Kate Vinton reports:
In 1997, researcher Aaron Spangler discovered a bug in Internet Explorer that allowed an attacker to steal credentials using a protocol known as Windows Server Message Block (SMB). Eighteen years later, a researcher on the Cylance SPEAR research team testing a messaging app with that bug in mind discovered a much larger vulnerability that affects at least 31 applications including Adobe Reader, iTunes, Box , and Symantec Norton Security Scan on all versions of Windows.
This new vulnerability, called “Redirect to SMB,” allows user login credentials to be leaked from a variety of Windows applications by tricking the apps into authenticating with a rogue server.
Read more on Forbes.