Microsoft’s lax policies in PowerShell Gallery provoke supply chain attacks
Microsoft's product PowerShell Gallery contains vulnerabilities that enable supply chain attacks, spoofing and typosquatting attacks. The vulnerabilities arose from the product's lax naming policy for code repository.
PowerShell Gallery constitutes a hugely popular code hosting platform. The pla... Read more
New malicious packages found in Python Package Index repository
A threat actor has uploaded three malicious packages to the PyPI (Python Package Index) repository. The packages reportedly drop info-stealing malware on developers' systems.
The threat is significant, according to BleepingComputer, as PyPI is the most widely used repository for Python package... Read more
New Microsoft Office zero-day used for PowerShell commands
Security experts recently found a zero-day vulnerability in Microsoft Office. The vulnerability allows malicious PowerShell commands to be executed by opening a Word document.
The vulnerability was named 'Follina' and registered as CVE-2022-30190. According to security experts, the vulnerabilit... Read more
Microsoft issues major update to the PowerShell extension for VS code
The update amounts to a complete overhaul of the core PowerShell engine.
Microsoft has made extensive changes to the core PowerShell engine to create a more reliable and stable user experience, the companhy says.
The release of the updated PowerShell extension in VS Code includes a rewrite of... Read more
Microsoft introduces Crescendo, a framework for PowerShell cmdlets
Microsoft released Crescendo, a PowerShell framework that allows you to develop cmdlets for general-purpose command tools.
Microsoft PowerShell command-line tools don't directly participate in the PowerShell pipeline. Crescendo, a newly introduced framework, shakes things up.
Crescendo allow... Read more
Microsoft has discontinued two key authentication APIs for Azure Active Directory
This comes after different applications and scripts were put out of commission by June 30th, 2022. Changes in the API might adversely affect applications and Powershell scripts.
After support for Active Directory Authentication Library (ADAL) and Azure AD Graph API ends, Microsoft customers will... Read more
Google brings major industrial platform OSIsoft to its cloud
Google announced on Thursday that it is collaborating with OSIsoft to help enterprises deploy the latter’s PI Core industrial operations platform on Google Cloud. OSIsoft is based in San Leandro, California, and is one of the biggest players in the software for industrial sector market.
It was... Read more
Microsoft announces Az Predictor for PowerShell
Command line helper will help casual users better use cmdlets in PowerShell.
Microsoft this week announced the release of Az Predictor, an intelligent command completion module for Azure Powershell. Az Predictor helps Azure developers find the cmdlet they are looking for efficiently, identify th... Read more
Hackers are actively attacking Windows Active Directory servers
Attackers use the "Zerologon" exploit to backdoor unpatched Windows servers.
Last month we reported on a Windows vulnerability that allowed anyone to become an Admin on an organization’s Active Directory domain controllers.
Earlier this year, researchers at Secura published an exploit that... Read more
Microsoft suspends Azure Active Directory Apps used by hackers
Microsoft has suspended 18 Active Directory apps used by hackers for malicious command and control infrastructure.
As many Azure customers have moved to cloud-based network infrastructure, the hackers who attack them have followed suit. Chinese government-backed hackers who exploit Microsoft Azu... Read more