Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows
HomeNewsSecurityMicrosoft: Russian malware hijacks ADFS to log in as anyone in Windows Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. As a state-sponsored cyberespionage actor, APT29 employs the new capability to hide their presence on the networks of their targets, typically
Microsoft365ã¨Azureã® Active Directoryãƒãƒƒã‚¯ãƒ‰ã‚¢ã®æ¤œå‡º
Mandiantã¯ã€Microsoft365(M365) ã¨Azure Active Directory (Azure AD) ã§ç™ºç”Ÿã™ã‚‹ä¾µå®³ã®å¢—åŠ ã‚’ç¢ºèªã—ã¦ãã¾ã—ãŸã€‚ã“れらã®ä¾µå®³ã®ã»ã¨ã‚“ã©ã¯ã€ãƒ•ã‚£ãƒƒã‚·ãƒ³ã‚°ãƒ»ãƒ¡ãƒ¼ãƒ«ã«ã‚ˆã£ã¦ã€M365ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•ã‚Œã‚‹èªè¨¼æƒ…å ±ã‚’ã€ãƒ•ã‚£ãƒƒã‚·ãƒ³ã‚°ãƒ»ã‚µã‚¤ãƒˆã«å…¥åŠ›ã™ã‚‹ã‚ˆã†ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«å¼·åˆ¶ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ç™ºç”Ÿã—ã¾ã™ã€‚ä»–ã®ä¾µå®³ã¨ã—ã¦ã¯ã€ãƒ‘スワードã®ã‚¹ãƒ—レーã€ãƒ‘スワードã®ã‚¹ã‚¿ãƒƒãƒ•ã‚£ãƒ³ã‚°ã€M365テナントã«å¯¾ã™ã‚‹ç°¡å˜ãªãƒ–ルート・フォースã®è©¦ã¿ãªã©ãŒã‚ã‚Šã¾ã™ã€‚ã“れらã®ä¾µå®³ã®ã»ã¼ã™ã¹ã¦ã«ãŠã„ã¦ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚„アカウントã¯å¤šè¦ç´ èªè¨¼ (MFA)ã«ã‚ˆã£ã¦ä¿è·ã•ã‚Œã¦ã„ã¾ã›ã‚“ã§ã—ãŸã€‚ ã“れらã®æ—¥å’Œè¦‹çš„攻撃ã¯ã€M365ãŠã‚ˆã³Azure ADã«ã¨ã£ã¦ã€æœ€ã‚‚一般的ãªå½¢å¼ã®ä¾µå®³ã§ã‚ã‚Šã€é€šå¸¸ã€æŒç¶šæ€§ã‚’確立ã™ã‚‹ãŸã‚ã®æœ€åˆã®ãƒ™ã‚¯ãƒˆãƒ«ã§ã™ã€‚インシデントレスãƒãƒ³ã‚¹(IR)エンゲージメントã¨ãƒ—ãƒã‚¢ã‚¯
実践「AD FS 2016ã€ã‚’使ã£ã¦ã€ŒOffice 365ã€ã¨ã®SSO評価環境構築:AD FS構築編
