Tag: ntlm

The nexus of risk and intelligence: How vulnerability-informed hunting uncovers what everything else misses

Nov 19, 2025 3:49 PM

Tags: access, attack, authentication, business, cisa, compliance, cve, cvss, dark-web, data, defense, detection, dns, edr, endpoint, exploit, framework, intelligence, kev, linux, malicious, mitigation, mitre, monitoring, ntlm, nvd, open-source, password, powershell, remote-code-execution, risk, risk-management, siem, soc, strategy, tactics, technology, threat, update, vulnerability, vulnerability-management

Turning vulnerability data into intelligence: Once vulnerabilities are contextualized, they can be turned into actionable intelligence. Every significant CVE tells a story, known exploit activity, actor interest, proof-of-concept code or links to MITRE ATT&CK techniques. This external intelligence gives us the who and how behind potential exploitation.For example, when a privilege escalation vulnerability in Linux…
Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server

Nov 1, 2025 1:20 AM

Tags: access, antivirus, attack, authentication, best-practice, business, cloud, control, cyber, data, defense, encryption, exploit, identity, mail, microsoft, mitigation, ntlm, risk, service, threat, update, windows

The guidance: The guidance states admins should treat on-prem Exchange servers as being “under imminent threat,” and itemizes key practices for admins:First, it notes, “the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)”;It points out that Microsoft Exchange Server Subscription Edition (SE) is the…
Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server

Nov 1, 2025 1:20 AM

Tags: access, antivirus, attack, authentication, best-practice, business, cloud, control, cyber, data, defense, encryption, exploit, identity, mail, microsoft, mitigation, ntlm, risk, service, threat, update, windows

The guidance: The guidance states admins should treat on-prem Exchange servers as being “under imminent threat,” and itemizes key practices for admins:First, it notes, “the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)”;It points out that Microsoft Exchange Server Subscription Edition (SE) is the…
Microsoft Boosts Windows Security by Disabling File Previews for Downloads

Oct 24, 2025 9:26 AM

Tags: credentials, cyber, exploit, Internet, microsoft, ntlm, update, vulnerability, windows

Microsoft has rolled out a significant security enhancement to Windows File Explorer, automatically disabling the preview pane for files downloaded from the internet as part of security updates released on and after October 14, 2025. This proactive measure targets a long-standing vulnerability that attackers have exploited to harvest NTLM hashes and sensitive credentials used for…
CISA Flags Highly Exploitable Windows SMB Flaw

Oct 22, 2025 12:26 AM

Tags: attack, cisa, cybersecurity, exploit, flaw, infrastructure, microsoft, mitigation, network, ntlm, windows

NTLM Reflection Attack Strikes Again. A three-month old flaw in a network protocol for file sharing used by Microsoft is under active exploitation, warns the U.S. Cybersecurity and Infrastructure Security Agency. The flaw’s exploitation bypasses mitigations Microsoft has built over the years to prevent NTLM reflection attacks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisa-flags-highly-exploitable-windows-smb-flaw-a-29778
Service Accounts in Active Directory: These OG NHIs Could Be Your Weakest Link

Sep 23, 2025 10:16 PM

Tags: access, ai, attack, authentication, breach, cloud, computer, control, credentials, cyber, data, exploit, group, identity, infrastructure, microsoft, ntlm, password, risk, saas, service, software, switch

While non-human identities (NHIs) in cloud and SaaS operations may be getting lots of attention right now, securing your Active Directory service accounts can go a long way in reducing risk. Here are three steps you can take right now. Key takeaways Expect sprawl: Agentic AI and cloud native development accelerate non-human identity (NHI) growth. …
Microsoft’s Patch Tuesday: About 80 Vulnerabilities Patched

Sep 12, 2025 8:16 AM

Tags: authentication, flaw, microsoft, ntlm, office, update, vulnerability, windows

An elevation of privilege vulnerability in the Windows NTLM authentication protocol and a flaw in Office’s Preview Pain are among the most important to patch. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-september-2025/
Microsoft’s Patch Tuesday: About 80 Vulnerabilities Patched

Sep 12, 2025 8:16 AM

Tags: authentication, flaw, microsoft, ntlm, office, update, vulnerability, windows

An elevation of privilege vulnerability in the Windows NTLM authentication protocol and a flaw in Office’s Preview Pain are among the most important to patch. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-september-2025/
Patch Tuesday priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-V

Sep 10, 2025 5:16 PM

Tags: access, attack, authentication, awareness, business, ciso, control, cve, cvss, data, exploit, flaw, ibm, infrastructure, Internet, microsoft, mitigation, network, ntlm, oracle, remote-code-execution, risk, sans, sap, service, software, threat, unauthorized, update, vulnerability, windows, zero-day

