Dark Reading

SolarWinds Campaign Focuses Attention on 'Golden SAML' Attack Vector

The recently disclosed compromise at SolarWinds and the subsequent targeting of numerous other organizations have focused attention on a dangerous Active Directory Federation Services (ADFS) bypass ...
Bleeping Computer

Golden SAML Attack Lets Attackers Forge Authentication to Cloud Apps

A new technique called "Golden SAML" lets attackers forge authentication requests and access the cloud-based apps of companies that use SAML-compatible domain controllers (DCs) for the authentication ...
Bleeping Computer

GitLab patches critical authentication bypass vulnerabilities

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.
CSOonline

How SAML works and enables single sign-on

What is SAML and what is it used for? The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It ...