Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks

    justmattgBy justmattgAugust 17, 2023No Comments3 Mins Read

    [ad_1]

    Aug 16, 2023THNWindows Security / Supply Chain

    Supply Chain Attacks

    Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry’s users.

    “These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package,” Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared with The Hacker News.

    Maintained by Microsoft, PowerShell Gallery is a central repository for sharing and acquiring PowerShell code, including PowerShell modules, scripts, and Desired State Configuration (DSC) resources. The registry boasts 11,829 unique packages and 244,615 packages in total.

    The issues identified by the cloud security firm have to do with the service’s lax policy surrounding package names, lacking protections against typosquatting attacks, as a result enabling attackers to upload malicious PowerShell modules that appear genuine to unsuspecting users.

    Cybersecurity

    A second flaw pertains to the ability of a bad actor to spoof the metadata of a module — including Author(s), Copyright, and Description fields — to make it appear more legitimate, thereby deceiving unwitting users into installing them.

    “The only way for users to determine the real author/owner is to open the ‘Package Details’ tab,” the researchers said.

    Supply Chain Attacks

    “However, this will only lead them to the profile of the fake author, as the attacker can freely choose any name when creating a user in the PowerShell Gallery. Therefore, determining the actual author of a PowerShell module in the PowerShell Gallery poses a challenging task.”

    Also discovered is a third flaw that could be abused by attackers to enumerate all package names and versions, including those that are unlisted and meant to be hidden from public view.

    This can be accomplished by utilizing the PowerShell API “https://www.powershellgallery.com/api/v2/Packages?$skip=number,” enabling an attacker to gain unrestricted access to the complete PowerShell package database, including associated versions.

    Cybersecurity

    “This uncontrolled access provides malicious actors with the ability to search for potential sensitive information within unlisted packages. Consequently, any unlisted package that contains confidential data, becomes highly susceptible to compromise,” the researchers explained.

    Aqua said it reported the shortcomings to Microsoft in September 2022, following which the Windows maker is said to have put in place reactive fixes as of March 7, 2023. The problems, however, remain reproducible.

    “As we increasingly depend on open-source projects and registries, the security risks associated with them become more prominent,” the researchers concluded.

    “The responsibility for securing users primarily lies with the platform. It’s essential that PowerShell Gallery, and similar platforms, take necessary steps to enhance their security measures.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleResearchers Harvest, Analyze 100K Cybercrime Forum Credentials
    Next Article ‘Royal’ Is Trying to Make Itself the King of Ransomware
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