Do not be tempted to click on an offered PowerShell fix, for an apparent error in Microsoft Word, OneDrive or Google Chrome – it could be a social engineering trick to get you to install malware to your computer: Fake Google Chrome errors trick you into running malicious PowerShell scripts …
On-premises Exchange Server Vulnerability
On-premises Exchange servers are still out there and they make great targets for threat actors, especially those with unpatched flaws. There is a new PowerShell based malware called PowerExchange and being linked to an Iranian threat group APT34 that backdoors Microsoft Exchange servers. New PowerExchange malware backdoors Microsoft Exchange servers …
Continue reading “On-premises Exchange Server Vulnerability”
Detecting the undetectable!
Here is some research by Tomer Bar, Director of Security Research at SafeBreach on how they detected some backdoor malware, which was originally designated fully undetectable (FUD) powershell backdoor, but obviously now it is detected. It all starts with a malicious Microsoft Word document, that includes a macro that starts …
A malicious script that only one AV package detected!
SANS Internet Storm is reporting on a simple, non-obfuscated batch file script that evaded detection. A Simple Batch File That Blocks People – SANS Internet Storm Centre
Why “just anti-virus” is not the whole solution
Obfuscated backdoor attack: Simple but Undetected PowerShell Backdoor – SANS This is a more complex read but if you are in the business it is a real help to see how these old school attacks still work.