Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

Categorieën: Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines Leeftijd: 14 t/m 18 jaar 19 t/m 30 jaar 31 t/m 64 jaar

Laden...

10 maanden geleden

Html
Tekst

Infostealers such as Lumma and Rhadamanthys have integrated the generation of persistent Google cookies through token manipulation.

Follow Dark Reading:

January 03, 2024

LATEST SECURITY NEWS & COMMENTARY

Attackers Abuse Google OAuth Endpoint to Hijack User Sessions Infostealers such as Lumma and Rhadamanthys have integrated the generation of persistent Google cookies through token manipulation. Cybercriminals Share Millions of Stolen Records During Holiday Break The "Leaksmus" event on the Dark Web exposed some 50 million records containing sensitive information from people all around the world. 10 Years After Yahoo Breach, What's Changed? (Not Much) Yahoo customers suffered the largest data breaches in history by some measures. But a decade on, experts warn, we still haven't learned our lesson. Google Settles Lawsuit Over Tracking 'Incognito Mode' Chrome Users Google tracked privacy-conscious Internet users, and now it's paying for it. Cyberattackers Target Nuclear Waste Company via LinkedIn The hackers were unsuccessful in their attempt, but this is not the first time the company has experienced this kind of attack. Startups Scramble to Build Immediate AI Security AI may be inherently insecure, but only a handful of startups have put forward real visions to mitigate AI's threats and keep data private. MORE NEWS / MORE COMMENTARY


HOT TOPICS
'Operation Triangulation' Spyware Attackers Bypass iPhone Memory Protections The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures. Skynet Ahoy? What to Expect for Next-Gen AI Security Risks The innovation that ChatGPT and other LLMs demonstrate is a good thing, but safeguards and other security frameworks must keep pace. In Cybersecurity and Fashion, What's Old Is New Again What a recent rise in DDoS attacks portends — and how to prepare for 2024. MORE

PRODUCTS & RELEASES

Palo Alto Networks Closes Talon Cybersecurity Acquisition Ransomware Attacks in November Rise 67% From 2022 SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity MORE PRODUCTS & RELEASES

EDITORS' CHOICE

I Securely Resolve: CISOs, IT Security Leaders Share 2024 Resolutions As cybersecurity leaders confront ever more complex challenges, the new year offers security leaders a chance to strategically reevaluate and plan for 2024. LATEST FROM THE EDGE
CISO Planning for 2024 May Struggle When It Comes to AI Artificial intelligence (AI) is constantly evolving. How can security executives plan for something so unpredictable? LATEST FROM DR TECHNOLOGY
Localization Mandates, AI Regs to Pose Major Data Challenges in 2024 With more than three-quarters of countries adopting some form of data localization and, soon, three-quarters of people worldwide protected by privacy rules, companies need to take care. LATEST FROM DR GLOBAL
Israel Battles Spike in Wartime Hacktivist, OT Cyberattacks Israel's cybersecurity industry made strides in the past year despite the backdrop of the war in Gaza.

WEBINARS

Tips for Managing Cloud Security in a Hybrid Environment What's In Your Cloud?

View More Dark Reading Webinars >>

WHITE PAPERS

SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software Pixelle's OT Security Triumph with Security Inspection IT Zero Trust vs. OT Zero Trust: It's all about Availability Migrations Playbook for Saving Money with Snyk + AWS Increase Speed and Accuracy with AI Driven Static Analysis Auditing The Need for a Software Bill of Materials

View More White Papers >>

FEATURED REPORTS

Passwords Are Passe: Next Gen Authentication Addresses Today's Threats What Ransomware Groups Look for in Enterprise Victims

Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...

How to Use Threat Intelligence to Mitigate Third-Party Risk

The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

View More Dark Reading Reports >>

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Deel deze op

Laden...

Andere nieuwsbrieven van Informationweek.com

Achieving Optimal Security Outcomes Through Platformization Informationweek.com
21 uren geleden
FEATURES EDITION | Microsoft Highlights Security Exposure Management at Ignite Informationweek.com
23 uren geleden
Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant Informationweek.com
Afgelopen vrijdag om 14:04

Meer nieuwsbrieven van Informationweek.com

Laden...

Gerelateerde nieuwsbrieven

Bekijk andere categorieën

Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines