Displaying items by tag: PowerShell

According to security vendor WatchGuard Technologies' latest quarterly Internet Security Report, ransomware detections in the first quarter of 2022 are double the total reported for 2021.

Email security firm Proofpoint claims to have identified a targeted attack that uses an open-source installer for Windows packages named Chocolatey.

Security vendor WatchGuard Technologies has published research showing that more than 90% of malware arrives through HTTPS-encrypted connections.

Old sometimes is not gold, especially when it comes to ancient versions of ColdFusion running on versions of Windows that have reached their end-of-life, as the global security firm Sophos has demonstrated through its research into a server that was taken over by unknown actors using the Cring ransomware.

Malware authors are crafting their wares to bypass scans on Windows systems altogether, using a number of tricks to avoid being put under the microscope by Microsoft's Antimalware Scan Interface, the global security firm Sophos claims.

Global security vendor Sophos claims to have discovered a new strain of Windows ransomware which is the final executable payload in a manual attack where every other stage is delivered through a PowerShell script. One of the entry points was an on-premise Microsoft Exchange Server installation.

Global security provider Sophos has discovered a Microsoft Exchange Server hosting a malicious monero cryptominer which is aimed at other Exchange servers.

A relatively new strain of Windows ransomware known as Cring has been noticed attacking Fortigate VPN servers using a vulnerability which has the reference CVE-2018-13379.

Windows ransomware known as LockBit, which made its presence known in 2019, has now matured and is using novel ways to escalate privileges by bypassing the User Account Control feature on Windows systems.

Security firm Kaspersky has released details about a threat group it has named DeathStalker that appears to have just one function: collecting sensitive business information. The group appears to attack only Windows systems.

The tactics employed by cyber criminals who deploy Windows ransomware on systems for monetary gain have changed over the last 10 months in order to evade detection by endpoint security that has improved markedly, a researcher from the global security firm Sophos claims.

Microsoft has issued a patch to fix a flaw in its Office suite that was being used to spread spyware known as FINSPY.

Malicious scripts written using the Windows PowerShell framework are on the increase, Symantec has warned after a study by researchers found that 95% of analysed scripts fell into this category.

Microsoft has announced that Windows PowerShell will be released as an open source program and has built an binary alpha version that will run on some Linux distributions and OS X.

PowerShell, a ubiquitous technology that is part of the Windows environment, has become an ideal way for attackers to hide their presence and activities. Its ability to dynamically load and execute code without touching the file system makes it especially difficult to secure. Malware authors know this and are increasingly exploiting that capability.

Microsoft has made a contribution of between US$25,000 and US$50,000 to the OpenBSD Foundation which supports OpenBSD and related projects such as OpenSSH, OpenBGPD, OpenNTPD, OpenSMTPD, LibreSSL, and mandoc.