Security News

LockBit ransomware automates Windows domain encryption via group policies
2021-07-27 21:10

A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. After ransomware topics were banned on hacking forums [1, 2], LockBit began promoting the new LockBit 2.0 ransomware-as-a-service operation on their data leak site.

New Windows 10 KB5005394 emergency update fixes printing issues
2021-07-27 18:01

Microsoft has released a cumulative out-of-band update to fix a known printing issue preventing some printers and scanners from working correctly. "Noncompliant printers, scanners, and multifunction devices might not work when you use smart card authentication. This issue occurs after you install the July 13, 2021 update on domain controllers in your environment."

Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllers
2021-07-27 14:09

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller. Microsoft is sounding an alert about a threat against Windows domain controllers that would allow attackers to capture NTLM credentials and certificates.

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains
2021-07-26 22:19

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authentication information.

You, too, can be a Windows domain controller and do whatever you like, with this one weird WONTFIX trick
2021-07-26 20:31

Specifically, security researcher Gilles Lionel found it was possible to use MS-EFSRPC to force a device, including Windows domain controllers, to authenticate with a remote attacker-controlled NTLM relay. "PetitPotam takes advantage of servers," said Microsoft, "Where the Active Directory Certificate Services is not configured with protections for NTLM Relay Attacks."

Windows “PetitPotam” network attack – how to protect against it
2021-07-26 18:10

The hack, which he has dubbed PetitPotam, involves what's known as an NTLM relay attack, which is a form of manipulator-in-the-middle attack against Microsoft's NTLM authentication system. Microsoft has been advising everyone to avoid NTLM, short for NT LAN Manager, for more than a decade, because it doesn't meet modern cryptographic security standards.

Enterprises Warned of New PetitPotam Attack Exposing Windows Domains
2021-07-26 11:14

Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain. An unauthenticated attacker can use PetitPotam to get a targeted server to connect to their server and perform NTLM authentication.

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability
2021-07-26 04:21

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability - SeriousSAM - allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash attack.

A closer look at Windows 11’s recent changes
2021-07-25 21:48

Windows 11 was officially announced last month with a redesigned Start, taskbar and Action Center experience. At the moment, Windows 11 is available to testers in the Dev Channel of the Insider program.

Week in review: HiveNightmare on Windows 10, Kaseya obtains REvil decryptor
2021-07-25 08:56

Kaseya obtains universal REvil decryptorThere's finally some good news for the MSPs and their customers that have been hit by the REvil ransomware gang via compromised Kaseya VSA software: a universal decryptor has made it available to affected organizations. Easily exploitable, unpatched Windows privilege escalation flaw revealedA researcher has unearthed an easily exploitable vulnerability in Windows 10 that may allow local non-administrative users to gain administrative-level privileges.