CSO. “The sole fact of being it a deserialization vulnerability, exploitable in an unauthenticated way, makes it very critical,” he said. “The positive side of this vulnerability for defenders is that it is exploitable through a protocol that is not typically internet-facing, the RMI-P4 SAP protocol.” Deserialization vulnerabilities are common in products like NetWeaver, Johannes Ullrich,…
Patch Tuesday priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-V

Sep 10, 2025 5:16 PM

Tags: access, attack, authentication, awareness, business, ciso, control, cve, cvss, data, exploit, flaw, ibm, infrastructure, Internet, microsoft, mitigation, network, ntlm, oracle, remote-code-execution, risk, sans, sap, service, software, threat, unauthorized, update, vulnerability, windows, zero-day

CSO. “The sole fact of being it a deserialization vulnerability, exploitable in an unauthenticated way, makes it very critical,” he said. “The positive side of this vulnerability for defenders is that it is exploitable through a protocol that is not typically internet-facing, the RMI-P4 SAP protocol.” Deserialization vulnerabilities are common in products like NetWeaver, Johannes Ullrich,…
Microsoft Patchday September 2025 – HPC Pack mit CVSS 9.8 und NTLM mit 8.8 als Hauptangriffsvektoren

Sep 10, 2025 5:16 PM

Tags: cvss, microsoft, ntlm

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-september-2025-windows-updates-a-6a6019204714a5acc7ec85e52d6b014f/
MITM6 + NTLM Relay Attack Enables Full Domain Compromise

Aug 21, 2025 12:54 PM

Tags: attack, credentials, cyber, cybersecurity, exploit, network, ntlm, windows

Cybersecurity researchers are highlighting a dangerous attack technique that combines rogue IPv6 configuration with NTLM credential relay to achieve complete Active Directory domain compromise, exploiting default Windows configurations that most organizations leave unchanged. Attack Leverages Default Windows IPv6 Behavior The MITM6 + NTLM Relay attack exploits Windows systems’ automatic DHCPv6 requests, even in networks that…
MITM6 + NTLM Relay: How IPv6 Auto-Configuration Leads to Full Domain Compromise

Aug 21, 2025 6:54 AM

Tags: ntlm

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/mitm6-ntlm-relay-how-ipv6-auto-configuration-leads-to-full-domain-compromise
Microsoft Entra Private Access brings conditional access to on-prem Active Directory

Aug 19, 2025 9:54 AM

Tags: access, authentication, cloud, computer, group, microsoft, network, ntlm, ransomware, service, windows

Susan Bradley / CSOThe deepest level of auditing, including workgroup and domain authentication attempts that use NTLM, can be achieved by setting:Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers = Audit AllNetwork security: Restrict NTLM: Audit NTLM authentication in this domain = Enable allNetwork security: Restrict NTLM: Audit Incoming NTLM Traffic = Enable…
Windows tips for reducing the ransomware threat

Aug 7, 2025 10:11 AM

Tags: access, attack, authentication, backup, breach, cloud, computer, control, credentials, government, identity, infrastructure, login, mfa, microsoft, monitoring, network, ntlm, passkey, privacy, ransomware, risk, service, threat, windows

Susan Bradley / CSOIdeally you should have no such protocols observed.
DNN Vulnerability Exposes NTLM Credentials via Unicode Normalization Bypass

Jul 8, 2025 11:34 AM

Tags: credentials, cve, cyber, ntlm, open-source, vulnerability

Security researchers have discovered a critical vulnerability in DNN (formerly DotNetNuke), one of the oldest open-source content management systems, that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique. The vulnerability, tracked as CVE-2025-52488, affects the widely-used enterprise CMS platform and demonstrates how defensive coding measures can be circumvented through carefully…
NTLM relay attacks are back from the dead

Jul 4, 2025 9:34 AM

Tags: attack, ntlm

NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/04/ntlm-relay-attacks/
Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access

Jun 13, 2025 2:54 PM

Tags: access, cvss, cyber, exploit, flaw, identity, microsoft, ntlm, service, vulnerability

A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of critical Directory Service Accounts (DSAs), potentially compromising Active Directory environments. Rated 6.5 (Medium) on the CVSS v3.1 scale, this flaw exploits MDI’s Lateral Movement Paths (LMPs) feature and has been actively addressed in Microsoft’s May…
Windows Authentication Coercion Attacks Present Major Risks to Enterprise Networks

