VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review process.
Malicious ads push Lumma infostealer via fake CAPTCHA pages
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot.
Obfuscated PowerShell leads to Lumma C2 Stealer
Ontinue Cyber Defenders have observed an uptick in activities related to the LummaC2 infostealer being used as a Malware-as-a-Service.
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for potential supply chain attacks on the registry's vast user base.
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
The Vice Society ransomware gang exfiltrated victim network data using a custom Microsoft PowerShell script. We dissect how each function of it works.
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately
SafeBreach Uncovers Fully Undetectable Powershell Backdoor
See how this tool—created by a sophisticated and seemingly unknown threat actor—uses the unique approach of disguising itself as part of a Windows update.
NSA, Partners Recommend Properly Configuring, Monitoring PowerShell in New Report
The National Security Agency (NSA) and partner cybersecurity authorities released a Cybersecurity Information Sheet today recommending that Microsoft Windows® operators and administrators properly
Telerik UI exploitation leads to cryptominer, Cobalt Strike infections
Attacker targets bugs in a popular web application graphical interface development tool.
Follina — a Microsoft Office code execution vulnerability
Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus...
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately
SafeBreach Uncovers Fully Undetectable Powershell Backdoor
See how this tool—created by a sophisticated and seemingly unknown threat actor—uses the unique approach of disguising itself as part of a Windows update.
NSA, Partners Recommend Properly Configuring, Monitoring PowerShell in New Report
The National Security Agency (NSA) and partner cybersecurity authorities released a Cybersecurity Information Sheet today recommending that Microsoft Windows® operators and administrators properly
Telerik UI exploitation leads to cryptominer, Cobalt Strike infections
Attacker targets bugs in a popular web application graphical interface development tool.
Follina — a Microsoft Office code execution vulnerability
Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus...
NSA, Partners Recommend Properly Configuring, Monitoring PowerShell in New Report
The National Security Agency (NSA) and partner cybersecurity authorities released a Cybersecurity Information Sheet today recommending that Microsoft Windows® operators and administrators properly
Telerik UI exploitation leads to cryptominer, Cobalt Strike infections
Attacker targets bugs in a popular web application graphical interface development tool.
Follina — a Microsoft Office code execution vulnerability
Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus...