New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against...

Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed MagicWeb by Microsoft's threat intelligence teams, the development reiterates...

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Updated August 26, 2022: Added instructions to enable collection of AD FS event logs in order to search for Event ID 501, and added a new resource for AD FS audit logging in Microsoft Sentinel. Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, whi...

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Updated August 26, 2022: Added instructions to enable collection of AD FS event logs in order to search for Event ID 501, and added a new resource for AD FS audit logging in Microsoft Sentinel. Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, whi...

5 ways to connect with Microsoft Security at Identiverse 2022

Identiverse is where the industry gathers to discuss all things identity. The 2022 conference will take place June 21 to 24 in Denver, Colorado, and I’m absolutely thrilled that Microsoft will be there. At Identiverse, we’ll share how we help customers secure access in a hybrid, multicloud, and...

CVE-2021-40456

Windows AD FS Security Feature Bypass Vulnerability...

Security feature bypass

Windows AD FS Security Feature Bypass Vulnerability...

CVE-2021-40456 Windows AD FS Security Feature Bypass Vulnerability

...

CVE-2021-40456 Windows AD FS Security Feature Bypass Vulnerability

...

CVE-2021-40456

CVE-2021-40456 is a Windows AD FS Server vulnerability described as a security feature bypass . The affected component is Active Directory Federation Services on Windows Server; the core issue is bypassing security restrictions within AD FS. Microsoft and security advisories indicate updates/fixe...

Windows AD FS Security Feature Bypass Vulnerability

...

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

The threat actors behind the notorious SolarWinds supply-chain attacks have dispatched new malware to steal data and maintain persistence on victims’ networks, researchers have found. Researchers from the Microsoft Threat Intelligence Center MSTIC have observed the APT it calls Nobelium using a...

FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor

Microsoft continues to work with partners and customers to track and expand our knowledge of the threat actor we refer to as NOBELIUM, the actor behind the SUNBURST backdoor, TEARDROP malware, and related components. As we stated before, we suspect that NOBELIUM can draw from significant...

CVE-2021-33779

Windows AD FS Security Feature Bypass Vulnerability...

Security feature bypass

Windows AD FS Security Feature Bypass Vulnerability...

CVE-2021-33779 Windows AD FS Security Feature Bypass Vulnerability

...

Windows AD FS Security Feature Bypass Vulnerability

...

Abusing Replication: Stealing AD FS Secrets Over the Network

Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching on and Mandiant has observed an increased focus on long-term persistent access to Microsoft 365 as one of their primary objectives. The focus ...

KB4467702: Windows 10 Version 1803 and Windows Server Version 1803 November 2018 Security Update

The remote Windows host is missing security update 4467702. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. CVE-2018-8417 - An elevation of privilege vulnerability...

Cross site scripting

A cross-site-scripting XSS vulnerability exists when an open source customization for Microsoft Active Directory Federation Services AD FS does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This...