Security Alerts & News
by Tymoteusz A. Góral

History
#2171 New IIS 6.0 0day exploited in live attacks since July 2016
Since July 2016, attackers have been using a zero-day in IIS 6.0 to compromise and take over Windows servers.

The zero-day was discovered by two Chinese researchers from the Information Security Lab & School of Computer Science & Engineering, South China University of Technology Guangzhou, China.

The two published proof-of-concept exploit code on GitHub two days ago, after Microsoft acknowledged the flaw, but said it couldn't patch it as it affected EOL products, for which it doesn't issue updates anymore.
Read more
#2179 Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server
#2178 This book reads you - using JavaScript
#2177 Flatbed scanners used as relay point for controlling malware in air-gapped systems
#2176 Let’s Encrypt issues certs to ‘PayPal’ phishing sites: how to protect yourself
#2175 VMware patches critical virtual machine escape flaws
#2174 Skype users hit by ransomware through in-app malicious ads
#2173 One of the most prolific botnets is back - and now it's being used for stockmarket scams
#2172 Unskilled group behind many junk ransomware strains
#2171 New IIS 6.0 0day exploited in live attacks since July 2016
#2170 Russian hacker pleads guilty in global botnet case
#2169 About 90% of Smart TVs vulnerable to remote hacking via rogue TV signals
#2168 Someone is putting lots of work into hacking Github developers
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12