Single Sign-On based on Microsoft AD FS server targeted with malware
Microsoft revealed new malware capable of transmitting sensitive information from a compromised AD FS server as well as receive and execute additional malicious payloads retrieved from a remote attacker-controlled server. This malware can also monitor all incoming HTTP GET and POST requests sent to the server from the intranet (or internet) and intercept HTTP requests that are of interest to the actor and steal sensitive information from Active Directory Federation Services (AD FS) servers. Detecting and blocking malware, attacker activity, and other malicious artifacts on AD FS servers through reviewing your AD FS Server configuration and implementing changes to secure these systems from these attacks.