#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
Get the Free Newsletter
Windows 11 | Breaking Cybersecurity News | The Hacker News
Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
Oct 14, 2023
Authentication / Endpoint Security
Microsoft has announced that it plans to eliminate NT LAN Manager ( NTLM ) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center ( KDC ) for Kerberos." IAKerb enables clients to authenticate with Kerberos across a diverse range of network topologies. The second feature, a local Key Distribution Center (KDC) for Kerberos, extends Kerberos support to local accounts. First introduced in the 1990s, NTLM is a suite of security protocols intended to provide authentication, integrity, and confidentiality to users. It is a single sign-on (SSO) tool that relies on a challenge-response protocol that proves
BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11
Mar 01, 2023
Endpoint Security / Cyber Threat
A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET said in a report shared with The Hacker News. UEFI bootkits are deployed in the FAT32 system partition and allow full control over the operating system (OS) boot process, thereby making it possible to disable OS-level security mechanisms and deploy arbitrary payloads during startup with high privileges. Offered for sale at $5,000 (and $200 per new subsequent version), the powerful and persistent toolkit is programmed in Assembly and C and is 80 kilobytes in size. It also features geofencing capabilities to avoid infecting computers in Armenia, Belarus, Kazakhstan, Moldova, Romania, Russia, and Ukraine. Details about Black
Guide: How to Minimize Third-Party Risk With Vendor Management
Vendor Risk Management
Manage third-party risk while dealing with challenges like limited resources and repetitive manual processes.
AI Solutions Are the New Shadow IT
Nov 22, 2023
AI Security / SaaS Security
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT's meteoric rise to 100 million users within 60 days of launch , especially with little sales and marketing fanfare, employee-driven demand for AI tools will only escalate. As new studies show some workers boost productivity by 40% using generative AI , the pressure for CISOs and their teams to fast-track AI adoption — and turn a blind eye to unsanctioned AI tool usage — is intensifying. But succumbing to these pressures can introduce serious SaaS data leakage and breach risks, particularly as employees flock to AI tools developed by small businesses, solopreneurs, and indie developers. AI Security Guide Download AppOmni's CISO Guide to AI Security - Part 1 AI evoke
Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11
Jul 25, 2022
Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors," David Weston, Microsoft's vice president for OS security and enterprise, said in a series of tweets last week. "This technique is very commonly used in Human Operated Ransomware and other attacks -- this control will make brute forcing much harder which is awesome!" It's worth pointing out that while this account lockout setting is already incorporated in Windows 10, it's not enabled by default. The f
Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware
May 20, 2022
Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler said in a report. "These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network." Some of the rogue distribution vector domains, which were registered last month on April 20, consist of ms-win11[.]com, win11-serv[.]com, and win11install[.]com, and ms-teams-app[.]net. In addition, the cybersecurity firm cautioned that the threat actor behind the impersonation campaign is also leveraging backdoored versions of Adobe Photoshop and other legitimate software such as Microsoft Teams to deliver Vidar malware. The ISO file, for its part,
How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability
Jul 26, 2021
Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack. Attackers can exploit this vulnerability to obtain hashed passwords stored in the Security Account Manager (SAM) and Registry, and ultimately run arbitrary code with SYSTEM privileges. SeriousSAM vulnerability, tracked as CVE-2021-36934 , exists in the default configuration of Windows 10 and Windows 11, specifically due to a setting that allows 'read' permissions to the built-in user's group that contains all local users. As a result, built-in local users have access to read the SAM files and the Registry, where they can also view the hashes. Once the attacker has 'User' access, they can use a tool such as Mimikatz to gain access to the Re
New Windows and Linux Flaws Give Attackers Highest System Privileges
Jul 21, 2021
Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. The vulnerability has been nicknamed "SeriousSAM." "Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and SECURITY registry hive files," CERT Coordination Center (CERT/CC) said in a vulnerability note published Monday. "This can allow for local privilege escalation (LPE)." The operating system configuration files in question are as follows - c:\Windows\System32\config\sam c:\Windows\System32\config\system c:\Windows\System32\config\security Microsoft, which is tracking the vulnerability under the identifier CVE-2021-36934 , acknowledged the issue, but has yet to roll out a patch, o
Befriend Your Mom with Technology
Explain cybersecurity with Moonlock
Discover Our Unparalleled Threat Detection Capabilities
Try Fidelis Elevate for 30 days and discover threats your current provider missed.
Webinar: A New Approach to Mitigating Insider Risks
Learn how you can easily mitigate the modern security risks introduced by your employees.
Advance in the Field of Cybersecurity with Georgetown
Learn cybersecurity strategies from the experts. Attend a sample class on Nov. 30.
Join 120,000+ Professionals
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.