Dark Reading

Efficient 'MagicWeb' Malware Subverts AD FS Authentication, Microsoft Warns

The attackers responsible for the SolarWinds supply chain attack have added a new arrow to their quiver of misery: A post-compromise capability dubbed MagicWeb, which is used to maintain persistent ...
SiliconANGLE

Microsoft ADFS vulnerability allows hackers to bypass multifactor authentication

A newly discovered vulnerability in Microsoft Corp.’s Activity Directory Federation Services allows hackers to bypass multifactor authentication safeguards in a potentially serious threat to a ...
Dark Reading

Microsoft ADFS Vulnerability Lets Attackers Bypass MFA

A newly discovered vulnerability in Microsoft's Active Directory Federation Services (ADFS) lets threat actors bypass multifactor authentication (MFA) as long as they have the username and password ...
Redmond Magazine

Targeting Microsoft ADFS: How Phishing Campaigns Bypass Multi-Factor Authentication to Enable Account Takeover

A sophisticated phishing campaign is targeting organizations that rely on Microsoft’s Active Directory Federation Services (ADFS), using spoofed login pages to harvest credentials and bypass ...
Computerworld

Explainer: Active Directory Federation Services

Federated identity management, or FIM, is just one of the latest networking buzzwords to hit mainstream. FIM involves a set of agreements for trusting repositories of accounts located in two or more ...
Homeland Security Today

Microsoft Unravels One of NOBELIUM’s Most Novel Cyber Attacks

A new report from Microsoft describes the first time a Global Assembly Cache (GAC) implant was seen in the wild. This new malware, known as MagicWeb, from Russia-based nation-state hacking group ...
Redmond Magazine

Exchange Online Users Getting Client Authentication and ActiveSync Improvements

Microsoft this week announced a couple of changes coming to organizations that use its Exchange Online e-mail service. One of the changes will add "modern authentication" to a couple of client ...