Ars Technica

(WCF) Using net.pipe from Web application under IIS 6.0

Hi all.<BR><BR>I thought consuming a WCF service (named pipe) hosted in a Windows service on the Web server (2k3) would be a good idea. It worked well enough when debugging in VS2008, but there my ...
techtimes

Microsoft's Latest Research Shows How Hackers Use Malicious IIS Extensions as Backdoor to Servers

Hackers are now reportedly using Internet Information Services or IIS extensions as backdoors to getting into servers as it helps them hide deep in the environments they want to target and gives a ...
CSO Online

Newly-discovered threat group hijacking IIS servers for SEO fraud, warns Cisco Talos

A Chinese-speaking cybercrime group is aggressively targeting vulnerable Internet Information Server (IIS) web servers for ...
Ars Technica

Multiple certificates to one IIS website via ISA

I'm taken on a setup where there is an Exchange server on the internal network hosting an IIS site with Outlook Web and Outlook Mobile access. Sitting in front of this is an ISA 2004 box.<BR><BR>From ...
Computerworld

Opinion: Web server security: Is IIS or Apache more secure

Continuing the theme from my previous column on the relative security of Internet Information Services (IIS) vs. Apache, I’ve come across more studies to support my initial conclusion. If you remember ...
Bleeping Computer

Hackers steal Microsoft Exchange credentials using IIS module

Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely. The ...
CSOonline

Hackers breach Microsoft IIS services using Cityworks RCE bug

Hackers are exploiting a high-severity remote code execution (RCE) flaw in Cityworks deployments — a GIS-centric asset and work order management software — to execute codes on a customers’ Microsoft ...
ZDNet

Microsoft warns of stealthy backdoors used to target Exchange Servers

There's been an uptick in malware native to Microsoft's Internet Information Services (IIS) web server that is being used to install backdoors or steal credentials and is hard to detect, warns ...
The Hacker News

BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

Chinese-speaking actor uses BadIIS to poison search results in East Asia, enabling remote access and SEO fraud.
Bleeping Computer

Microsoft: Windows 'inetpub' folder created by security fix, don’t delete

Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it. This folder is typically used by Microsoft's Internet ...
Computerworld

Web server security wars: Is IIS or Apache more secure

Continuing the theme from my previous column on the relative security of Internet Information Service (IIS) vs. Apache, I’ve come across more studies to support my initial conclusion. If you remember, ...