PowerShell is my love language.
Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks. Some have therefore suggested the tool is a liability that should be disabled in the interest of improved security. But on Wednesday national …
I feel that
unzip; touch; grep; mount; fsck; more; yes; fsck; fsck; umount; clean; sleep
is slightly more poetic than
Expand-Archive; New-Item; Mount-DiskImage; Select-String; Repair-Volume; Get-Content; -Force; Repair-Volume; Dismount-DiskImage; Clear-Host; Start-Sleep
but each to their own.
...this was clearly just an extended joke.
So a bit like PowerShell's original codename, Monad? To me, PS is emblematic of so much that is Microsoft: allow customers plenty of time to learn to use a given product and then switch it out for something that does the exact same thing differently while promising improved performance and functionality but in reality just costs a lot of wasted productivity while users have to relearn how to do the exact same things they could do perfectly well before... Which MS product does this sound like? My expectation is that PS is about due for a replacement because it has a large enough user base to make it worth targeting.
Hmm, not so sure about that, really. It's newer, but it has some compromises due to portability. If you're setting up a new environment from scratch, then maybe go for it. If you've got a mature environment with lots of scripts then you're likely going to need and want to keep using 5.1.
Also, just using 7.2 isn't enough anyway, you do actually need to disable 5.1 in some way, at least for remote access, otherwise all you're doing is stopping using 5.1 and leaving it open for anyone who wants to use it.
Disabling a most useful tool is like never having a smartphone for fear of being robbed of it.
It should, of course, be an important part of defence-in-depth, part of active monitoring. "Twenty Powershell windows on a development machine with admin privileges? Probably okay, but one should stonewall the dev network from operations and finance. Single powershell process spawning out of the blue in the middle of accounting, where they only use ERP and Excel? Why? Let's take a look what's going on."
Funny, as I read an article or three to that effect several years ago. I thought Powershell would have been well understood by now. Why the sudden urge to comment on in, especially by a "random" group of five eyes states?
Just trade one set of problems for another. No thanks!! Linux is it's own bundle of problems and is fast becoming a target of hackers just like Windows.
Prediction, you will counter with the argument that Linux is more secure. Why has there been a triple digit increase in infections and attacks on Linux over the past two years if it is so much more secure?
PowerShell is a two car garage size back door allowing hackers access and control of your system/network! I have failed to find security measures sufficient to keep it running on my system, it is blocked even for admins. PowerShell is a mess of overly complex commands and syntax structures that I find difficult to learn let alone use.
I see very little in PowerShell that enhances security and an abundance of drawbacks.
Jeffrey Snover's lengthy and occasionally controversial term at Microsoft is to come to an end this week, as the PowerShell inventor sets off for pastures new after more than two decades at the Windows giant.
The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.
In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.
"Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."
OpenInfra Berlin OpenInfra still has ideas to share, including an intriguing funding model for open source projects the Foundation discussed at its in-person event last week in Berlin.
The "Directed Funding" initiative – a significant change to how some projects might be funded in the future – is about allowing organizations to fund a specific project rather than seeing their cash spread across projects for which they have no interest.
Jonathan Bryce, CEO and executive director of the OpenInfra Foundation, told The Register this wasn't a case of following a trend in the open-source world that he described as "this kind of pay to play-type scenario."
State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers.
So say the United States National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), which took the unusual step of issuing a joint advisory that warns allied governments, critical infrastructure operators, and private industry organizations to hurry up and fix their IT estates.
The advisory states that network devices are the target of this campaign and lists 16 flaws – some dating back to 2017 and none more recent than April 2021 – that the three agencies rate as the most frequently exploited.
RSA Conference A heightened state of defensive cyber security posture is the new normal, according to federal cyber security chiefs speaking at the RSA Conference on Tuesday. This requires greater transparency and threat intel sharing between the government and private sector, they added.
"There'll never be a time when we don't defend ourselves –— especially in cyberspace," National Cyber Director Chris Inglis said, referencing an opinion piece that he and CISA director Jen Easterly published earlier this week that described CISA's Shields Up initiative as the new normal.
"Now, we all know that we can't sustain the highest level of alert for an extensive period of time, which is why we're thinking about, number one, what's that relationship that government needs to have with the private sector," Easterly said on the RSA Conference panel with Inglis and National Security Agency (NSA) cybersecurity director Rob Joyce.
A strain of Windows uses PowerShell to add a malicious extension to a victim's Chrome browser for nefarious purposes. A macOS variant exists that uses Bash to achieve the same and also targets Safari.
The makers of the ChromeLoader software nasty ensure their malware is persistent once on a system and is difficult to find and remove, according to threat hunters at cybersecurity shop Red Canary, who have been tracking the strain since early February and have seen a flurry of recent activity.
"We first encountered this threat after detecting encoded PowerShell commands referencing a scheduled task called 'ChromeLoader' – and only later learned that we were catching ChromeLoader in the middle stage of its deployment," Aedan Russell, detection engineer at Red Canary, wrote in a blog post this week.
The Feds have warned organizations about a lesser-known extortion gang Karakurt, which demands ransoms as high as $13 million and, some cybersecurity folks say, may be linked to the notorious Conti crew.
In a joint advisory [PDF] this week, the FBI, CISA and US Treasury Department outlined technical details about how Karakurt operates, along with actions to take, indicators of compromise, and sample ransom notes. Here's a snippet:
A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software (OAS) platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system.
The OAS platform is widely used by a range of industrial enterprises, essentially facilitating the transfer of data within an IT environment between hardware and software and playing a central role in organizations' industrial Internet of Things (IIoT) efforts. It touches a range of devices, including PLCs and OPCs and IoT devices, as well as custom applications and APIs, databases and edge systems.
Companies like Volvo, General Dynamics, JBT Aerotech and wind-turbine maker AES are among the users of the OAS platform.
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.
The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can’t be applied.
Of the two warnings, one highlights a critical authentication bypass vulnerability – CVE-2022-22972, rated 9.8 out of 10 on the CVSS scale – that VMware revealed on Wednesday.
Black Hat Asia Software made unsafe by dependencies should be fixed without users needing to interact with the source of the problem, according to US National Cyber Director Chris Inglis, who serves in the Executive Office of the President.
Speaking to The Register at the Black Hat Asia conference in Singapore on Friday, Inglis said that when a faulty component in a car needs to be replaced, the manufacturer who chose that component takes responsibility for securing safe parts and arranging their installation. He contrasted that arrangement with the fix for the Log4j bug, which required users to seek assistance from both vendors that used the open-source logging code and source software from the Log4j project itself.
Inglis wants vendors to take responsibility for their choices so that addressing security issues is easier and users' systems – and the US – can achieve better resilience with less effort.
Biting the hand that feeds IT © 1998–2022