Displaying items by tag: PowerShell

Microsoft has detailed 105 vulnerabilities in its products on October's Patch Tuesday, including three zero-days and 12 critical flaws that could be exploited for remote code execution.

Microsoft has been forced to pull an update it issued as part of its August Patch Tuesday after it was found that the patch in question, meant to fix a spoofing vulnerability in Microsoft Exchange Server, would not install properly on non-English systems.

COMPANY NEWS: Qualys, a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it is opening up its award-winning risk management platform to AppSec teams to bring their own detections to assess, prioritise and remediate the risk associated with first-party software and its embedded open-source components.

GUEST RESEARCH: WatchGuard Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analysed by WatchGuard Threat Lab researchers in Q1 2023. Key findings from the data show phishers leveraging browser-based social engineering strategies, new malware with ties to nation states, high amounts of zero day malware, living-off-the-land attacks on the rise, and more. This edition of the report also features a new, dedicated section for the Threat Lab team's quarterly ransomware tracking and analysis.

GUEST OPINION: One result of the widespread enterprise adoption of Microsoft 365 is the need to move users from one instance of the suite to a new or different instance: a tenant-to-tenant (T2T) migration.

GUEST OPINION: One result of the widespread enterprise adoption of Microsoft 365 is the need to move users from one instance of the suite to a new or different instance: a tenant-to-tenant (T2T) migration.

Microsoft says it is investigating two zero-day vulnerabilities reported to be affecting Microsoft Exchange Server 2013, 2016, and 2019.

GUEST OPINION: Fileless attacks are an advanced kind of malware that rank among today's most dangerous security threats.

According to security vendor WatchGuard Technologies' latest quarterly Internet Security Report, ransomware detections in the first quarter of 2022 are double the total reported for 2021.

Email security firm Proofpoint claims to have identified a targeted attack that uses an open-source installer for Windows packages named Chocolatey.

Security vendor WatchGuard Technologies has published research showing that more than 90% of malware arrives through HTTPS-encrypted connections.

Old sometimes is not gold, especially when it comes to ancient versions of ColdFusion running on versions of Windows that have reached their end-of-life, as the global security firm Sophos has demonstrated through its research into a server that was taken over by unknown actors using the Cring ransomware.

Malware authors are crafting their wares to bypass scans on Windows systems altogether, using a number of tricks to avoid being put under the microscope by Microsoft's Antimalware Scan Interface, the global security firm Sophos claims.

Global security vendor Sophos claims to have discovered a new strain of Windows ransomware which is the final executable payload in a manual attack where every other stage is delivered through a PowerShell script. One of the entry points was an on-premise Microsoft Exchange Server installation.

Global security provider Sophos has discovered a Microsoft Exchange Server hosting a malicious monero cryptominer which is aimed at other Exchange servers.

A relatively new strain of Windows ransomware known as Cring has been noticed attacking Fortigate VPN servers using a vulnerability which has the reference CVE-2018-13379.

Windows ransomware known as LockBit, which made its presence known in 2019, has now matured and is using novel ways to escalate privileges by bypassing the User Account Control feature on Windows systems.

Security firm Kaspersky has released details about a threat group it has named DeathStalker that appears to have just one function: collecting sensitive business information. The group appears to attack only Windows systems.

The tactics employed by cyber criminals who deploy Windows ransomware on systems for monetary gain have changed over the last 10 months in order to evade detection by endpoint security that has improved markedly, a researcher from the global security firm Sophos claims.

Microsoft has issued a patch to fix a flaw in its Office suite that was being used to spread spyware known as FINSPY.