#AuthenticationMechanism

PayPal files patent for new method to detect stolen cookies

by

February 25, 2024 at 11:08AM PayPal has filed a patent for a method to detect stolen “super-cookies,” aiming to enhance cookie-based authentication and prevent account takeover attacks. It deals with the risk of hackers using stolen cookies for unauthorized logins. The patent outlines a system to calculate fraud risk scores and manage authentication requests, ensuring … Read more

Google Kubernetes Clusters Suffer Widespread Exposure to External Attackers

by

January 25, 2024 at 11:55AM A loophole in Google Kubernetes Engine (GKE) authentication allows external attackers with Google accounts to access private Kubernetes clusters, posing serious security risks. Orca Security discovered the issue, named Sys:All, which grants unauthorized access by mistakenly binding overly permissive roles to the “system:authenticated” group. Google has taken steps to mitigate … Read more