Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cookies. Show all posts
Rapid7
Cookies Data Theft LodaRat malware Rapid7

Guess Who's Back? LodaRAT, A Global Cybersecurity Threat



LodaRAT, a remote access tool active since 2016, has resurfaced in a new campaign that’s taking the cybersecurity world by storm. Originally designed for basic information theft, this tool has transformed into a sophisticated malware capable of carrying out global cyber-espionage operations. What’s alarming is that while LodaRAT hasn’t been updated since 2021, its reach and effectiveness have grown, making it a pressing concern for individuals and organisations worldwide.  

A Global Campaign with Far-Reaching Impact  

What sets this latest campaign apart is its global nature. Unlike previous efforts that targeted specific regions, LodaRAT is now aiming at victims across the world. Around 30% of related malware samples uploaded to VirusTotal came from the United States, suggesting widespread infection. This shift indicates that LodaRAT is no longer confined to limited geographic boundaries, and its operators are adapting to target more diverse networks and systems.  


How LodaRAT Works  

LodaRAT’s tactics have become more complex, allowing it to infiltrate systems and operate undetected. Its distribution relies on a mix of phishing emails, system vulnerabilities, and other malware like DonutLoader and Cobalt Strike. It also disguises itself as trusted software such as Skype, Discord, or Windows Update to trick users into installing it.  

Once installed, the malware carries out a variety of harmful activities, including:  

  • Spying on users by recording audio and video through webcams and microphones.  
  • Stealing credentials and cookies from popular browsers like Microsoft Edge and Brave.  
  • Disabling security measures such as the Windows Firewall to create backdoors.  
  • Spreading through networks, using SMB protocol exploits to infect other devices.  
  • Hiding its tracks by storing stolen data in concealed locations on the victim's system.  


Increased Risks for Organizations  

This new campaign has heightened risks for businesses and organisations. LodaRAT is capable of spreading within internal networks by exploiting specific vulnerabilities, particularly via port 445. This allows attackers to move laterally, targeting multiple devices in the same network. Such breaches can lead to stolen data, operational disruptions, and significant financial losses.  


Protecting Against LodaRAT 

To defend against LodaRAT, organisations and individuals need to take proactive measures:  

1. Strengthen security systems by using advanced endpoint protection tools.  

2. Monitor network activity to detect unusual behaviours that could indicate malware presence.  

3. Educate users on phishing tactics to prevent accidental downloads.  

4. Adopt strong authentication practices to make credential theft harder.  

5. Use tools like Rapid7’s Insight Agent to identify potential threats and weak points.  


The return of LodaRAT shows how minor tweaks to existing malware can make it highly effective. This campaign is a reminder that even older threats can evolve and remain dangerous. Staying vigilant and updating cybersecurity measures regularly are key to staying ahead of such attacks.  

By understanding how LodaRAT operates and taking the necessary precautions, organisations and individuals can better protect themselves in an increasingly complex digital ecosystem.  

Read more »
Online Security
cookie theft Cookies Cyber Security cybercriminals FBI Hacking https MFA Bypass Online Security

FBI Warns of Cybercriminals Stealing Cookies to Bypass Security

 

Cybercriminals are now targeting cookies, specifically the “remember-me” type, to gain unauthorized access to email accounts. These small files store login information for ease of access, helping users bypass multi-factor authentication (MFA). However, when a hacker obtains these cookies, they can use them to circumvent security layers and take control of accounts. The FBI has alerted the public, noting that hackers often obtain these cookies through phishing links or malicious websites that embed harmful software on devices. Cookies allow websites to retain login details, avoiding repeated authentication. 

By exploiting them, hackers effectively skip the need for usernames, passwords, or MFA, thus streamlining the process for unauthorized entry. This is particularly concerning as MFA typically acts as a crucial security measure against unwanted access. But when hackers use the “remember-me” cookies, this layer becomes ineffective, making it an appealing route for cybercriminals. A primary concern is that many users unknowingly share these cookies by clicking phishing links or accessing unsecured sites. Cybercriminals then capitalize on these actions, capturing cookies from compromised devices to access email accounts and other sensitive areas. 

