Tag: accounts | Page 4

Google accounts may be vulnerable to new hack, changing password won’t help

December 29, 2023/in Internet Security

A new method allegedly enables hackers to exploit authorization protocol OAuth2 functionality to compromise Google accounts and maintain valid sessions by regenerating cookies despite IP or password reset.

According to security firm CloudSEK, a threat actor under the alias PRISMA boasted a potent zero-day exploit and developed a sophisticated solution to generate persistent Google cookies through token manipulation.

“This exploit enables continuous access to Google services, even after a user’s password reset,” the report reads.

OAuth 2.0 stands for “Open Authorization 2.0” and is a widely used protocol for securing and authorizing access to resources on the internet. It makes verifying user identity easy by tapping into their social media accounts, such as Google or Facebook.

CloudSEK’s threat research team identified the exploit’s root at an undocumented Google Oauth endpoint named “MultiLogin.” This is an internal mechanism designed for synchronizing Google accounts across services, which ensures that browser account states align with Google’s authentication cookies.

The developer of the exploit “expressed openness to cooperation,” which accelerated the discovery of the endpoint responsible for regenerating the cookies.

The exploit, incorporated in a malware called Lumma Infostealer on November 14th, boasts two key features: session persistence and cookie generation. To exfiltrate the required secrets, tokens, and account IDs, the malware targets Chrome’s token_service table of WebData of logged-in Chrome profiles.

“The session remains valid even when the account password is changed, providing a unique advantage in bypassing typical security measures,” the report quotes PRISMA. “The capability to generate valid cookies in the event of a session disruption enhances the attacker’s ability to maintain unauthorized access.”

Researchers noted a concerning trend of rapid exploit integration among various Infostealer groups. They think the exploitation of undocumented Google OAuth2 MultiLogin endpoint provides a textbook example of sophistication, as the approach hinges on a nuanced manipulation of the GAIA ID (Google Accounts and ID…

Source…

California man says fraudulent accounts opened, home purchased in his name since city of Oakland ransomware attack

December 27, 2023/in Internet Security

OAKLAND, Calif. — It’s been ten months since the city of Oakland, California’s network was hacked and the personal information of tens of thousands of people was leaked onto the dark web. Now, one victim says multiple accounts have been opened in his name, making fraudulent purchases, including a house.

Our sister station KGO was the first to report the city’s oversight — exposing dozens of victims who were never notified that their sensitive financial information was leaked.

“It’s a living nightmare,” said Oakland native Dedrick Warmack, as he anxiously checked his mailbox. “On the credit report, there’s credit cards that should’ve been closed, they’re now open with balances of $17,000 and $30,000.”

VIDEO: Dozens of Oakland ransomware victims never notified SSN were leaked on dark web

Dozens of victims of Oakland ransomware hack were never notified their social security numbers were leaked on the dark web, the I-Team found.

Warmack says his identity was stolen months after the city’s network was hacked.

“I have no idea how many accounts have been opened in my name,” he said.

Warmack says his credit score dropped more than 200 points, but he didn’t know at the time that was just the beginning.

At first, he says he started receiving strange phone calls and emails about refinancing a home. That was followed by letters he says he got from several banks notifying him of new accounts in his name.

“I knew something was going on,” he said.

Warmack is one of dozens of victims who previously filed a claim with the city alleging injury, but instead, ended up with their personal and financial information leaked.

Now, he says fraudulent checks are being made in his name.

“Like this water and sewage bill for $2,000,” Warmack showed as he scrolled through his accounts. “This is not East Bay Mud…”

Warmack says some of the bills appear to be from New England.

“It says it’s an open balance, how can I have an open balance?”

From there — he says it only got worse.

“I’m getting notices about refinancing a home… and I’m like, I pay rent,” said Warmack. “Somebody has something in my name somewhere since October, I’ve been…

Source…

Hackers break into Fred Hutch computer network, patients warned to watch accounts

December 4, 2023/in Computer Security

Hackers broke into the computer networks at Fred Hutchinson Cancer Center two weeks ago.

The cancer center says it detected unauthorized activity Nov. 19. It’s now telling patients to monitor their bank statements and credit reports.

The breach happened on the clinical network. Fred Hutch has not revealed more details about what data was hacked, but says it will notify people whose information was involved.

The incident is being treated as a possible federal crime. The center has called in a forensic security firm to investigate, and notified federal law enforcement.

Clinics remain open but the clinical computer network used by personnel was taken offline for security.

The center tells patients to report any suspicious bank activity and to review identity theft prevention tips by the Federal Trade Commission.

Source…

Cybercriminals reportedly hack Canadian woman’s online accounts through App Store game

November 3, 2023/in Internet Security

Scams where hackers pose as Apple employees and customer service agents with phishing emails and pop-ups are very prevalent. Just recently, in the summer of 2023, a Saskatoon woman, Jeannette Roy, fell victim to a fake Apple support call scheme and lost $10,000 in the process.

Now, a mother from Cochrane, Alberta, has been struggling to regain control of her online accounts after they were hacked by cybercriminals who infiltrated her devices through a gaming app.

Apps on Apple’s App Store are carefully vetted, and Apple ensures that the apps that make their way to the App Store are free of known malware and haven’t been tampered with. Apple says all of the App Store apps are ‘Sandboxed,’ which means they can only access certain resources and programs that are necessary for their functioning.

However, Wolf Online 2, an animal-themed game, reportedly bypassed Apple’s vetting system, and it is still up on the App Store.

Susanne Jarman downloaded the game for her nine-year-old daughter on her iPad. Jarman also installed the app on her own iPad to join her daughter in the game.

Soon after, Jarman encountered some suspicious players who tried to manipulate her and her daughter’s actions in the game. “There was a time where there was a screen sharing almost, my character dispersed and he was telling us ‘don’t move,’” Jarman told CTV News Calgary.

Jarman soon deleted the app but subsequently discovered a new shared folder in her notes app that contained all her financial files. The hackers had already accessed her iCloud account and changed her Apple ID username and password. They also breached every other account she had, including her banking, tax, and email accounts, and even stole her photos of her late husband, which she cherished dearly.

Jarman has been trying to recover her accounts for the last eight months but has been unsuccessful. She has resorted to living without the Internet until the situation can be resolved. “It is so hard to go back to the 1990s, people don’t want to do that. You go to a place and they ask for your email address and I don’t have one that’s secure,” she explained.

Apple says it is investigating the…

Source…

Tag Archive for: accounts