September 30, 2024 at 08:30AM Attackers are increasingly using session hijacking to bypass MFA. Microsoft detected 147,000 token replay attacks in 2023, a 111% increase YoY. Modern session hijacking targets cloud-based apps, seeking to steal session material and bypass MFA. Phishing toolkits like AitM and BitM, as well as infostealers, are used to hijack sessions. … Read more
May 7, 2024 at 06:36AM Google has simplified the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. The update includes a new two-step method and removal of the need for less secure SMS-based authentication. Additionally, users can now disable 2FA without having their enrolled second steps automatically removed. Meeting Notes … Read more
April 3, 2024 at 10:15AM Google is testing Device Bound Session Credentials (DBSC) in Chrome to protect against session hijacking by malware. The feature binds authentication sessions to a device, disrupting cookie theft and making it harder to abuse stolen cookies. It uses a cryptographic approach and is initially rolled out to half of Chrome’s … Read more
January 18, 2024 at 11:03AM Infostealer malware poses a significant risk to corporate information security by stealing credentials, cookies, and other data, leading to data breaches and ransomware distribution. Leaked credentials from breaches and infostealers are a substantial threat, prompting organizations to monitor and defend against them. Flare offers a solution to detect and mitigate … Read more
November 22, 2023 at 12:36AM LockBit ransomware affiliates are actively exploiting a critical security flaw in Citrix NetScaler appliances to gain initial access to target environments. The flaw, known as Citrix Bleed, allows threat actors to bypass password requirements and multifactor authentication, enabling session hijacking and unauthorized access to data. The vulnerability, tracked as CVE-2023-4966, … Read more
November 21, 2023 at 05:39PM LockBit 3.0 ransomware affiliates are targeting the “Citrix Bleed” security vulnerability, prompting warnings from CISA and Citrix. The bug allows authentication bypass, giving threat actors access to user sessions and credentials. Citrix’s patch is not sufficient to protect against compromise. Organizations are advised to upgrade immediately and assess vulnerability. Thousands … Read more
November 4, 2023 at 12:30PM Okta attributes the recent hack of its support system to an employee who logged into a personal Google account on a company-managed laptop. The breach resulted in the theft of data from multiple Okta customers. The employee’s personal Google account credentials, including session tokens, were compromised, allowing the threat actor … Read more
November 4, 2023 at 05:24AM Identity and authentication management provider, Okta, reported a recent data breach that affected 134 out of its 18,400 customers. The breach occurred from September 28 to October 17, 2023, and resulted in unauthorized access to session tokens. The company revealed that 5 customers had their legitimate Okta sessions hijacked. Okta … Read more
November 3, 2023 at 10:53AM Okta recently disclosed that attackers gained unauthorized access to its customer support system from September 28 to October 17, 2023. Files belonging to 134 customers were compromised, and session hijacking attacks were carried out using stolen session tokens. The breach affected five customers, including 1Password, BeyondTrust, and Cloudflare. Okta took … Read more
November 3, 2023 at 10:24AM Okta recently revealed that attackers who breached their customer support system gained access to files belonging to 134 customers. Of those customers, five were targets of session hijacking attacks using stolen session tokens. Three of the affected customers, 1Password, BeyondTrust, and Cloudflare, reported the unauthorized activity after detecting login attempts … Read more