SiliconANGLE

Microsoft ADFS vulnerability allows hackers to bypass multifactor authentication

A newly discovered vulnerability in Microsoft Corp.’s Activity Directory Federation Services allows hackers to bypass multifactor authentication safeguards in a potentially serious threat to a ...
Bleeping Computer

Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows

Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. As a state-sponsored ...
Dark Reading

Efficient 'MagicWeb' Malware Subverts AD FS Authentication, Microsoft Warns

The attackers responsible for the SolarWinds supply chain attack have added a new arrow to their quiver of misery: A post-compromise capability dubbed MagicWeb, which is used to maintain persistent ...
Dark Reading

Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat

Conventional access control and detection mechanisms alone are no longer sufficient to protect enterprise Active Directory Federation Services (ADFS) environments against targeted attacks. With ...
MCPmag

Microsoft Offers Active Directory Password Best Practices

Microsoft recently outlined some best practices to protect user identities in Windows Server Active Directory Federation Services (ADFS) or Azure Active Directory (AD). In its announcement, Microsoft ...