Tag: ntlm
-
‘RemoteMonologue’ New Red Team Technique Exploits DCOM To Steal NTLM Credentials Remotely
by
in SecurityNewsA sophisticated new red team technique dubbed >>RemoteMonologue
-
Ähnlichkeiten mit bereits ausgenutzer Schwachstelle Day-Sicherheitslücke betrifft NTLM schon wieder
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/0patch-entdeckt-erneut-ntlm-sicherheitsluecke-windows-a-746edbce4296f05d278dfe604afa4e9c/
-
Unofficial fixes for novel NTLM hash-exposing zero-day issued
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/unofficial-fixes-for-novel-ntlm-hash-exposing-zero-day-issued
-
New Windows Zero-Day Vulnerability Exposes NTLM Credentials Unofficial Patch Available
by
in SecurityNewsA new zero-day vulnerability has been discovered in Windows, impacting all versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into viewing malicious files in Windows Explorer. The issue has been reported to Microsoft, and while…
-
New Windows zero-day leaks NTLM hashes, gets unofficial patch
by
in SecurityNewsFree unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-leaks-ntlm-hashes-gets-unofficial-patch/
-
Windows File Explorer Vulnerability Enables Network Spoofing Attacks: PoC Released
by
in SecurityNewsA critical vulnerability in Windows File Explorer has been discovered, allowing attackers to capture NTLM hashes and potentially exploit them for network spoofing attacks. The vulnerability, identified as CVE-2025-24071, involves the automatic processing of specially crafted .library-ms files within compressed archives like RAR or ZIP. When these files, containing paths to attacker-controlled SMB servers, are extracted, Windows…
-
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
by
in SecurityNewsThe threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.”The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis.”More than 1,600 victims were affected during one…
-
New family of data-stealing malware leverages Microsoft Outlook
by
in SecurityNewscertutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
-
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
by
in SecurityNews
Tags: access, advisory, android, apt, attack, authentication, best-practice, cve, cyber, data, exploit, firmware, flaw, group, Internet, lazarus, linux, malicious, microsoft, network, north-korea, ntlm, office, rce, remote-code-execution, service, technology, tool, update, vulnerability, windows, zero-day3Critical 52Important 0Moderate 0Low Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. This month’s update…
-
So killen Sie NTLM
by
in SecurityNews
Tags: authentication, cloud, crowdstrike, cve, hacker, ibm, mail, microsoft, ntlm, risk, service, technology, vulnerability, windows -
Abusing AD Weak Permission Pre2K Compatibility
by
in SecurityNewsPre2K (short for >>Pre-Windows 2000
-
Further Adventures With CMPivot”Š”, “ŠClient Coercion
by
in SecurityNewsFurther Adventures With CMPivot”Š”, “ŠClient Coercion Perfectly Generated AI Depiction based on Title TL:DR CMPivot queries can be used to coerce SMB authentication from SCCM client hosts Introduction CMPivot is a component part of the Configuration Manager framework. With the rise in popularity for ConfigMgr as a target in red team operations, this post looks to cover a…
-
Ridding your network of NTLM
by
in SecurityNews
Tags: attack, authentication, cloud, crowdstrike, cve, email, encryption, exploit, group, hacker, ibm, Internet, jobs, malicious, microsoft, network, ntlm, password, service, technology, tool, update, vulnerability, windowsMicrosoft has hinted at a possible end to NTLM a few times, but with quite a few Windows 95 or 98 in use that do not support the alternative, Kerberos, it won’t be an easy job to do. There is the option to disable NTLM when using Azure Active Directory but that may not always…
-
How to Protect Your Environment From the NTLM Vulnerability
by
in SecurityNewsThis Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/how-to-protect-your-environment-from-the-ntlm-vulnerability
-
DEF CON 32 NTLM: The Last Ride
by
in SecurityNewsAuthors/Presenters: Jim Rush, Tomais Williamson Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/def-con-32-ntlm-the-last-ride/
-
