Seven Windows authentication paths bypass MFA protections, enabling credential attacks through AD, NTLM, Kerberos, RDP, SMB, and service accounts.

An ancient network authentication protocol has received its first death notice. The protocol, which has roots going back to the first local area network days of the 1980s, is called Microsoft NTLM, ...

Two security vulnerabilities in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full ...

Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.

Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllers Your email has been sent Microsoft is sounding an alert about a threat against Windows domain controllers ...

A vulnerability allowing attackers to leak NTLM authentication hashes with minimal user interaction has been actively exploited just days after Microsoft released a patch. The flaw, tracked as ...

Microsoft has posted advisory and detailed instructions on protecting Windows domain controllers and other Windows servers from the NTLM Relay Attack known as PetitPotam. The PetitPotam take on the ...

Microsoft has released fresh guidance to organizations on how to mitigate NTLM relay attacks by default, days after researchers reported finding a NTLM hash disclosure zero-day in all versions of ...

Cybersecurity researchers at Proofpoint have uncovered a new tactic employed by cybercriminal threat actor TA577, shedding light on a lesser-seen objective in their operations. The group was found ...

I have a software vendor installing an application on a server in my domain and they're requesting that NTLM authentication be disabled on the server. I'm still trying to get a clear explanation of ...