Security News

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script
2024-07-30 06:45

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. The cybersecurity company is tracking the "Crafty" phishing and downloader campaign under the name OneDrive Pastejacking.

ViperSoftX malware covertly runs PowerShell using AutoIT scripting
2024-07-10 19:22

The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. [...]

Fake IT support sites push malicious PowerShell scripts as Windows fixes
2024-06-30 14:21

Fake IT support sites promote malicious PowerShell "Fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware. According to eSentire, threat actors are creating numerous fake IT support sites that are specifically designed to help users with common Windows errors, heavily focusing on the 0x80070643 error.

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration
2024-06-20 08:09

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised...

That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise
2024-06-19 07:27

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Fake Google Chrome errors trick you into running malicious PowerShell scripts
2024-06-17 22:31

A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "Fixes" that install malware. Now the overlays display fake Google Chrome, Microsoft Word, and OneDrive errors.

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
2024-05-23 05:33

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell....

Malicious PowerShell script pushing malware looks AI-written
2024-04-10 16:12

A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot. Accessing the shortcut file triggered PowerShell to run a remote script.

Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows
2023-09-11 07:54

A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. "In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang's Start-CaptureServer PowerShell script, executing various system commands, and exfiltrating the retrieved data via Mockbin APIs," security researchers Niraj Shivtarkar and Avinash Kumar said.

Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
2023-08-17 20:00

Lax policies for package naming on Microsoft's PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks. PowerShell Gallery is a Microsoft-run online repository of packages uploaded by the wider PowerShell community, hosting a large number of scripts and cmdlet modules for various purposes.