Tag: powershell
-
Harnessing Chisel for Covert Operations: Unpacking a Multi-Stage PowerShell Campaign
The Cyble Research and Intelligence Lab (CRIL) has recently uncovered a sophisticated multi-stage infection chain, primarily driven by PowerShell scripts. This campaign, which targets organizations through a variety of attack vectors, has been designed to maintain persistence, bypass security measures, and enable further malicious activities. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/new-powershell-campaign/
-
Ymir ransomware, a new stealthy ransomware grow in the wild
New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware, which attackers deployed after breaching systems via PowerShell commands. Ymir includes detection-evasion features, executing tasks in memory using functions like malloc, memmove, and memcmp. Attackers initially accessed systems…
-
Exploiting Exploiting Exchange PowerShell After ProxyNotShell: Part 3 DLL Loading Chain for RCE
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36374/Exploiting-Exploiting-Exchange-PowerShell-After-ProxyNotShell-Part-3-DLL-Loading-Chain-for-RCE.html
-
Einfacher Angriff durch Schwachstellen – Hacker können Exchange-Server über die PowerShell angreifen
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-exchange-server-angriffe-powershell-zdi-studie-2024-a-64dd7d046950c10537f575df67f0235c/
-
Hackers Exploiting Progress WhatsUp RCE Vulnerability In The Wild
RCE attacks on WhatsUp Gold exploited the Active Monitor PowerShell Script to execute malicious code, as the vulnerabilities CVE-2024-6670 and CVE-202… First seen on gbhackers.com Jump to article: gbhackers.com/whatsup-rce-vulnerability-exploit/
-
LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lummac2-infostealer-obfuscated/
-
LummaC2 infostealer uses obfuscated scripts via PowerShell to target endpoints
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/lummac2-infostealer-uses-obfuscated-scripts-via-powershell-to-target-endpoints
-
OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerS… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html
-
OneDrive Phishing Campaign Uses Malicious PowerShell Script
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/onedrive-phishing-campaign-uses-malicious-powershell-script
-
Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/walmart-powershell-backdoor-zloader/
-
A crafty phishing campaign targets Microsoft OneDrive users
Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the p… First seen on securityaffairs.com Jump to article: securityaffairs.com/166312/hacking/microsoft-onedrive-phishing.html
-
Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills
First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cloud-security-powershell-expertise-emerge-as-key-soc-analyst-skills
-
ViperSoftX Weaponizing AutoIt CLR For Stealthy PowerShell Execution
ViperSoftX is an advanced malware that has become more complicated since its recognition in 2020, to the extent that eBooks are used on Torrent sites … First seen on gbhackers.com Jump to article: gbhackers.com/vipersoftx-autoit-clr-powershell/
-
ViperSoftX malware covertly runs PowerShell using AutoIT scripting
The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoI… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vipersoftx-malware-covertly-runs-powershell-using-autoit-scripting/
-
Fake IT support sites push malicious PowerShell scripts as Windows fixes
Fake IT support sites promote malicious PowerShell fixes for common Windows errors, like the 0x80070643 error, to infect devices with information-stea… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-it-support-sites-push-malicious-powershell-scripts-as-windows-fixes/
-
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration
A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harve… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/new-rust-based-fickle-malware-uses.html
-
Cut & Paste Tactics Import Malware to Unwitting Victims
ClearFake and ClickFix attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and … First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/cut-paste-tactics-import-malware
-
New Rust infostealer Fickle Stealer spreads through various attack methods
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration A new Rust malware called Fickle Stealer spreads through various at… First seen on securityaffairs.com Jump to article: securityaffairs.com/164726/malware/fickle-stealer-attack-methods.html
-
Fake Google Chrome errors trick you into running malicious PowerShell scripts
A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell fixes that ins… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/
-
FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware
Russia-linked threat actor FlyingYeti is targeting Ukraine with a phishing campaign to deliver the PowerShell malware COOKBOX. Cloudflare researchers … First seen on securityaffairs.com Jump to article: securityaffairs.com/164017/hacking/flyingyeti-targets-ukraine.html
-
The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternative… First seen on thehackernews.com Jump to article: thehackernews.com/2024/05/the-end-of-era-microsoft-phases-out.html
-
Microsoft Replacing VBScript With JavaScript PowerShell
Microsoft has shifted its scripting options for web development and task automation. The company is replacing VBScript with more advanced alternatives… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-replacing-vbscript/
-
Suspected CoralRaider continues to expand victimology using three information stealers
Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload int… First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/suspected-coralraider-continues-to-expand-victimology-using-three-information-stealers/
-
Hackers Use Custom Backdoor Powershell Scripts to Attack Windows Machines
The Damselfly Advanced Persistent Threat (APT) group, also known as APT42, has been actively utilizing custom backdoor variants, NiceCurl and TameCat,… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-use-custom-backdoor/
-
Analyze Malicious Powershell Scripts by Running Malware in ANY.RUN Sandbox
Hackers exploit PowerShell, a built-in scripting tool on Windows (and sometimes Linux), to launch various attacks. PowerShell scripts can download mal… First seen on gbhackers.com Jump to article: gbhackers.com/powershell-script-tracer_-analyze-powershell-execution/
-
Rhadamanthys infostealer deployed via AI-based PowerShell
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rhadamanthys-infostealer-deployed-via-ai-based-powershell
-
Malicious PowerShell script pushing malware looks AI-written
A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI’s ChatGPT, Googl… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-powershell-script-pushing-malware-looks-ai-written/
-
New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive informatio… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/new-deepgosu-malware-campaign-targets.html
-
Novel Script-Based Attack That Leverages PowerShell And VBScript
A new campaign has been identified as DEEP#GOSU is likely linked to the Kimsuky group, and it employs a new script-based attack chain t… First seen on gbhackers.com Jump to article: gbhackers.com/power-vbscript-attack/
-
Remote Trojaner Agent Tesla wird über Quantum Builder verbreitet
Tags: powershellDer Builder verwendet außerdem Techniken wie Decoys, UAC Prompts und In-Memory PowerShell, um die endgültige Payload auszuführen. Sie alle werden imme… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/remote-trojaner-agent-tesla-wird-ueber-quantum-builder-verbreitet/a32345/