InfoWorld

Getting a grip on better password hashes

Many of today’s computer passwords are stored and transmitted in a cryptographic hashed form. A strong password hash algorithm ensures that if the password hash is obtained by unauthorized parties ...
Homeland Security Today

Use an 8-Char Windows NTLM Password? Don’t. Every Single One Can Be Cracked in Under 2.5 Hours

HashCat, an open source password recovery tool, can now crack an eight-character Windows NTLM password hash in less time than it will take to watch Avengers: Endgame. In 2011 security researcher ...
Bleeping Computer

Windows 10 themes can be abused to steal Windows passwords

Specially crafted Windows 10 themes and theme packs can be used in 'Pass-the-Hash' attacks to steal Windows account credentials from unsuspecting users. Windows allows users to create custom themes ...
Dark Reading

How NTLM and Kerberos Are Still Abused in AD Attacks

Authentication sits at the heart of enterprise security, making passwords and the authentication mechanisms that use them, prime targets for cybercriminals. For more than 90% of organizations that use ...
Infosecurity-magazine.com

NTLM Hash Exploit Targets Poland and Romania Days After Patch

A vulnerability allowing attackers to leak NTLM authentication hashes with minimal user interaction has been actively exploited just days after Microsoft released a patch. The flaw, tracked as ...
Infosecurity-magazine.com

TA577 Exploits NTLM Authentication Vulnerability

Cybersecurity researchers at Proofpoint have uncovered a new tactic employed by cybercriminal threat actor TA577, shedding light on a lesser-seen objective in their operations. The group was found ...
Dark Reading

OPA for Windows Vulnerability Exposes NTLM Hashes

Organizations using Open Policy Agent (OPA) for Windows should consider updating to v0.68.0 or later to protect against an authentication hash leakage vulnerability identified in all earlier versions ...