All news with #kerberoasting tag

Kerberoasting in 2025: Protecting Service Accounts

🔒 Kerberoasting remains a persistent threat to Active Directory environments, enabling attackers to request service tickets for SPNs and crack their password hashes offline to escalate privileges. Adversaries use freely available tools like GetUserSPNs.py and Rubeus to extract tickets tied to service accounts, then perform offline brute-force attacks against the ticket encryption. Mitigations recommended include regular AD password audits, using gMSAs with auto-managed long passwords, preferring AES over RC4, enforcing non-reusable 25+ character passwords with rotation, and deploying MFA and robust password policies.

Senator Probes Microsoft over Continued RC4 Use in Kerberos

🔒 Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft for its continued use of the RC4 encryption algorithm. The letter highlights a technique called Kerberoasting, which exploits Kerberos ticket encryption to extract service account credentials. The complaint raises concerns about lingering support for weak ciphers in enterprise authentication.

Senator Wyden Urges FTC Probe of Microsoft's Security

🚨 U.S. Senator Ron Wyden requested that the FTC investigate Microsoft for what he describes as “gross cybersecurity negligence” after product weaknesses tied to Kerberos and legacy RC4 usage contributed to ransomware incidents, including the May 2024 Ascension Health breach that exposed data for 5.6 million patients. Wyden says his office alerted Microsoft in July 2024 and urged setting stronger ciphers like AES as defaults; he criticized an October Microsoft blog as too technical to warn corporate decision-makers. Microsoft replied that RC4 accounts for under 0.1% of traffic, that full removal risks breaking legacy systems, and that deprecation is on its roadmap.

Senator Wyden Urges FTC Probe of Microsoft Ransomware Lapses

🔍 Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft for what he describes as "gross cybersecurity negligence" that he says facilitated ransomware attacks on U.S. critical infrastructure, including healthcare. Wyden's four-page letter to FTC Chair Andrew Ferguson cites the 2024 Ascension breach attributed to Black Basta and details an attack chain that began when a contractor clicked a malicious link after using Microsoft's Bing search. The senator highlights exploitation of insecure default Kerberos settings and legacy RC4 support enabling Kerberoasting, and criticizes Microsoft for not enforcing stronger defaults and minimum password requirements while noting the company's published mitigations and planned deprecations.