Jun 4, 2025 2:55 PM

Tags: attack, authentication, cyber, network, ntlm, risk, service, windows

Authentication coercion remains a potent attack vector in Windows environments, enabling attackers with even low-privileged domain accounts to force targeted systems, often high-value servers or domain controllers, to authenticate to attacker-controlled hosts. This technique is closely tied to NTLM and Kerberos relay attacks, where the coerced authentication session is intercepted and relayed to other services,…
Securing Windows 11 and Server 2025: What CISOs should know about the latest updates

May 30, 2025 8:58 AM

Tags: ai, authentication, ciso, control, crypto, Internet, login, microsoft, ntlm, password, privacy, risk, service, software, technology, update, windows

Susan Bradley / CSOYou can prevent Recall use by turning off the saving of snapshots and also disabling Click to Do. Alternatively, if you want to enable the service, I recommend setting a list of applications that you want filtered as well as excluding a list of URLs.In addition, you can set policies for Copilot.…
Windows 11 File Explorer Vulnerability Enables NTLM Hash Theft

May 29, 2025 4:55 PM

Tags: authentication, cve, cyber, flaw, malicious, ntlm, technology, theft, vulnerability, windows

A newly disclosed vulnerability, CVE-2025-24071, has been identified in Windows File Explorer, specifically affecting Windows 11 (23H2) and earlier versions that support .library-ms files and the SMB protocol. This flaw enables attackers to capture NTLM (New Technology LAN Manager) authentication hashes simply by tricking a user into extracting a malicious ZIP archive”, no further interaction…
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine

May 23, 2025 5:54 AM

Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerability

Credential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
0-Click NTLM Auth Bypass Exposes Legacy Microsoft Systems

May 12, 2025 5:10 PM

Tags: attack, authentication, exploit, flaw, microsoft, ntlm, unauthorized, vulnerability

A newly discovered 0-click NTLM authentication bypass vulnerability has resurfaced within Microsoft Telnet Server implementations, exposing a dangerous flaw in outdated yet still-operational systems. Veriti research reveals that this vulnerability, requiring no user interaction, enables remote attackers to exploit NTLM authentication mechanisms and potentially gain unauthorized access. This attack vector stems from legacy architecture still……
Verwirrung um 0-Click-NTLM Authentication Bypass (Telnet) in Windows

Apr 29, 2025 12:51 PM

Tags: authentication, microsoft, ntlm, vulnerability, windows

Mir ist gerade eine Information zu einer Schwachstelle im Microsoft Telnet Server untergekommen. Über die Schwachstelle soll ein -Click-NTLM Authentication Bypass möglich sein. Betroffen sind glücklicherweise nur alte Systeme bis Windows Server 2008 R2. Dort sollte Telnet deaktiviert werden. Ein … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/29/verwirrung-um-0-click-ntlm-authentication-bypass-telnet-in-windows/
âš¡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Apr 28, 2025 1:51 PM

Tags: breach, cyberattack, exploit, hacker, ntlm, spyware, zero-day

Can a harmless click really lead to a full-blown cyberattack?Surprisingly, yes, and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps, like…
Schwachstelle in NTLM-Hashes – CISA warnt vor aktiven Attacken auf Windows

Apr 28, 2025 7:51 AM

Tags: cisa, ntlm, vulnerability, windows

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-windows-sicherheitsluecke-alarm-cisa-a-b08f28d2e89b157520d6ac9c256fa33b/
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

Apr 18, 2025 2:28 PM

Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, vulnerability, windows

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out”‘of”‘band…
CISA Warns of Active Exploitation of Windows NTLM Vulnerability

Apr 18, 2025 11:28 AM

Tags: authentication, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, microsoft, ntlm, unauthorized, vulnerability, windows

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted organizations to active exploitation of a newly disclosed Microsoft Windows vulnerability tracked as CVE-2025-24054. The flaw affects Windows’ NTLM authentication protocol, creating an opportunity for unauthorized attackers to infiltrate systems via a spoofing vulnerability. Overview of the Vulnerability CVE-2025-24054, officially designated as a “Windows NTLM Hash…
CVE-2025-24054 Under Active Attack”, Steals NTLM Credentials on File Download

Apr 18, 2025 7:28 AM

Tags: credentials, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, technology, vulnerability, windows

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure First seen on…
Windows NTLM hash leak flaw exploited in phishing attacks on governments

Apr 17, 2025 10:28 PM

Tags: attack, exploit, flaw, government, hacker, leak, ntlm, phishing, vulnerability, windows

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-ntlm-hash-leak-flaw-exploited-in-phishing-attacks-on-governments/