[HackerNews] Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed “Owowa,” on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution.
“Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web server that also exposes

Source: Read More (The Hacker News)

You might be interested in …

[TheRecord] Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals

A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files. Leaked on an underground cybercrime forum named XSS earlier […]

Read More

[ZDNet] AFP is looking to be ‘more aggressive’ with new cyber offense arm

All posts, ZDNet

The AFP is in talks with the Five Eyes alliance about how it can implement a new cyber offensive operation. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SANS ISC] Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution), (Tue, Aug 17th)

All posts, Sans-ISC

Debugging a live site can be a necessary evil. Having a bug that can’t be reproduced in development or debugging behavior requiring specific dependencies (e.g., external services or specific backend database) that are hard to replicate in development can make debugging a live site in development as standard operating procedures want you to. But whatever […]

Read More