Threat Post

SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’

A proof-of-concept attack demonstrates how adversaries can abuse the Security Assertion Markup Language framework to go unnoticed and assume multiple user identities. Researchers at CyberArk Labs have ...
Bleeping Computer

Golden SAML Attack Lets Attackers Forge Authentication to Cloud Apps

A new technique called "Golden SAML" lets attackers forge authentication requests and access the cloud-based apps of companies that use SAML-compatible domain controllers (DCs) for the authentication ...
Dark Reading

The Long Road to Rebuilding Trust After 'Golden SAML'-Like Attacks

Recent breaches, such as those related to the SolarWinds supply chain attack, have focused attention on the considerable challenges that organizations face re-establishing trust in a network where an ...