This type of attack is less detectable because it bypasses traditional security notifications or alerts for suspicious login attempts, providing hackers with direct, uninterrupted access to accounts. To combat this, the FBI recommends practical steps, including regularly clearing browser cookies, which removes saved login data and can interrupt unauthorized access. Another strong precaution is to avoid questionable links and sites, as they often disguise harmful software. Additionally, users should confirm that the websites they visit are secure, checking for HTTPS in the URL, which signals a more protected connection. 

Monitoring login histories on email and other sensitive accounts is another defensive action. Keeping an eye on recent activity can help users identify unusual login patterns or locations, alerting them to possible breaches. If unexpected entries appear, changing passwords and re-enabling MFA is advisable. Taking these actions collectively strengthens an account’s defenses, reducing the chance of cookie-based intrusions. While “remember-me” cookies bring convenience, their risks in today’s cyber landscape are notable. 

The FBI’s warning underlines the importance of digital hygiene—frequently clearing cookies, avoiding dubious sites, and practicing careful online behavior are essential habits to safeguard personal information.
Read more »
Cyber Security
APT-29 CISA Cookies Cozy Bear Cyber Security

How F5 BIG-IP Cookies Are Being Exploited for Network Snooping: A CISA Warning

 



US Government's Cybersecurity and Infrastructure Security Agency released a warning regarding cyberattackers use of unencrypted cookies managed by the F5 BIG-IP Local Traffic Manager, by which they gather information about private networks. In this manner, these attackers identify the internal, non-public devices through the use of this cookie, thereby potentially targeting the vulnerabilities on that network. While CISA does not disclose who is behind this attack and for what reasons, the activity surely indicates serious threat potential to organisational security.

Confidence and Data Integrity Exposed

According to CISA's advisory, these cookies would probably allow attackers to understand the network structures and discover some areas where the attack can be performed. It is true that cybersecurity has compared with physical security, some delicate balances of trust on which companies dealing with sensitive information depend. The attackers may go through the data contained in these cookies while studying it and realise and use key resources in a network to escalate access or tamper with data.

Recommendations for the Protection of F5 BIG-IP Cookies

CISA recommends that all the organisations that use the F5 BIG-IP equipment encrypt those cookies. The encryption can be set up on these devices through HTTP profile settings so it can act as an added layer of protection against unauthorised access. CISA further recommends use of the BIG-IP iHealth diagnostic tool by F5, which conducts full system evaluation against potential weaknesses and vulnerabilities. The tool offers tailored recommendations for bettering security circumstances, including configuration issues or outdated code.

Warnings of Broader Cyber Threats

The U.S. and the U.K. cybersecurity agencies have simultaneously warned about the Russian-backed hacking group APT29, which is also known as Cozy Bear or Midnight Blizzard. This group has consistently targeted areas in the areas of diplomatic, defence, tech, and financial sectors to obtain sensitive foreign intelligence. APT29, which links back to Russia's Foreign Intelligence Service (SVR), practises low-key in conducting operations and utilises TOR and other tools of similar nature to mask its operations.

APT29: Tactics of Persistence, Stealth, Strategy

APT29's infrastructure is complicated, and the actors often lease servers through fake identities and low-reputation email addresses in North America. This makes detecting the activity in the network more challenging because it imitates legitimate network traffic. In addition to intelligence gathering, APT29 often tries to create enduring access within targeted systems through spear-phishing or exploiting widely known, but unpitched, vulnerabilities. Other notable vulnerabilities of interest recently include CVE-2022-27924 in Zimbra Collaboration and CVE-2023-42793, a TeamCity Server authentication bypass flaw that could help facilitate remote code execution.

