NTLM | Breaking Cybersecurity News | The Hacker News

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as JavaScript and PowerShell," Microsoft Program Manager Naveen Shankar  said . "These languages offer broader capabilities and are better suited for modern web development and automation tasks." The tech giant originally  announced  its plans to gradually sunset VBScript in October 2023. The scripting language, also called Visual Basic Scripting Edition, was first introduced by Microsoft in 1996 as a Windows system component, offering users the ability to automate tasks and develop interactive web pages using Internet Explorer and Edge (in  Internet Explorer mode ). The announced deprecation plan consists of three phases, with the first phase kicking off in the second h

A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its  Patch Tuesday updates  for December 2023. "In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file," Microsoft  said  in an advisory released last month. "In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability." Put differently, the adversary would have to convince users to click a link, either embedded in a phishing email or sent via an instant message, and then deceive them into opening the file in question. CVE-202

Want to know what's the latest and greatest in SecOps for 2024? Gartner's recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year's report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial Exposure Validation (AEV). These category definitions are aimed at providing some structure to the evolving landscape of exposure management technologies. Pentera, listed as a sample vendor in the newly defined AEV category, is playing a pivotal role in increasing the adoption of CTEM, with a focus on security validation. Following is our take on the CTEM related product categories and what they mean for enterprise security leaders. The Industry is Maturing CTEM, coined by Gartner in 2022, presents a structural approach for continuously assessing, prioritizing, validating, and remediating expo