Tag: powershell
-
Fake CAPTCHA Malware Exploits Windows Users to Run PowerShell Commands
by
in SecurityNewsIn early February 2025, Trustwave SpiderLabs uncovered a resurgence of a malicious campaign leveraging fake CAPTCHA verifications to deliver malware. This campaign uses deceptive CAPTCHA prompts to trick users into executing PowerShell commands, initiating a multi-stage attack chain. The end goal is to deploy infostealer malware such as Lumma and Vidar, which exfiltrate sensitive data…
-
North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts
by
in SecurityNewsNorth Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to breach systems, leveraging malicious ZIP files containing LNK files to initiate attacks. These LNK files, often disguised as documents related to North Korean affairs or trade agreements, are distributed via phishing emails. Once opened, they trigger a multi-stage attack involving…
-
Decrypting the Forest From the Trees
by
in SecurityNews
Tags: api, computer, container, control, credentials, data, endpoint, least-privilege, microsoft, network, password, powershell, service, updateTL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If the site server is a managed client, service account credentials can be decrypted via the Administration Service API. Introduction While Duane Michael, Chris Thompson, and I were originally working on the Misconfiguration Manager project, one of the tasks I took…
-
InvokeADCheck New Powershell Module for Active Directory Assessment
by
in SecurityNewsOrange Cyberdefense has announced the development of InvokeADCheck, a new PowerShell module designed to streamline Active Directory (AD) assessments. Created by Niels Hofland and colleague Justin, this tool aims to address the challenges faced by IT administrators and security professionals in efficiently evaluating AD environments. Streamlining AD Assessment Process InvokeADCheck offers a comprehensive solution for…
-
New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint
by
in SecurityNewsA newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-clickfix-attack-deploys-havoc-c2-via-microsoft-sharepoint/
-
Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
by
in SecurityNews
Tags: api, communications, control, cybersecurity, framework, hacker, malware, microsoft, open-source, phishing, powershell, threatCybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc.”The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted,…
-
Hackers Using PowerShell and Microsoft Legitimate Apps to Deploy Malware
by
in SecurityNews
Tags: antivirus, attack, cyber, cybersecurity, hacker, incident response, malware, microsoft, powershellCybersecurity experts are warning of an increasing trend in fileless attacks, where hackers leverage PowerShell and legitimate Microsoft applications to deploy malware without leaving significant traces on compromised systems. These sophisticated attacks, which have been around for over two decades, are proving particularly effective in bypassing traditional antivirus solutions and complicating incident response efforts. PowerShell…
-
New Undetectable Batch Script Uses PowerShell and Visual Basic to Install XWorm
by
in SecurityNewsA novel malware delivery framework employing advanced obfuscation techniques has evaded detection by security tools for over 48 hours. The attack chain centers around a Batch script that leverages PowerShell and Visual Basic Script (VBS) to deploy either the XWorm remote access trojan or AsyncRAT, marking a significant evolution in fileless attack methodologies, according to…
-
DeepSeek Lure Using CAPTCHAs To Spread Malware
by
in SecurityNews
Tags: ai, attack, botnet, breach, captcha, cloud, control, credentials, crypto, cybercrime, data, detection, exploit, infrastructure, injection, international, login, malicious, malware, network, open-source, powershell, privacy, scam, service, technology, theft, threat, tool, windowsIntroductionThe rapid rise of generative AI tools has created opportunities and challenges for cybercriminals. In an instant, industries are being reshaped while new attack surfaces are being exposed. DeepSeek AI chatbot that launched on January 20, 2025, quickly gained international attention, making it a prime target for abuse. Leveraging a tactic known as brand impersonation,…
-
Russian cyberespionage groups target Signal users with fake group invites
by
in SecurityNewsQR codes provide a means of phishing Signal users: These features now work by scanning QR codes that contain the cryptographic information needed to exchange keys between different devices in a group or to authorize a new device to an account. The QR codes are actually representations of special links that the Signal application knows…
-
North Korean Hackers Leverage Dropbox and PowerShell Scripts to Breach Organizations
by
in SecurityNews
Tags: breach, crypto, cyber, cyberattack, exploit, government, group, hacker, malware, north-korea, powershell, threatA recent cyberattack campaign, dubbed >>DEEP#DRIVE,
-
North Korea’s Kimsuky Taps Trusted Platforms to Attack South Korea
by
in SecurityNewsThe campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-koreans-kimsuky-attacks-rivals-trusted-platforms
-
Ongoing Kimsuky Attack Campaign Exploits PowerShell, Dropbox
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/ongoing-kimsuky-attack-campaign-exploits-powershell-dropbox
-
PowerShell Exploited in New Kimsuky Intrusions
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/powershell-exploited-in-new-kimsuky-intrusions
-
New Kimsuky Intrusions Exploiting PowerShell
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-kimsuky-intrusions-exploiting-powershell
-
North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks
by
in SecurityNews
Tags: attack, business, crypto, cyberattack, government, group, hacking, korea, north-korea, powershell, threatA nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors.The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail,…
-
DPRK hackers dupe targets into typing PowerShell commands as admin
by
in SecurityNewsNorth Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic inspired from the now widespread ClickFix campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dprk-hackers-dupe-targets-into-typing-powershell-commands-as-admin/
-
North Korea-linked APT Emerald Sleet is using a new tactic
by
in SecurityNewsMicrosoft Threat Intelligence has observed North Korea-linked APT Emerald Sleet using a new tactic, tricking targets into running PowerShell. Microsoft Threat Intelligence researchers spotted North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provided…
-
North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack
by
in SecurityNewsThe North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them.”To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds…
-
New Microsoft script updates Windows media with bootkit malware fixes
by
in SecurityNewsMicrosoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new “Windows UEFI CA 2023” certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-microsoft-script-updates-windows-media-with-bootkit-malware-fixes/
-
Microsoft script updates bootable media for BlackLotus bootkit fixes
by
in SecurityNewsMicrosoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new “Windows UEFI CA 2023” certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-script-updates-bootable-media-for-blacklotus-bootkit-fixes/
-
Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
by
in SecurityNewsA previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.”This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector,” Seqrite Labs researcher Subhajeet Singha said in a technical report…
-
Windows 10/11 KB5053484: Neues PS-Script für Zertifikate in Boot-Medien
by
in SecurityNewsMicrosoft hat gerade ein neues PowerShell-Script für Windows 10 und Windows 11 veröffentlicht, welches die Boot-Medien aktualisiert. Dadurch soll sichergestellt werden, dass das Windows UEFI CA 2023 Zertifikat in naher Zukunft akzeptiert wird. Das Ganze steht im Kontext zur Black … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/02/05/windows-10-11-kb5053484-neues-ps-script-fuer-zertifikate-in-boot-medien/
-
Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
by
in SecurityNewsCoyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Threat actors target Brazilian users by stealing financial data, the malware can harvest sensitive information from over 70 financial applications and numerous…