A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. (By Lawrence Abrams, BleepingComputer)
A reported “potentially dangerous piece of functionality” allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive. (By Sagar Tiwari, Threatpost)
The Federal Trade Commission (FTC) announced last Friday that it has finalized an order against CafePress, requiring it to improve its security posture following a cybersecurity incident that the company attempted to cover up. (By Ionut Arghire, SecurityWeek)
Managing identities accessing enterprise resources has become significantly more complicated over the last several years. Between the increasing number of identities, the challenges posed by phishing attacks, and the continued growth of cloud adoption, enterprises are under tremendous pressure to ensure that remote workers, contractors, and employees are accessing network resources securely and successfully. (By Help Net Security)
An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. (By Ravie Lakshmanan, The Hacker News)