Tag Archive for: changing

Google accounts may be vulnerable to new hack, changing password won’t help

/in


A new method allegedly enables hackers to exploit authorization protocol OAuth2 functionality to compromise Google accounts and maintain valid sessions by regenerating cookies despite IP or password reset.

According to security firm CloudSEK, a threat actor under the alias PRISMA boasted a potent zero-day exploit and developed a sophisticated solution to generate persistent Google cookies through token manipulation.

“This exploit enables continuous access to Google services, even after a user’s password reset,” the report reads.

OAuth 2.0 stands for “Open Authorization 2.0” and is a widely used protocol for securing and authorizing access to resources on the internet. It makes verifying user identity easy by tapping into their social media accounts, such as Google or Facebook.

CloudSEK’s threat research team identified the exploit’s root at an undocumented Google Oauth endpoint named “MultiLogin.” This is an internal mechanism designed for synchronizing Google accounts across services, which ensures that browser account states align with Google’s authentication cookies.

The developer of the exploit “expressed openness to cooperation,” which accelerated the discovery of the endpoint responsible for regenerating the cookies.

The exploit, incorporated in a malware called Lumma Infostealer on November 14th, boasts two key features: session persistence and cookie generation. To exfiltrate the required secrets, tokens, and account IDs, the malware targets Chrome’s token_service table of WebData of logged-in Chrome profiles.

“The session remains valid even when the account password is changed, providing a unique advantage in bypassing typical security measures,” the report quotes PRISMA. “The capability to generate valid cookies in the event of a session disruption enhances the attacker’s ability to maintain unauthorized access.”

Researchers noted a concerning trend of rapid exploit integration among various Infostealer groups. They think the exploitation of undocumented Google OAuth2 MultiLogin endpoint provides a textbook example of sophistication, as the approach hinges on a nuanced manipulation of the GAIA ID (Google Accounts and ID…

Source…

How Artificial Intelligence Is Changing Cyber Threats

/in


Person looking at a visualization of an interconnected big data structure.
Image: NicoElNino/Adobe Stock

HackerOne, a security platform and hacker community forum, hosted a roundtable on Thursday, July 27, about the way generative artificial intelligence will change the practice of cybersecurity. Hackers and industry experts discussed the role of generative AI in various aspects of cybersecurity, including novel attack surfaces and what organizations should keep in mind when it comes to large language models.

Jump to:

Generative AI can introduce risks if organizations adopt it too quickly

Organizations using generative AI like ChatGPT to write code should be careful they don’t end up creating vulnerabilities in their haste, said Joseph “rez0” Thacker, a professional hacker and senior offensive security engineer at software-as-a-service security company AppOmni.

For example, ChatGPT doesn’t have the context to understand how vulnerabilities might arise in the code it produces. Organizations have to hope that ChatGPT will know how to produce SQL queries that aren’t vulnerable to SQL injection, Thacker said. Attackers being able to access user accounts or data stored across different parts of the organization often cause vulnerabilities that penetration testers frequently look for, and ChatGPT might not be able to take them into account in its code.

The two main risks for companies that may rush to use generative AI products are:

  • Allowing the LLM to be exposed in any way to external users that have access to internal data.
  • Connecting different tools and plugins with an AI feature that may access untrusted data, even if it’s internal.

How threat actors take advantage of generative AI

“We have to remember that systems like GPT models don’t create new things — what they do is reorient stuff that already exists … stuff it’s already been trained on,” said Klondike. “I think what we’re going to see is people who aren’t very technically skilled will be able to have access to their own GPT models that can teach them about the code or help them build ransomware that already exists.”

Prompt injection

Anything that browses the internet — as an LLM can do — could create this kind of problem.

One possible avenue of cyberattack on…

Source…

How The Briansclub cm Hacking Incident Changing Cyber Security

/in


In the world of cybersecurity, it’s not a matter of if you’ll be hacked, but when. That’s why the recent Briansclub cm hacking incident has sent shockwaves through the industry. For those who don’t know, BriansClub was a notorious underground marketplace for stolen credit card data – until it was hacked earlier this year. But what makes this breach so significant is that it’s forcing cybersecurity experts to reevaluate their strategies and learn from past mistakes. In this blog post, we’ll explore how the Briansclub cm hacking incident is changing the game for cyber security experts and what lessons can be learned from this high-profile attack.

What is cm Hacking?

Cyber security experts are applauding a recent breakthrough in hacking techniques that researchers say could be used to penetrate networks more easily. Called cm hacking, the new method exploits vulnerabilities in computer code known as “bots.”

According to security researchers at French company Briansclub cm, attackers can use bots to remotely control infected machines and infiltrate networks. The technique works by exploiting known software vulnerabilities that allow an attacker to inject malicious code into a bot and then send it across the network. Once inside a targeted machine, the injected code can execute without being detected or stopped.

This type of attack is not new, but the ease with which attackers can use bots to spread malware has made it much more dangerous. Cyber security experts believe this technique could be used to launch massive cyber attacks by infecting millions of computers simultaneously.

This development has raised concerns about the future of cyber security and how we will be able to protect ourselves from large-scale attacks. Experts say we need to find ways to harden our systems against these types of attacks so that they are less susceptible to cm hacking.

The Briansclub Incident

In recent weeks, the Briansclub cm hacking incident has…

Source…

Ukraine’s year of war exposes changing roles for cyber weapons

/in


On the one-year anniversary of Russia’s invasion, Ukraine is commemorating horrific losses — and remarkable defiance.

The country’s fierce resistance on the battlefield has been echoed on the digital front — where Kyiv has unique experience. The conflict with Russia has become the world’s first full-scale cyberwar, but Ukraine was a test bed for digital weapons long before the invasion of 24 February, 2022. Since Putin’s troops began flooding across the border, the cyber tactics have shifted dramatically.

These developments have made Ukraine a bellwether for digital warfare. And to the surprise of analysts, cyber attacks have had a limited impact over the past year.

“We’re going to see cyber activity as a pre-emptive tactic to physical war.

In the lead-up to the invasion, cyber assaults were prominent. On 15 February, Russian hackers launched the most powerful DDoS attack in the history of Ukraine. A day before the full-scale invasion, several government and banking websites were struck once again.

Yet in the months that followed, reports of major cyberattacks declined. Zachary Warren, Chief Security Advisor EMEA at Tanium and a regular advisor to NATO, regards this as a portent for digital warfare.

“Moving forward, we’re going to see cyber activity as a pre-emptive tactic to physical war… it’s a tool to weaken a target before moving in,” he said.

Ukraine’s government, meanwhile, asserts that Russia’s targets have changed. In a January report, security officials said the cyberattacks initially centred on Ukraine’s communication department, which aimed to disrupt military and government operations. But after Russia’s first defeat at the front, the focus shifted to maximising damage to civilians.

Notably, the officials found that all the assaults had harnessed previously known techniques.

“The attacks used by Russia have long been categorised and have straightforward solutions for counteraction,” said the report’s authors.

Infographic detailing a cyber-overview of the conflict in 2022