HackDig : Dig high-quality web security articles

IIS extensions are on the rise as backdoors to servers

The Microsoft 365 Defender Research Team has warned that attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers. IIS extensions are able to stay hidden in target environments and as such provide a long-term persistence mechanism for attackers. IIS IIS is webserver software created by Mic
Publish At:2022-07-27 11:52 | Read:308 | Comments:0 | Tags:Exploits and vulnerabilities Reports backdoor cryptomining e

SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. “In early 2022, we investigated o
Publish At:2022-07-01 17:32 | Read:514 | Comments:0 | Tags:Breaking News Hacking Malware hacking news IIS information s

Microsoft provides more mitigation instructions for the PetitPotam attack

In a revision of KnowledgeBase article KB5005413, Microsoft has provided more elaborate mitigation instructions for the PetitPotam attacks that were disclosed a week ago. PetitPotam is the name for an attack method using a bug that was found by a security researcher who also published a proof-of-concept (PoC) exploit code. The attack could force remote Wi
Publish At:2021-07-29 14:33 | Read:3030 | Comments:0 | Tags:Exploits and vulnerabilities certificate efsprc hivenightmar

The Code Red worm 20 years on – what have we learned?

byPaul DucklinThere’s a famous and very catchy song that starts, “It was 20 years ago today…”In the song, of course, Sergeant Pepper was busily teaching his band to play – a band, as the song assures us, that was guaranteed to raise a smile.But can you remember where you were and what you were doing 20 years ago, if you’r
Publish At:2021-07-16 08:20 | Read:1821 | Comments:0 | Tags:Malware Vulnerability Code Red Exploit IIS Virus vulnerabili

Credit card skimmer targets ASP.NET sites

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce co
Publish At:2020-07-06 15:00 | Read:2899 | Comments:0 | Tags:Threat analysis ASP.net credit card credit card skimmer cred

IIS 6.0 Vulnerability Leads to Code Execution

Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a zero-day Buffer Overflow vulnerability (CVE-2017-7269) due to an improper validation of an ‘IF’ header in a PROPFIND request. A remote attacker could exploit this vulnerability in the IIS WebDAV Component with a crafted request using PROPFIND  method. Successful exploitation could result in
Publish At:2017-03-29 09:35 | Read:5631 | Comments:0 | Tags:Bad Sites IIS Vulnerability

Targeted Attack Exposes OWA Weakness

Attackers aiming for lateral movement inside an enterprise network have done well in the past to target domain controller credentials.Researchers at Cybereason, however, have uncovered a targeted attack in which hackers were able to burrow onto the corporate network and steal thousands of username-password combinations via Outlook Web Access. “Securi
Publish At:2015-10-06 20:30 | Read:5550 | Comments:0 | Tags:Hacks Malware Active Directory advanced persistent threat ap

IIS At Risk: The HTTP Protocol Stack Vulnerability

Unpatched versions of Microsoft’s Internet Information Services (IIS) web server are vulnerable to a remote denial of service attack that can prove to be very threatening if set against critical systems. The vulnerability, which was fixed by Microsoft in MS15-034 as part of the April 2015 Patch Tuesday cycle, can trigger the blue screen of death or mor
Publish At:2015-04-22 17:50 | Read:10102 | Comments:0 | Tags:Vulnerabilities HTTP IIS web server Vulnerability

Active DoS Exploits for MS15-034 Under Way

UPDATE – Microsoft’s characterization of MS15-034 as a remote code execution vulnerability certainly has a lot of Windows server admins on edge waiting for the other shoe to drop.In the three days since the bulletin was released warning of a critical vulnerability in the HTTP protocol stack, HTTP.sys, security experts, including the SANS Institut
Publish At:2015-04-17 18:35 | Read:7597 | Comments:0 | Tags:Hacks Microsoft Vulnerabilities Web Security Denial of Servi

WordPress Malware Causes Psuedo-Darkleech Infection

Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses. It’s difficult to detect because the malware is only active when both server and site admins are not logged in, and the iFrame is only injected once a day (or o
Publish At:2015-03-26 13:15 | Read:5218 | Comments:0 | Tags:Joomla! Security Webserver Infections Website Malware Websit

IIS, Compromised GoDaddy Servers, and Cyber Monday Spam

While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those websites were on IIS servers. When I see these patterns, I try to dig deeper and figure out what else those websites have in common. This time I revealed quite a few GoDaddy Windows servers have been pwned
Publish At:2014-12-08 07:40 | Read:6324 | Comments:1 | Tags:Learn Webserver Infections Website Spam Cyber Monday godaddy

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud