Tag

Ntlm

All articles tagged with #ntlm

cybersecurity1 year ago•2 min saved

Microsoft Urges Immediate Updates to Combat New Security Threats

A newly patched NTLM vulnerability, CVE-2024-43451, was exploited by suspected Russian hackers to target Ukraine through phishing emails. The flaw, which allows NTLMv2 hash theft, was used to deliver Spark RAT malware via a compromised Ukrainian government server. The attack involved phishing emails prompting users to download malicious URL files, leading to further payload downloads. CERT-UA linked the activity to Russian threat actor UAC-0194, while also warning of financially motivated attacks using LiteManager software.

via The Hacker News|

#cybersecurity #ntlm #phishing

technologysecurity1 year ago•2 min saved

"Outlook Vulnerability Exposes NTLM Passwords, Researchers Find"

A security flaw in Microsoft Outlook, tracked as CVE-2023-35636, could allow threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file, potentially through email or web-based attack scenarios. The vulnerability, now patched, was discovered by Varonis security researcher Dolev Taler and could lead to NTLM hashes being leaked. Microsoft has announced plans to discontinue NTLM in Windows 11 in favor of Kerberos for improved security.

via The Hacker News|

#microsoft-outlook #ntlm #patch-tuesday

cybersecurity2 years ago•12 min saved

Exploiting Microsoft Access "Linked Table" Feature for NTLM Forced Authentication Attacks

Researchers at Check Point have discovered a method to abuse the "Linked Table" feature in Microsoft Access, allowing attackers to perform NTLM forced authentication attacks. By tricking victims into opening a specially crafted .accdb or .mdb file, the attacker can leak the victim's NTLM tokens to an attacker-controlled server via any TCP port, bypassing firewall rules designed to block NTLM information stealing. NTLM is an outdated authentication protocol with known vulnerabilities, including brute-force attacks, pass-the-hash attacks, and relay attacks. Check Point recommends blocking outbound traffic through ports 139 and 445, disabling macros in MS-Access, and avoiding opening attachments from unsolicited sources to mitigate the risk.

via Check Point Research|

#cybersecurity #forced-authentication-attacks #link-tables

technologysecurity2 years ago•1 min saved

Microsoft Ditches NTLM for Kerberos, Free Windows 10 Upgrades Over

Microsoft plans to phase out the NT LAN Manager (NTLM) authentication protocol in Windows 11 and focus on strengthening the Kerberos authentication protocol for improved security. New features in Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos. NTLM, introduced in the 1990s, has been supplanted by Kerberos since Windows 2000 but continues to be used as a fallback mechanism. NTLM has inherent security weaknesses and is vulnerable to relay attacks, prompting Microsoft to encourage the use of Kerberos instead.

via The Hacker News|

#authentication #kerberos #microsoft

technology2 years ago•2 min saved

Microsoft's Windows 11: Changes to Authentication and Upgrades

Microsoft plans to phase out the NTLM authentication protocol in Windows 11, as it has been extensively exploited by threat actors in attacks such as NTLM relay attacks and pass-the-hash attacks. Kerberos has replaced NTLM as the default authentication protocol for domain-connected devices on Windows. Microsoft is working on two new Kerberos features, IAKerb and Local KDC, to enhance its use and address challenges leading to Kerberos fallback to NTLM. Additionally, Microsoft intends to expand NTLM management controls to provide administrators with more flexibility in monitoring and restricting NTLM usage. The company will disable NTLM in Windows 11 once it determines it is safe to do so, but customers will have the option to reenable it for compatibility reasons.

via BleepingComputer|

#authentication #kerberos #microsoft

cybersecurity2 years ago•1 min saved

Microsoft Addresses Multiple Zero-Day Vulnerabilities in May 2023 Patch Tuesday

Cybersecurity researchers have disclosed a zero-click vulnerability in Windows MSHTML platform that could be exploited to bypass integrity protections on targeted machines and steal NTLM credentials. The vulnerability, tracked as CVE-2023-29324, affects all Windows versions and is a bypass for a fix Microsoft put in place in March 2023 to resolve CVE-2023-23397. Microsoft has addressed the vulnerability as part of its Patch Tuesday updates for May 2023 and is recommending users to install Internet Explorer Cumulative updates to address vulnerabilities in the MSHTML platform and scripting engine.

via The Hacker News|

#cybersecurity #ntlm #patch

cybersecurity2 years ago•2 min saved

Microsoft Outlook Vulnerabilities: What You Need to Know.

Hackers are exploiting a critical vulnerability in Microsoft Outlook, CVE-2023-23397, to steal NTLM hashes and gain affluent access to organizations through an escalation of privilege vulnerability. The vulnerability affects all versions of Microsoft Outlook on Windows, and threat actors have targeted and breached the networks of about 15 critical organizations related to government, military, energy, and transportation. Microsoft researchers have provided key mitigations, including installing the patch, using the Protected Users Security Group, and blocking port TCP/445 outbound from the network. Admins must apply and check all the recommended mitigations immediately to prevent any attack effectively.

via CybersecurityNews|

#cybersecurity #microsoft-outlook #ntlm