Recurring Windows Flaw Could Expose User Credentials

Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.

Follow Dark Reading:

October 30, 2024

LATEST SECURITY NEWS & COMMENTARY Recurring Windows Flaw Could Expose User Credentials Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before. China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking A professional-grade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration. FBI, Partners Disrupt RedLine, Meta Stealer Operations A collaboration with the FBI and law-enforcement agencies in Europe, the UK, and Australia, Operation Magnus has seized servers and source code related to the two malware families, which have stolen data from millions of victims worldwide. French ISP Confirms Cyberattack, Data Breach Affecting 19M In the latest attack against ISPs, second-largest French provider Free fell victim to unknown cyberattackers who attempted to sell the compromised data it stole from the company on an underground cybercrime forum. How to Find the Right CISO Great CISOs are in short supply, so choose wisely. Here are five ways to make sure you've made the right pick. MORE NEWS / MORE COMMENTARY HOT TOPICS Mozilla: ChatGPT Can Be Manipulated Using Hex Code LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique. Russia Kneecaps Ukraine Army Recruitment With Spoofed 'Civil Defense' App Posing as an application used to locate Ukrainian military recruiters, a Kremlin-backed hacking initiative delivers malware, along with disinformation designed to undermine sign-ups for soldiers in the war against Russia. Put End-of-Life Software to Rest Relying on EOL software leaves critical systems exposed — making it a problem no business can afford to ignore. My Journey From the Air Force to Cybersecurity Cybersecurity is mission-driven, meaningful work that coincides with the service branches' goals to protect, defend, and create a safer world. MORE PRODUCTS & RELEASES Grip Security Releases 2025 SaaS Security Risks Report Jake Williams Joins Hunter Strategy As VP of RND & Managing Director of Hunter Labs American Water Under Investigation for Cyberattack Potentially Affecting 14M Customers MORE PRODUCTS & RELEASES EDITORS' CHOICE Windows 'Downdate' Attack Reverts Patched PCs to a Vulnerable State Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement (DSE) bypass. LATEST FROM THE EDGE 'Shift Left' Gets Pushback, Triggers Security Soul Searching A government report's criticism of the 100x metric often used to justify fixing software earlier in development fuels a growing debate over pushing responsibility for secure code onto developers. LATEST FROM DR TECHNOLOGY Sophos-SecureWorks Deal Focuses on Building Advanced MDR, XDR Platform Sophos CEO Joe Levy says the $859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform — with network detection and response, vulnerability detection and response, and identity threat detection and response capabilities — at the core. LATEST FROM DR GLOBAL China's Elite Cyber Corps Hone Skills on Virtual Battlefields The nation leads in the number of capture-the-flag tournaments sponsored by government and industry — a strategy from which Western nations could learn. WEBINARS Safeguarding GitHub Data to Fuel Web Innovation Unleashing AI to Assess Cyber Security Risk View More Dark Reading Webinars >> WHITE PAPERS The Top 15 Data Detection & Response (DDR) Use Cases DLP Buyer's Guide: 11 Criteria for Evaluating Data Loss Prevention Solutions 2024 Cloud Security Report The State of Asset Security: Uncovering Alarming Gaps & Unexpected Exposures The Anatomy of a Ransomware Attack SecOps Checklist SANS Security Awareness Maturity Model View More White Papers >> FEATURED REPORTS Managing Third-Party Risk Through Situational Awareness 2024 InformationWeek US IT Salary Report View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | Informa Tech | Privacy Statement | Terms & Conditions | Contact Us