1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • NSA warns against silly mistake in the fight against Windows malw

    From TechnologyDaily@1337:1/100 to All on Thu Jun 23 18:15:04 2022
    NSA warns against silly mistake in the fight against Windows malware

    Date:
    Thu, 23 Jun 2022 17:00:42 +0000

    Description:
    PowerShell can be used for good, so don't disable it, NSA suggests.

    FULL STORY ======================================================================

    Task automation platform PowerShell, which is often abused by threat actors distributing malware , can also be used for attack detection and prevention. This is the advice the US National Security Agency (NSA) recently gave to system administrators everywhere.

    Alongside cybersecurity centers in the UK and New Zealand, the NSA published
    a security advisory in which it argues that blocking PowerShell, a common security practice, actually lowers organizations defensive capabilities against ransomware and other forms of cyberattacks.

    Instead, system admins should use it to boost their forensics and incident response, as well as to automate as many repetitive tasks as possible.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Numerous recommendations

    Blocking PowerShell hinders defensive capabilities that current versions of PowerShell can provide, and prevents components of the Windows operating system from running properly. Recent versions of PowerShell with improved capabilities and options can assist defenders in countering abuse of PowerShell, the NSA stated.

    The advisory comes with a number of recommendations, including leveraging PowerShell remoting, or using Secure Shell protocol (SSH) to improve the security of public-key authentication.

    Proper configuration of WDAC or AppLocker on Windows 10+ helps to prevent a malicious actor from gaining full control over a PowerShell session and the host, the document explained.

    System admins can also hunt for signs of abuse on their endpoints by
    recording PowerShell activity and monitoring logs. Read more

    Patch PowerShell now, Microsoft tells admins


    Microsoft warns users to update PowerShell 'as soon as possible'


    Hackers have found a sneaky new way to infect Windows devices

    The advisory also recommends admins turn on features such as Deep Script
    Block Logging, Module Logging, or Over-The-Shoulder Transcription, as the former create a log database , handy for spotting aggressive PowerShell activity.

    The latter allows admins to record every PowerShell input and output, getting a better understanding of the attackers goals.

    PowerShell is essential to secure the Windows operating system, the NSA concluded, adding that, with proper configuration and management, it can be a great tool for system maintenance and security.

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/nsa-warns-against-silly-mistake-in-the-fight-ag ainst-windows-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)