Cybercriminals find new way to access Google accounts without password: report
Researchers have uncovered a flaw that lets hackers access people’s Google accounts without needing their passwords.
According to the cybersecurity company CloudSEK, a new type of malware that uses third-party cookies to gain unauthorised access to people’s private data is already being actively tested by hacking groups.
The exploit was first discovered in October 2023, when a hacker posted about it on a Telegram channel.
“In October 2023, PRISMA, a developer, uncovered a critical exploit that allows the generation of persistent Google cookies through token manipulation. This exploit enables continuous access to Google services, even after a user’s password reset,” said Pavan Karthick M, a threat intelligence researcher at CloudSEK.
The researchers identified the exploit’s root at an undocumented Google Oauth endpoint named “MultiLogin”.
The post described how accounts could be compromised due to a flaw in cookies, which websites and browsers use to track users and improve their efficiency and usability.
Google authentication cookies allow users to access their accounts without constantly entering their login information; however, hackers discovered a way to retrieve these cookies in order to circumvent two-factor authentication.
According to the Independent, the Chrome web browser is presently in the process of cracking down on third-party cookies.
We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” Google was quoted as saying.
“Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads,” it added.
Further, Karthick M mentioned that this highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.
Source: https://bit.ly/4aOW4dV
You may also like
5 Comments
Gucci Handbags In the event that the american dollar crashes (we am convinced of) then gold certainly is the absolute best area to make your money.
I discovered your blog site internet site on yahoo and appearance a number of your early posts. Preserve within the great operate. I recently additional up your Rss to my MSN News Reader. Looking for forward to reading more by you at a later date!…
Nice post. I understand some thing tougher on diverse blogs everyday. It will always be stimulating to see content using their company writers and rehearse a little something from their website. I’d would prefer to use some while using content on my weblog regardless of whether you don’t mind. Natually I’ll supply you with a link in your internet weblog. Appreciate your sharing.
How come at this time there zero much more a lot of these websites? Your content are perfect and get to themes or templates, that are unable to always be recognized all over the place. Please continue penning this sort of fantastic materials, it could be absolutely important. The net can be full of incredible waste, seeing that A single will be delighted when you learn anything. Exactly why typically are not there a lot more? Commonly do not abandon me dangling!
The when I read a blog, I hope so it doesnt disappoint me approximately that one. I mean, Yes, it was my option to read, but When i thought youd have some thing interesting to state. All I hear is often a lot of whining about something you could fix if you ever werent too busy in search of attention.