Articles of interest from the week of June 27, 2022

Clever Phishing Method Bypasses MFA Using Microsoft WebView2 Apps

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. (By Lawrence Abrams, BleepingComputer)

Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

A reported “potentially dangerous piece of functionality” allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive. (By Sagar Tiwari, Threatpost)

FTC Takes Action Against CafePress Over Massive Data Breach, Cover-Up

The Federal Trade Commission (FTC) announced last Friday that it has finalized an order against CafePress, requiring it to improve its security posture following a cybersecurity incident that the company attempted to cover up. (By Ionut Arghire, SecurityWeek)

Risky Behavior Reduced When Executives Put Focus on Identity Security

Managing identities accessing enterprise resources has become significantly more complicated over the last several years. Between the increasing number of identities, the challenges posed by phishing attacks, and the continued growth of cloud adoption, enterprises are under tremendous pressure to ensure that remote workers, contractors, and employees are accessing network resources securely and successfully. (By Help Net Security)

Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability

An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. (By Ravie Lakshmanan, The Hacker News)