実践「AD FS 2016ã€ã‚’使ã£ã¦ã€ŒOffice 365ã€ã¨ã®SSO評価環境構築:AD FS構築編:AD FSを使ã£ãŸSaaSã¨ã®SSO環境構築(5)(1/3 ページ) Windows Server 2016ã®AD FSを使ã£ã¦ã€SaaSã¨ã®SSO環境構築方法を紹介ã™ã‚‹æœ¬é€£è¼‰ã€‚今回ã¯ã€AD FS自体ãªã©ã‚’仮想マシン上ã«æ§‹ç¯‰ã™ã‚‹æ‰‹é †ã‚’説明ã—ã¾ã™ã€‚ メールやスケジュールã€ãƒ‰ã‚ュメント管ç†ãªã©ã€ã•ã¾ã–ã¾ãªã‚·ã‚¹ãƒ†ãƒ ãŒSaaS(Software as a Service)ã«ãªã‚Šã€å¤šãã®ä¼æ¥ãŒæ—¥å¸¸çš„ã«åˆ©ç”¨ã—ã¦ã„ã¾ã™ã€‚ã“ã®ã‚ˆã†ãªSaaSを利用ã™ã‚‹å ´åˆã€ãƒã‚°ã‚¤ãƒ³ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¨ãƒ‘スワードãŒæ—¢å˜ã‚·ã‚¹ãƒ†ãƒ ã¨ç•°ãªã£ã¦ã„ã‚‹ã¨ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ãŒä¸‹ãŒã‚Šã€æƒ…å ±ã‚·ã‚¹ãƒ†ãƒ éƒ¨é–€ã®ç®¡ç†è² 担も増大ã—ã¦ã—ã¾ã„ã¾ã™ã€‚ ãã®ãŸã‚æ¥å‹™ã§ã®SaaSå°Žå…¥ã«ãŠã„ã¦ã¯ã€æ—¢å˜ã®ID管ç†ã‚·ã‚¹ãƒ†ãƒ ã§ç®¡ç†ã—ã¦ã„るアカウントã¨ãƒ‘スワードã«ã‚ˆã‚‹ãƒã‚°ã‚¤ãƒ³ã€
Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. A vulnerability in Microsoft’s Active Directory Federation Services (ADFS) has been uncovered that would allow malicious actors to bypass multi-factor authentication (MFA) safeguards. Many organizations rely on ADFS to manage identities and resources across their entire
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
Microsoft ADFS Vulnerability Lets Attackers Bypass MFAThe flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service. A newly discovered vulnerability in Microsoft's Active Directory Federation Services (ADFS) lets threat actors bypass multifactor authentication (MFA) as long as they have the username and password for another pers
世界æ¯å¼€æˆ·ç½‘ç«™
å›½å®¶é«˜æ–°æŠ€æœ¯åŒ–å·¥æ³µé˜€åŽ‚å®¶ï¼Œè‡ªä¸»ç ”å‘,实力强 National high and new technology chemical pump valve enterprise 1ã€ä¸“注化工ã€åˆ¶è¯åŠå·¥ä¸šä¼ä¸šè€è…蚀泵难题,20多年行业ç»éªŒ 2ã€ç»¿çŽ¯æ³µä¸šæ˜¯é›†ç§‘ç ”ã€ç”Ÿäº§ã€æœåŠ¡ä¸ºä¸€ä½“的高新技术ä¼ä¸š 3ã€å·²ä¸º3000多家ä¼ä¸šè§£å†³è…蚀性介质æµé€šéš¾é¢˜ï¼Œå®¢æˆ·å›žå¤´çŽ‡é«˜ 拥有多项国家å‘明专利技术,自产自销 National pump