Researcher Discovers New MFA-bypassing Phishing Technique Based on Microsoft WebView2
The newly discovered technique uses Microsoft Edge WebView2 applications to steal victims’ authentication cookies and log in to their accounts even if they’re MFA-protected. The attack is possible through JavaScript injection piggybacking on a built-in WebView2 function.
To make matters worse, the researcher disclosed that WebView2 can also “steal all available cookies for the current user” and that this claim “was successfully tested on Chrome.”
As vicious as this attack may seem, it still requires some social engineering. The victim must first download the malicious file, execute it, then log into their account using the keylogger-infected form within the app. (1)
So what does this do. Well think of it this way… You get an email supposedly from Microsoft and you click on the link. It then opens up a Microsoft Login form in the browser. You enter your information and BAM!!!!!! You just gave the hacker remote access to your system. This only apply’s to Microsoft Edge.
Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
The attacker gained remote access to an SIS engineering workstation and deployed the TRITON attack framework to reprogram the SIS controllers. During the incident, some SIS controllers entered a failed safe state, which automatically shutdown the industrial process and prompted the asset owner to initiate an investigation. The investigation found that the SIS controllers initiated a safe shutdown when application code between redundant processing units failed a validation check — resulting in an MP diagnostic failure message. (2)
Google reveals sophisticated Italian spyware campaign targeting victims in Italy, Kazakhstan
The little-known Italian spyware firm RCS Labs worked with unnamed internet service providers to install malicious apps on targets’ phones in Italy and Kazakhstan, researchers with Google’s Threat Analysis Group said Thursday. (3)
Tech companies are selling domains suggesting illegal sales of guns, malware
Popular domain registrars put up few barriers for those seeking to acquire domains suggesting illegal activities, according to a report from consumer watchdog group Digital Citizens Alliance.
The report, released Tuesday, raises debate over the role of tech companies in overseeing the purchases of domains that could be used for crime.
Between February and May, researchers at the alliance (DCA) were able to purchase dozens of domains suggesting illegal behavior in the domain text itself. Examples included: “dangerousmalwareforsale.co” (Google), “malwareforsale.com” (NameCheap), “buyillegalassaultweapons.co” (Network Solutions) and “untraceablegunsforsale.com” (GoDaddy). (4)
Automotive fabric supplier TB Kawashima announces cyberattack
TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack.
The company did not confirm but there is reason to suspect that it is dealing with an attack from the LockBit ransomware group.
LockBit leakes alleged TB Kawashima data
While there is no official information about the attack, the LockBit ransomware group claimed TB Kawashima was one of their recent victims on their data leak site.
While there is no official information about the attack, the LockBit ransomware group announced stated on June 17th that they had allegedly attacked TB Kawashima. (5)
References
1: https://www.bitdefender.com/blog/hotforsecurity/researcher-discovers-new-mfa-bypassing-phishing-technique-based-on-microsoft-webview2/
2: https://www.mandiant.com/resources/attackers-deploy-new-ics-attack-framework-triton
3: https://www.cyberscoop.com/google-reveals-sophisticated-italian-spyware-campaign-targeting-victims-in-italy-kazakhstan/
4: https://www.cyberscoop.com/domains-tech-guns-google/
5: https://www.bleepingcomputer.com/news/security/automotive-fabric-supplier-tb-kawashima-announces-cyberattack/?&web_view=true