Tag: powershell
-
Video-Tipp #71: Harden Windows Security – Windows 11 härten mit PowerShell-Modul ‘Harden Windows Security”
First seen on security-insider.de Jump to article: www.security-insider.de/harden-windows-security-tool-tipps-a-a07c534dead5f34edae6082e2dfa3270/
-
Microsoft to Remove PowerShell 2.0 from Windows 11 Due to Security Risks
Microsoft has announced a significant change for Windows 11 users: the removal of Windows PowerShell 2.0, a legacy scripting platform, from upcoming builds. This move, first revealed in the Windows 11 Insider Preview Build 27891 released to the Canary Channel, is part of the company’s ongoing efforts to enhance system security and streamline the operating…
-
Microsoft finally bids farewell to PowerShell 2.0
Venerable command line tool to depart Windows First seen on theregister.com Jump to article: www.theregister.com/2025/07/04/microsoft_finally_bids_farewell_to/
-
Sixfold surge of ClickFix attacks threatens corporate defenses
Countermeasures: ClickFix attacks often bypass many security tools because the approach relies on user interaction. Training users to recognize suspicious prompts and avoid copying and running code from untrusted sources is a critical first step in defending against the growing threat.Tightening up technical controls such as endpoint protection, web filtering, and email security technologies to…
-
PowerShell überwachen so geht’s
Tags: access, cloud, cyberattack, detection, hacker, login, mail, microsoft, monitoring, powershell, tool, windowsWird PowerShell nicht richtig überwacht, ist das Security-Debakel meist nicht weit.Kriminelle Hacker setzen mitunter auf raffinierte Techniken, um sich über ausgedehnte Zeiträume in den Netzwerken von Unternehmen einzunisten und still und heimlich sensible Daten oder Logins abzugreifen. Dabei missbrauchen die Cyberkriminellen in vielen Fällen auch vom jeweiligen Zielunternehmen freigegebene Tools, um sich initial Zugang zu…
-
Microsoft-Lücke ermöglicht E-Mail-Versand ohne Authentifizierung
Tags: access, authentication, ciso, cyberattack, data, defense, dkim, dmarc, exploit, framework, hacker, infrastructure, mail, microsoft, phishing, powershell, qr, risk, tool, usa, vulnerability, zero-dayDrucker und Scanner werden dank einer Schwachstelle in der Microsoft 365 Direct Send-Funktion zunehmend zu Mitteln für Hacker, um Phishing-Angriffe durchzuführen.Das Forensik-Team von Varonis hat eine Schwachstelle entdeckt, die es internen Geräten wie Druckern ermöglicht, E-Mails ohne Authentifizierung zu versenden. Dem Bericht zufolgewurde die Lücke bereits genutzt, um mehr als 70 Unternehmen, vorwiegend in den…
-
Don’t trust that email: It could be from a hacker using your printer to scam you
Tags: authentication, control, credentials, data, defense, dkim, dmarc, email, endpoint, exploit, framework, hacker, infrastructure, iot, login, mail, microsoft, monitoring, network, phishing, powershell, qr, risk, scam, tactics, tool, vulnerability, zero-daytenantname.mail.protection.outlook.com, and companies’ internal email address formats can be trivial to figure out or easy to scrape from public sources or social media. Once an attacker has the domain and a valid email address, they are able to send emails that appear to come from inside the organization.In the campaign observed by Varonis’ forensics experts,…
-
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT.BEARDSHELL, per CERT-UA, is written in C++ and offers the ability to download and execute PowerShell scripts, as…
-
North Korean Hackers Weaponize GitHub Infrastructure to Distribute Malware
Tags: attack, cyber, cybersecurity, github, group, hacker, infrastructure, malicious, malware, north-korea, powershell, threatCybersecurity researchers have uncovered a sophisticated spearphishing campaign orchestrated by the North Korean threat group Kimsuky, leveraging GitHub as a critical piece of attack infrastructure to distribute malware since March 2025. This operation, identified through analysis of a malicious PowerShell script posted on X, showcases an alarming abuse of legitimate platforms like GitHub and Dropbox…
-
PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection
A recent threat hunting session has revealed a sophisticated PowerShell script, named y1.ps1, hosted in an open directory on a Chinese server (IP: 123.207.215.76). First detected on June 1, 2025, this script operates as a shellcode loader, employing advanced in-memory execution techniques to bypass traditional disk-based detection mechanisms. The discovery, attributed to Shenzhen Tencent Computer…
-
Azure Misconfiguration Lets Attackers Take Over Cloud Infrastructure
A recent security analysis has revealed how a chain of misconfigurations in Microsoft Azure can allow attackers to gain complete control over an organization’s cloud infrastructure, from initial access to full tenant takeover. The attack path, demonstrated using real-world tools and PowerShell scripts, highlights the urgent need for organizations to harden their Azure deployments and…
-
New KimJongRAT Stealer Uses Weaponized LNK File to Deploy PowerShell-Based Dropper
The two new variants of the KimJongRAT stealer have emerged, showcasing the persistent and evolving nature of this malicious tool first identified in 2013. Detailed research by Palo Alto Networks’ Unit 42 reveals that these variants, one employing a Portable Executable (PE) file and the other a PowerShell implementation, leverage a weaponized Windows shortcut (LNK)…
