Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
11 résultats taggé PowerShell  ✕
Navigating Through The Fog https://thedfirreport.com/2025/04/28/navigating-through-the-fog/
28/04/2025 12:42:23
QRCode
archive.org
thumbnail
  • An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance, exploitation, lateral movement, and persistence.
  • Initial access was gained using compromised SonicWall VPN credentials, while other offensive tools facilitated credential theft, exploitation of Active Directory vulnerabilities, and lateral movement.
  • Persistence was maintained through AnyDesk, automated by a PowerShell script that preconfigured remote access credentials.
  • Sliver C2 executables were hosted on the server for command-and-control operations, alongside Proxychains tunneling.
  • The victims spanned multiple industries, including technology, education, and logistics, across Europe, North America, and South America, highlighting the affiliate’s broad targeting scope.
thedfirreport EN 2025 SonicWall VPN ransomware Fog AnyDesk PowerShell
VSCode extensions found downloading early-stage ransomware https://www.bleepingcomputer.com/news/security/vscode-extensions-found-downloading-early-stage-ransomware/
21/03/2025 08:31:59
QRCode
archive.org
thumbnail

Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review process.

bleepingcomputer EN 2025 Coding Extensions Microsoft PowerShell Ransomware VSCode Marketplace
Malicious ads push Lumma infostealer via fake CAPTCHA pages https://www.bleepingcomputer.com/news/security/malicious-ads-push-lumma-infostealer-via-fake-captcha-pages/
22/12/2024 20:47:10
QRCode
archive.org
thumbnail

A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot.

bleepingcomputer EN 2024 Captcha ClickFix Information-Stealer Lumma Malvertising Malware PowerShell Security InfoSec Computer-Security
Obfuscated PowerShell leads to Lumma C2 Stealer https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer/
07/09/2024 11:46:07
QRCode
archive.org
thumbnail

Ontinue Cyber Defenders have observed an uptick in activities related to the LummaC2 infostealer being used as a Malware-as-a-Service.

ontinue EN 2024 obfuscated Powershell analysis Lumma LummaC2 Stealer Malware-as-a-Service
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks
18/08/2023 08:18:30
QRCode
archive.org
thumbnail

Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for potential supply chain attacks on the registry's vast user base.

aquasec EN 2023 PowerHell PowerShell Gallery typosquatting
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land https://unit42.paloaltonetworks.com/vice-society-ransomware-powershell/
14/04/2023 21:50:12
QRCode
archive.org
thumbnail

The Vice Society ransomware gang exfiltrated victim network data using a custom Microsoft PowerShell script. We dissect how each function of it works.

unit42 EN 2023 report analysis ViceSociety PowerShell
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend
21/11/2022 09:57:13
QRCode
archive.org
thumbnail

By now you have likely already heard about the in-the-wild exploitation of Exchange Server, chaining CVE-2022-41040 and CVE-2022-41082. It was originally submitted to the ZDI program by the researcher known as “DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC”. After successful validation, it was immediately

zerodayinitiative EN 2022 0-day CVE-2022-41040 CVE-2022-41082 PowerShell
SafeBreach Uncovers Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
19/10/2022 08:30:40
QRCode
archive.org
thumbnail

See how this tool—created by a sophisticated and seemingly unknown threat actor—uses the unique approach of disguising itself as part of a Windows update.

SafeBreach EN 2022 Powershell Undetectable IoCs research
NSA, Partners Recommend Properly Configuring, Monitoring PowerShell in New Report https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3069620/nsa-partners-recommend-properly-configuring-monitoring-powershell-in-new-report/utm_source/substack/utm_medium/nsa-partners-recommend-properly-configuring-monitoring-powershell-in-new-report/
25/06/2022 04:43:38
QRCode
archive.org
thumbnail

The National Security Agency (NSA) and partner cybersecurity authorities released a Cybersecurity Information Sheet today recommending that Microsoft Windows® operators and administrators properly

NSA en 2022 PowerShell recommandation information howto guidance Windows Microsoft
Telerik UI exploitation leads to cryptominer, Cobalt Strike infections https://news.sophos.com/en-us/2022/06/15/telerik-ui-exploitation-leads-to-cryptominer-cobalt-strike-infections/
17/06/2022 07:11:21
QRCode
archive.org
thumbnail

Attacker targets bugs in a popular web application graphical interface development tool.

sophos 2022 EN research POWERSHELL TELERIK XMRIG CVE-2017-11357 CVE-2019-18935 CVE-2017-11317 cobaltstrike cryptomaining
Follina — a Microsoft Office code execution vulnerability https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
30/05/2022 11:33:04
QRCode
archive.org

Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus...

doublepulsar EN 2022 Office vulnerability msdt.exe PowerShell Follina
4507 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio