Website developers are unwittingly putting their companies at risk by incorporating publicly disclosed ASP.NET machine keys from code documentation and repositories into their applications, Microsoft is warning.
The tech giant has issued an alert on the insecure practice, after observing threat actors in December using a static, known ASP.NET machine key to deploy the Godzilla post-exploitation cyberattack framework, known for stomping all over corporate environments.
https://www.darkreading.com/remote-work ... server-rce