all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Attackers can steal NTLM password hashes via calendar invites

Add to bookmarks
Jan. 22, 2024, 1:38 p.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has shared on Friday. He and his colleagues from Varonis Threat Labs have revealed two additional ways attackers can get users’ NTLM v2 hashes and use them for offline brute-force or authentication relay attacks. While CVE-2023-35636 … More →


The post …

attackers authentication calendar can cve cve-2023-35636 don't miss email enterprise exploited file hashes headers hot stuff labs microsoft microsoft outlook ntlm outlook password passwords researcher security security researcher smbs steal threat threat labs varonis vulnerability windows

Visit resource

More from www.helpnetsecurity.com / Help Net Security

1Password Extended Access Management secures unmanaged applications and devices 8 hours ago | www.helpnetsecurity.com
1password access access management application +18
New SOHO router malware aims for cloud accounts, internal company resources 10 hours ago | www.helpnetsecurity.com
account accounts actor alibaba +38
Trend Micro expands AI-powered cybersecurity platform 10 hours ago | www.helpnetsecurity.com
adoption advancements ai-powered ai tools +16
HITRUST updates Cyber Threat Adaptive engine to address emerging cyber threats 11 hours ago | www.helpnetsecurity.com
accuracy address advanced ai capabilities +27
Secure Code Warrior SCW Trust Score quantifies the security posture of developer teams 11 hours ago | www.helpnetsecurity.com
benchmark code developer effectively +13
Proofpoint DLP Transform secures data moving to ChatGPT, copilots, and other GenAI tools 11 hours ago | www.helpnetsecurity.com
address businesses cases chatgpt +24
Appdome launches MobileEDR, merging MTD and EDR to protect enterprise mobile apps 11 hours ago | www.helpnetsecurity.com
agentless amp app appdome +27
Confluent enhances Apache Flink with new features for easier AI and broader stream processing 12 hours ago | www.helpnetsecurity.com
ai model apache cloud confluent +18
Nord Security unveils NordStellar, a platform for advanced cyber threat detection and response 12 hours ago | www.helpnetsecurity.com
access accounts advanced and response +38

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Information Security Engineer, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

BaaN IV Techno-functional consultant-On-Balfour

@ Marlabs | Piscataway, US
View on infosec-jobs.com

Senior Security Analyst

@ BETSOL | Bengaluru, India
View on infosec-jobs.com

Security Operations Centre Operator

@ NEXTDC | West Footscray, Australia
View on infosec-jobs.com

Senior Network and Security Research Officer

@ University of Toronto | Toronto, ON, CA
View on infosec-jobs.com
View more jobs