NIST's guidance for a Zero Trust Architecture

Recent AD News

Active Directory’s architectural limitations taken advantage of during Solorigate, says CrowdStrike CEO

During the Feb 23rd senate hearing on SolarWinds Orion software hack, George Kurtz, president, and CEO of CrowdStrike pointed towards an ‘architectural limitation’ in Active Directory federation Service that was taken advantage of during the attack.

“Significantly, one of the most sophisticated aspects of the StellarParticle campaign was how skillfully the threat actor took advantage of architectural limitations in Microsoft’s Active Directory Federation Service credentialing and authentication process. The Golden SAML attack leveraged by StellarParticle actors allowed them to jump from customers’ on-premise environments and into their cloud and cloud-applications, effectively bypassing multi-factor authentication,” said Kurtz. He also went on to say that the presence of this flaw means that more breaches will come as it enables attackers to masquerade as anyone in the network.

The Senate hearing took place in the presence of executives that included Kevin Mandia, FireEye’s CEO; Sudhakar Ramakrishna, SolarWinds’ CEO; Brad Smith, Microsoft’s president; and George Kurtz, CrowdStrike’s president, and CEO. Notably, there was no representative present from Amazon Web services even though the company was invited.

Related posts
Recent AD News

650+ compromised credentials found to be in use within NEW Cooperative-the latest organization hit by ransomware

Recent AD News

CISA, FBI, and NSA anticipate a rise in Conti ransomware attacks, issue joint cybersecurity advisory

Recent AD News

Azure security flaw puts Zero-Trust in the spotlight

Recent AD News

Attackers use stolen credentials to intrude into the UN network

Leave a Reply

Your email address will not be published. Required fields are marked *