reports. The recently discovered threat have been used for several years, including in an April 2020 incident involving the San Francisco International Airport. The threat, which was identified on one website in Canada and on several websites in Ukraine, infects anyone who visited the sites, leaving them vulnerable to a theft of their Windows authentication credentials that could be used to impersonate the victims. According to researchers, the attack enables threat actors to obtain the New Technology LAN Manager hashes from the victims' devices which they will then use to get usernames and passwords. "To protect against this type of attack, organizations should configure their firewalls to prevent outbound SMB-based communications from leaving the network or consider turning off or limiting SMB in the corporate environment," said Black Lotus Labs' Mike Benjamin.