Lucene search
K

12 matches found

The Hacker News
The Hacker News
added 2025/09/04 5:58 p.m.4 views

GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module

Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/01 10:3 a.m.59 views

New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/12/15 12:8 p.m.32 views

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services IIS webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C-developed .NET v4.0...

1.6AI score
Exploits0
Securelist
Securelist
added 2021/12/14 10:0 a.m.427 views

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020. Analyzing the code, we determined that the previously unknown binary is an IIS module, aimed at stealing...

9CVSS0.9AI score0.99965EPSS
Exploits30
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/11/09 12:24 a.m.358 views

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group...

7.5CVSS10AI score0.9896EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2020/06/10 12:0 a.m.78 views

KB4557957: Windows 10 Version 2004 June 2020 Security Update

The remote Windows host is missing security update 4557957. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute...

9.3CVSS8.2AI score0.59518EPSS
Exploits14References101
Tenable Nessus
Tenable Nessus
added 2020/06/09 12:0 a.m.57 views

KB4561602: Windows 10 Version 1709 June 2020 Security Update

The remote Windows host is missing security update 4561602. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execu...

9.3CVSS8.1AI score0.59518EPSS
Exploits2References85
Tenable Nessus
Tenable Nessus
added 2020/06/09 12:0 a.m.106 views

KB4560960: Windows 10 Version 1903 and Windows 10 Version 1909 June 2020 Security Update

The remote Windows host is missing security update 4560960. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute...

9.3CVSS8.2AI score0.59518EPSS
Exploits14References102
Tenable Nessus
Tenable Nessus
added 2020/06/09 12:0 a.m.362 views

KB4561608: Windows 10 Version 1809 and Windows Server 2019 June 2020 Security Update

The remote Windows host is missing security update 4561608. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute...

9.3CVSS8.1AI score0.59518EPSS
Exploits2References93
Tenable Nessus
Tenable Nessus
added 2020/06/09 12:0 a.m.52 views

KB4561645: Windows Server 2008 June 2020 Security Update

The remote Windows host is missing security update 4561645 or cumulative update 4561670. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the...

9.3CVSS8.3AI score0.59518EPSS
Exploits2References35
Tenable Nessus
Tenable Nessus
added 2020/06/09 12:0 a.m.84 views

KB4561669: Windows 7 and Windows Server 2008 R2 June 2020 Security Update

The remote Windows host is missing security update 4561669 or cumulative update 4561643. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the...

9.3CVSS8.2AI score0.59518EPSS
Exploits2References41
Tenable Nessus
Tenable Nessus
added 2020/06/09 12:0 a.m.71 views

KB4561649: Windows 10 June 2020 Security Update

The remote Windows host is missing security update 4561649. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execu...

9.3CVSS8AI score0.59518EPSS
Exploits2References62
Rows per page
Query Builder