July 16, 2024 at 08:25AM Microsoft has resolved an Outlook security bug causing incorrect alerts after December updates. These alerts resulted from an information disclosure vulnerability, potentially allowing attackers to steal NTLM hashes. Despite initial fixes, the issue resurfaced in April and was finally resolved in the July 9th public update, prompting users to reverse … Read more
April 23, 2024 at 05:57PM Microsoft has reverted a fix for a known issue in Outlook, resulting in incorrect security alerts when opening ICS calendar files. The December security updates triggered these alerts, aiming to patch an information disclosure vulnerability. A temporary workaround is available, but it will disable security prompts for other file types. … Read more
March 4, 2024 at 04:46PM TA577 hacking group has shifted to using phishing emails to steal NTLM authentication hashes for account hijacks. They launched campaigns targeting employees’ NTLM hashes, using unique ZIP archives containing HTML files to trigger automatic connections, stealing the hashes. Proofpoint advises specific security measures to counter this threat, including blocking outbound … Read more