Windows Report

Microsoft Warns of Kerberos Changes That Could Break Enterprise Logins

Microsoft will enforce stronger Kerberos encryption in April 2026, removing RC4 support and potentially impacting enterprise setups.
CSOonline

Advanced authentication can’t cure all security ills

Many companies I work with are interested in beefing up end-user authentication. Usually, this means they’re considering going beyond the standard Windows name-and-password logon to bring in ...
Bleeping Computer

Kerberos AS-REP roasting attacks: What you need to know

Robust passwords remain the cornerstone of online security, even as malicious actors sharpen their attacks. Consider the threat from AS-REP roasting – and the defenses organizations must deploy to ...
Linux Journal

Centralized Authentication with Kerberos 5, Part I

Account administration in a distributed UNIX/Linux environment can become complicated and messy if done by hand. Large sites use special tools to deal with this problem. In this article, I describe ...
CSOonline

Don’t count on Kerberos to thwart pass-the-hash attacks

Several readers responded to my previous post on pass-the-hash attacks, asking if Kerberos authentication versus LANManager, NTLM, or NTLMv2 was an effective defense. It’s a good question, one that I ...
Dark Reading

Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts

Microsoft's Azure AD Kerberos service, a cloud-based identity and access management (IAM) service based on Kerberos authentication, can be attacked using techniques similar to those used by attackers ...