Security News

An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed "CharmPower" for follow-on post-exploitation. Log4Shell aka CVE-2021-44228 concerns a critical security vulnerability in the popular Log4j logging library that, if successfully exploited, could lead to remote execution of arbitrary code on compromised systems.

Hackers believed to be part of the Iranian APT35 state-backed group has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor. As part of their research, the analysts also spotted something new in the form of a PowerShell modular backdoor named 'CharmPower.

If you've ever had a need to SSH into a Windows machine, Jack Wallen shows you how to make that possible with the help of PowerShell. I'm going to walk you through the process of installing the OpenSSH Server on Windows 10, configuring it to start at boot, and then show you how to log in from a Linux machine.

Microsoft has released PowerShell 7.2 with automatic updates through the Microsoft Update service on Windows 10 and Windows Server devices. "We have integration with Microsoft Update to automatically keep your installation of 7.2 updated whenever we have a servicing release which only includes critical bug fixes or security updates," said Steve Lee, Principal Software Engineer Manager for PowerShell.

Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control enforcements and gain access to plain text credentials. PowerShell is a cross-platform solution that provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.

Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting. The issue, tracked as CVE-2021-26701, affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively.

Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year. The tech giant has advised customers who manage their Azure resources using affected versions of the PowerShell task automation solution to update to versions 7.0.6 or 7.1.3.

NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in. PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.

Microsoft is making it easier to update PowerShell on Windows 10 and Windows Server devices by releasing future updates through the Microsoft Update service. "In the past, Windows users were notified in their console that a new version of PowerShell 7 is available, but they still had to hop over to our GitHub release page to download and install it, or rely on a separate package management tool like the Windows Package Manager, Chocolatey, or Scoop," said PowerShell Senior Software Engineer Travis Plunk.

Surging numbers of COVID-themed attacks, PowerShell trojans, along with the SolarWinds compromise and the continued spread of Sunburst malware were major contributors to a massive spike in the number of observed attacks in the wild during the last half of 2020, which McAfee's said averaged 588 attacks per minute within its telemetry during Q3 and Q4 of 2020. Researchers observed an average of 648 threats per minute in Q4 in the wild, an increase of 10 percent over the third quarter a continued upward trend from the 40 percent jump compared to Q2 2020, McAfee's latest threat report said.