New Chrome feature aims to stop hackers from using stolen cookies

April 2, 2024 at 02:13PM Google has unveiled a new Chrome security feature called Device Bound Session Credentials (DBSC), which cryptographically binds authentication cookies to a specific device, preventing hackers from stealing them for account hijacking. This enhanced security measure effectively thwarts cookie theft malware and is expected to be supported by half of Chrome … Read more

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

January 3, 2024 at 08:36AM Malware utilizing an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions, allowing continuous access to Google services even after a password reset. Threat actor PRISMA first revealed the technique, which has been incorporated into various malware-as-a-service (MaaS) stealer families. Google acknowledges the attack and advises users to log … Read more