Security News

Cross-IdP impersonation bypasses SSO protections
2024-11-19 16:17

Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service (SaaS) applications without...

Phishers target FCC, crypto holders via fake Okta SSO pages
2024-03-04 12:44

A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.

Where SSO Falls Short in Protecting SaaS
2023-03-27 10:56

While SSO is an important step in securing SaaS apps and their data, having just SSOs in place to secure the SaaS stack in its entirety is not enough. SSO alone won't prevent a threat actor from accessing a SaaS app.

Okta shares workaround for ongoing Microsoft 365 SSO outage
2022-11-16 15:10

Okta, a leading provider of authentication services, has shared a workaround for ongoing issues preventing customers from logging into their accounts using Microsoft Office 365 Single Sign-On. Based on a new incident added to the company's status page, the outage affects users across the United States, EMEA, and Japan. "We have deployed a fix across all cells. After deploying the fix, we are still seeing a number of issues. We are still actively investigating these issues to isolate a fix. We are also actively monitoring the systems," the company said in a recent update.

Microsoft announces passwordless auth, SSO for Azure Virtual Desktop
2022-09-27 13:01

Microsoft has announced this week that Azure Virtual Desktop support for passwordless authentication has now entered public preview. "Today we're announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices," said David Bélanger, a Senior Program Manager for Azure Virtual Desktop at Microsoft.

Avatier for ServiceNow adds unified, passwordless approach to IAM with SSO
2021-03-12 02:00

Avatier Corporation has released Avatier for ServiceNow, the latest addition to the Avatier Anywhere platform. Avatier for ServiceNow is a certified ServiceNow app that adds a unified, passwordless approach to Identity Access Management with single sign-on to the Now platform to improve workforce efficiency.

RIPE NCC Internet Registry discloses SSO credential stuffing attack
2021-02-18 19:00

RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on accounts. RIPE NCC is a not-for-profit regional Internet registry for Europe, the Middle East, and parts of Central Asia.

New privacy-preserving SSO algorithm hides user info from third parties
2020-06-30 09:33

Some people are also concerned that their ID and password could be stored locally by third parties when they provide them to the SSO mechanism. In an effort to address these problems, Associate Professor Satoshi Iriyama from Tokyo University of Science and his colleague Dr Maki Kihara have recently developed a new SSO algorithm that on principle prevents such holistic information exchange.

Apple debuts privacy-minded “Sign in with Apple” SSO
2019-06-04 10:19

Among the many news shared during Apple’s annual developer conference there’s one that stands out: the introduction of “Sign in with Apple”. About the “Sign in with Apple” feature Apple’s new...

Google adds SSO verification check to G Suite
2018-04-30 12:43

Last May, around one million Gmail and G Suite users using SAML single sign-on (SSO) were targeted by a clever type of phishing attack that Google seemed keen for everyone to know it had shut down...