it.tmcnet

ADFS Exposed: The Reality About this Not-So-Simple Single Sign-On

To make it easier for employees to access all their mission-critical applications in the cloud, many enterprises are turning to single sign-on solutions, the most popular of which is Microsoft (News - ...
Bleeping Computer

Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows

Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. As a state-sponsored ...
Dark Reading

Efficient 'MagicWeb' Malware Subverts AD FS Authentication, Microsoft Warns

The attackers responsible for the SolarWinds supply chain attack have added a new arrow to their quiver of misery: A post-compromise capability dubbed MagicWeb, which is used to maintain persistent ...
Redmond Magazine

Targeting Microsoft ADFS: How Phishing Campaigns Bypass Multi-Factor Authentication to Enable Account Takeover

A sophisticated phishing campaign is targeting organizations that rely on Microsoft’s Active Directory Federation Services (ADFS), using spoofed login pages to harvest credentials and bypass ...
InfoWorld

Does ADFS 2.0 deliver on its single sign-on promise?

If you’ve ever tried to develop an online solution that requires a login, you know it isn’t difficult to accomplish — as long as you handle the login ...
Bleeping Computer

How to protect your ADFS from password spraying attacks

A password spraying attack is a specialized password attack commonly used by attackers that is reasonably effective and helps avoid detection by traditional password defenses. Instead of trying many ...