Tag: ntlm

NTLM Hash Exploit Targets Poland and Romania Days After Patch

Apr 17, 2025 6:28 PM

Tags: exploit, leak, ntlm, update, vulnerability

An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ntlm-hash-exploit-targets-poland/
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

Apr 17, 2025 3:28 PM

Tags: attack, cve, exploit, microsoft, ntlm, threat, vulnerability, windows

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/windows-ntlm-vulnerability-exploited-in-multiple-attack-campaigns-cve-2025-24054/
Multiple Groups Exploit NTLM Flaw in Microsoft Windows

Apr 17, 2025 12:28 AM

Tags: attack, exploit, flaw, group, microsoft, ntlm, vulnerability, windows

The attacks have been going on since shortly after Microsoft patched the vulnerability in March. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/multiple-group-exploiting-ntlm-flaw
Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems

Apr 16, 2025 8:28 PM

Tags: credentials, cve, cyber, exploit, flaw, microsoft, network, ntlm, vulnerability, windows

A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide. The flaw, which enables NTLM hash disclosure through spoofing, allows attackers to harvest sensitive user credentials with minimal interaction, potentially leading to privilege escalation and full network compromise. Despite Microsoft releasing a…
‘RemoteMonologue’ New Red Team Technique Exploits DCOM To Steal NTLM Credentials Remotely

Apr 10, 2025 9:05 AM

Tags: credentials, cyber, detection, endpoint, exploit, malicious, ntlm, RedTeam, service, theft

A sophisticated new red team technique dubbed >>RemoteMonologue
Ähnlichkeiten mit bereits ausgenutzer Schwachstelle Day-Sicherheitslücke betrifft NTLM schon wieder

Mar 29, 2025 5:13 AM

Tags: bug, ntlm, vulnerability, zero-day

First seen on security-insider.de Jump to article: www.security-insider.de/0patch-entdeckt-erneut-ntlm-sicherheitsluecke-windows-a-746edbce4296f05d278dfe604afa4e9c/
Unofficial fixes for novel NTLM hash-exposing zero-day issued

Mar 27, 2025 9:37 PM

Tags: ntlm, zero-day

First seen on scworld.com Jump to article: www.scworld.com/brief/unofficial-fixes-for-novel-ntlm-hash-exposing-zero-day-issued
New Windows Zero-Day Vulnerability Exposes NTLM Credentials Unofficial Patch Available

Mar 26, 2025 7:13 AM

Tags: credentials, cyber, malicious, microsoft, ntlm, update, vulnerability, windows, zero-day

A new zero-day vulnerability has been discovered in Windows, impacting all versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into viewing malicious files in Windows Explorer. The issue has been reported to Microsoft, and while…
New Windows zero-day leaks NTLM hashes, gets unofficial patch

Mar 25, 2025 8:14 PM

Tags: credentials, leak, malicious, ntlm, update, vulnerability, windows, zero-day

Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-leaks-ntlm-hashes-gets-unofficial-patch/
Windows File Explorer Vulnerability Enables Network Spoofing Attacks: PoC Released

Mar 19, 2025 7:52 AM

Tags: attack, cve, cyber, exploit, network, ntlm, vulnerability, windows

A critical vulnerability in Windows File Explorer has been discovered, allowing attackers to capture NTLM hashes and potentially exploit them for network spoofing attacks. The vulnerability, identified as CVE-2025-24071, involves the automatic processing of specially crafted .library-ms files within compressed archives like RAR or ZIP. When these files, containing paths to attacker-controlled SMB servers, are extracted, Windows…
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

Mar 11, 2025 6:54 PM

Tags: attack, flaw, github, government, infection, ntlm, rat, threat

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.”The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis.”More than 1,600 victims were affected during one…
Getting the Most Value Out of the OSCP: The PEN-200 Course

Mar 4, 2025 6:34 PM

Tags: access, antivirus, attack, awareness, backdoor, cloud, compliance, conference, control, credentials, cve, cybersecurity, data, defense, detection, dos, edr, endpoint, exploit, github, gitlab, guide, hacker, hacking, jobs, kali, linkedin, linux, login, malicious, malware, mandiant, microsoft, network, ntlm, open-source, password, penetration-testing, powershell, programming, rce, remote-code-execution, risk, service, skills, software, tactics, theft, threat, tool, unauthorized, update, vmware, vulnerability, windows

