The Microsoft 365 Defender Research Team has warned that attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers. IIS extensions are able to stay hidden in target environments and as such provide a long-term persistence mechanism for attackers. IIS IIS is webserver software created by Mic

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. “In early 2022, we investigated o

In a revision of KnowledgeBase article KB5005413, Microsoft has provided more elaborate mitigation instructions for the PetitPotam attacks that were disclosed a week ago. PetitPotam is the name for an attack method using a bug that was found by a security researcher who also published a proof-of-concept (PoC) exploit code. The attack could force remote Wi

byPaul DucklinThere’s a famous and very catchy song that starts, “It was 20 years ago today…”In the song, of course, Sergeant Pepper was busily teaching his band to play – a band, as the song assures us, that was guaranteed to raise a smile.But can you remember where you were and what you were doing 20 years ago, if you’r

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce co

Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a zero-day Buffer Overflow vulnerability (CVE-2017-7269) due to an improper validation of an ‘IF’ header in a PROPFIND request. A remote attacker could exploit this vulnerability in the IIS WebDAV Component with a crafted request using PROPFIND  method. Successful exploitation could result in

Attackers aiming for lateral movement inside an enterprise network have done well in the past to target domain controller credentials.Researchers at Cybereason, however, have uncovered a targeted attack in which hackers were able to burrow onto the corporate network and steal thousands of username-password combinations via Outlook Web Access. “Securi

Unpatched versions of Microsoft’s Internet Information Services (IIS) web server are vulnerable to a remote denial of service attack that can prove to be very threatening if set against critical systems. The vulnerability, which was fixed by Microsoft in MS15-034 as part of the April 2015 Patch Tuesday cycle, can trigger the blue screen of death or mor

UPDATE – Microsoft’s characterization of MS15-034 as a remote code execution vulnerability certainly has a lot of Windows server admins on edge waiting for the other shoe to drop.In the three days since the bulletin was released warning of a critical vulnerability in the HTTP protocol stack, HTTP.sys, security experts, including the SANS Institut

Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses. It’s difficult to detect because the malware is only active when both server and site admins are not logged in, and the iFrame is only injected once a day (or o

While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those websites were on IIS servers. When I see these patterns, I try to dig deeper and figure out what else those websites have in common. This time I revealed quite a few GoDaddy Windows servers have been pwned