AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Cybersecurity emergency: Google cookies in the sights of hackers

Security experts alert: Google session data vulnerability under hacker attack

A report indicates that there is malware stealing Google session cookies to access user accounts. Even changing your password doesn't stop the attack. Google is working to fix the problem.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

A recent CloudSEK report echoes an evolved threat that worries cyber security experts: specific types of malware have targeted session cookies used by Google services. This data, usually used to keep users connected to their accounts, can be exploited to obtain unauthorized access, without the victim being aware. On the Telegram platform, a potentially malicious channel has spread information about this vulnerability, reinforcing the need for vigilant attention to digital security.

Malware and advanced attack strategies

Google's commonly trusted authentication mechanism is vulnerable to a particular attack method that appears to evade even the protection afforded by two-factor authentication. The technical analysis conducted on the malware algorithms illustrates a complex attack and the use of methods that strike depths of the security architecture, highlighting the ability of attackers to bypass traditional protection systems. Malware like Lumma has been updated to exploit these mechanisms, intensifying the risks for users.

Impact on user security

The danger of such an attack intensifies when it is realized that the compromise persists even after users have changed their login credentials. This gives attackers the ability to withhold access for extended periods, putting user data and privacy at risk. Google, the tech giant that develops the Chrome browser, is aware of this situation and is working to identify and protect compromised profiles.

Recommendations for data protection

For those who need to defend their personal data, the current advice is to follow Google's guidelines, eliminating malicious software and activating safe navigation systems. CloudSEK urges immediate logging out of all profiles in the event of a suspected compromise, as a precaution until Google implements permanent fixes. Furthermore, periodically updating passwords remains a recommended step, although this measure does not guarantee absolute protection against the most sophisticated attacks.

Follow us on Threads for more pills like this

01/13/2024 12:05

Editorial AI

Last pills

LockBit's response to FBI actionsLockBit's technological revenge: post-attack updates and awareness

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal group

Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal data

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at risk