Tag: ntlm
-
Verwirrung um 0-Click-NTLM Authentication Bypass (Telnet) in Windows
by
in SecurityNewsMir ist gerade eine Information zu einer Schwachstelle im Microsoft Telnet Server untergekommen. Über die Schwachstelle soll ein -Click-NTLM Authentication Bypass möglich sein. Betroffen sind glücklicherweise nur alte Systeme bis Windows Server 2008 R2. Dort sollte Telnet deaktiviert werden. Ein … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/29/verwirrung-um-0-click-ntlm-authentication-bypass-telnet-in-windows/
-
âš¡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
by
in SecurityNewsCan a harmless click really lead to a full-blown cyberattack?Surprisingly, yes, and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps, like…
-
Schwachstelle in NTLM-Hashes – CISA warnt vor aktiven Attacken auf Windows
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/microsoft-windows-sicherheitsluecke-alarm-cisa-a-b08f28d2e89b157520d6ac9c256fa33b/
-
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out”‘of”‘band…
-
CVE-2025-24054 Under Active Attack”, Steals NTLM Credentials on File Download
by
in SecurityNews
Tags: credentials, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, technology, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure First seen on…
-
Windows NTLM hash leak flaw exploited in phishing attacks on governments
by
in SecurityNewsA Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-ntlm-hash-leak-flaw-exploited-in-phishing-attacks-on-governments/
-
NTLM Hash Exploit Targets Poland and Romania Days After Patch
by
in SecurityNewsAn NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ntlm-hash-exploit-targets-poland/
-
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
by
in SecurityNewsCVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/windows-ntlm-vulnerability-exploited-in-multiple-attack-campaigns-cve-2025-24054/
-
Multiple Groups Exploit NTLM Flaw in Microsoft Windows
by
in SecurityNewsThe attacks have been going on since shortly after Microsoft patched the vulnerability in March. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/multiple-group-exploiting-ntlm-flaw
-
Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems
by
in SecurityNewsA critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide. The flaw, which enables NTLM hash disclosure through spoofing, allows attackers to harvest sensitive user credentials with minimal interaction, potentially leading to privilege escalation and full network compromise. Despite Microsoft releasing a…
-
‘RemoteMonologue’ New Red Team Technique Exploits DCOM To Steal NTLM Credentials Remotely
by
in SecurityNewsA sophisticated new red team technique dubbed >>RemoteMonologue
-
Ähnlichkeiten mit bereits ausgenutzer Schwachstelle Day-Sicherheitslücke betrifft NTLM schon wieder
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/0patch-entdeckt-erneut-ntlm-sicherheitsluecke-windows-a-746edbce4296f05d278dfe604afa4e9c/
-
Unofficial fixes for novel NTLM hash-exposing zero-day issued
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/unofficial-fixes-for-novel-ntlm-hash-exposing-zero-day-issued
-
New Windows Zero-Day Vulnerability Exposes NTLM Credentials Unofficial Patch Available
by
in SecurityNewsA new zero-day vulnerability has been discovered in Windows, impacting all versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into viewing malicious files in Windows Explorer. The issue has been reported to Microsoft, and while…
-
New Windows zero-day leaks NTLM hashes, gets unofficial patch
by
in SecurityNewsFree unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-leaks-ntlm-hashes-gets-unofficial-patch/
-
Windows File Explorer Vulnerability Enables Network Spoofing Attacks: PoC Released
by
in SecurityNewsA critical vulnerability in Windows File Explorer has been discovered, allowing attackers to capture NTLM hashes and potentially exploit them for network spoofing attacks. The vulnerability, identified as CVE-2025-24071, involves the automatic processing of specially crafted .library-ms files within compressed archives like RAR or ZIP. When these files, containing paths to attacker-controlled SMB servers, are extracted, Windows…
-
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
by
in SecurityNewsThe threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.”The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis.”More than 1,600 victims were affected during one…
-
New family of data-stealing malware leverages Microsoft Outlook
by
in SecurityNewscertutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
-
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
by
in SecurityNews
Tags: access, advisory, android, apt, attack, authentication, best-practice, cve, cyber, data, exploit, firmware, flaw, group, Internet, lazarus, linux, malicious, microsoft, network, north-korea, ntlm, office, rce, remote-code-execution, service, technology, tool, update, vulnerability, windows, zero-day3Critical 52Important 0Moderate 0Low Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. This month’s update…
-
So killen Sie NTLM
by
in SecurityNews
Tags: authentication, cloud, crowdstrike, cve, hacker, ibm, mail, microsoft, ntlm, risk, service, technology, vulnerability, windows -
Abusing AD Weak Permission Pre2K Compatibility
by
in SecurityNewsPre2K (short for >>Pre-Windows 2000
-
Further Adventures With CMPivot”Š”, “ŠClient Coercion
by
in SecurityNewsFurther Adventures With CMPivot”Š”, “ŠClient Coercion Perfectly Generated AI Depiction based on Title TL:DR CMPivot queries can be used to coerce SMB authentication from SCCM client hosts Introduction CMPivot is a component part of the Configuration Manager framework. With the rise in popularity for ConfigMgr as a target in red team operations, this post looks to cover a…
-
Ridding your network of NTLM
by
in SecurityNews
Tags: attack, authentication, cloud, crowdstrike, cve, email, encryption, exploit, group, hacker, ibm, Internet, jobs, malicious, microsoft, network, ntlm, password, service, technology, tool, update, vulnerability, windowsMicrosoft has hinted at a possible end to NTLM a few times, but with quite a few Windows 95 or 98 in use that do not support the alternative, Kerberos, it won’t be an easy job to do. There is the option to disable NTLM when using Azure Active Directory but that may not always…
-
How to Protect Your Environment From the NTLM Vulnerability
by
in SecurityNewsThis Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/how-to-protect-your-environment-from-the-ntlm-vulnerability
-
DEF CON 32 NTLM: The Last Ride
by
in SecurityNewsAuthors/Presenters: Jim Rush, Tomais Williamson Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/def-con-32-ntlm-the-last-ride/
-
Enhance Microsoft security by ditching your hybrid setup for Entra-only join
by
in SecurityNews
Tags: ai, authentication, business, cloud, compliance, conference, credentials, email, firewall, group, identity, infrastructure, intelligence, Internet, microsoft, network, ntlm, office, powershell, risk, service, switch, technology, tool, vpn, windowsArtificial intelligence is top of mind for nearly everything Microsoft is doing these days, but there’s another goal the company would like to see its users strive to attain, one that may not be easily obtained, and that’s to be Entra-joined only.That means no more Active Directory (AD) and no more traditional domain: instead, your…