Redmond Magazine

Microsoft Eliminates Need for ADFS with Azure Active Directory Certificate-Based Authentication Preview

Microsoft on Monday announced the availability of Azure Active Directory certificate-based authentication (CBA) at the public preview stage. CBA lets organizations authenticate with Azure AD using ...
Bleeping Computer

Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows

Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. As a state-sponsored ...
Dark Reading

Microsoft's Certificate-Based Authentication Enables Phishing-Resistant MFA

Microsoft has removed a key obstacle facing organizations seeking to deploy phishing-resistant multifactor authentication (MFA) by enabling certificate-based authentication (CBA) in Azure Active ...
Bleeping Computer

Hackers steal Microsoft logins using legitimate ADFS redirects

Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins.
Infosecurity-magazine.com

Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA

A new phishing campaign has been observed targeting organizations using Microsoft Active Directory Federation Services (ADFS), leveraging spoofed login pages to steal credentials and bypass ...
Dark Reading

SolarWinds Campaign Focuses Attention on 'Golden SAML' Attack Vector

The recently disclosed compromise at SolarWinds and the subsequent targeting of numerous other organizations have focused attention on a dangerous Active Directory Federation Services (ADFS) bypass ...