September 30, 2024 at 08:30AM Attackers are increasingly using session hijacking to bypass MFA. Microsoft detected 147,000 token replay attacks in 2023, a 111% increase YoY. Modern session hijacking targets cloud-based apps, seeking to steal session material and bypass MFA. Phishing toolkits like AitM and BitM, as well as infostealers, are used to hijack sessions. … Read more
July 31, 2024 at 12:43PM Google is bolstering Chrome’s security for Windows users by implementing app-bound encryption to protect sensitive data like session cookies from infostealer malware. This new encryption method links data to specific apps and requires system privileges, making it harder for attackers to steal user data. Google plans to expand this encryption … Read more
November 22, 2023 at 05:00PM The Lumma information-stealer malware, also known as LummaC2, claims to have a new feature that can restore expired Google cookies, allowing cybercriminals to hijack Google accounts. The feature is only available to subscribers of the highest-tier plan, costing $1,000/month. While this capability has not been verified by security researchers or … Read more
November 21, 2023 at 02:35PM The Lumma malware, known as LummaC2, is advertising a new feature that claims to restore expired Google cookies. These cookies can be used to gain unauthorized access to Google accounts. The feature is available to subscribers of the high-tier “Corporate” plan, which costs $1,000/month. The legitimacy of this feature has … Read more
October 25, 2023 at 11:30AM A proof-of-concept exploit has been released for the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) allowing attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. The vulnerability was previously abused as a zero-day in limited attacks and Citrix has urged administrators to patch the flaw immediately. The … Read more