#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Microsoft IIS | Breaking Cybersecurity News | The Hacker News

Category — Microsoft IIS
Protecting Your Microsoft IIS Servers Against Malware Attacks

Protecting Your Microsoft IIS Servers Against Malware Attacks

Sep 08, 2023 Server Security / Penetration Testing
Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a slew of activity by the advanced persistent threat (APT) group Lazarus has focused on finding vulnerable Microsoft IIS servers and infecting them with malware or using them to distribute malicious code. This article describes the details of the malware attacks and offers actionable suggestions for protecting Microsoft IIS servers against them.  An Overview on Microsoft IIS Servers IIS was first introduced with Windows NT 3.51 as an optional package back in 1995. Since then, it has seen several iterations, improvements, and features added to align with the evolving Internet, includin...
N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

May 24, 2023 Cyber Espionage / Server Security
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services ( IIS ) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to run arbitrary payloads. "The threat actor places a malicious DLL (msvcr100.dll) in the same folder path as a normal application (Wordconv.exe) via the Windows IIS web server process, w3wp.exe," ASEC explained . "They then execute the normal application to initiate the execution of the malicious DLL." DLL side-loading , similar to DLL search-order hijacking, refers to the proxy execution of a rogue DLL via a benign binary planted in the same directory. Lazarus , a highly-capable and relentless nation-state group linked to North Korea, was most recently spotted leveraging the same t...
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Dec 04, 2024Risk Management / Zero Trust
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...
Expert Insights / Articles Videos
Cybersecurity Resources