Security news aggregator

Latest coverage for NTLM

NTLM is a legacy authentication protocol whose weaknesses can enable credential theft, relay attacks, and unauthorized access to network resources.

57 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

NTLM (NT LAN Manager) is a Microsoft challenge-response authentication protocol still supported by Windows. It lets a client authenticate without sending the password in plaintext, and may be used when Kerberos is unavailable or when legacy applications, workgroups, or older systems require it. NTLMv1 is obsolete and weak; NTLMv2 improves the challenge-response exchange but retains important design limitations.

NTLM matters because attackers who obtain an NT password hash may use pass-the-hash to authenticate without knowing the password. NTLM authentication can also be relayed to another service when that service lacks protections such as message signing or channel binding, potentially granting access with the victim’s credentials. Defenders should inventory and reduce NTLM use, prefer Kerberos where supported, protect credential material, and enable signing or equivalent relay-resistant protections on relevant protocols. Authentication logs can help identify unexpected NTLM use and legacy dependencies before attempting to disable it.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 57
Bank Info Security 5 months, 1 week ago

Microsoft Urges Users to Finally Ditch NTLM Authentication

Seeking to Add Urgency, Mandiant Publishes Rainbow Tables for NTLM Key HashesFor nearly 30 years, security experts have warned organizations to ditch the weak NTLM authentication protocol in Windows. But its use persists, even amidst easy and active exploits. Now Google has published rainbow tables for NTLMv1. Will this finally drive holdout organizations to change?

In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small mistake or hidden service can turn into a real

Bank Info Security 8 months, 3 weeks ago

CISA Flags Highly Exploitable Windows SMB Flaw

NTLM Reflection Attack Strikes AgainA three-month old flaw in a network protocol for file sharing used by Microsoft is under active exploitation, warns the U.S. Cybersecurity and Infrastructure Security Agency. The flaw's exploitation bypasses mitigations Microsoft has built over the years to prevent NTLM reflection attacks.

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild

Loading more headlines...