Security News

The patch that wasn't: Cisco emits fresh fixes for NTLM hash-spilling vuln and XSS-RCE combo in Jabber app
2020-12-10 17:30

A previous patch for Cisco's Jabber chat product did not in fact fix four vulnerabilities - including one remote code execution flaw that would allow malicious people to hijack targeted devices by sending a carefully crafted message. Watchcom added: "The patch released in September only patched the specific injection points that Watchcom had identified. The underlying issue was not addressed. We were therefore able to find new injection points that could be used to exploit the vulnerabilities."

Microsoft NTLM vulnerabilities could lead to full domain compromise
2019-10-10 12:58

Preempt researchers have discovered two vulnerabilities that may allow attackers to bypass a number of protections and mitigations against NTLM relay attacks and, in some cases, to achieve full...

Microsoft Patches Critical Vulnerabilities in NTLM
2019-06-12 16:04

Microsoft on Tuesday released security patches for nearly 90 vulnerabilities, including two Critical bugs impacting the proprietary authentication protocol NTLM.  read more

How to protect your network against security flaws in Microsoft's NTLM protocol
2019-06-11 17:00

Vulnerabilities in NTLM recently discovered by security provider Preempt could allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that...

Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine
2019-06-11 16:57

The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These vulnerabilities allow...

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs
2019-02-14 22:56

CorrectHorseBatteryStaple once again more secure and memorable than ff3sd21n HashCat, an open source password recovery tool, can now crack an eight-character Windows NTLM password hash in less...

Researcher Escalates Privileges on Exchange 2013 via NTLM Relay Attack
2019-01-29 15:20

Microsoft Exchange 2013 and newer versions allow an attacker to escalate privileges when performing a NT LAN Manager (NTLM) relay attack, a security researcher warns. read more

PDF Files Can Silently Leak NTLM Credentials
2018-04-30 12:19

NTML credentials can be stolen via malicious Portable Document Format (PDF) files without any user interaction, Check Point security researchers warn. read more

Microsoft Patches LDAP Relay Vulnerability in NTLM (Security Week)
2017-07-12 13:50

Microsoft resolved over 30 bugs with its July 2017 set of security patches, one being a vulnerability where the Lightweight Directory Access Protocol (LDAP) wasn’t protected from Microsoft NT LAN...

Critical Flaws Found in Windows NTLM Security Protocol – Patch Now (The Hackers News)
2017-07-12 00:23

As part of this month's Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for...