-
New Sophisticated Multi-Stage Malware Campaign Uses VBS Files to Execute PowerShell Script
A recently uncovered malware campaign has revealed a highly sophisticated, multi-stage infection process utilizing heavily obfuscated Visual Basic Script (VBS) files to deploy remote access trojans (RATs) such as Remcos, LimeRAT, DCRat, and AsyncRAT. Discovered across a cluster of 16 open directories on various hosts, this campaign relies on a file named “sostener.vbs” (Spanish for…
-
GrayAlpha Hackers Group Exploits Browser Updates to Deploy PowerNet Loader and NetSupport RAT
Tags: attack, cyber, cybercrime, exploit, finance, group, hacker, infrastructure, malware, powershell, rat, threat, updateA new infrastructure linked to GrayAlpha, a cybercriminal entity overlapping with the notorious FIN7 group, has been exposed. This financially motivated threat actor, active since at least 2013, is known for its sophisticated attacks targeting retail, hospitality, and financial sectors. Custom Malware Uncovered The latest findings reveal GrayAlpha’s use of custom malware, including a PowerShell…
-
How to log and monitor PowerShell activity for suspicious scripts and commands
Block executable content from email client and webmailBlock executable files from running unless they meet a prevalence, age, or trusted list criterionBlock execution of potentially obfuscated scriptsBlock JavaScript or VBScript from launching downloaded executable contentBlock process creations originating from PSExec and WMI commands Log workstation PowerShell commands: Even without Microsoft Defender resources you need to…
-
Windows Defender Bypass Using PowerShell and Registry Edits in CyberEYE RAT
A newly discovered remote access trojan (RAT) named CyberEye is making waves in the cybersecurity community for its sophisticated capabilities and its reliance on Telegram, the popular messaging platform, as its command-and-control (C2) infrastructure. First detected in the wild in May 2025, CyberEye is distributed under various names, including TelegramRAT, and is rapidly gaining traction among cybercriminals…
-
Microsoft shares script to restore inetpub folder you shouldn’t delete
Microsoft has released a PowerShell script to help restore an empty ‘inetpub’ folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-restore-inetpub-folder-you-shouldnt-delete/
-
ViperSoftX Malware Used by Threat Actors to Steal Sensitive Information
The AhnLab Security Intelligence Center (ASEC) has recently issued a detailed report confirming the persistent distribution of ViperSoftX malware by threat actors, with notable impact on users in South Korea and beyond. First identified by Fortinet in 2020, ViperSoftX is a sophisticated PowerShell-based malware designed to infiltrate infected systems, execute remote commands, and steal sensitive…
-
Neuer Infostealer tarnt sich mit gefälschtem CAPTCHA
Security-Analysten warnen vor einer neuartigen Malware-Kampagne: EDDIESTEALER nutzt überzeugend inszenierte CAPTCHA-Köder, um Nutzer zur Ausführung gefährlicher PowerShell-Befehle zu verleiten. Ziel ist es, Zugangsdaten, Krypto-Wallets und Browserdaten abzugreifen. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/neuer-infostealer-tarnt-sich-mit-gefaelschtem-captcha/
-
ViperSoftX Malware Enhances Modularity, Stealth, and Persistence Techniques
The cybersecurity landscape witnessed the emergence of new PowerShell-based malware samples circulating in underground forums and threat-hunting communities, marking a significant evolution of the notorious ViperSoftX stealer. This updated variant, building on its 2024 predecessor, showcases remarkable advancements in modularity, stealth, and persistence mechanisms, posing a heightened threat to cryptocurrency users and enterprises. Detailed analysis…
-
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware.The DomainTools Investigations (DTI) team said it identified “malicious multi-stage downloader Powershell scripts” hosted on lure websites that masquerade as Gitcode and DocuSign.” First…
-
Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence
Tags: access, attack, breach, captcha, ciso, computer, control, credentials, cyberattack, data, data-breach, detection, endpoint, exploit, group, healthcare, HIPAA, incident response, injection, malicious, mobile, network, phishing, powershell, ransom, ransomware, risk, saas, service, technology, threat, tool, vulnerabilityIn healthcare, every minute of downtime isn’t just a technical problem”Š”, “Šit’s a patient safety risk. CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular…
-
Windows 11 24H2: PowerShell AppLocker/WDAC Script Enforcement Monate kaputt
Ich greife mal, aus gegebenem Anlass, ein Thema auf, was mir Anfang Mai 2025 unter die Augen gekommen ist. Administratoren haben festgestellt, dass das PowerShell Script Enforcement im AppLocker/WDAC über Monate kaputt war. Sollte inzwischen aber mit der PowerShell 7.6 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/02/windows-11-24h2-powershell-applocker-wdac-script-enforcement-monate-kaputt/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents Inside a VenomRAT Malware Campaign Fake Google Meet Page Tricks Users into Running PowerShell Malware…