all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Browser-in-the-Browser (BitB) Attack Takes Advantage of Single-Sign-On Trust

Add to bookmarks
Sept. 27, 2023, 1:10 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news 


					<div>
				<div>
		<div>
							<div>
			<div>
						<p>Found in environments protected by: Microsoft EOP&nbsp;</p><p>By Elmer Hernandez, Cofense Phishing Defense Center&nbsp;</p><p>The Phishing Defence Center (PDC) has observed malicious html attachments intended to carry out Browser-in-the-Browser (BitB) attacks.</p><h2>What are BitB Attacks?</h2><p>BitB attacks can deceive users by displaying what appears to be a legitimate separate pop-up login window. This window contains a spoofed URL bar with an identical-looking domain name from a trusted authentication provider. BitB attacks can be effective because they abuse modern Single-Sign-On …

article attack attacks auth bitb browser browser-in-the-browser cofense compromise indicators of compromise link mail php sign single sso target topic trust url

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Deepfakes and AI-Driven Disinformation Threaten Polls 22 minutes ago | malware.news
access article campaigns deepfakes +13
Malware development trick 38: Hunting RWX - part 2. Target process investigation tricks. Simple C/C++ … 27 minutes ago | malware.news
cybersecurity development hackers hello +16
Beyond the Evidence: Leveraging Decision Intelligence to Drive Better Outcomes in Digital Forensics 57 minutes ago | malware.news
beyond communications crime decision +18
Graph: Growing number of threats leveraging Microsoft API an hour ago | malware.news
api article blogs cloud +12
The Future of Passwordless Authentication in Cybersecurity an hour ago | malware.news
actions authentication biometric clicking +15
Vulnerability in CraftBeerPi 4 software 2 hours ago | malware.news
article cert cert polska cve +9
Operation PANDORA shuts down 12 phone fraud call centres 3 hours ago | malware.news
bank call cash customer +16
Security Awareness Service Release on April 29, 2024 4 hours ago | malware.news
april article awareness delivery +12
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps 4 hours ago | malware.news
android android apps application applications +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC

@ SAP | Dublin 24, IE, D24WA02
View on infosec-jobs.com

Product Security Response Engineer

@ Intel | CRI - Belen, Heredia
View on infosec-jobs.com

Application Security Architect

@ Uni Systems | Brussels, Brussels, Belgium
View on infosec-jobs.com

Sr Product Security Engineer

@ ServiceNow | Hyderabad, India
View on infosec-jobs.com

Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)

@ FiscalNote | United Kingdom (UK)
View on infosec-jobs.com
View more jobs