January 6, 2024 at 11:46AM Malware is exploiting an undocumented Google Chrome API to generate new authentication cookies from stolen ones. Multiple malware operations are using this technique to gain access to users’ Google accounts through the API, and Google has downplayed the severity of the issue. The company urges affected users to take precautionary … Read more
December 29, 2023 at 11:16AM Multiple malware families are exploiting an undocumented Google OAuth endpoint called “MultiLogin” to revive expired authentication cookies and infiltrate users’ accounts. This technique allows cybercriminals to gain unauthorized access to Google accounts, even after password resets or logouts. Despite being notified, Google has not responded to inquiries about this issue. … Read more
November 1, 2023 at 02:49PM Threat actors are targeting government, technical, and legal organizations globally by exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. The attacks have been ongoing since August 2023 and involve credential theft and lateral movement. The attacks are difficult to detect due to limited forensic evidence. … Read more
October 23, 2023 at 06:40PM Hackers breached the Okta support case management system, impacting 1Password. No user data from 1Password was compromised, but the breach involved an IT employee’s stolen session cookie. The threat actor attempted to manipulate authentication flows and gain unauthorized access. Okta confirmed the breach and both companies have taken steps to … Read more