Powershell – Computer Security Articles

Alla ricerca di esecuzioni di PowerShell dannose con Intercept X

May 31, 2019 admin Intercept X, Powershell, Sophos Soluzioni

Credit to Author: Sophos Italia| Date: Thu, 02 May 2019 08:30:19 +0000

Intercept X Advanced con EDR ora è in grado di fermare tutte le esecuzioni di PowerShell in modo che possano essere controllate e analizzate<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/yVbV_8cXDmE” height=”1″ width=”1″ alt=””/>

Security Sophos

Searching for malicious PowerShell executions with Intercept X

April 24, 2019 admin EDR, Intercept X, Powershell, Sophos Products

Credit to Author: Seth Geftic| Date: Wed, 24 Apr 2019 15:22:50 +0000

Intercept X Advanced with EDR now captures all PowerShell executions so that they can be reviewed and analyzed.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/eJM7U_zUOS8″ height=”1″ width=”1″ alt=””/>

MalwareBytes Security

A week in security (January 14 – 20)

January 21, 2019 admin APT10, ArsTechnica, BleepingComputer, CoinDesk, Collection #1, cryptopia, cve-2019-0543, DAS, Fallout EK, Fortnite, Garmin, Garmin watch, hosting, https, Oregon, Powershell, PowerShell Team Blog, SC media, Security world, shutdown, telegram, threadx, Week in security, Youtube

Credit to Author: Malwarebytes Labs| Date: Mon, 21 Jan 2019 16:48:38 +0000

A roundup of last week’s security news from January 14 to 20, including APT10, Fallout EK, Colllection 1 data, Youtube challenges, hosting malicious sites and a Fortnite security flaw.

Categories:

Tags: APT10 ArsTechnica BleepingComputer CoinDesk collection 1 cryptopia cve-2019-0543 DAS Fallout EK fortnite garmin Garmin watch hosting HTTPS oregon powershell PowerShell Team Blog SC Media shutdown telegram threadx youtube

(Read more…)

The post A week in security (January 14 – 20) appeared first on Malwarebytes Labs.

MalwareBytes Security

Improved Fallout EK comes back after short hiatus

January 17, 2019 admin CVE-2018-15982, EK, exploit, exploit kits, Exploits, Fallout, Powershell, Threat analysis

Credit to Author: Jérôme Segura| Date: Thu, 17 Jan 2019 19:51:27 +0000

The Fallout exploit kit is back with some noteworthy improvements.

Categories:

Tags: CVE-2018-15982 EK exploit exploit kits Fallout powershell

(Read more…)

The post Improved Fallout EK comes back after short hiatus appeared first on Malwarebytes Labs.

MalwareBytes Security

New ‘Under the Radar’ report examines modern threats and future technologies

December 5, 2018 admin apac, Artificial Intelligence, behavioral detection, blocking at delivery, emea, emotet, EternalBlue, Exploits, fileless, fileless malware, future of cybercrime, malicious spam, Malwarebytes, Malwarebytes news, Powershell, report, SamSam, sorebrect, Texas, trickbot, under the radar, web blocking, web protection, worm

Credit to Author: Malwarebytes Labs| Date: Wed, 05 Dec 2018 13:01:44 +0000

Malwarebytes released a new report called “Under the Radar: The Future of Undetected Malware” that takes a look at current threats using next generation tricks, and how current security technologies stand up to these threats, as well as the threats to come.

Categories:

Malwarebytes news

Tags: apac artificial intelligence behavioral detection blocking at delivery emea emotet EternalBlue exploits fileless fileless malware future of cybercrime malicious spam Malwarebytes powershell report samsam sorebrect texas trickbot under the radar web blocking web protection worm

MalwareBytes Security

What’s new in TrickBot? Deobfuscating elements

November 12, 2018 admin BotKey, gandcrab, gandcrab ransomware, IFL plugin, Malwarebytes news, pkcs11.txt, Powershell, profiles.ini, SecurityPreloadState.txt, svchost, svchost.exe, trickbot, trickbot_config_decoder.py, Trojan.TrickBot, XOR layer

Credit to Author: hasherezade| Date: Mon, 12 Nov 2018 15:00:22 +0000

Trojan.TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. From the beginning, it was a well organized modular malware, written by developers with mature skills. It is often called a banker, however its modular structure allows to freely add new functionalities without modifying…

Categories:

Malwarebytes news

Tags: BotKey gandcrab gandcrab ransomware IFL plugin pkcs11.txt powershell profiles.ini SecurityPreloadState.txt svchost svchost.exe trickbot trickbot_config_decoder.py Trojan.TrickBot XOR layer

(Read more…)

The post What’s new in TrickBot? Deobfuscating elements appeared first on Malwarebytes Labs.

MalwareBytes Security

Fileless malware: getting the lowdown on this insidious threat

August 29, 2018 admin file history, fileless infections, fileless malware, fileless malware attacks, Kovter, magnitude EK, malware, poweliks, Powershell, Ram, SamSam, samsam ransomware, semi-fileless, SOC team, Threat analysis, windows

Credit to Author: Vasilios Hioureas| Date: Wed, 29 Aug 2018 16:48:35 +0000

In this series of articles, we provide an in-depth discussion of fileless malware and their related attacks. In part one, we cover a brief overview of the problems with and general features of fileless malware, laying the groundwork for technical analysis of various samples employing fileless and semi-fileless methods.

Categories:

Tags: file history fileless infections fileless malware fileless malware attacks kovter magnitude EK poweliks powershell RAM samsam samsam ransomware semi-fileless SOC team windows

Security Sophos

Intercept X defends against SettingsContent-ms abuse (video)

August 22, 2018 admin CVE-2018-8414, explit, Powershell, SettingsContent-ms, SophosLabs Uncut, Vulnerability

Credit to Author: Andrew Brandt| Date: Tue, 21 Aug 2018 16:56:34 +0000

Even using an older version of our anti-exploit technology will protect you if you open a malicious document with the CVE-2018-8414 exploit embedded in it<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/qXrxxFkjKfc” height=”1″ width=”1″ alt=””/>

Security Sophos

InterceptX defends against SettingsContent-ms abuse (video)

August 21, 2018 admin CVE-2018-8414, explit, Powershell, SettingsContent-ms, SophosLabs Uncut, Vulnerability

Credit to Author: Andrew Brandt| Date: Tue, 21 Aug 2018 16:56:34 +0000

MalwareBytes Security

Malware analysis: decoding Emotet, part 2

June 7, 2018 admin code analysis, downloader, emotet, encryption, malware, Powershell, Threat analysis

Credit to Author: Vishal Thakur| Date: Thu, 07 Jun 2018 15:00:00 +0000

In part two of our series on decoding Emotet, we analyze the PowerShell code flow and structure. We also reconstruct the command-line arguments—for fun!

Categories:

Tags: code analysis downloader emotet encryption powershell

(Read more…)

The post Malware analysis: decoding Emotet, part 2 appeared first on Malwarebytes Labs.

Microsoft Security

Now you see me: Exposing fileless malware

January 24, 2018 admin cybersecurity, fileless malware, malware research, Powershell, Reflective DLL loading, research, script-based attacks, Windows 10, Windows 10 S, Windows Defender Antivirus, Windows Defender ATP, Windows Defender AV, Windows Defender Exploit Guard

Credit to Author: Windows Defender ATP| Date: Wed, 24 Jan 2018 14:00:21 +0000

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks (Petya and WannaCry) used fileless techniques as part of their kill chains. The idea behind fileless malware is simple: If tools already exist on a device

← Previous