Tag: ntlm

Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access

Jun 13, 2025 2:54 PM

Tags: access, cvss, cyber, exploit, flaw, identity, microsoft, ntlm, service, vulnerability

A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of critical Directory Service Accounts (DSAs), potentially compromising Active Directory environments. Rated 6.5 (Medium) on the CVSS v3.1 scale, this flaw exploits MDI’s Lateral Movement Paths (LMPs) feature and has been actively addressed in Microsoft’s May…
Windows Authentication Coercion Attacks Present Major Risks to Enterprise Networks

Jun 4, 2025 2:55 PM

Tags: attack, authentication, cyber, network, ntlm, risk, service, windows

Authentication coercion remains a potent attack vector in Windows environments, enabling attackers with even low-privileged domain accounts to force targeted systems, often high-value servers or domain controllers, to authenticate to attacker-controlled hosts. This technique is closely tied to NTLM and Kerberos relay attacks, where the coerced authentication session is intercepted and relayed to other services,…
Securing Windows 11 and Server 2025: What CISOs should know about the latest updates

May 30, 2025 8:58 AM

Tags: ai, authentication, ciso, control, crypto, Internet, login, microsoft, ntlm, password, privacy, risk, service, software, technology, update, windows

Susan Bradley / CSOYou can prevent Recall use by turning off the saving of snapshots and also disabling Click to Do. Alternatively, if you want to enable the service, I recommend setting a list of applications that you want filtered as well as excluding a list of URLs.In addition, you can set policies for Copilot.…
Windows 11 File Explorer Vulnerability Enables NTLM Hash Theft

May 29, 2025 4:55 PM

Tags: authentication, cve, cyber, flaw, malicious, ntlm, technology, theft, vulnerability, windows

A newly disclosed vulnerability, CVE-2025-24071, has been identified in Windows File Explorer, specifically affecting Windows 11 (23H2) and earlier versions that support .library-ms files and the SMB protocol. This flaw enables attackers to capture NTLM (New Technology LAN Manager) authentication hashes simply by tricking a user into extracting a malicious ZIP archive”, no further interaction…
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine

May 23, 2025 5:54 AM

Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerability

Credential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
0-Click NTLM Auth Bypass Exposes Legacy Microsoft Systems

May 12, 2025 5:10 PM

Tags: attack, authentication, exploit, flaw, microsoft, ntlm, unauthorized, vulnerability

A newly discovered 0-click NTLM authentication bypass vulnerability has resurfaced within Microsoft Telnet Server implementations, exposing a dangerous flaw in outdated yet still-operational systems. Veriti research reveals that this vulnerability, requiring no user interaction, enables remote attackers to exploit NTLM authentication mechanisms and potentially gain unauthorized access. This attack vector stems from legacy architecture still……
Verwirrung um 0-Click-NTLM Authentication Bypass (Telnet) in Windows

Apr 29, 2025 12:51 PM

Tags: authentication, microsoft, ntlm, vulnerability, windows

Mir ist gerade eine Information zu einer Schwachstelle im Microsoft Telnet Server untergekommen. Über die Schwachstelle soll ein -Click-NTLM Authentication Bypass möglich sein. Betroffen sind glücklicherweise nur alte Systeme bis Windows Server 2008 R2. Dort sollte Telnet deaktiviert werden. Ein … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/29/verwirrung-um-0-click-ntlm-authentication-bypass-telnet-in-windows/
âš¡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Apr 28, 2025 1:51 PM

Tags: breach, cyberattack, exploit, hacker, ntlm, spyware, zero-day

Can a harmless click really lead to a full-blown cyberattack?Surprisingly, yes, and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps, like…
Schwachstelle in NTLM-Hashes – CISA warnt vor aktiven Attacken auf Windows

Apr 28, 2025 7:51 AM

Tags: cisa, ntlm, vulnerability, windows

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-windows-sicherheitsluecke-alarm-cisa-a-b08f28d2e89b157520d6ac9c256fa33b/
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

Apr 18, 2025 2:28 PM

Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, vulnerability, windows

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out”‘of”‘band…
CISA Warns of Active Exploitation of Windows NTLM Vulnerability

Apr 18, 2025 11:28 AM

Tags: authentication, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, microsoft, ntlm, unauthorized, vulnerability, windows

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted organizations to active exploitation of a newly disclosed Microsoft Windows vulnerability tracked as CVE-2025-24054. The flaw affects Windows’ NTLM authentication protocol, creating an opportunity for unauthorized attackers to infiltrate systems via a spoofing vulnerability. Overview of the Vulnerability CVE-2025-24054, officially designated as a “Windows NTLM Hash…
CVE-2025-24054 Under Active Attack”, Steals NTLM Credentials on File Download

Apr 18, 2025 7:28 AM

Tags: credentials, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, technology, vulnerability, windows

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure First seen on…
Windows NTLM hash leak flaw exploited in phishing attacks on governments

Apr 17, 2025 10:28 PM

Tags: attack, exploit, flaw, government, hacker, leak, ntlm, phishing, vulnerability, windows

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-ntlm-hash-leak-flaw-exploited-in-phishing-attacks-on-governments/
NTLM Hash Exploit Targets Poland and Romania Days After Patch

Apr 17, 2025 6:28 PM

Tags: exploit, leak, ntlm, update, vulnerability

An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ntlm-hash-exploit-targets-poland/
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

Apr 17, 2025 3:28 PM

Tags: attack, cve, exploit, microsoft, ntlm, threat, vulnerability, windows

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/windows-ntlm-vulnerability-exploited-in-multiple-attack-campaigns-cve-2025-24054/
Multiple Groups Exploit NTLM Flaw in Microsoft Windows

