The flaw in Microsoft's Active Directory Federation Services lets an attacker use the same second factor to bypass multi-factor authentication for any account running on the same service. Microsoft has patched the flaw.
Pawn Storm (aka Fancy Bear) has been attempting to phish webmail accounts for many years now, targeting U.S. senators and political organizations across the world, according to a recent Trend Micro report.
There’s a new sneaky brute-force attack targeting unprotected enterprise Office 365 accounts, including those in the manufacturing, financial services, healthcare industries.
NIST releases a new version of their Security and Privacy Controls, addressing new risks posed by the latest technology - the Internet of Things, plus guidance on combining single sign-on and multi-factor authentication.
NIST has updated their Digital Identity Guidelines, SP 800-63-3 with final security recommendations - see the new standards that many industries, including government agencies and contractors, need to follow.