Tag: windows

New Windows 11 feature blocks NTLM-based attacks over SMB
14Sep By RBNo Comments
News

New Windows 11 feature blocks NTLM-based attacks over SMB

To stop pass-the-hash, NTLM relay, or password-cracking threats, Microsoft implemented a new security feature to Windows 11 that allows administrators to restrict NTLM over SMB. This will alter the conventional method in which Windows SPNEGO would power Kerberos and NTLM (i.e., LM, NTLM, and NTLMv2) authentication discussions with destination servers. Windows will attempt to negotiate authentication with the remote computer by executing an NTLM challenge response when connecting to a remote SMB share. However, the logged-in user's hashed password will be included in the NTLM challenge answer and can be obtained by the server hosting the SMB share read more New Windows 11 feature blocks NTLM-based attacks over SMB. Stay informed with the best cybersecurity news and raise your cybe...
Read More
Hackers Exploit Windows Policy Loophole to Forge Kernel Mode Driver Signatures
12Jul By RBNo Comments
News

Hackers Exploit Windows Policy Loophole to Forge Kernel Mode Driver Signatures

Chinese-speaking threat actors have been seen to be using a Microsoft Windows policy vulnerability to spoof signatures on kernel-mode drivers. In a thorough two-part study provided with The Hacker News, Cisco Talos claimed that "actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates." This poses a serious risk because gaining access to the kernel allows for total system access and consequent system compromise. Microsoft announced that it has taken action to block all certificates in order to reduce the hazard after making a responsible disclosure read more Hackers Exploit Windows Policy Loophole to Forge Kernel Mode Driver Signatures. Stay informed with the best ...
Read More
Iranian Hackers Sophisticated Malware Targets Windows and macOS Users
7Jul By RBNo Comments
News

Iranian Hackers Sophisticated Malware Targets Windows and macOS Users

The spear-phishing attempts that infect Windows and macOS operating systems with malware have been connected to the Iranian nation-state actor known as TA453. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint claimed in a recent research. "When given the chance, TA453 transferred its malware and tried to start a NokNok infection chain with an Apple flavor. Additionally, TA453 used multiple persona impersonations in its never-ending spying mission read more Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awar...
Read More
Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems
15Jun By RBNo Comments
News

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

A zero-day vulnerability in VMware ESXi hosts has been discovered to be used by the Chinese state-sponsored outfit UNC3886 to backdoor Windows and Linux computers. Known as CVE-2023-20867 (CVSS score: 3.9), the VMware Tools authentication bypass vulnerability "enabled the execution of privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs," according to Mandiant. In September 2022, the Google-owned threat intelligence company first identified UNC3886 as a cyber espionage actor who had infected systems running read more Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems. Stay one step ahead of cyber threats with ReconBee.com. ...
Read More
Exploit for Recent Windows Vulnerability Under Active Exploitation Unveil
9Jun By RBNo Comments
News

Exploit for Recent Windows Vulnerability Under Active Exploitation Unveil

Information has become available on a Microsoft Windows security hole that is currently being actively exploited and could be leveraged by a threat actor to escalate their privileges on impacted devices. The vulnerability, identified as CVE-2023-29336, has a severity rating of 7.8 and relates to a flaw that elevates privileges in the Win32k component. In a security advisory released last month as part of Patch Tuesday updates, Microsoft stated that an attacker who was successful in exploiting this vulnerability may obtain read more Exploit for Recent Windows Vulnerability Under Active Exploitation Unveil. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awareness, and the latest cybersecurity news to...
Read More
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
28Dec By RBNo Comments
Business, Risk, Security

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection

The notorious Lazarus Group subcluster BlueNoroff has been seen incorporating fresh strategies into its playbook to get against Windows Mark of the Web (MotW) security measures. In a research released today, Kaspersky revealed that this includes the usage of the virtual hard disc (.VHD extension) and optical disc image (.ISO extension) file formats as a component of a novel infection chain. Security researcher Seongsu Park stated that "BlueNoroff developed multiple phony domains imitating banks and venture capital firms," adding that the new attack technique was noted in its telemetry in September 2022. ABF Capital, Angel Bridge, ANOBAKA, Bank of America, and Mitsubishi UFJ Financial Group, most of which are based in Japan, are among the fake domains that have been discovered to ...
Read More
Follow Us on Twitter
Follow Us on LinkedIn
Follow Us on YouTube
Follow Us on Facebook