12 matches found
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment...
New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild
A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a...
Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials
Malicious actors are deploying a previously undiscovered binary, an Internet Information Services IIS webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C-developed .NET v4.0...
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020. Analyzing the code, we determined that the previously unknown binary is an IIS module, aimed at stealing...
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group...
KB4557957: Windows 10 Version 2004 June 2020 Security Update
The remote Windows host is missing security update 4557957. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute...
KB4561602: Windows 10 Version 1709 June 2020 Security Update
The remote Windows host is missing security update 4561602. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execu...
KB4560960: Windows 10 Version 1903 and Windows 10 Version 1909 June 2020 Security Update
The remote Windows host is missing security update 4560960. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute...
KB4561608: Windows 10 Version 1809 and Windows Server 2019 June 2020 Security Update
The remote Windows host is missing security update 4561608. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute...
KB4561645: Windows Server 2008 June 2020 Security Update
The remote Windows host is missing security update 4561645 or cumulative update 4561670. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the...
KB4561669: Windows 7 and Windows Server 2008 R2 June 2020 Security Update
The remote Windows host is missing security update 4561669 or cumulative update 4561643. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the...
KB4561649: Windows 10 June 2020 Security Update
The remote Windows host is missing security update 4561649. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execu...