Tag: Log | SpinSafe

Chrome Browser Alert! This Cookie Malware Can Access Your Google Accounts Even If You Reset Password, Log Out; Details

December 30, 2023/in Computer Security

Online threats and malware can be tough to track in the rapidly evolving digital world. As these dangers replicate in the internet landscape, a new data-stealing malware, which abuses Google’s OAuth endpoint called ‘MultiLogin’ to revive expired cookies and sign in to user accounts is among the new concerns, according to a report from BleepingComputer. This works even after you reset an account’s password or log out from the internet browser.

For the unaware, session cookies store authentication details of an account that lets users log in to websites automatically next time without entering the sign-in credentials. They have an expiration period to limit their misuse by bad actors, such as stealing access to user accounts. The news outlet earlier reported about information-stealers that could restore access to expired authentication cookies last month.

Also Read: Google Is Taking Scammers To Court For Creating Malware Copies Of Bard, Exploiting Businesses Via Hoax Copyright Claims

Such malware allows a cybercriminal to access Google accounts even if the victim has logged out, changed their password or reached session expiry. According to a new report from CloudSEK, it was first chased by threat actor PRISMA in October, who posted about the exploit on the messaging platform Telegram. As per the researchers, the exploit uses the Google OAuth endpoint that synchronises accounts across Google services.

The session cookie can be regenerated only once if a user changes their password.(Image:Canva/peshkov from Getty Images)

The malware abuses the endpoint to extract tokens and accounts of Chrome profiles logged into a Google account. Later, this data (including saved passwords) is decrypted to extract information. With the stolen token, the cybercriminals regenerate the cookie and can ensure continuous access to these accounts.

Also Read: FB Account Hacking Malware Targeting Indian HRs, Digital Marketers Via ‘Google Docs Offline’ Extension; Safety Tips

CloudSek Researcher Pavan Karthick told BleepingComputer that the cookie can be regenerated only once if a user changes their password. In other cases, it can be refreshed multiple times. According to the report, a minimum of…

Source…

Hackers have found a way to log into your Microsoft account

August 4, 2022/in Computer Security

Account holders for Microsoft email services are being targeted in a phishing campaign, according to security researchers from Zscaler’s ThreatLabz group.

The objective behind the threat actors’ efforts is believed to be the breaching of corporate accounts in order to perform business email compromise (BEC) attacks.

A large monitor displaying a security hacking breach warning. — Stock Depot/Getty Images

As reported by Bleeping Computer, BEC-based activity would see payments being redirected toward hackers’ bank accounts via the use of forged documents.

Zscaler, a cloud security company, said that targets were involved in various industries, such as fin-tech, lending, accounting, insurance, and Federal Credit Union organizations based in the U.S., U.K., New Zealand, and Australia.

At the moment, it seems the campaign has yet to be properly addressed by Microsoft, with new phishing domains being published nearly every day.

The campaign was originally detected in June 2022, with analysts observing a sudden rise in phishing attempts against the aforementioned industries, in addition to account holders of Microsoft email services.

Threat actors would incorporate links to the emails as buttons or HTML files that would redirect the target to a phishing page. Bleeping Computer points out how certain platforms don’t see open redirects as a vulnerability, which has led to these malicious redirects going through Google Ads, Snapchat, and DoubleClick.

Businesses and individuals are increasingly turning to multifactor authentication to secure their accounts. As such, obtaining a login email and password nowadays won’t provide anything of value to hackers.

Custom phishing kits and reverse proxies like Evilginx2, Muraena, and Modilshka have now come into play to bypass an MFA-enabled account.

A phishing proxy that essentially acts as a middle man between the victim and email provider service is capable of extracting the authentication cookies. Through this method, hackers can use the stolen cookies to log in and completely evade MFA for an account.

For this particular campaign, a custom proxy-based phishing kit was found utilizing the Beautiful Soup HTML and XML parsing tool, which amends actual login pages derived from corporate logins in order to…

Source…

WhatsApp to introduce a second OTP to log into account on new device: Report

June 5, 2022/in Mobile Security

WhatsApp is planning on introducing a feature that will add an extra layer of security before a user is allowed to log in to a WhatsApp account, according to WABetaInfo. The feature is expected to be rolled out to beta versions of the instant messaging app for iOS and Android in the future.

After reportedly testing a feature that would allow users to undo message deletion, WhatsApp could soon begin asking for a double verification code. This would mean that if you tried to log in to WhatsApp on a new phone, you will need an additional verification code apart from the first one sent by SMS.

“The number +********** is already being used for WhatsApp on another phone. To help make sure that your account is in your control, you must confirm another verification code. For extra security, you must wait for the timer to finish before you can send the code. When you receive the code, enter it here.” says a screenshot obtained by WABetaInfo.

(Image credit: WABetaInfo)

This feature is reportedly being announced to prevent users’ WhatsApp accounts being stolen or hacked, as has happened in the past. Such scams typically happen when users share the OTP that WhatsApp sent them with a bad actor, who can use it to take over the WhatsApp account.

Best of Express Premium

Anjum Chopra writes: In women’s cricket, let’s count the victories

Tavleen Singh writes: Another exodus in Kashmir?

An Express Investigation – Part 2 | Class 5A Topic: Mathematics

Has the sun finally set on the British Empire? The Queen and the Commonwe...

This new security feature could be aimed at protecting people who unwittingly share their 6-digit OTP unwittingly. Once the feature is released, a second 6-digit code will be sent to the user’s phone number after a time delay. The message with the OTP will tell the user that someone is attempting to log into their account, and ideally, this should mean that users won’t share the second 6-digit code.

Source…

Engineering seminar: Cyber Storm Tracker — Using Machine Learning for Cyber Log Data

April 8, 2022/in Internet Security

Dr. Glenn A. Fink, a senior cyber sercurity researcher with Pacific Northwest National Laboratory (PNNL), will give the talk.

Cyber logs are not human language, but of all the common data types used in machine learning (ML), natural language is the closest. But cyber log data is very different from natural lanuage. Log lines contains lots of random-looking garbage. IP addresses and other things frequently change definition. Punctuationh is all over the place. Domain names look like Windows Active Directory names, which look like many other cyber “nouns.” And the syntax and semantics of phrases and terms changes from sensor to sensor. This makes cyber data challenging to ingest into ML models.

Dr. Fink will talk about the work done at PNNL to ingest cyber logs into natural language processing tools using embeddings. He’ll also show how embeddings can be used as coordinates to show how IP addresses change behavior and relate over time. At the end, seminar attendees will understand why there are still not many true ML methods out there for cyber, and what the major challenges are ahead.

Dr. Find has worked in computer security, deep learning, visualization, bio-inspired design and human-centric computing at PNNL since 2006. He is the lead inventor of several technologies, including PNNL’s Digital Ants technology, which Scientific American cited as one of 10 “world-changing ideas” in 2010. Digital Ants recently earned an award for Excellence in Technology Transfer from the Federal Laboratory Consortium and was listed as a finalist for an R&D 100 award. His work includes research in bio-inspired, decentralized cyber security and privacy. He has published numerous scientific articles and papers, has edited a book and hosted several workshops on computer security, privacy and the Internet of Things.

Dr. Fink was a three-year NSF IGERT Graduate Fellow at Virginia Polytechnic Institute and State University, where he completed his Ph.D. in computer science in 2006. Dr. Fink’s dissertation, “Visual Correlation of Network Traffic and Host Processes,” fostered the Hone technology that currently is an open-source software project. Dr. Fink was a software…

Source…

Tag Archive for: Log

Best of Express Premium