Defending Against APT29 Threats

APT29 is famous for changing its tactics to evade detection and will destroy its infrastructure if it detects that it is under surveillance. To mitigate this, organisations are encouraged to implement and track baseline network activity, which makes it easier to recognize aberrant access patterns. The hackers' strategies include proxy networks and mobile and residential IP addresses to mirror legitimate users. Thus, companies should look at access attempts with a magnifying glass to identify deviations from normal behaviour.

Importance of Regular Security Patches

Tenable, a cybersecurity firm, claims that the only way to win against APT29 and other advanced persistent threats (APTs) is by having recent versions of the software. The main way of countering such attacks is by keeping security updates and patches on known vulnerabilities. Tenable Senior Research Engineer Satnam Narang said that the long-term targeting of organisations operating within the U.S. and Europe by APT29 underlines its foreign intelligence gathering and ensures long-term access to compromised systems.

It is a necessity both for the advisory put out by CISA and the joint bulletin by the U.S. and U.K. in light of the evolution of these threats. For organisations, keeping sensitive information safe and establishing trust becomes of utmost importance. The use of security measures like encrypting F5 BIG-IP cookies and keeping updated on threat intelligence can stop attackers from exploiting their weaknesses. Proactive defences have to be built up in these systems because they are becoming increasingly complex in nature and ensuring the integrity of data and avoiding malicious intrusion into it.


Read more »
Security
Brave Browser Cookies phishing Privacy Security

Brave Browser: The Secure and Private Way to Surf the Web

 



Data is more precious in today's digital world than ever. Companies are trying to collect as much as possible to sell it to third-party data brokers. Cybercrime is growing steadily and targeting unsuspecting victims. Addressing both issues is one of the reasons the more mindful browser, Brave, is integrating an array of features to keep data secure and private.

Another feature that differentiates Brave is that it has a built-in use of Brave Shields- the application engaged in blocking harmful elements that may track the behaviour of your browsing. In other types of browsers, users have to install third-party ad blockers. Brave Shields are installed directly in the browser and prevent intrusive ads and trackers from retrieving data regarding the activities you perform online.

It also solves a very common problem with ad blockers, which is that some websites break when the ads are blocked. To solve this issue, Brave replaces tracking codes with privacy-friendly alternatives while ensuring that the integrity of the webpage is maintained and your data is kept secure. As companies continue to devise new ways to hide trackers, Brave is countering this through CNAME uncloaking techniques by uncovering such hidden threats before they manage to collect data from you.

Blocking Cross-Site Cookies

Cookies are small files that download onto your computer, which track your surfing and, more often than not, targeted advertisements will follow you around the web. Cross-site cookies are blocked, by default, on Brave so websites cannot track movements from one site to the other. Brave provides temporary cookies for functionality, though without exposing any private data, for the occasional cookie-dependent website.

Phishing Protection with Google Safe Browsing

Though it puts much emphasis on privacy, Brave remembers security. It uses Google Safe Browsing, which won't enable a user to reach a phishing site or download harmful files. Being built upon Chromium, the same platform that Google Chrome runs on, Brave ensures users protection from known threats to their developers, hence making browsing safer.

While Google Safe Browsing is a service that compromises privacy within Google Chrome, it only serves Brave to block harmful websites without the collection of any personal data from browsing.

A Search Engine Respecting Your Privacy

Most search engines log your search history, accumulating information about the queries you made and selling that information to customise ads or even sell. In contrast, Brave Search does not collect, store, or share search queries when accessed through the browser. This is a completely private browser that does not believe in logging and selling your browsing habits. Additionally, Brave Search serves less biased results because it crawls the web itself rather than prioritising by SEO schemes or the behaviour of prior users.

Another advantage of Brave Search is that it can be utilised independently of the download of the Brave browser – so anyone can have private searches.

Inbuilt VPN and Firewall

It also has a built-in VPN and firewall from Brave, that's available on free trial for seven days, after which you can subscribe to it at $9.99 a month. This will ensure your activity is completely hidden from all the potential threats looking at you, and you won't let any malicious content get inside or leave your network. A VPN encrypts internet traffic so nobody can track your activity online, while the firewall keeps unwanted data from appearing in your system.

