Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PowerShell is a command line shell and scripting language developed by Microsoft. The original version, Windows PowerShell, runs only on Windows and is no longer actively developed; it receives just bug fixes and security updates. The modern version is called simply PowerShell. Built on the.NET framework, it is open source and supports multiple platforms, including Windows, macOS and Linux. Here is a summary of the product’s evolution.

Windows permission misconfigurations remain a common attack vector in enterprise environments. Attackers consistently leverage these misconfigurations for privilege escalation, with Security Descriptor Definition Language (SDDL) emerging as a blind spot. From LockBit's manipulation of event log permissions to RomCom's exploitation of Task Scheduler vulnerabilities (CVE-2024-49039), SDDL misconfigurations have become a prime target for sophisticated attacks.

A PowerShell function is a block of code designed to perform a specific task. Once a function is created and tested, it can be used in multiple scripts, reducing coding effort and risk of errors. Using well-named functions also makes scripts easier to read and maintain. And since functions can return values that can be used as input to other functions or code blocks, they facilitate building complex operations.

Windows Server 2025, the latest iteration of Microsoft's flagship server operating system, introducing new features, enhanced performance, and improved security capabilities. However, with these updates come new potential vulnerabilities, bringing with it the need for robust security configurations to protect against evolving threats. This is where benchmarks and hardening practices come into play.

In September 2024, SE Labs tested Acronis Extended Detection and Response (XDR) against targeted attacks based on APT29 and Scattered Spider. The test was done in parallel with SE Labs’ Q3 2024 comparative EDR test. Both tests were done using the same methodology and targeted attacks from APT29 and Scattered Spider, but the comparative test added DPRK (Democratic People’s Republic of Korea) ransomware to the evaluation.

At the beginning of June 2024, Bitsight TRACE started analyzing a new CISA KEV vulnerability that had just come out, with the goal of creating a detection capability that could be implemented on an Internet-wide scale.

Windows PowerShell and command prompt (CMD) are both essential command-line interface tools for Windows administrators, allowing them to execute commands, manage system processes and automate administrative tasks. While CMD has been a foundational component of Windows since the MS-DOS era, PowerShell has emerged as a more advanced and powerful scripting language, enhancing system management and automation capabilities.

A newly discovered zero-day vulnerability in Windows potentially exposes users across multiple Windows versions to credential theft. Discovered by 0patch researchers, this critical security flaw allows attackers to steal NTLM credentials through a deceptively simple method. The vulnerability affects a wide range of Windows systems, including: Technical details of the vulnerability are withheld to minimize exploitation risk until Microsoft issues a fix to minimize any further risk of exploitation.

In today's world of cybersecurity, where risks change so quickly, it's more important than ever to keep your defenses strong. The Windows Defender Firewall is an important line of defense because it keeps your system safe from hackers and people who aren't supposed to be there. But turning on this firewall isn't enough; it needs to be regularly checked for state and setup changes to make sure it's working properly.