Security News > 2016 > November > Researchers identify domain-level service credential exploit (Help Net Security)
2016-11-17 13:00
CyberArk Labs unveiled new research detailing what it considers to be a significant risk across all Windows endpoints, including those on Windows 10 with Credential Guard enabled. The exploit could allow cyber attackers to harvest encrypted service credentials from the registry and inject them into a new malicious service to achieve lateral movement and full domain compromise. Microsoft Credential Guard was introduced to mitigate the risk of lateral movement using compromised credentials, yet Credential Guard … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/m-2ZdR4a2o0/
Related news
- Germany drafts law to protect researchers who find security flaws (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security? (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- MUT-1244 targeting security researchers, red teamers, and threat actors (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Critical security hole in Apache Struts under exploit (source)
- 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials (source)