Tag: powershell
-
Malicious Microsoft VSCode extensions target devs, crypto community
Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-microsoft-vscode-extensions-target-devs-crypto-community/
-
Detection Engineer’s Guide to Powershell Remoting
Tags: access, attack, automation, computer, control, credentials, crowdstrike, cyberattack, data, detection, edr, endpoint, exploit, firewall, guide, hacker, malicious, microsoft, mitre, monitoring, network, penetration-testing, powershell, risk, service, siem, threat, tool, update, windowsPowershell Remoting is a powerful feature in Windows that enables IT administrators to remotely execute commands, manage configurations, and automate tasks across multiple systems in a network. Utilizing Windows Remote Management (WinRM), it facilitates efficient management by allowing centralized control over endpoints, making it an essential tool for system administrators to streamline operations and maintain…
-
Malicious ads push Lumma infostealer via fake CAPTCHA pages
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-ads-push-lumma-infostealer-via-fake-captcha-pages/
-
Arctic Wolf beobachtet Zero-Day-Exploit von Cleo-MFT-Software
Das Threat-Intelligence-Team der Arctic Wolf Labs haben neue schadhafte Aktivitäten beobachtet. Diese stehen im Zusammenhang mit der von Huntress aufgedeckten Zero-Day-Schwachstelle in der Cleo-Managed-File-Transfer (MFT) -Software. Im Dezember 2024 beobachtete Arctic Wolf Labs eine Mass-Exploitation-Kampagne, bei der Cleo-MFT-Lösungen für den unberechtigten Fernzugriff genutzt wurden. Die Ausführungskette umfasste einen verschleierten Powershell-Stager, einen Java-Loader sowie eine Java-basierte Backdoor,…
-
Attackers exploit zero-day RCE flaw in Cleo managed file transfer
Tags: advisory, attack, cve, edr, exploit, firewall, flaw, group, Internet, malicious, mitigation, moveIT, powershell, ransomware, rce, remote-code-execution, software, tool, update, vulnerability, vulnerability-management, windows, zero-daySecurity researchers have warned about in-the-wild attacks that exploit a remote code execution vulnerability in managed file transfer (MFT) solutions developed by enterprise software vendor Cleo Communications.The impacted products include the latest versions of Cleo LexiCom, Cleo VLTrader and Cleo Harmony, with experts advising to temporarily disconnect these systems from the internet until a patch…
-
SPA is for Single-Page Abuse! Using Single-Page Application Tokens to Enumerate Azure
Author: Lance B. Cain Overview Microsoft Azure is a leading cloud provider offering technology solutions to companies, governments, and other organizations around the globe. As such, many entitles have begun adopting Azure for their technology needs to include identity, authentication, storage, application management, and web services. One of the most common methods for organizations to begin…
-
Russian APT RomCom combines Firefox and Windows zero-day flaws in drive-by exploit
Tags: access, antivirus, apt, attack, backdoor, browser, business, computer, cve, cybercrime, cyberespionage, defense, endpoint, exploit, flaw, germany, government, group, insurance, intelligence, malicious, microsoft, msp, password, powershell, russia, software, threat, ukraine, vulnerability, windows, zero-dayA Russia-aligned group that engages in both cybercrime and cyberespionage operations used a zero-click exploit chain last month that combined previously unknown and unpatched vulnerabilities in Firefox and Windows.The campaign, whose goal was to deploy the group’s RomCom backdoor on computers, targeted users from Europe and North America. The APT group, also known as Storm-0978,…
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
Azure Key Vault Tradecraft with BARK
Tags: access, api, authentication, credentials, data, encryption, microsoft, password, powershell, RedTeam, serviceBrief This post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of how a red team operator may use these commands during the course of an assessment. Authentication Azure Key Vault is one of…
-
Daniel Stori’s Turnoff.US: ‘I Love Windows Powershell’
via the inimitable Daniel Stori at Turnoff.US! Permalink First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2024/11/daniel-storis-turnoff-us-i-love-windows-powershell/
-
Harnessing Chisel for Covert Operations: Unpacking a Multi-Stage PowerShell Campaign
