4 matches found
New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against...
Mitigation of Supply Chain Risks in Microsoft 365
In this blog we review five attack techniques exploited to compromise MS 365 tenants. Qualys SaaS Detection & Response can be used by both IT and security teams to assess these threats, and then to fix common misconfigurations, hardening supply chain defenses. Last October, news of Microsoft 365 ...
shimit - A tool that implements the Golden SAML attack
shimit is a python tool that implements the Golden SAML attack. More informations on this can be found in the following article on our blog. python .\shimit.py -h usage: shimit.py -h -pk KEY -c CERT -sp SP -idp IDP -u USER -reg REGION --SessionValidity SESSIONVALIDITY --SamlValidity SAMLVALIDITY ...
Unspecified vulnerability in RubyGems ruby-saml
RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. A security vulnerability exists in RubyGems Ruby-saml versions prior to 1.3.0. An attacker could exploit this vulnerability to perform an XML signatur...