Tag Archive for: Details

Chrome Browser Alert! This Cookie Malware Can Access Your Google Accounts Even If You Reset Password, Log Out; Details

/in


Online threats and malware can be tough to track in the rapidly evolving digital world. As these dangers replicate in the internet landscape, a new data-stealing malware, which abuses Google’s OAuth endpoint called ‘MultiLogin’ to revive expired cookies and sign in to user accounts is among the new concerns, according to a report from BleepingComputer. This works even after you reset an account’s password or log out from the internet browser.

For the unaware, session cookies store authentication details of an account that lets users log in to websites automatically next time without entering the sign-in credentials. They have an expiration period to limit their misuse by bad actors, such as stealing access to user accounts. The news outlet earlier reported about information-stealers that could restore access to expired authentication cookies last month.

Also Read: Google Is Taking Scammers To Court For Creating Malware Copies Of Bard, Exploiting Businesses Via Hoax Copyright Claims

Such malware allows a cybercriminal to access Google accounts even if the victim has logged out, changed their password or reached session expiry. According to a new report from CloudSEK, it was first chased by threat actor PRISMA in October, who posted about the exploit on the messaging platform Telegram. As per the researchers, the exploit uses the Google OAuth endpoint that synchronises accounts across Google services.

The session cookie can be regenerated only once if a user changes their password.(Image:Canva/peshkov from Getty Images)

The malware abuses the endpoint to extract tokens and accounts of Chrome profiles logged into a Google account. Later, this data (including saved passwords) is decrypted to extract information. With the stolen token, the cybercriminals regenerate the cookie and can ensure continuous access to these accounts.

Also Read: FB Account Hacking Malware Targeting Indian HRs, Digital Marketers Via ‘Google Docs Offline’ Extension; Safety Tips

CloudSek Researcher Pavan Karthick told BleepingComputer that the cookie can be regenerated only once if a user changes their password. In other cases, it can be refreshed multiple times. According to the report, a minimum of…

Source…

New ‘Octo’ malware tricks Android users into giving up bank details

/in


Teenage Hacker Girl Attacks Corporate Servers in Dark, Typing on Red Lit Laptop Keyboard. Room is Dark

File pic
Photo: 123RF

Netsafe says it’s not aware of New Zealanders being tricked into giving up their bank details by a sophisticated new malware but it is possible they have without realising.

The ABC reported that Russian cyber criminals have targeted hundreds of bank customers across the Tasman with a malware called Octo.

The scam tricks Android phone users into sharing their banking information using fake log-in screens.

Netsafe’s chief online safety officer Sean Lyons said it was a “pretty nasty piece of malware”, as it not only attacked people’s bank accounts but shut down their phones, leaving them helpless to act.

Customers from 15 banks in Australia, including ANZ and Westpac, had fallen for the scam.

Australian consumer advocates had warned the nation was seen as a soft target.

But Lyons says that was misleading, as anyone could be a victim of cyber crime.

“The technology is ever changing, the technology is using the mechanisms that are out there, to become ever more sophisticated, to evolve, and to get past the tips and tricks that we have to stop ourselves falling for these,” he said.

“I don’t know that they’re necessarily looking for an age demographic …. really, they’re targeting people with bank accounts and that’s quite a lot of us.”

Octo targeted Android phones – brands such as Samsung, Google and HTC – and could be hidden in what look like legitimate apps on the Google Play store.

It could also be downloaded and installed independently, because of the way software on Android phones works.

Lyons said people should be careful when downloading apps and software that were depositing Octo on their phone.

“Perhaps we could be a little more careful in what it is that we download, and look a little more closely into what permissions we’re giving to the apps that we’re installing.”

Source…

MSc ACS: Computer Security – full details (2024 entry)

/in


Overview

Degree awarded
MSc
Duration
12 Months. [Full-Time, September-September only]
Entry requirements

We operate a selective staged admissions process. We give preference to students with the strongest grades from high-ranking institutions.

Successful applicants typically hold a First-class honours degree (70% average) from a UK university, or the overseas equivalent, in a Computer Science degree with a minimum of 50% Computer Science content.

We require that all applicants have a strong background in Computer Science reflected, for example, in solid programming and software development skills

We accept a range of qualifications, and welcome applications from overseas applicants. A typical successful offer-holder will evidence:

  • China: 
    a minimum of 87% in a 4-year bachelor’s degree from a well ranked institution.
  • India:
    a minimum of 65% (First Class with Distinction) in a BSc Eng, BEng or BTech degree, depending on the institution.

For further information on international entry requirements, please contact  [email protected]



Full entry requirements

How to apply

As the entry requirements are the same across all Advanced Computer Science programmes, we ask that applicants place only one application for their preferred pathway. Those who receive an offer will be able to switch between Advanced Computer Science programmes up until the…

Source…

DOD Annual Report Details China’s Growing Cyber Capabilities

/in


The report says Beijing is looking to create a “highly informatized force capable of dominating all networks.”

South China Sea, Feb. 11, 2023. Photo credit: DVIDS / Seaman Carson Croom

A recently released report on the People’s Republic of China lays out an array of military and security developments, drawing attention to the increasing pressure campaign against Taiwan and the continued advancement of the country’s cyber capabilities.  

The annual unclassified report to Congress details the current and probable future course of the People’s Liberation Army, Chinese military and security strategy and organizations supporting military goals and developments for the next 20 years.  

As Beijing is growing its military arsenal, it is also expanding and investing in its cyber capabilities as it moves toward a “highly informatized force capable of dominating all networks and expanding the country’s security and development interests.” 

“The PRC has publicly identified cyberspace as a critical domain for national security and declared its intent to expedite the development of its cyber forces,” the report states. 

The threat landscape is becoming increasingly complex and widespread, the report reads, as China’s focus is expanding beyond cyber espionage on other governments and private companies. It is diversifying its focus toward the U.S. defense sector, key critical infrastructure sectors and influence operations campaigns. 

“The PRC seeks to create disruptive and destructive effects – from denial-of-service attacks to physical disruptions of critical infrastructure – to shape decision-making and disrupt military operations beginning in the initial stages and throughout a conflict. The PRC can launch cyberspace attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States, and the PRC believes these capabilities are even more effective against military superior adversaries that depend on information technologies,” the report reads.  

“As a result, the PRC is advancing its cyberspace attack capabilities and has the ability to launch cyberspace attacks – such as disruption of natural gas pipelines for days to…

Source…