https://community.isc2.org/t5/Threats/New-Silver-SAML-Attack-Evades-Golden-SAML-Defenses-in-Identity/m-p/67824#M1095 <P>Thanks so much for the update&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>.</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 03 Mar 2024 01:36:00 GMT Kyaw_Myo_Oo 2024-03-03T01:36:00Z https://community.isc2.org/t5/Threats/New-Silver-SAML-Attack-Evades-Golden-SAML-Defenses-in-Identity/m-p/67821#M1092 <P>Hi All</P><P>&nbsp;</P><P>Cybersecurity researchers have disclosed a new attack technique called <STRONG>Silver SAML</STRONG> that can be successful even in cases where mitigations have been applied against Golden SAML attacks.</P><P>Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce," Semperis researchers Tomer Nahum and Eric Woodruff <A href="https://www.semperis.com/blog/meet-silver-saml" target="_blank" rel="noopener">said</A> in a report shared with The Hacker News.</P><P>Golden SAML (short for <A href="https://www.cloudflare.com/learning/access-management/what-is-saml/" target="_blank" rel="noopener">Security Assertion Markup Language</A>) was <A href="https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps" target="_blank" rel="noopener">first documented</A> by CyberArk in 2017. The attack vector, in a nutshell, entails the abuse of the interoperable authentication standard to impersonate almost any identity in an organization.</P><P>It's also similar to the <A href="https://www.crowdstrike.com/cybersecurity-101/golden-ticket-attack/" target="_blank" rel="noopener">Golden Ticket attack</A> in that it grants attackers the ability to gain unauthorized access to any service in a federation with any privileges and to stay persistent in this environment in a stealthy manner.</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html" target="_blank">https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Sat, 02 Mar 2024 23:37:30 GMT https://community.isc2.org/t5/Threats/New-Silver-SAML-Attack-Evades-Golden-SAML-Defenses-in-Identity/m-p/67821#M1092 Caute_cautim 2024-03-02T23:37:30Z https://community.isc2.org/t5/Threats/New-Silver-SAML-Attack-Evades-Golden-SAML-Defenses-in-Identity/m-p/67824#M1095 <P>Thanks so much for the update&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>.</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 03 Mar 2024 01:36:00 GMT https://community.isc2.org/t5/Threats/New-Silver-SAML-Attack-Evades-Golden-SAML-Defenses-in-Identity/m-p/67824#M1095 Kyaw_Myo_Oo 2024-03-03T01:36:00Z