valve patent technology 1ã€æ‹¥æœ‰åŒ–工泵多项国家专利,ä¿è¯ä¼ä¸šäº§å“高å“è´¨ 2ã€åŒç±»ç£åŠ›æ³µ,离心泵,自å¸æ³µå·¥è‰ºã€æè´¨ã€æŠ€æœ¯å¼ºï¼Œæ€§ä»·æ¯”高 3ã€è‡ªäº§è‡ªé”€ï¼Œä¸€ç«™å¼åŒ–工泵采è´å¹³å°ï¼ŒçœåŽ»æ›´å¤šä¸é—´çŽ¯èŠ‚ 0563-5122666 国内专业化工泵技术团队,é‡èº«å®šåˆ¶æ›´é€‚åˆä¼ä¸šéœ€æ±‚ Top technical team of chemical pumps in China 1ã€å…¬å¸å·¥ç¨‹
Azure AD 㨠AD FS ã®ãƒ™ã‚¹ãƒˆ プラクティス: パスワード スプレー攻撃ã®é˜²å¾¡
ã“ã®æ”»æ’ƒãƒ‘ターンã¯ã€å€‹ã€…ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¾ãŸã¯ä¼æ¥ã‹ã‚‰è¦‹ã‚‹ã¨ã€ãã‚Œãžã‚ŒãŒåˆ¥ã€…ã®ãƒã‚°ã‚¤ãƒ³å¤±æ•—ã®ã‚ˆã†ã«è¦‹ãˆã‚‹ãŸã‚ã€ã»ã¨ã‚“ã©ã®æ¤œå‡ºæ‰‹æ³• (例ãˆã°ãƒãƒƒã‚¯ã‚¢ã‚¦ãƒˆãªã©ã®è¨å®š) ã‚’ã™ã‚ŠæŠœã‘ã¦ã—ã¾ã„ã¾ã™ã€‚ 攻撃者ã«ã¨ã£ã¦ã¯æ•°å—を当ã¦ã‚‹ãƒŠãƒ³ãƒãƒ¼ã‚ºã®å®ãã˜ã®ã‚ˆã†ãªã‚‚ã®ã§ã€æ”»æ’ƒè€…ã¯ã‚ˆã当ãŸã‚Šãã†ãªæœ€ã‚‚一般的ãªãƒ‘スワードをã„ãã¤ã‚‚知ã£ã¦ã„ã¾ã™ã€‚ã“れらã®æœ€ã‚‚一般的ãªãƒ‘スワードを使用ã—ã¦ã„るアカウントã¯å…¨ä½“ã® 0.5 〜 1.0ï¼… 程度ã§ã™ãŒã€1000 個ã»ã©ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãŒã‚ã‚Œã°ã€æ•°å€‹ã¯æ”»æ’ƒãŒæˆåŠŸã™ã‚‹ãŸã‚å分効果的ã§ã™ã€‚ 攻撃者ã¯ã€ãƒã‚°ã‚¤ãƒ³ãŒæˆåŠŸã—ãŸã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’使用ã—ã¦é›»åメールã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã€é€£çµ¡å…ˆæƒ…å ±ã‚’åŽé›†ã—ãŸã‚Šã€ãƒ•ã‚£ãƒƒã‚·ãƒ³ã‚°ã®ãƒªãƒ³ã‚¯ã‚’é€ä¿¡ã—ãŸã‚Šã€ã•ã‚‰ã«ãƒ‘スワード スプレーã®æ¨™çš„を広ã’よã†ã¨ã—ã¾ã™ã€‚ 攻撃者ã¯ã€æœ€åˆã®æ¨™çš„ãŒèª°ã§ã‚ã‚‹ã‹ã«ã¤ã„ã¦ã¯æ°—ã«ã›ãšã€æœ€åˆã®æˆåŠŸã‚’ãã£ã‹ã‘ã«ãã®å¾Œã©ã‚Œã ã‘攻撃を広ã’られるã‹è©¦ã—ã¦ã„ãã¾
Office 365 ã® TLS 1.0/1.1 無効化ã«ä¼´ã† AD FS / WAP (AD FS Proxy) ã®å¯¾å¿œ
