#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Windows 11 | Breaking Cybersecurity News | The Hacker News

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

May 21, 2024 Windows 11 Security
 Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. "Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024," the tech giant  said . The Windows maker  originally announced  its decision to drop NTLM in favor of Kerberos for authentication in October 2023. NTLM's lack of support for cryptographic methods such as AES or SHA-256 notwithstanding, the protocol has also been rendered susceptible to relay attacks, a technique that has been widely exploited by the Russia-linked  APT28 actor  via zero-day flaws in Microsoft Outlook. Other changes coming to Windows 11 include enabling  Local Security Authority (LSA) protection  by default for new consumer devices and the use of virtualization-based secur
Google Announces Passkeys Adopted by Over 400 Million Accounts

Google Announces Passkeys Adopted by Over 400 Million Accounts

May 03, 2024 Passwordless / Encryption
Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times  over the past two years . "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google,  said . The search giant notes that passkeys are already used for authentication on Google Accounts more often than legacy forms of two-factor authentication, such as SMS one-time passwords (OTPs) and app based OTPs combined. In addition, the company said it's expanding  Cross-Account Protection , which alerts of suspicious events with third-party apps and services connected to a user's Google Account, to include more apps and services. Google is also expected to support the use of passkeys for high-risk users as part of its Advanced Protection Program (APP), which aims to safeguard people from
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub

Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub

Feb 27, 2024 Malware / Network Security
An "intricately designed" remote access trojan (RAT) called  Xeno RAT  has been made available on GitHub, making it easily accessible to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a "comprehensive set of features for remote system management," according to its developer, who goes by the name moom825. It includes a SOCKS5 reverse proxy and the ability to record real-time audio, as well as incorporate a hidden virtual network computing ( hVNC ) module along the lines of  DarkVNC , which allows attackers to gain remote access to an infected computer. "Xeno RAT is developed entirely from scratch, ensuring a unique and tailored approach to remote access tools," the developer  states  in the project description. Another notable aspect is that it has a builder that enables the creation of bespoke variants of the malware.  It's worth noting that moom825 is a
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
What's the Right EDR for You?

What's the Right EDR for You?

May 10, 2024Endpoint Security / Threat Detection
A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint detection and response (EDR) solutions now serve as critical weapons in the fight, empowering you and your organization to detect known and unknown threats, respond to them quickly, and extend the cybersecurity fight across all phases of an attack.  With the growing need to defend your devices from today's cyber threats, however, choosing the right EDR solution can be a daunting task. There are so many options and features to choose from, and not all EDR solutions are made with everyday businesses and IT teams in mind. So how do you pick the best solution for your needs? Why EDR Is a Must Because of
Microsoft Introduces Linux-Like 'sudo' Command to Windows 11

Microsoft Introduces Linux-Like 'sudo' Command to Windows 11

Feb 12, 2024 Operating System / Technology
Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator privileges. "Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," Microsoft Product Manager Jordi Adoumie  said . "It is an ergonomic and familiar solution for users who want to elevate a command without having to first open a new elevated console." Sudo, short for superuser do, is a  program  for  Unix-like computer operating systems  that allows users to run programs with the security privileges of another user, usually a user with elevated permissions (e.g., administrator). The feature is available for Windows 11 builds 26045 and later. It can be enabled by heading to Settings > System > For Developers, and setting "Enable sudo" to On. Sudo for Windows comes with three options: run applications in a new elevated console window, run the elevated
Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

Jan 29, 2024 Vulnerability / NTML Security
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its  Patch Tuesday updates  for December 2023. "In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file," Microsoft  said  in an advisory released last month. "In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability." Put differently, the adversary would have to convince users to click a link, either embedded in a phishing email or sent via an instant message, and then deceive them into opening the file in question. CVE-202
Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

Oct 14, 2023 Authentication / Endpoint Security
Microsoft has announced that it  plans  to eliminate NT LAN Manager ( NTLM ) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center ( KDC ) for Kerberos." IAKerb enables clients to authenticate with Kerberos across a diverse range of network topologies. The second feature, a local Key Distribution Center (KDC) for Kerberos, extends Kerberos support to local accounts. First introduced in the 1990s, NTLM is a  suite of security protocols  intended to provide authentication, integrity, and confidentiality to users. It is a single sign-on (SSO) tool that relies on a challenge-response protocol that proves
BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11

BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11

Mar 01, 2023 Endpoint Security / Cyber Threat
A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET  said  in a report shared with The Hacker News. UEFI bootkits  are deployed in the FAT32 system partition and allow full control over the operating system (OS) boot process, thereby making it possible to disable OS-level security mechanisms and deploy arbitrary payloads during startup with high privileges. Offered for sale at $5,000 (and $200 per new subsequent version), the powerful and persistent toolkit is programmed in Assembly and C and is 80 kilobytes in size. It also features geofencing capabilities to avoid infecting computers in Armenia, Belarus, Kazakhstan, Moldova, Romania, Russia, and Ukraine. Details about Black
Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Jul 25, 2022
Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the  security baseline  to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors," David Weston, Microsoft's vice president for OS security and enterprise,  said  in a series of tweets last week. "This technique is very commonly used in Human Operated Ransomware and other attacks -- this control will make brute forcing much harder which is awesome!" It's worth pointing out that while this  account lockout setting  is already incorporated in Windows 10, it's not enabled by default. The f
Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware

Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware

May 20, 2022
Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler  said  in a report. "These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network." Some of the rogue distribution vector domains, which were registered last month on April 20, consist of ms-win11[.]com, win11-serv[.]com, and win11install[.]com, and ms-teams-app[.]net. In addition, the cybersecurity firm cautioned that the threat actor behind the impersonation campaign is also leveraging backdoored versions of Adobe Photoshop and other legitimate software such as Microsoft Teams to deliver Vidar malware. The ISO file, for its part,
How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

Jul 26, 2021
Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.  Attackers can exploit this vulnerability to obtain hashed passwords stored in the Security Account Manager (SAM) and Registry, and ultimately run arbitrary code with SYSTEM privileges. SeriousSAM vulnerability, tracked as CVE-2021-36934 , exists in the default configuration of Windows 10 and Windows 11, specifically due to a setting that allows 'read' permissions to the built-in user's group that contains all local users. As a result, built-in local users have access to read the SAM files and the Registry, where they can also view the hashes. Once the attacker has 'User' access, they can use a tool such as Mimikatz to gain access to the Re
New Windows and Linux Flaws Give Attackers Highest System Privileges

New Windows and Linux Flaws Give Attackers Highest System Privileges

Jul 21, 2021
Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. The vulnerability has been nicknamed "SeriousSAM." "Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and SECURITY registry hive files," CERT Coordination Center (CERT/CC) said in a  vulnerability note  published Monday. "This can allow for local privilege escalation (LPE)." The operating system configuration files in question are as follows - c:\Windows\System32\config\sam c:\Windows\System32\config\system c:\Windows\System32\config\security Microsoft, which is tracking the vulnerability under the identifier  CVE-2021-36934 , acknowledged the issue, but has yet to roll out a patch, o
Cybersecurity
Expert Insights
Cybersecurity Resources