Enhance Microsoft security by ditching your hybrid setup for Entra-only join
by
in SecurityNews
Tags: ai, authentication, business, cloud, compliance, conference, credentials, email, firewall, group, identity, infrastructure, intelligence, Internet, microsoft, network, ntlm, office, powershell, risk, service, switch, technology, tool, vpn, windowsArtificial intelligence is top of mind for nearly everything Microsoft is doing these days, but there’s another goal the company would like to see its users strive to attain, one that may not be easily obtained, and that’s to be Entra-joined only.That means no more Active Directory (AD) and no more traditional domain: instead, your…
-
Auslaufmodell NTLM: Aus Windows 11 24H2 und Server 2025 teils entfernt
by
in SecurityNewsMicrosoft verbessert den Schutz vor NTLM-Relay-Angriffen. Weitgehend unbemerkt wurden in Windows 11 24H2 und Server 2025 zudem NTLMv1 entfernt. First seen on heise.de Jump to article: www.heise.de/news/Auslaufmodell-NTLM-Aus-Windows-11-24H2-und-Server-2025-teils-entfernt-10217239.html
-
Default NTLM relay attack protections introduced by Microsoft
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/default-ntlm-relay-attack-protections-introduced-by-microsoft
-
Microsoft rollt Windows-Härtung gegen Standard-NTLM-Relay-Angriffe aus
by
in SecurityNewsNTLM-Relaying ist eine beliebte Angriffsmethode, die von Bedrohungsakteuren zur Kompromittierung der Identität verwendet wird. Microsoft möchte dem einen Riegel vorschieben und hat damit begonnen, Schutzmaßnahmen in Windows auszurollen, die einen besseren Schutz vor Standard-NTLM-Relay-Angriffen bieten sollen. NTLM-Relay-Angriffe NTLM-Relaying ist eine … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/11/microsoft-rollt-windows-haertung-gegen-standard-ntlm-relay-angriffe-aus/
-
NTLM-Relay-Angriffe: Microsoft ergreift Gegenmaßnahmen
by
in SecurityNewsEin Angriffsvektor zum Erlangen von Zugriff im Netz ist sogenanntes NTLM-Relaying. Das erschwert Microsoft nun mit neuen Maßnahmen. First seen on heise.de Jump to article: www.heise.de/news/Microsoft-ergreift-Massnahmen-gegen-NTLM-Relay-Angriffe-10194220.html
-
Microsoft ergreift Maßnahmen gegen NTLM-Relay-Angriffe
by
in SecurityNewsEin Angriffsvektor zum Erlangen von Zugriff im Netz ist sogenanntes NTLM-Relaying. Das erschwert Microsoft nun mit neuen Maßnahmen. First seen on heise.de Jump to article: www.heise.de/news/Microsoft-ergreift-Massnahmen-gegen-NTLM-Relay-Angriffe-10194220.html
-
Microsoft Rolls Out Default NTLM Relay Attack Mitigations
by
in SecurityNewsMicrosoft has rolled out new default security protections that mitigate NTLM relaying attacks across on-premises Exchange, AD CS, and LDAP services. The post Microsoft Rolls Out Default NTLM Relay Attack Mitigations appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-rolls-out-default-ntlm-relay-attack-mitigations/
-
Microsoft NTLM Zero-Day to Remain Unpatched Until April
by
in SecurityNews
Tags: attack, credentials, cyberattack, microsoft, mitigation, ntlm, update, vulnerability, windows, zero-dayThe second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april
-
Critical Windows Zero-Day Alert: No Patch Available Yet for Users
by
in SecurityNewsProtect your systems with automated patching and server hardening strategies to defend against vulnerabilities like the NTLM zero-day…. First seen on hackread.com Jump to article: hackread.com/windows-zero-day-alert-no-patch-available-for-users/
-
0patch hilft: Zero-Day-Lücke in allen gängigen Windows-Versionen entdeckt
by
in SecurityNewsBetroffen sind Windows 7 bis 11 sowie Windows Server 2008 bis 2022. Angreifer können NTLM-Hashes abgreifen. Einen Patch gibt es – aber nicht von Microsoft. First seen on golem.de Jump to article: www.golem.de/news/0patch-hilft-zero-day-luecke-in-allen-gaengigen-windows-versionen-entdeckt-2412-191505.html
-
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Microsoft’s OS sure loves throwing your creds at remote systems First seen on theregister.com Jump to article: www.theregister.com/2024/12/06/opatch_zeroday_microsoft/
-
New Windows zero-day exposes NTLM credentials, gets unofficial patch
by
in SecurityNewsA new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/