Security News
A threat actor specializing in establishing initial access to target organizations' computer systems and networks is using booby-trapped email attachments to steal employees' NTLM hashes. "User authentication in Windows is used to prove to a remote system that a user is who they say they are. NTLM does this by proving knowledge of a password during a challenge and response exchange without revealing the password to anyone," Microsoft said in a recent post that announced their goal to deprecate NTLM use in favor of Kerberos - a more modern, extensible and secure authentication protocol.
The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager authentication hashes to perform account hijacks. NTLM hashes are used in Windows for authentication and session security and can be captured for offline password cracking to obtain the plaintext password.
AuthLogParser is an open-source tool tailored for digital forensics and incident response, specifically crafted to analyze Linux authentication logs. Log file, extracting crucial details like SSH logins, user creations, event names, IP addresses, among others.
In this Help Net Security video, Bassam Al-Khalidi, co-CEO of Axiad, discusses the results of Axiad's recent State of Authentication Survey. 39% indicated phishing is the most feared cyberattack, while 49% said it is the attack most likely to happen.
Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a...
Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a...
Please turn on your JavaScript for this page to function normally. This survey set out to explore these challenges, to identify common practices, and to provide insight into how organizations can bolster their defenses.
Signal has had the ability to manually authenticate another account for years. The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is who their device says they are.
Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret.
Apple made passkeys automatic in its latest iOS releases, Microsoft expanded passkey use in Windows 11, and Google has enabled them in Chrome and Android devices, which has extended them to services such as DocuSign and PayPal. In October 2023, Google started offering passkeys as the default method for users signing into their accounts.