That PowerShell ‘fix’ for your root cert ‘problem’ is a malware loader in disguise

June 19, 2024 at 03:35AM Criminals are using social engineering techniques to target organizations worldwide with malicious PowerShell scripts disguised as fake error messages from Google Chrome, Microsoft Word, and OneDrive. Proofpoint identified at least two criminal groups using this tactic, with the possibility of spreading ransomware. Organizations are advised to train employees to recognize … Read more

GhostEngine mining attacks kill EDR security using vulnerable drivers

May 21, 2024 at 06:34PM The ‘REF4578’ crypto mining campaign deploys GhostEngine, a sophisticated malicious payload, using vulnerable drivers to disable security products and deploy an XMRig miner. Researchers highlight GhostEngine’s unusual sophistication and provide detection rules, but the campaign’s origin and scope remain unknown. To defend against GhostEngine, look out for suspicious PowerShell execution, … Read more

Ukraine Military Targeted With Russian APT PowerShell Attack

February 1, 2024 at 03:56PM A Russian advanced persistent threat (APT) group, believed to be related to Shuckworm, has initiated a targeted PowerShell attack campaign against the Ukrainian military using a newly discovered backdoor, STEADY#URSA. The attackers employ various evasion and obfuscation techniques, and their approach involves distributing malicious payloads through phishing emails and USB … Read more