This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. 2018/02/15: TLS 1.2 ã®å¿…é ˆåŒ–ã¯å½“åˆäºˆå®šã—ã¦ã„㟠2018/3/1 ã‹ã‚‰ 2018/10/31 ã«å»¶æœŸã«ãªã‚Šã¾ã—ãŸã€‚ ã“ã‚“ã«ã¡ã¯ã€ Azure ID ã®ä¸‰æµ¦ã§ã™ã€‚ 今回㯠Office 365 ã§ã® TLS 1.0 㨠1.1 ã®ã‚µãƒãƒ¼ãƒˆç„¡åŠ¹åŒ–ã«ä¼´ã† AD FS / WAP (AD FS Proxy) ã§ã®å¯¾å¿œã«ã¤ã„ã¦ã¾ã¨ã‚ã¾ã—ãŸã€‚ 次ã®æƒ…å ±ã«ã‚ã‚Šã¾ã™ã‚ˆã†ã« 2018/10/31 ã« Office 365 ã§ã¯ TLS 1.0 㨠1.1 ã®ã‚µãƒãƒ¼ãƒˆã‚’無効化ã™ã‚‹ã“ã¨ã‚’予定ã—ã¦ã„ã¾ã™ã€‚
ADFSãªã—ã§Office365ã¸ã®ã‚·ãƒ³ã‚°ãƒ«ã‚µã‚¤ãƒ³ã‚ªãƒ³ã‚’実ç¾ã™ã‚‹(2)
Always on the clock ã“ã‚Œã¾ã§ã«ã€ã‚»ãƒŸãƒŠãƒ¼ã‚„カンファレンスã€æ›¸ç±ã‚’通ã˜ã¦ãŠä¼šã„ã—ãŸæ–¹ã€…ã€ãã—ã¦ã“ã‚Œã‹ã‚‰å‡ºä¼šã†ã§ã‚ã‚ã†æ–¹ã€…ã®ãŸã‚ã« Microsoft テクノãƒã‚¸ãƒ¼ã‚’ä¸å¿ƒã¨ã—ãŸæƒ…å ±ã‚’æ ªå¼ä¼šç¤¾ã‚¨ã‚¹ãƒˆãƒ‡ã‚£ã‚¢ãƒ³ã®å›½äº• å‚‘ (ãã«ã„ ã™ãã‚‹) ãŒæä¾›ã™ã‚‹ãƒ–ãƒã‚°ã§ã™ã€‚ 皆ã•ã‚“ã“ã‚“ã«ã¡ã¯ã€‚国井ã§ã™ã€‚ å‰å›žã®æŠ•ç¨¿ã§ã¯ã€Kerberosã‚’Azure ADã«ã¾ã§æ‹¡å¼µã™ã‚‹ã“ã¨ã§ã€ADFSã®è¦ã‚‰ãªã„シングルサインオンã®æ–¹æ³•ã‚’紹介ã—ã¾ã—ãŸãŒã€ã“ã®ä»•çµ„ã¿ã«ã¯ã‚‚ã†ã²ã¨ã¤ã®å®Ÿè£…方法ãŒã‚ã‚Šã¾ã™ã€‚ãã‚Œã¯ã€Œãƒ‘ススルーèªè¨¼ã€ã¨ã„ã†ã‚µã‚¤ãƒ³ã‚¤ãƒ³æ–¹æ³•ã§ã™ã€‚ (ã¡ãªã¿ã«ã€å‰å›žç´¹ä»‹ã—ãŸãƒ‘スワードãƒãƒƒã‚·ãƒ¥åŒæœŸã¯PHSã€ãƒ‘ススルーèªè¨¼ã¯PTAã¨ç•¥ã™ãã†ã§ã™ã€‚åˆã‚ã¦ã¿ãŸã¨ãã¯ã€ã€Œç§ã‚‚昔ã¯ã‚¢ã‚¹ãƒ†ãƒ«ä½¿ã£ã¦ãŸã‚ˆã€ã¨ã‹ã€ã‚ã‘ã®ã‚ã‹ã‚‰ãªã„ã“ã¨ã‚’æ€ã„出ã—ã¦ã—ã¾ã„ã¾ã—ãŸ) パススルーèªè¨¼ã¨ã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼èªè¨¼ã‚’Active Directoryã«
Office365管ç†è€…ã¯è¦å¯¾å¿œã€‚外部共有ã«ã‚ˆã‚Šä¸è¦ãªã‚¢ã‚¯ã‚»ã‚¹æ¨©ãŒä»˜ä¸Žã•ã‚Œã‚‹
ã„ã‚ã‚“ãªã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ç®¡ç†ç³»è£½å“やサービスã®å®Ÿé¨“ã®è¨˜éŒ²ã‚’ã—ã¦ã„ãã¾ã™ã€‚ 後ã¯ã€é–¢é€£ã™ã‚‹ãƒ‹ãƒ¥ãƒ¼ã‚¹ãªã©ã‚’徒然ã¨ã€‚ ã“ã‚“ã«ã¡ã¯ã€å¯Œå£«æ¦®ã§ã™ã€‚ OneDrive for Business上ã®ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚„SharePoint Onlineã®ãƒãƒ¼ãƒ サイトを他組織ã®ãƒ¦ãƒ¼ã‚¶ã¨å…±æœ‰ã‚’ã™ã‚‹B2Bシナリオã§åˆ©ç”¨ã—ã¦ã„ã‚‹ä¼æ¥ãƒ»çµ„ç¹”ãŒå¢—ãˆã¦ã„ã‚‹ä¸ã€Office365(ãŠã‚ˆã³ãã®ID基盤ã§ã‚ã‚‹Azure