NTLM

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks

Feb 2, 2024 by iHash Leave a Comment

Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those … [Read more...] about Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

Jan 29, 2024 by iHash Leave a Comment

Jan 29, 2024NewsroomVulnerability / NTML Security A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its Patch Tuesday updates for December 2023. "In an … [Read more...] about Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

Oct 14, 2023 by iHash Leave a Comment

Oct 14, 2023NewsroomAuthentication / Endpoint Security Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN … [Read more...] about Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

Detecting NTLM Relay Attacks with CrowdStrike Identity Protection

Jul 24, 2022 by iHash Leave a Comment

Adversaries often exploit legacy protocols like Windows NTLM that unfortunately remain widely deployed despite known vulnerabilities. Previous CrowdStrike blog posts have covered critical vulnerabilities in NTLM that allow remote code execution and other NTLM attacks where attackers could exploit vulnerabilities to bypass MIC (Message Integrity Code) protection, session signing … [Read more...] about Detecting NTLM Relay Attacks with CrowdStrike Identity Protection

AdGuard VPN + Ad Blocker Family Security Suite for $49

Microsoft Office 2024 Home for Mac or PC: One-Time Purchase for $119

ASUS 14" Chromebook C424 (2021) Intel N4020 4GB RAM 128GB eMMC (Refurbished) for $174

Lenovo IdeaPad 5, 14" Touchscreen 2-in-1 Laptop (2024) AMD Ryzen 7, 16GB RAM 1TB SSD Windows 11 Home Cosmic Blue (Refurbished) for $649

Stacks Be Productive Plan: Lifetime Subscription for $29

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

Detecting NTLM Relay Attacks with CrowdStrike Identity Protection