Security News

Microsoft enforces defenses preventing NTLM relay attacks

2024-12-11 12:59

Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets...

#attack #defense #microsoft #ntlm

Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+

2024-12-06 23:34

Microsoft's OS sure loves throwing your creds at remote systems Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users' OS...

#leak #ntlm #windows #windows7

New Windows zero-day exposes NTLM credentials, gets unofficial patch

2024-12-06 16:32

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. [...]

#credential #ntlm #patch #windows #zeroday

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

2024-11-14 05:43

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability...

#email #exploit #hacker #malware #ntlm #phishing #RAT #russian #CVE-2024-43451

Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs

2024-11-13 07:14

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are...

#microsoft #ntlm

Windows Themes zero-day bug exposes users to NTLM credential theft

2024-10-30 21:30

Plus a free micropatch until Redmond fixes the flaw There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials.…

#credential #ntlm #windows #zeroday

Exploit released for new Windows Server "WinReg" NTLM Relay attack

2024-10-22 17:26

Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the...

#attack #exploit #ntlm #server #windows

Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers

2024-10-22 14:12

Details have emerged about a now-patched security flaw in Styra's Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage of New Technology LAN Manager (NTLM) hashes....

#ntlm #remote #security

Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions

2024-08-18 08:00

Unpatched MS Office flaw may leak NTLM hashes to attackersA new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Key metrics for monitoring and improving ZTNA implementationsIn this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access implementation, focusing on balancing security with operational efficiency.

#browser #chrome #edge #leak #ntlm #office

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

2024-08-12 10:23

A new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Once attackers get a victim's NTLM hash, they can relay it another service and authenticate as the victim.

#CVE #leak #ntlm #office #CVE-2024-38200

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News