Threat actors could leverage a new phishing technique involving Microsoft Edge WebView2 applications in an effort to exfiltrate authentication cookies without being averted by multi-factor authentication, according to BleepingComputer.
Developed by cybersecurity researcher mr.d0x, the new WebView2-Cookie-Stealer attack includes a WebView2 executable that prompts a legitimate site's login form, which is free from suspicious elements. WebView2 applications could be used to create a Chromium User Data folder and export the stolen cookies using the WebView2 'ICoreWebView2CookieManager' interface. Site authentication cookies could be completely accessed upon decoding of base64-encoded cookies, said the report.
"WebView2 can be used to steal all available cookies for the current user. This was successfully tested on Chrome. WebView2 allows you to launch with an existing User Data Folder (UDF) rather than creating a new one. The UDF contains all passwords, sessions, bookmarks etc. Chromes UDF is located at C:UsersAppDataLocalGoogleChromeUser Data. We can simply tell WebView2 to start the instance using this profile and upon launch extract all cookies and transfer them to the attacker's server," mr.d0x said.
Only 3% of organizations around the world were reported to be completely ready to deal with increasingly sophisticated cybersecurity threats, including ransomware attacks and supply chain intrusions, reports SiliconAngle.
Severely lacking military coordination and recruitment for U.S. cybersecurity efforts have prompted the Foundation for Defense of Democracies to urge Congress to immediately advance an independent Cyber Force that would ensure the country's cyber defense readiness, according to The Record, a news site by cybersecurity firm Recorded Future.
Nearly 17,000 internet-exposed Microsoft Exchange servers across Germany were confirmed by the country's Federal Office for Information Security, or BSI, to have significant security issues, reports BleepingComputer.