Cisco be careful when using PowerShell

PowerShell was the source of more than a third of the critical security vulnerabilities identified in the second half of 2020, according to a Cisco survey released today at an RSA conference.

powershell

The top threat category found in all Cisco Secure were dual-use tools used for exploitation and post-exploitation work.

PowerShell , , PowerSploit, Metasploit and other similar tools have legitimate uses, Cisco says in its research, but they have also become common tools for attackers. Such practices are used to avoid detection when running foreign tools or code to compromise systems.

"According to Cisco Research, PowerShell is the source of more than a third of critical threats," says Gedeon Hombrebueno, Cisco Secure Endpoint Security Product Manager.

Cisco offers some protection steps that, of course, are facilitated by Cisco Secure Endpoint, but also some other EDR tools (from endpoint detection and response).

However, there are some steps administrators can (and should) take completely free of charge, such as preventing or limiting it PowerShell to non-administrator accounts, allowing only signed scripts to run and the Constrained Language feature to be used.

You can read detailed instructions for protecting PowerShell below paper or try it PowerShell Protect

Intel Insights: How to Secure PowerShell

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).