Tag Archive for: discover

Hackers discover way to access Google accounts without a password

/in


Security researchers have uncovered a hack that allows cyber criminals to gain access to people’s Google accounts without needing their passwords.

Analysis from security firm CloudSEK found that a dangerous form of malware uses third-party cookies to gain unauthorised access to people’s private data, and is already being actively tested by hacking groups.

The exploit was first revealed in October 2023 when a hacker posted about it in a channel on the messaging platform Telegram.

The post noted how accounts could be compromised through a vulnerability with cookies, which are used by websites and browsers to track users and increase their efficiency and usability.

Google authentification cookies allow users to access their accounts without constantly having to enter their login details, however the hackers found a way to retrieve these cookies in order to bypass two-factor authentication.

The Google Chrome web browser, which is the world’s most popular with a market share greater than 60 per cent last year, is currently in the process of cracking down on third-party cookies.

“We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” Google said in a statement.

“Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.”

The researchers who first uncovered the threat said it “underscores the complexity and stealth” of modern cyber attack.

“This exploit enables continuous access to Google services, even after a user’s password is reset,” Pavan Karthick M, a threat intelligence researcher at CloudSEK, wrote in a blog post detailing the issue.

“It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.”

The security issue was detailed in a report, titled ‘Compromising Google accounts:…

Source…

Discover the Future of Cybersecurity at the 4th Annual Open Source Security Summit

/in


Join Brian Krebs, Rachel Tobac, and Zack Kass at the forefront of open source development with security industry leaders

SANTA BARBARA, Calif., November 27, 2023–(BUSINESS WIRE)–Bitwarden, the credential management leader, today announced the fourth annual Open Source Security Summit will take place on December 7, 2023. Headline speakers for this event include Brian Krebs, cybersecurity reporter and author of popular security and investigation site Krebs on Security, Zack Kass, AI advisor and the former Head of GTM at OpenAI, and Rachel Tobac, white hat hacker and CEO of SocialProof Security. The Summit brings together business leaders, industry visionaries, and technology users to chart a path forward and highlight the future of open source security solutions.

About the Open Source Security Summit

The free and virtual Open Source Security Summit is a forum to explore the intersection of open source and security. Building on the previous three Summits, this year’s event will continue the conversation with cross-industry experts and dive deeper into why open source solutions lead to better security outcomes, as well as how using open source tools can build trust with customers and consumers.

The event kicked off in 2020, with the conversation centered around cybersecurity and credential management – a critical first line of defense for individuals and companies to mitigate cyberattacks. Subsequent events expanded to cover the topic in-depth, with attendees and business stakeholders discussing their open source strategies, challenges, and efforts to make open source security understandable to both software developers and users.

About the Speakers

Brian Krebs, independent investigative journalist and founder of popular in-depth security and investigation site Krebs on Security, is the author of ‘Spam Nation’ and a former Washington Post reporter. During his time with the newspaper, he authored more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for washingtonpost.com and The Washington Post newspaper. His knowledge about computers and internet security is self-taught, which he credits to having direct access to some of the smartest minds on the…

Source…

UK election watchdog failed to discover system hack for 15 months

/in


The UK’s Electoral Commission today announced it suffered a cyberattack in August 2021, with attackers gaining access to registers that contained the names and addresses of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.

In a statement issued by the Electoral Commission via its website, the election watchdog said that although attackers first gained access to electoral registers and the commission’s email system in August, the hack wasn’t identified until October  2022, when the electoral body became aware of a suspicious pattern of log-in requests being made to its systems.

The commission said while it is “not able to know conclusively” what information had been accessed, the personal data most likely to have been accessible includes names, addresses, email addresses, and any other personal data sent to the commission by email or held on the electoral registers. Due to large parts of the UK’s electoral system still being paper based, however, “it would be very hard to use a cyber-attack to influence the [electoral] process.” The Commission also sought reassure those that might have been affected by the breach by noting that the hack will not impact an individual’s ability to take part in the democratic process or affect their current registration status or eligibility to vote.

“We regret that sufficient protections were not in place to prevent this cyber-attack. Since identifying it we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems,” Shaun McNally, the Electoral Commission chief executive, said in a statement.

In line with requirements under the law, McNally said the Electoral Commission notified the Information Commissioner’s Office (ICO) within 72 hours of identifying the breach and the ICO is currently investigating the incident.

“The Electoral Commission has contacted us regarding this incident and we are currently making enquiries,” a spokesperson for the ICO said in a statement. “We recognise this news may cause alarm to those who are worried they may be affected and we want to…

Source…

Security Researchers Discover Multiple Samsung Galaxy App Store Exploits, What You Need To Know

/in


S22 series 02

The key to any malware campaign is getting malicious code onto a target device, and often, attackers will use a legitimate app store as a vector. Samsung’s Android smartphones ship with the Google Play Store, which has hosted its fair share of malware over the years, as well as the less popular Galaxy App Store. Security researchers from NCC Group have detected a pair of flaws in Samsung’s app store that opened up devices to malware infection. The exploits have been patched, but outdated devices are still at risk.

Like the Play Store, Samsung’s Galaxy App Store has privileged access to the system, allowing it to install and update apps without forcing the user to jump through hoops. Samsung distributes many of its own apps and services via this store, and there are third-party apps listed. The first exploit (CVE-2023-21433) leverages installation intents, which were not handled in a safe way. With physical access to the device, an attacker could tell a device to download an app from the store and open it with no security checks. NCC released a proof-of-concept consisting of an ADB (Android Debug Bridge) command.

The second vulnerability (CVE-2023-21434) goes a step further, allowing the attacker to run arbitrary JavaScript code on the device. Again, this happens because the Samsung app store has special access to the system. The proof-of-concept provided by NCC is simply a hyperlink that loads malicious JavaScript. As it turns out, the only security on webviews in the Galaxy App Store is a filter that looks for the “player.glb.samsung-gamelauncher.com” domain. However, an attacker can simply add that as a subdomain to any site, and the phone will happily run the code.

Samsung CVE example
Replacing <host> with an attacker-controlled domain causes an unpatched Samsung to run any JavaScript present.

So, that’s not great, but there’s good news (and some bad news). NCC Group reported the issue to Samsung, and a new version of the Galaxy App Store (4.5.49.8) has been deployed this month to fix both flaws. In addition, new Google security measures in Android 13 will block these exploits. Unfortunately, only newer Samsung devices will ever see Android 13, so they could remain vulnerable at the system…

Source…