Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps

CyberArk Labs is releasing a tool that implements the golden SAML attack shimit. The attack is basically a forged SAML authentication object and authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism. In a golden SAML attack, attackers can gain access to any application that supports SAML authentication (e.g. Azure, AWS, vSphere, etc.) with any privileges they desire and be any user on the targeted application.”]

Source: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Something Fresh

What to Know About The Jamaica Data Protection Act

St Vincent and the Grenadines embracing CariSECURE

Jamaica's Gov’t Looking to Finalize Data Protection Act Regulations

What People Reading

Feedback and data-driven updates to Googles disclosure policy

Mozilla Says Google's New Ad Tech - FLoC - Doesn't Protect User Privacy

Selling technology to cops, part 2

Launching AnonLeaks, Ready To Dump More HBGary E-mails!

RSA: Geolocation shows just how dead privacy is

Categories

Partners

Just add here your partners image or promo text