In this second post of a five-part series, I provide advice on how to best utilize the PEN-200 course material for a successful career in ethical hacking. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
New family of data-stealing malware leverages Microsoft Outlook

Feb 17, 2025 11:46 PM

Tags: access, api, apt, attack, backdoor, breach, ciso, cloud, computer, control, credentials, data, email, github, group, linux, login, mail, malicious, malware, microsoft, network, ntlm, sans, service, tactics, threat, tool, windows

certutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
February Patch Tuesday: CISOs should act now on two actively exploited Windows Server vulnerabilities

Feb 12, 2025 6:01 AM

Tags: access, attack, authentication, ciso, cloud, control, corporate, cve, cvss, data, exploit, infosec, malicious, microsoft, network, ntlm, remote-code-execution, service, tool, training, unauthorized, update, vulnerability, vulnerability-management, windows, zero-day

CVE 2025-21391, a Windows Storage escalation of privilege vulnerability that, if exploited, could allow an attacker to delete but not read, targeted files on a system. While this wouldn’t lead to a loss of confidentiality of data, Microsoft notes it would have a major impact on data integrity and availability.An attacker trying to access a…
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)

Feb 12, 2025 1:55 AM

Tags: access, advisory, android, apt, attack, authentication, best-practice, cve, cyber, data, exploit, firmware, flaw, group, Internet, lazarus, linux, malicious, microsoft, network, north-korea, ntlm, office, rce, remote-code-execution, service, technology, tool, update, vulnerability, windows, zero-day

3Critical 52Important 0Moderate 0Low Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. This month’s update…
So killen Sie NTLM

Feb 10, 2025 8:37 AM

Tags: authentication, cloud, crowdstrike, cve, hacker, ibm, mail, microsoft, ntlm, risk, service, technology, vulnerability, windows
Abusing AD Weak Permission Pre2K Compatibility

Feb 8, 2025 9:06 PM

Tags: ntlm, windows

Pre2K (short for >>Pre-Windows 2000
Further Adventures With CMPivot”Š”, “ŠClient Coercion

Feb 3, 2025 8:12 PM

Tags: access, ai, authentication, computer, control, data, github, microsoft, ntlm, powershell, RedTeam, service, software, tool, vulnerability, windows

Further Adventures With CMPivot”Š”, “ŠClient Coercion Perfectly Generated AI Depiction based on Title TL:DR CMPivot queries can be used to coerce SMB authentication from SCCM client hosts Introduction CMPivot is a component part of the Configuration Manager framework. With the rise in popularity for ConfigMgr as a target in red team operations, this post looks to cover a…
Ridding your network of NTLM

Jan 21, 2025 5:22 AM

Tags: attack, authentication, cloud, crowdstrike, cve, email, encryption, exploit, group, hacker, ibm, Internet, jobs, malicious, microsoft, network, ntlm, password, service, technology, tool, update, vulnerability, windows

Microsoft has hinted at a possible end to NTLM a few times, but with quite a few Windows 95 or 98 in use that do not support the alternative, Kerberos, it won’t be an easy job to do. There is the option to disable NTLM when using Azure Active Directory but that may not always…
Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

Jan 15, 2025 5:02 AM

Tags: access, advisory, ai, attack, authentication, best-practice, cloud, cve, defense, email, exploit, flaw, framework, github, group, intelligence, Internet, malicious, marketplace, microsoft, mitigation, ntlm, office, rce, remote-code-execution, saas, service, social-engineering, software, technology, threat, update, vulnerability, windows, zero-day

10Critical 147Important 0Moderate 0Low Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available. Microsoft patched 157 CVEs in its January 2025 Patch Tuesday release, with 10 rated…
How to Protect Your Environment From the NTLM Vulnerability

Dec 23, 2024 3:42 PM

Tags: ntlm, vulnerability

This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/how-to-protect-your-environment-from-the-ntlm-vulnerability
DEF CON 32 NTLM: The Last Ride

