Security News > 2023 > August > Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft's PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks.
PowerShell Gallery is a Microsoft-run online repository of packages uploaded by the wider PowerShell community, hosting a large number of scripts and cmdlet modules for various purposes.
AquaSec's Nautilus team discovered that users can submit to the PS Gallery packages with very similar names to existing repositories, so-called 'typosquatting' when cybercriminals leverage it for malicious purposes.
PS Gallery hides by default the more reliable 'Owner' field under 'Package Details', which shows the publisher account that uploaded the package.
AquaSec reported all flaws to Microsoft on September 27, 2022, and were able to replicate them on December 26, 2022, despite Microsoft stating in early November that they had fixed the issues.
On January 15, 2023, Microsoft stated that a short-term solution was implemented until its engineers developed a fix for the name typosquatting and package details spoofing.
News URL
Related news
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)