CyberSecurityBoard
Sponsor Register Login

Hackers Abuse ASP Machine Keys in IIS to Bypass Security Controls

Recent cybersecurity investigations have uncovered a novel attack vector where hackers exploit ASP machine keys in Microsoft's Internet Information Services (IIS) to bypass security controls. This technique allows attackers to manipulate encrypted data and authentication tokens, effectively undermining the integrity of web applications hosted on IIS servers. The abuse of ASP machine keys enables persistent access and stealthy operations, making detection and mitigation challenging for defenders. Organizations relying on IIS for web hosting should urgently review their cryptographic key management practices and apply recommended security patches. This article delves into the mechanics of the attack, the implications for enterprise security, and best practices to safeguard against such exploits. Understanding this threat is crucial for cybersecurity professionals aiming to fortify their web infrastructure against sophisticated adversaries.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 22 Oct 2025 07:35:14 +0000


Cyber News related to Hackers Abuse ASP Machine Keys in IIS to Bypass Security Controls

CVE-2022-32988 - Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files ...
3 years ago
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
8 months ago Cybersecuritynews.com
Hackers Abuse ASP Machine Keys in IIS to Bypass Security Controls - Recent cybersecurity investigations have uncovered a novel attack vector where hackers exploit ASP machine keys in Microsoft's Internet Information Services (IIS) to bypass security controls. This technique allows attackers to manipulate encrypted ...
4 months ago Cybersecuritynews.com CVE-2023-34527 Unknown
The Role of Machine Learning in Cybersecurity - Machine learning plays a crucial role in cybersecurity by enhancing defense mechanisms and protecting sensitive information. The key advantage of using machine learning in cybersecurity is its ability to constantly adapt and learn from new threats. ...
2 years ago Securityzap.com
Cybersecurity Standards vs Procedures vs Controls vs Policies - Four interrelated terms used in cybersecurity are Policies, Procedures, Standards, Guidelines, and Controls. Policies are at the top, Standards and Guidelines add detail to policies, Controls are the measured outcome of standards in use, and ...
2 years ago Securityboulevard.com
CVE-2023-38291 - An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G ...
1 year ago
How to Set Up Internet Parental Controls - Setting up internet parental controls is a great way to reduce the risk of your child viewing inappropriate content on the web. Parental controls are available on most major internet-enabled devices. Parental controls can prevent and filter a variety ...
2 years ago Pandasecurity.com
An In-Depth Guide to the 11 New ISO 27001 Controls - An effective defense against these threats requires a consistent and comprehensive security posture like the one outlined in the ISO 27001 standard. As daunting as these threats seem, up to 80% can be stopped by adopting security controls. The last ...
2 years ago Securityboulevard.com
CVE-2023-38298 - Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party ...
1 year ago
CVE-2011-3684 - Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to ...
13 years ago
CVE-2023-38301 - An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola ...
1 year ago
CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
1 year ago
How to Use Titan Security Keys With Passkey Support - Google's updated Titan Security Keys can serve as a multifactor authenticator and store passkeys to replace passwords. Google announced the availability of Titan Security Keys with passkey support in mid-November 2023; the initial Titan Security Keys ...
2 years ago Techrepublic.com
New C++ Based IIS Malware With Numerous Functionalities Mimics cmd.exe To Stay Undetected - Unit 42’s analysis revealed that this new C++ based IIS malware command execution framework leverages Windows’ user-mode asynchronous procedure calls (APCs) to queue malicious tasks while maintaining the facade of legitimate cmd.exe activity. ...
11 months ago Cybersecuritynews.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 year ago Helpnetsecurity.com
Hackers Attacking IIS Servers With New Web Shell Script to Gain Complete Remotely Control - The attack emerged from a broader investigation into cyber intrusions targeting critical national infrastructure in the Middle East, where threat actors successfully deployed multiple web shell servers across compromised systems. Cybersecurity ...
7 months ago Cybersecuritynews.com
CVE-2012-4971 - Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) ...
13 years ago
CVE-2006-2731 - Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) ...
7 years ago
CVE-2005-1224 - Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, ...
7 years ago
CVE-2023-38296 - Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from ...
1 year ago
A Cost-Effective Encryption Strategy Starts With Key Management - Companies have a problem with encryption: While many businesses duly encrypt sensitive data, there is no standard strategy for deploying and managing an key-management infrastructure. Every organization needs to make a large number of decisions in ...
1 year ago Darkreading.com Equation
CVE-2005-1417 - Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) ...
17 years ago
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
11 months ago Cybersecuritynews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
11 months ago Cybersecuritynews.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
11 months ago Cybersecuritynews.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)