CrowdStrike breaks down Golden SAML attack techtarget.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from techtarget.com Daily Mail and Mail on Sunday newspapers.
FireEye CEO Kevin Mandia testifies during a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021 in Washington, DC. FireEye owns Mandiant, founded by Mandia, which released research Tuesday about the need to lock down Active Directory Federation Services. (Photo by Drew Angerer/Getty Images)
Mandiant Tuesday posted a blog detailing a new attack strategy against Microsoft’s Active Directory Federation Services (AD FS). Researchers with the company believe the need to protect AD FS might be the unheralded second lesson from the SolarWinds campaign.
The main lesson organizations drew from the SolarWinds campaign was the need to protect against third-party risk and address supply chain security. Hackers that the United States linked to Russian Intelligence used a gimmicked update to the SolarWinds IT management software and other vectors to take over a variety of government agencies and private organizations.
In December, the disclosure of the supply chain attack against SolarWinds sent shockwaves throughout federal agencies responsible for the security of US information assets. The ripple effect hit the IT community as well. Those ripples have continued into 2021, as what was already seen as a sophisticated attack on the IT supply chain has taken additional twists. New evidence points to attackers using well-established methods to gain initial access the old-fashioned way, through on-premises Active Directory (AD).
Compromising the SolarWinds build environment and sending Trojanized versions of updates for the Orion Platform is the best-known tactic believed to have been used by the threat group behind the attacks. According to the Cybersecurity and Infrastructure Security Agency (CISA), the threat actor was observed compromising or bypassing federated identity solutions and leveraging forged authentication tokens to move laterally to Microsoft cloud environments. From there, the threat
Learn SAML: The Language You Don t Know You re Already Speaking
Security Assertion Markup Language, a protocol most people use daily to log into applications, makes authentication easier for both admins and users. Here s what you need to know about SAML (and what it has to do with GoldenSAML ).
Security Assertion Markup Language (SAML): You may have heard of it. You ve likely used it at least once today to log into a website portal or enterprise application. But what is SAML? How does it work? And why do you need to know about it?
(Source: Mykyta via Adobe Stock)
What Is SAML?
VMware Flaw Used To Hit Choice Targets In SolarWinds Hack: Report
A VMware vulnerability that allowed federated authentication abuse was used by the SolarWinds hackers to attack valuable targets, KrebsOnSecurity said. VMware said it didn’t have any indication of this happening. By Michael Novinson December 18, 2020, 03:52 PM EST
A VMware vulnerability that allowed access to protected data and federated authentication abuse was used by the SolarWinds hackers to attack high-value targets, KrebsOnSecurity reported.
The U.S. National Security Agency (NSA) warned on Dec. 7 that a flaw in the software of Palo Alto, Calif.-based VMware was being used by Russian hackers to impersonate legitimate users on breached networks. In order to exploit this vulnerability, the NSA said hackers would need to be on the target’s internal network, which KrebsOnSecurity pointed out would have been the case in the SolarWinds hack.