NIST's guidance for a Zero Trust Architecture

Recent AD News

Active Directory’s architectural limitations taken advantage of during Solorigate, says CrowdStrike CEO

During the Feb 23rd senate hearing on SolarWinds Orion software hack, George Kurtz, president, and CEO of CrowdStrike pointed towards an ‘architectural limitation’ in Active Directory federation Service that was taken advantage of during the attack.

“Significantly, one of the most sophisticated aspects of the StellarParticle campaign was how skillfully the threat actor took advantage of architectural limitations in Microsoft’s Active Directory Federation Service credentialing and authentication process. The Golden SAML attack leveraged by StellarParticle actors allowed them to jump from customers’ on-premise environments and into their cloud and cloud-applications, effectively bypassing multi-factor authentication,” said Kurtz. He also went on to say that the presence of this flaw means that more breaches will come as it enables attackers to masquerade as anyone in the network.

The Senate hearing took place in the presence of executives that included Kevin Mandia, FireEye’s CEO; Sudhakar Ramakrishna, SolarWinds’ CEO; Brad Smith, Microsoft’s president; and George Kurtz, CrowdStrike’s president, and CEO. Notably, there was no representative present from Amazon Web services even though the company was invited.

Related posts
Recent AD News

Automate access decisions with risk-based contextual authentication

Recent AD News

2020 recorded the highest number of CVE’s to ever be reported

Recent AD News

Microsoft announces Azure Best Practices and Launches Conditional Access Enhancements

Recent AD News

Accellion Zero-Days Responsible for Recent Data Theft and Extortion Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *