• This Powershell Phish from B Krebs got my attention. Your take?

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » This Powershell Phish from B Krebs got my attention. Your take?

    Author
    Topic
    TechTango
    AskWoody Plus
    September 19, 2024 at 5:37 pm #2705003

    It is directed to the more sophisticated users / coders of GitHub.

    https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/

    Desktop mobo Asus TUF X299 Mark 1, CPU: Intel Core i7-7820X Skylake-X 8-Core 3.6 GHz, RAM: 32GB, GPU: Nvidia GTX 1050 Ti 4GB. Display: Four 27" 1080p screens 2 over 2 quad.
    7 users thanked author for this post.
    young058, jburk07, windbg, Nibbled To Death By Ducks, Sueska, Alex5723, satrow
    Reply | Quote
    Viewing 5 reply threads
    Author
    Replies
    • Alex5723
      AskWoody Plus
      September 20, 2024 at 1:57 am #2705072

      Scary.
      This can be done on any site that uses Captcha.

      Reply | Quote
    • satrow
      AskWoody MVP
      September 20, 2024 at 4:41 am #2705084

      I’m unsure where the vulnerability lies, OS, browser, captcha or a combination.

      Measure twice, cut once. Take care out there.

      Reply | Quote
    • n0ads
      AskWoody Lounger
      September 20, 2024 at 8:00 am #2705121
      satrow wrote:

      I’m unsure where the vulnerability lies, OS, browser, captcha or a combination.

      And the answer is…

      Ding ding ding.

      None of the above!

      Like the majority of such Pishing schemes, the true vulnerability is PEBKAC!

        Problem exists between keyboard and chair

      This happens way too often because “some” individuals, regardless of how often they’ve received advice from cohorts/management not to do so, still blindly follow questionable instructions they receive via e-mail and/or from a website!

      8 users thanked author for this post.
      Steve, young058, Nibbled To Death By Ducks, TechTango, Alex5723, RetiredGeek, WSbobby-p, NaNoNyMouse
      Reply | Quote
    • b
      AskWoody_MVP
      September 20, 2024 at 12:15 pm #2705188

      Accomplished via JavaScript apparently, and not confined to GitHub users:

      This CAPTCHA Test Can Trick Windows Users Into Installing Malware

      2 users thanked author for this post.
      jburk07, windbg
      Reply | Quote
    • Sueska
      AskWoody Plus
      September 20, 2024 at 12:23 pm #2705191

      Seems clicking I am not a robot, is equivalent to clicking copy to clipboard. scary indeed

      Reply | Quote
    • Nibbled To Death By Ducks
      AskWoody Plus
      September 21, 2024 at 2:28 am #2705282
      n0ads wrote:

      Like the majority of such Pishing schemes, the true vulnerability is PEBKAC!

      Otherwise known in aviation as “Cockpit Error”.

      Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
      --
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

      Reply | Quote
    Viewing 5 reply threads
    Reply To: This Powershell Phish from B Krebs got my attention. Your take?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.