Ars Technica

ADFS 2.0: Switching from standalone to a load-balanced configuration

Right now we use SSO for box.com and O365. It works fine, but consists solely of an ADFS Proxy and a DC running FS 2.0 servicing the requests. We want to change the configuration to be more robust. We ...
Bleeping Computer

Microsoft: Nobelium uses custom malware to backdoor Windows domains

Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers. Nobelium, the ...
Threat Post

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence. The threat actors behind ...
Dark Reading

Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers

The attack group Microsoft tracks as Nobelium is using a new post-exploitation backdoor capable of stealing sensitive data from a compromised Active Directory Federation Services (AD FS) server, the ...