Tag Archive for: access

Hackers discover way to access Google accounts without a password

/in


Security researchers have uncovered a hack that allows cyber criminals to gain access to people’s Google accounts without needing their passwords.

Analysis from security firm CloudSEK found that a dangerous form of malware uses third-party cookies to gain unauthorised access to people’s private data, and is already being actively tested by hacking groups.

The exploit was first revealed in October 2023 when a hacker posted about it in a channel on the messaging platform Telegram.

The post noted how accounts could be compromised through a vulnerability with cookies, which are used by websites and browsers to track users and increase their efficiency and usability.

Google authentification cookies allow users to access their accounts without constantly having to enter their login details, however the hackers found a way to retrieve these cookies in order to bypass two-factor authentication.

The Google Chrome web browser, which is the world’s most popular with a market share greater than 60 per cent last year, is currently in the process of cracking down on third-party cookies.

“We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” Google said in a statement.

“Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.”

The researchers who first uncovered the threat said it “underscores the complexity and stealth” of modern cyber attack.

“This exploit enables continuous access to Google services, even after a user’s password is reset,” Pavan Karthick M, a threat intelligence researcher at CloudSEK, wrote in a blog post detailing the issue.

“It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.”

The security issue was detailed in a report, titled ‘Compromising Google accounts:…

Source…

Chrome Browser Alert! This Cookie Malware Can Access Your Google Accounts Even If You Reset Password, Log Out; Details

/in


Online threats and malware can be tough to track in the rapidly evolving digital world. As these dangers replicate in the internet landscape, a new data-stealing malware, which abuses Google’s OAuth endpoint called ‘MultiLogin’ to revive expired cookies and sign in to user accounts is among the new concerns, according to a report from BleepingComputer. This works even after you reset an account’s password or log out from the internet browser.

For the unaware, session cookies store authentication details of an account that lets users log in to websites automatically next time without entering the sign-in credentials. They have an expiration period to limit their misuse by bad actors, such as stealing access to user accounts. The news outlet earlier reported about information-stealers that could restore access to expired authentication cookies last month.

Also Read: Google Is Taking Scammers To Court For Creating Malware Copies Of Bard, Exploiting Businesses Via Hoax Copyright Claims

Such malware allows a cybercriminal to access Google accounts even if the victim has logged out, changed their password or reached session expiry. According to a new report from CloudSEK, it was first chased by threat actor PRISMA in October, who posted about the exploit on the messaging platform Telegram. As per the researchers, the exploit uses the Google OAuth endpoint that synchronises accounts across Google services.

The session cookie can be regenerated only once if a user changes their password.(Image:Canva/peshkov from Getty Images)

The malware abuses the endpoint to extract tokens and accounts of Chrome profiles logged into a Google account. Later, this data (including saved passwords) is decrypted to extract information. With the stolen token, the cybercriminals regenerate the cookie and can ensure continuous access to these accounts.

Also Read: FB Account Hacking Malware Targeting Indian HRs, Digital Marketers Via ‘Google Docs Offline’ Extension; Safety Tips

CloudSek Researcher Pavan Karthick told BleepingComputer that the cookie can be regenerated only once if a user changes their password. In other cases, it can be refreshed multiple times. According to the report, a minimum of…

Source…

Children’s computer game Roblox insider tricked by hacker for access to users’ data

/in



Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in
The hacker had access to personal information, the ability to change passwords and two-factor authentication, and could steal valuable in-game items from some of the ‘richest’ players in the game
Find your bookmarks in your Independent Premium section, under my profile
A hacker who bribed a worker for the online video game Roblox managed to gain access to the personal information of a smaller number of users, the ability to change passwords and email addresses, and allocate in-game currency.
The hacker first paid an insider to look up data about users, and then targeted a customer support representative. They said they did it to “prove a point” to the company.
Speaking to Motherboard under the condition of anonymity, the hacker could also change security settings, enact bans, and steal items from other users.
Roblox is a free-to-play game that “lets you play, create, and be anything you can imagine,” according to its description on the Microsoft Store. It is available on a number of platforms, including Android and iOS smartphones, Xbox game consoles, and Windows computers.
Players can customise characters and then navigate ‘minigames’ such as running obstacle courses, scuba diving, acting as a superhero, and many other activities.
According to Techcrunch, its millions of users rage from between eight and 18, although its key demographic is between nine and 15 years old.
“A lot of kids come to Roblox to play with their friends,” Craig Donato, Roblox Chief Business Officer told Techcrunch. “It’s like a virtual playground where they tend to jump from game to game with their friends – almost like jumping like I used to jump from the swing set to the monkey bars.”
In screenshots reportedly seen by Motherboard, the hacker claimed to show a customer support panel containing user data from high-profile players such as YouTuber Linkmon99 – known for being the “richest” player due to the value of their in-game items.
The YouTuber confirmed to Motherboard that the email address shown was one “secretly”…

Source…

Rising ransomware attacks exploit remote access software, warns WatchGuard report

/in


New research from WatchGuard Technologies, a global player in unified cybersecurity, has revealed a significant spike in endpoint ransomware attacks as well as an alarming trend of cyber attackers exploiting remote access software.

The Internet Security Report provides insights into the latest malware trends and endpoint security threats, shedding light on the increasingly sophisticated tactics adopted by cybercriminals.

The research revealed an 89% rise in endpoint ransomware attacks and a decrease in malware delivered through encrypted connections. WatchGuard also observed an increase in abuse of remote access software, an exploitation strategy actively embraced by cyber adversaries.

Cyber criminals are also exploiting password-stealers and info-stealers to pilfer priceless credentials, and are increasingly pivoting from scripting to other living-off-the-land techniques to instigate endpoint attacks.

Discussing the consequeces, Corey Nachreiner, Chief Security Officer at WatchGuard, stated, “Threat actors continuously evolve their tools and methods in attack campaigns, making it crucial for organisations to stay updated on the latest tactics to bolster their security strategy.”

He added that end users often represent the last defence line against sophisticated attacks that employ social engineering tactics. Nachreiner emphasised that it was paramount for organisations to deliver social engineering education and adopt a unified security approach that provides multiple layers of defence.

Among the key findings, the report detailed how cyber attackers are increasingly leveraging remote management tools to dodge anti-malware detection, confirmed by both the FBI and CISA.

Notably, there was a surge in the Medusa ransomware variant in Q3, driving endpoint ransomware attacks up by 89%. The report also highlighted a noticeable decline in attacks employing scripted methods, with script-based attacks dropping by 11% in Q3 and by 41% in Q2.

However, in spite of the reduction, script-based attacks still represent the largest attack vector, making up 56% of total attacks. Cyber attackers are also resorting to Windows living-off-the-land binaries more frequently, as these…

Source…