Security Alerts & News
by Tymoteusz A. Góral

History
#654 New FAREIT strain abuses PowerShell
In 2014, we began seeing attacks that abused the Windows PowerShell. Back then, it was uncommon for malware to use this particular feature of Windows. However, there are several reasons for an attacker to use this scripting technique.

For one, users cannot easily spot any malicious behavior since PowerShell runs in the background. Another is that PowerShell can be used to steal usernames, passwords, and other system information without an executable file being present. This makes it an attractive tool for attackers for carrying out malicious activities while avoiding easy detection.

Last March 2016, we noted that PowerWare crypto-ransomware also abused PowerShell. Recently, we spotted a new attack where PowerShell was abused to deliver a FAREIT variant. This particular family of information stealers has been around since 2011.
Read more
#657 Gmail for Android gets Microsoft Exchange support
#656 New decryptor unlocks CryptXXX ransomware
#655 Building a home lab to become a malware hunter - a beginner’s guide
#654 New FAREIT strain abuses PowerShell
#653 Protecting against unintentional regressions to cleartext traffic in your Android apps
#652 Android ransomware attacks using Towelroot, Hacking Team exploits
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12