Black Hat 2021: Lessons from a lawyer
Posted inTop News

Black Hat 2021: Lessons from a lawyer

Why companies and their security teams need to engage with a lawyer before an incident occurs Presentations at Black Hat often involve slides full of data or code. Rarely, or maybe never, have I seen a slide that details parts of a policy, contract or general legal text. Nick Merker, a partner at ICE Miller…
IISpy: A complex server‑side backdoor with anti‑forensic features
Posted inTop News

IISpy: A complex server‑side backdoor with anti‑forensic features

The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers ESET researchers have discovered and analyzed a previously undocumented backdoor, implemented as an extension for Internet Information Services (IIS), Microsoft’s web server software. The backdoor, which we…