Threat Post

SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’

A proof-of-concept attack demonstrates how adversaries can abuse the Security Assertion Markup Language framework to go unnoticed and assume multiple user identities. Researchers at CyberArk Labs have ...
Bleeping Computer

Golden SAML Attack Lets Attackers Forge Authentication to Cloud Apps

A new technique called "Golden SAML" lets attackers forge authentication requests and access the cloud-based apps of companies that use SAML-compatible domain controllers (DCs) for the authentication ...
Dark Reading

SolarWinds Campaign Focuses Attention on 'Golden SAML' Attack Vector

The recently disclosed compromise at SolarWinds and the subsequent targeting of numerous other organizations have focused attention on a dangerous Active Directory Federation Services (ADFS) bypass ...
Bleeping Computer

GitLab releases fix for critical SAML authentication bypass flaw

GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE ...
CSOonline

If you are generating SAML signing certificates externally, STOP!

SAML authentication certificates, generated with tools other than dedicated cloud identity solutions, can be forged by hackers, according to a new proof of concept. There is now a way to forge ...