The Cyble Research and Intelligence Lab (CRIL) has recently uncovered a sophisticated multi-stage infection chain, primarily driven by PowerShell scripts. This campaign, which targets organizations through a variety of attack vectors, has been designed to maintain persistence, bypass security measures, and enable further malicious activities. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/new-powershell-campaign/
-
Ymir ransomware, a new stealthy ransomware grow in the wild
New Ymir ransomware was deployed in attacks shortly after systems were breached by RustyStealer malware, Kaspersky warns. Kaspersky researchers discovered a new ransomware family, called Ymir ransomware, which attackers deployed after breaching systems via PowerShell commands. Ymir includes detection-evasion features, executing tasks in memory using functions like malloc, memmove, and memcmp. Attackers initially accessed systems…
-
Exploiting Exploiting Exchange PowerShell After ProxyNotShell: Part 3 DLL Loading Chain for RCE
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36374/Exploiting-Exploiting-Exchange-PowerShell-After-ProxyNotShell-Part-3-DLL-Loading-Chain-for-RCE.html
-
Einfacher Angriff durch Schwachstellen – Hacker können Exchange-Server über die PowerShell angreifen
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-exchange-server-angriffe-powershell-zdi-studie-2024-a-64dd7d046950c10537f575df67f0235c/
-
Hackers Exploiting Progress WhatsUp RCE Vulnerability In The Wild
RCE attacks on WhatsUp Gold exploited the Active Monitor PowerShell Script to execute malicious code, as the vulnerabilities CVE-2024-6670 and CVE-202… First seen on gbhackers.com Jump to article: gbhackers.com/whatsup-rce-vulnerability-exploit/
-
LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lummac2-infostealer-obfuscated/
-
LummaC2 infostealer uses obfuscated scripts via PowerShell to target endpoints
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/lummac2-infostealer-uses-obfuscated-scripts-via-powershell-to-target-endpoints
-
OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerS… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html
-
OneDrive Phishing Campaign Uses Malicious PowerShell Script
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/onedrive-phishing-campaign-uses-malicious-powershell-script
-
Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/walmart-powershell-backdoor-zloader/
-
A crafty phishing campaign targets Microsoft OneDrive users
Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the p… First seen on securityaffairs.com Jump to article: securityaffairs.com/166312/hacking/microsoft-onedrive-phishing.html
-
Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills
First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cloud-security-powershell-expertise-emerge-as-key-soc-analyst-skills
-
ViperSoftX Weaponizing AutoIt CLR For Stealthy PowerShell Execution
ViperSoftX is an advanced malware that has become more complicated since its recognition in 2020, to the extent that eBooks are used on Torrent sites … First seen on gbhackers.com Jump to article: gbhackers.com/vipersoftx-autoit-clr-powershell/
-
ViperSoftX malware covertly runs PowerShell using AutoIT scripting
The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoI… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vipersoftx-malware-covertly-runs-powershell-using-autoit-scripting/
-
Fake IT support sites push malicious PowerShell scripts as Windows fixes
Fake IT support sites promote malicious PowerShell fixes for common Windows errors, like the 0x80070643 error, to infect devices with information-stea… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-it-support-sites-push-malicious-powershell-scripts-as-windows-fixes/
-
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration
A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harve… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/new-rust-based-fickle-malware-uses.html
-
Cut & Paste Tactics Import Malware to Unwitting Victims
ClearFake and ClickFix attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and … First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/cut-paste-tactics-import-malware
-
New Rust infostealer Fickle Stealer spreads through various attack methods
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration A new Rust malware called Fickle Stealer spreads through various at… First seen on securityaffairs.com Jump to article: securityaffairs.com/164726/malware/fickle-stealer-attack-methods.html