Inside Strata s Plans to Solve the Cloud Identity darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.
The Cybersecurity and Infrastructure Security Agency says hackers are breaching federal networks by exploiting methods besides the SolarWinds Orion vulnerabilities.
A sophisticated threat actor compromised a Mimecast certificate used to authenticate several of the company’s products to Microsoft 365 Exchange Web Services, Mimecast disclosed Tuesday.
By Justin Katz
Jan 08, 2021
The Cybersecurity and Infrastructure Security Agency says hackers are breaching federal networks by exploiting methods besides the SolarWinds Orion vulnerabilities. Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML) tokens consistent with this adversary s behavior is present, yet where impacted SolarWinds instances have not been identified, according to updated guidance published Jan 6. CISA is continuing to work to confirm initial access vectors and identify any changes to the tactics, techniques, and procedures (TTPs).
SAML tokens having a 24-hour validity period or not containing multi-factor authentication details where expected are examples of these red flags.