AD)ã®æ§‹é€ 上ã®å•é¡Œã«ã‚ˆã‚Šã€æ„図ã—ãªã„アクセス権を外部ユーザã¸ä»˜ä¸Žã—ã¦ã—ã¾ã†å ´åˆãŒã‚ã‚‹ã®ã§ã€æ³¨æ„å–šèµ·ã®æ„味ã§æœ¬ã‚¨ãƒ³ãƒˆãƒªã‚’書ãã¾ã™ã€‚ [3/7 Update] 一部修æ£ãŒè¡Œã‚ã‚Œã€ãƒãƒ¼ã‚¿ãƒ«ã‹ã‚‰ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªæ§‹æˆæƒ…å ±ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ãŒãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ãƒ–ãƒãƒƒã‚¯ã•ã‚Œã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã—ãŸã€‚ 詳ã—ãã¯ã“ã¡ã‚‰ã‚’ã”覧ãã ã•ã„。 http://idmlab.eidentity.jp/2017/03/office365.html ç¾åœ¨ã€ã“ã®èª²é¡Œã«
Azure Active Directory(Azure AD)
Azure ADã¯ã‚¯ãƒ©ã‚¦ãƒ‰ãƒ™ãƒ¼ã‚¹ã®èªè¨¼ï¼SSO基盤ã§ã‚る。ID管ç†ã‚„èªè¨¼ã€ã•ã¾ã–ã¾ãªã‚¯ãƒ©ã‚¦ãƒ‰ã‚µãƒ¼ãƒ“スã«å¯¾ã™ã‚‹SSOã€ã‚ªãƒ³ãƒ—レミスã®Active Directoryã¨ã®é€£æºãªã©ãŒè¡Œãˆã‚‹ã€‚ 連載目次 「Azure Active Directoryã€ï¼ˆã‚¢ã‚¸ãƒ¥ãƒ¼ãƒ«ãƒ»ã‚¨ãƒ¼ãƒ»ãƒ‡ã‚£ãƒ¼ã€‚以下Azure AD)ã¨ã¯ã€ãƒžã‚¤ã‚¯ãƒã‚½ãƒ•ãƒˆãŒã‚¯ãƒ©ã‚¦ãƒ‰ã‚µãƒ¼ãƒ“スã¨ã—ã¦æä¾›ã—ã¦ã„ã‚‹IDèªè¨¼ï¼ã‚·ãƒ³ã‚°ãƒ«ã‚µã‚¤ãƒ³ã‚ªãƒ³ï¼ˆSSO)基盤ã§ã‚る。ユーザーアカウント管ç†ã‚„ãã®èªè¨¼ï¼æ‰¿èªã€Office 365ã‚’ã¯ã˜ã‚ã¨ã™ã‚‹ã•ã¾ã–ã¾ãªã‚¯ãƒ©ã‚¦ãƒ‰ã‚µãƒ¼ãƒ“スã«å¯¾ã™ã‚‹SSO処ç†ã€ã‚ªãƒ³ãƒ—レミスã®Active Directoryã¨é€£æºã—ãŸèªè¨¼ãªã©ãŒã§ãる。ã„ã‚ゆるIDaaS(Identity as a Service)ã®ä¸€ç¨®ã§ã€åŒç¤¾ã®ã‚¯ãƒ©ã‚¦ãƒ‰ãƒ—ラットフォーム「Microsoft Azureã€ä¸Šã«æ§‹ç¯‰ã•ã‚Œã¦ã„る。 Azure ADç™»å ´ã®èƒŒæ™¯ 従æ¥ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒª
1
ランã‚ング
ランã‚ング
ランã‚ング
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
SBTã€AD連æºã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³ã€ŒADFS on Cloudã€æ–°ã‚ªãƒ—ションã§ã‚¯ãƒ©ã‚¦ãƒ‰å°Žå…¥ã®æ—©æœŸåŒ–を促進
{{#tags}}- {{label}}
{{/tags}}