Dec 22, 2024 8:43 PM

Tags: conference, ntlm

Authors/Presenters: Jim Rush, Tomais Williamson Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/def-con-32-ntlm-the-last-ride/
Enhance Microsoft security by ditching your hybrid setup for Entra-only join

Dec 20, 2024 7:42 PM

Tags: ai, authentication, business, cloud, compliance, conference, credentials, email, firewall, group, identity, infrastructure, intelligence, Internet, microsoft, network, ntlm, office, powershell, risk, service, switch, technology, tool, vpn, windows

Artificial intelligence is top of mind for nearly everything Microsoft is doing these days, but there’s another goal the company would like to see its users strive to attain, one that may not be easily obtained, and that’s to be Entra-joined only.That means no more Active Directory (AD) and no more traditional domain: instead, your…
Auslaufmodell NTLM: Aus Windows 11 24H2 und Server 2025 teils entfernt

Dec 20, 2024 11:43 AM

Tags: microsoft, ntlm, windows

Microsoft verbessert den Schutz vor NTLM-Relay-Angriffen. Weitgehend unbemerkt wurden in Windows 11 24H2 und Server 2025 zudem NTLMv1 entfernt. First seen on heise.de Jump to article: www.heise.de/news/Auslaufmodell-NTLM-Aus-Windows-11-24H2-und-Server-2025-teils-entfernt-10217239.html
Default NTLM relay attack protections introduced by Microsoft

Dec 12, 2024 10:05 PM

Tags: attack, microsoft, ntlm

First seen on scworld.com Jump to article: www.scworld.com/brief/default-ntlm-relay-attack-protections-introduced-by-microsoft
Microsoft rollt Windows-Härtung gegen Standard-NTLM-Relay-Angriffe aus

Dec 12, 2024 12:05 AM

Tags: cyberattack, microsoft, ntlm, windows

NTLM-Relaying ist eine beliebte Angriffsmethode, die von Bedrohungsakteuren zur Kompromittierung der Identität verwendet wird. Microsoft möchte dem einen Riegel vorschieben und hat damit begonnen, Schutzmaßnahmen in Windows auszurollen, die einen besseren Schutz vor Standard-NTLM-Relay-Angriffen bieten sollen. NTLM-Relay-Angriffe NTLM-Relaying ist eine … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/11/microsoft-rollt-windows-haertung-gegen-standard-ntlm-relay-angriffe-aus/
NTLM-Relay-Angriffe: Microsoft ergreift Gegenmaßnahmen

Dec 10, 2024 5:07 PM

Tags: access, cyberattack, microsoft, ntlm

Ein Angriffsvektor zum Erlangen von Zugriff im Netz ist sogenanntes NTLM-Relaying. Das erschwert Microsoft nun mit neuen Maßnahmen. First seen on heise.de Jump to article: www.heise.de/news/Microsoft-ergreift-Massnahmen-gegen-NTLM-Relay-Angriffe-10194220.html
Microsoft ergreift Maßnahmen gegen NTLM-Relay-Angriffe

Dec 10, 2024 4:07 PM

Tags: access, cyberattack, microsoft, ntlm

Ein Angriffsvektor zum Erlangen von Zugriff im Netz ist sogenanntes NTLM-Relaying. Das erschwert Microsoft nun mit neuen Maßnahmen. First seen on heise.de Jump to article: www.heise.de/news/Microsoft-ergreift-Massnahmen-gegen-NTLM-Relay-Angriffe-10194220.html
Microsoft Rolls Out Default NTLM Relay Attack Mitigations

Dec 10, 2024 1:09 PM

Tags: attack, microsoft, mitigation, ntlm

Microsoft has rolled out new default security protections that mitigate NTLM relaying attacks across on-premises Exchange, AD CS, and LDAP services. The post Microsoft Rolls Out Default NTLM Relay Attack Mitigations appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-rolls-out-default-ntlm-relay-attack-mitigations/
Microsoft NTLM Zero-Day to Remain Unpatched Until April

Dec 10, 2024 1:09 PM

Tags: attack, credentials, cyberattack, microsoft, mitigation, ntlm, update, vulnerability, windows, zero-day

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april