Apr 17, 2025 12:28 AM

Tags: attack, exploit, flaw, group, microsoft, ntlm, vulnerability, windows

The attacks have been going on since shortly after Microsoft patched the vulnerability in March. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/multiple-group-exploiting-ntlm-flaw
Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems

Apr 16, 2025 8:28 PM

Tags: credentials, cve, cyber, exploit, flaw, microsoft, network, ntlm, vulnerability, windows

A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide. The flaw, which enables NTLM hash disclosure through spoofing, allows attackers to harvest sensitive user credentials with minimal interaction, potentially leading to privilege escalation and full network compromise. Despite Microsoft releasing a…
‘RemoteMonologue’ New Red Team Technique Exploits DCOM To Steal NTLM Credentials Remotely

Apr 10, 2025 9:05 AM

Tags: credentials, cyber, detection, endpoint, exploit, malicious, ntlm, RedTeam, service, theft

A sophisticated new red team technique dubbed >>RemoteMonologue
Ähnlichkeiten mit bereits ausgenutzer Schwachstelle Day-Sicherheitslücke betrifft NTLM schon wieder

Mar 29, 2025 5:13 AM

Tags: bug, ntlm, vulnerability, zero-day

First seen on security-insider.de Jump to article: www.security-insider.de/0patch-entdeckt-erneut-ntlm-sicherheitsluecke-windows-a-746edbce4296f05d278dfe604afa4e9c/
Unofficial fixes for novel NTLM hash-exposing zero-day issued

Mar 27, 2025 9:37 PM

Tags: ntlm, zero-day

First seen on scworld.com Jump to article: www.scworld.com/brief/unofficial-fixes-for-novel-ntlm-hash-exposing-zero-day-issued
New Windows Zero-Day Vulnerability Exposes NTLM Credentials Unofficial Patch Available

Mar 26, 2025 7:13 AM

Tags: credentials, cyber, malicious, microsoft, ntlm, update, vulnerability, windows, zero-day

A new zero-day vulnerability has been discovered in Windows, impacting all versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into viewing malicious files in Windows Explorer. The issue has been reported to Microsoft, and while…
New Windows zero-day leaks NTLM hashes, gets unofficial patch

Mar 25, 2025 8:14 PM

Tags: credentials, leak, malicious, ntlm, update, vulnerability, windows, zero-day

Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-leaks-ntlm-hashes-gets-unofficial-patch/
Windows File Explorer Vulnerability Enables Network Spoofing Attacks: PoC Released

Mar 19, 2025 7:52 AM

Tags: attack, cve, cyber, exploit, network, ntlm, vulnerability, windows

A critical vulnerability in Windows File Explorer has been discovered, allowing attackers to capture NTLM hashes and potentially exploit them for network spoofing attacks. The vulnerability, identified as CVE-2025-24071, involves the automatic processing of specially crafted .library-ms files within compressed archives like RAR or ZIP. When these files, containing paths to attacker-controlled SMB servers, are extracted, Windows…
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

Mar 11, 2025 6:54 PM

Tags: attack, flaw, github, government, infection, ntlm, rat, threat

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.”The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis.”More than 1,600 victims were affected during one…
Getting the Most Value Out of the OSCP: The PEN-200 Course

Mar 4, 2025 6:34 PM

Tags: access, antivirus, attack, awareness, backdoor, cloud, compliance, conference, control, credentials, cve, cybersecurity, data, defense, detection, dos, edr, endpoint, exploit, github, gitlab, guide, hacker, hacking, jobs, kali, linkedin, linux, login, malicious, malware, mandiant, microsoft, network, ntlm, open-source, password, penetration-testing, powershell, programming, rce, remote-code-execution, risk, service, skills, software, tactics, theft, threat, tool, unauthorized, update, vmware, vulnerability, windows

In this second post of a five-part series, I provide advice on how to best utilize the PEN-200 course material for a successful career in ethical hacking. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
New family of data-stealing malware leverages Microsoft Outlook

Feb 17, 2025 11:46 PM

Tags: access, api, apt, attack, backdoor, breach, ciso, cloud, computer, control, credentials, data, email, github, group, linux, login, mail, malicious, malware, microsoft, network, ntlm, sans, service, tactics, threat, tool, windows

certutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
February Patch Tuesday: CISOs should act now on two actively exploited Windows Server vulnerabilities

Feb 12, 2025 6:01 AM

Tags: access, attack, authentication, ciso, cloud, control, corporate, cve, cvss, data, exploit, infosec, malicious, microsoft, network, ntlm, remote-code-execution, service, tool, training, unauthorized, update, vulnerability, vulnerability-management, windows, zero-day

CVE 2025-21391, a Windows Storage escalation of privilege vulnerability that, if exploited, could allow an attacker to delete but not read, targeted files on a system. While this wouldn’t lead to a loss of confidentiality of data, Microsoft notes it would have a major impact on data integrity and availability.An attacker trying to access a…
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)

Feb 12, 2025 1:55 AM

Tags: access, advisory, android, apt, attack, authentication, best-practice, cve, cyber, data, exploit, firmware, flaw, group, Internet, lazarus, linux, malicious, microsoft, network, north-korea, ntlm, office, rce, remote-code-execution, service, technology, tool, update, vulnerability, windows, zero-day

3Critical 52Important 0Moderate 0Low Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. This month’s update…
So killen Sie NTLM

Feb 10, 2025 8:37 AM

Tags: authentication, cloud, crowdstrike, cve, hacker, ibm, mail, microsoft, ntlm, risk, service, technology, vulnerability, windows
Abusing AD Weak Permission Pre2K Compatibility

Feb 8, 2025 9:06 PM

Tags: ntlm, windows

Pre2K (short for >>Pre-Windows 2000