#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

IIS Server | Breaking Cybersecurity News | The Hacker News

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

Dec 15, 2021
Malicious actors are deploying a previously undiscovered binary, an Internet Information Services ( IIS ) webserver module dubbed " Owowa ," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web server that also exposes Exchange's Outlook Web Access (OWA)," Kaspersky researchers Paul Rascagneres and Pierre Delcher  said . "When loaded this way, Owowa will steal credentials that are entered by any user in the OWA login page, and will allow a remote operator to run commands on the underlying server." The idea that a rogue IIS module can be fashioned as a backdoor is not new. In August 2021, an exhaustive study of the IIS threat landscape by Slovak cybersecurity company ESET revealed  as many as 14 malware families that were developed as native IIS modules in an attempt to interc
Several Malware Families Targeting IIS Web Servers With Malicious Modules

Several Malware Families Targeting IIS Web Servers With Malicious Modules

Aug 04, 2021
A systematic analysis of attacks against Microsoft's Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for  natively developed malware  for close to eight years. The findings were presented today by ESET malware researcher Zuzana Hromcova at the  Black Hat USA security conference . "The various kinds of native IIS malware identified are server-side malware and the two things it can do best is, first, see and intercept all communications to the server, and second, affect how the requests are processed," Hromcova told in an interview with The Hacker News. "Their motivations range from cybercrime to espionage, and a technique called SEO fraud." Government institutions in three Southeast Asian countries, a major telecommunications company in Cambodia, and a research institution in Vietnam, as well as dozens of private
Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months

Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months

Sep 28, 2017
Mining cryptocurrencies can be a costly investment as it takes a monstrous amount of computing power, and thus hackers have started using malware that steals computing resources of computers it hijacks to make lots of dollars in digital currency. Security researchers at security firm ESET have spotted one such malware that infected hundreds of Windows web servers with a malicious cryptocurrency miner and helped cybercriminals made more than $63,000 worth of Monero (XMR) in just three months. According to a report published by ESET today, cybercriminals only made modifications to legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to secretly install the miner on unpatched Windows servers. Although ESET's investigation does not identify the attackers, it reports that the attackers have been infecting unpatched Windows web servers with the cryptocurrency miner since at least May 2017 to mine 'Monero,' a Bitcoin-like
cyber security

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024Software Security / Vulnerability
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a way to  quickly  determine if
Cybersecurity
Expert Insights
Cybersecurity Resources