Welsh or English, hell even French if they want but no text speak, no wanky marketing buzzwords. I have done this for years, responding to mangled messages with trendy (at the time) txt abbreviations in a professional email with a blunt return email asking them to send it in a recognised language if they needed a response. I am pretty fortunate that I can do this as these people need my input.
If more people did this it would remove most of the abomination of marketing speak. Worst people by far are those that have a huge linkedin presence and loudly state so in their email sig. Tossers.
If it was written by a human, the term is grandiloquent.
But it was never even looked at by a human before release. It is pure AI. The goal of this kind of missive is to make the merely plausible sound like the best thing since sliced bread. Unfortunately for the idiots using it, what it really does is make said idiot sound like a complete wanker (as noted by the OP), even though they never even bothered to read it, much less write it.
Didn't you know? He's a liquid!
(See also We all float down here - but don't think too much in the results of combining the two - icky!)
I hear this so much every day. Levverage this. Levverage that. I don't massively mind Americans doing this but when I hear supposedly intelligent Brits doing it, it makes my skin crawl. We don't have levvers here. We call them levers. And the verb is to lever.
Americans can pronounce it how they wish; nothing wrong with that. But leverage is still a noun.
Getting this wrong just makes you look like a sheep who didn't pay attention at school.
As for "on-premise", don't get me started.
I have the "joys" of using it as some in the family don't really know how to work anything else. Can only agree it's utter shit and the repeated shovelling in of unwanted "features" just makes it worse.
Whatever twat decided to stick the AI button above the create message button in the app, though.....they deserve a special place in purgatory.
I don't trust Meta not to use WhatsApp to illegally acquire data on any device it's installed on. They have already been caught doing it at least once (when they transferred contact lists from WhatsApp to Facebook). In the EU, all we have is their pinky promise that they won't do it again, and outside EU there's not even that.
I don't trust them, a business certainly shouldn't trust them, and providing a service, internal or external, only through a system that requires ceding personal data to a third party, ought to be straight up illegal.
“This is a virus. I do not have the tech savvy, nor the patience, to write an actual computer virus,
so this one will use the honor system. If you are reading this, please manually delete all personal data
from your computer and then forward this to 30 people on your email contact list. Thank you for your cooperation."
[No. Actually don't. Check the date.]
