Bleeping Computer

Hackers steal Microsoft logins using legitimate ADFS redirects

Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins.
Dark Reading

Microsoft's Certificate-Based Authentication Enables Phishing-Resistant MFA

Microsoft has removed a key obstacle facing organizations seeking to deploy phishing-resistant multifactor authentication (MFA) by enabling certificate-based authentication (CBA) in Azure Active ...
Dark Reading

SolarWinds Campaign Focuses Attention on 'Golden SAML' Attack Vector

The recently disclosed compromise at SolarWinds and the subsequent targeting of numerous other organizations have focused attention on a dangerous Active Directory Federation Services (ADFS) bypass ...
Infosecurity-magazine.com

Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA

A new phishing campaign has been observed targeting organizations using Microsoft Active Directory Federation Services (ADFS), leveraging spoofed login pages to steal credentials and bypass ...