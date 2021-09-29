Microsoft this week issued a critical alert for organizations using Windows Server about a new wave of attacks that attempt to steal data from improperly configured infrastructures or without the proper protection mechanisms . The warning is related to an attack campaign that has been going on since April and was authored by Nobelium, the same group behind the scams involving the SolarWinds systems. NIC.br promotes training week with free security courses

According to the company, the attacks are happening on a large scale and involve the use of a malware called FoggyWeb. The plague was validated by companies specializing in digital security, such as Volexity, and would be able to create a backdoor from the abuse of authentication tokens used by servers for communication between parties, using a system called Security Assertion Markup Language.

From them, exploitation in Active Directory Federation Services, another feature of Windows infrastructures that provides logins to users and connected systems within an organization, is triggered. By locating compromised servers, the malware would be able to extract information related to certificates and authentication, as well as remotely install new components remotely, leading to new attacks.