Blog Posts Tagged with "Pass-the-Hash"

Fafdf1720f4df1d41c6eacbd2429a06b

Windows Update to Fix Pass-the-Hash Vulnerability? Not!

May 27, 2014 Added by:Tal Be'ery

Exploiting the Pass-the-Hash vulnerability is the weapon of choice for most APT attackers. Therefore when Microsoft released a Windows’ update on May 13th titled: “Update to fix the Pass-The-Hash Vulnerability”, it was warmly accepted by IT teams. However, this update was received by the security community with a raised eyebrow, especially due to the fact that just two months before the upd...

Comments  (0)

Fafdf1720f4df1d41c6eacbd2429a06b

Remote Desktop’s Restricted Admin: Is the Cure Worse Than the Disease?

April 01, 2014 Added by:Tal Be'ery

One of the new security features in the latest Windows release (Windows 8.1) is the “Restricted Admin mode for Remote Desktop Connection”. This measure is meant to enhance Windows credential protection against attacks such as Pass-the-Hash and Pass-the-Ticket. However, it appears that cure might be worse than the disease as the new “Restricted Admin mode” opens a new attack surface for the...

Comments  (0)

Fafdf1720f4df1d41c6eacbd2429a06b

Smart Card Logon: The Good, the Bad and the Ugly

March 10, 2014 Added by:Tal Be'ery

Organizations may find themselves in a “PCI’s Catch 22″ situation: Implementing PCI’s recommended Smart Card Logon for Windows may be in breach of another PCI requirement: to change passwords on a regular basis.

Comments  (2)