EUVD-1999-0842

Malware in sbrugna...

DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects

Threat actors have been observed targeting Internet Information Services IIS servers in Asia as part of a search engine optimization SEO manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling...

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization SEO rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimolog...

DragonRank, a Chinese-speaking SEO manipulator service provider

Key Takeaways Cisco Talos is disclosing a new threat called "DragonRank" that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization SEO rank manipulation. DragonRank exploits targets' web application services to deploy a web shell and...

A Dive into Earth Baku’s Latest Campaign

Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. In this blog entry, we examine the threat actor's latest tools, tactics, and procedures...

Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers

SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency CISA and authoring organizations identified the presence of indicators of compromise IOCs at a federal civilian executive branch FCEB agency. Analysts determined that multiple cyber threat...

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services IIS servers to infiltrate their networks...

Perkiler malware turns to SMB brute force to spread

Researchers at Guardicore have identified a new infection vector being used by the Perkiler malware where internet-facing Windows machines are breached through SMB password brute force. Perkiler is a complex Windows malware with rootkit components that is dropped by the Purple Fox exploit kit EK...

Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers

Executive Summary Microsoft is aware of a tampering vulnerability in the way that HTTP proxies front-end and web servers back-end that do not strictly adhere to RFC standards handle sequences of HTTP requests received from multiple sources. An attacker who successfully exploited the vulnerability...

Smominru Cryptominer Scrapes Credentials for Half-Million Machines

A commodity cryptomining botnet campaign that has infected a half-million computers is now tapping a lucrative secondary moneymaking opportunity in selling access to victim machines, according to researchers. An analysis of the known Smominru cryptomining campaign, which uses a modified version o...

Microsoft Internet Explorer 6.0 URL Local Resource Access Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10472/info Microsoft Internet Explorer is prone to a security weakness that may permit unauthorized access to local resources on a client computer. This will effectively bypass security restrictions implemented in Interne...

Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (MS02-065) (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Microsoft IIS MDAC msadcs.dll RD...

Corsaire Security Advisory - Port80 Software ServerMask inconsistencies

-- Corsaire Security Advisory -- Title: Port80 Software ServerMask inconsistencies Date: 24.02.03 Application: Port80 Software ServerMask 2.2 and prior Environment: IIS 4 / IIS 5 / IIS 5.1 Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030224-001 -- Sco...

NewAtlanta ServletExec/ISAPI 4.1 JSPServlet - Denial of Service

// source: https://www.securityfocus.com/bid/4796/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. A denial of service condition occurs when the JSPServlet is sent an overly long request either directly or via...

CVE-2001-0096

FrontPage Server Extensions FPSE in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability...

CVE-1999-0861

CVE-1999-0861 describes a race condition in the SSL ISAPI filter used by IIS and other servers, which may leak information in plaintext. The connected materials reiterate the high-level description but do not specify affected products/versions, root cause details beyond “race condition,” or concr...

Microsoft Data Access Components (MDAC) 2.1 Microsoft IIS 3.04.0 Microsoft Index Server 2.0 Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2)

Microsoft Data Access Components MDAC 2.1 Microsoft IIS 3.04.0 Microsoft Index Server 2.0 Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS 2 source: https://www.securityfocus.com/bid/529/info MDAC Microsoft Data Access Components is a package used to integrate web and database services...