Security experts at CloudSEK have reportedly identified a new form of malware that exploits third-party cookies to gain unauthorized access to Google accounts without requiring a password.
independent person report This alarming security breach was first announced by hackers on their Telegram channel in October 2023, exploiting a vulnerability in third-party cookies. Specifically, it targets the Google authentication cookie, which is typically used to streamline user access without repeated logins.
Hackers have devised ways to extract these cookies, allowing them to bypass password-based security and even two-factor authentication mechanisms to gain access to user accounts.
This exploit poses a significant risk to all Google accounts, as it allows continued access to Google services even after a user's password has been changed.Ann analysis Cybersecurity firm CloudSEK suggests that multiple hacker groups are actively experimenting with this technique.
“Microsoft's security flaws allowed hackers to access sensitive information in corporate and government email systems.” https://t.co/zaNph3cBf1
— Breitbart News (@BreitbartNews) October 23, 2023
This exploit is especially dangerous because Google Chrome, one of the world's most popular web browsers, is widely used and allows users to log into their browser “profiles” with their Google account.
In response to this threat, Google released a statement highlighting its efforts, saying:
In this case, Google took steps to protect the compromised accounts that were detected. ” It also advises users, “We recommend that you continue to take steps to remove malware from your computer and enable Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.” I am.
Ransomware attacks have become a growing problem in recent years, with hackers costing schools $3.56 billion in losses and downtime in 2021 alone, according to a new report. https://t.co/GDzgt3sZCP
— Breitbart News (@BreitbartNews) June 28, 2022
Pavan Karthick M, threat intelligence researcher at CloudSEK, explains this issue in detail in the following article: blog posthighlighted how dangerous this new hacking technique is, stating, “This exploit allows continued access to Google services even after a user's password has been reset.
This highlights the need to continually monitor both technological vulnerabilities and human sources to stay ahead of emerging cyber threats. ”
read more independent person here.
Lucas Nolan is a reporter for Breitbart News covering free speech and online censorship issues.