It's probably refreshing about Brave, considering it is committed to protecting personal data. Most companies have either policies or strategies that collect and sell a user's data. With Brave, what is striking is the no-sharing policy, full compliance with the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA), and as such, all users' benefit from strong data protection law, irrespective of their region.

For people who place importance on privacy and safety, Brave is a full answer. This is because the provider separates itself from the rest of the browsers by its focus on protecting the user from risks connected with the misuse of data or cybercrime through features like Brave Shields, cross-site cookie blocking, private search options, and built-in VPN and firewall services. These have extended to ensure that your web experience remains secure and private; from stopping trackers, malicious websites, and unwanted ads.


Read more »
Tracking
Apple Chrome Cookies Google Privacy Tracking

Google Delays Plan to Replace Cookies, Leaving Users and Industry in Limbo


In unexpected turn of events, Google has delayed its plan to replace tracking cookies in its Chrome browser, affecting its three billion users worldwide. The company had intended to transition to new, anonymised tracking methods to enhance user privacy, but these alternatives have faced regulatory and privacy challenges.

Cookie Controversy and Privacy Concerns

Originally, Google aimed to retire cookies and introduce Privacy Sandbox, which would use less invasive tracking methods by grouping users into like-minded cohorts. However, this initiative encountered significant pushback due to concerns over its effectiveness and potential industry impact. Critics argue that these new methods might still compromise user privacy and could harm the digital advertising ecosystem.

Google's Alex Cone, Product Manager for Privacy Sandbox, recently acknowledged the lack of progress, stating, “We’re at work on those [new] designs, and we’ll discuss those with regulators as we advance… there’s no new information to provide.” This indefinite delay has left many in the industry frustrated and uncertain about the future of digital tracking.

Reports indicate that Google is now in "damage control mode," attempting to soothe the industry's nerves. Meetings, forums, and panels have been held to address concerns, but concrete solutions remain elusive. Many ad tech executives feel like they're at the mercy of Google's decisions, which immensely impact their operations.

The Privacy Sandbox was seen as a necessary evolution from cookies, but now, with no clear timeline, the advertising industry is left in limbo. This delay means that the status quo of invasive tracking will continue for the foreseeable future, much to the dismay of privacy advocates.

Google vs. Apple: A Privacy Battle

The timing of these developments is noteworthy. Apple's recent ad campaign criticised Chrome's privacy practices, aligning closely with Google’s announcement of cookie delays. Apple has been a strong proponent of privacy, introducing features like App Tracking Transparency (ATT) that significantly restrict user tracking. The effectiveness of Apple's approach has been debated, with opt-in rates for tracking remaining low.

Google’s struggle with Privacy Sandbox could lead to similar outcomes as Apple’s ATT, where user tracking becomes more transparent but less prevalent. However, this shift requires careful consideration and regulatory approval, which is currently lacking.

The Future of Digital Tracking

The UK's Competition and Markets Authority (CMA) is closely watching Google's revised approach, emphasising the need for balanced solutions that protect consumers and market dynamics. The Electronic Frontier Foundation (EFF) has long advocated for banning behavioural advertising based on online activity, underscoring the urgent need for robust privacy legislation.

The advertising industry, having prepared for a post-cookie world, now faces uncertainty. Investments in Privacy Sandbox-related technologies may stall, and the transition to new tracking methods could be delayed indefinitely.

For Chrome users, this means continued exposure to current tracking practices, with no immediate improvements in privacy. Meanwhile, the digital advertising industry grapples with Google's unpredictable policy changes. As the debate over user privacy and tracking continues, the need for clear, effective, and timely solutions becomes ever more critical.

Read more »
Privacy
Android devices Browsers Cookies Data Storage Google Chrome junk files Mozilla Firefox Privacy

Why You Should Clear Your Android Browser’s Cache and Cookies



The web browsers of your Android devices, whether it's Google Chrome, Mozilla Firefox, or Samsung Internet, stores a variety of files, images, and data from the websites you visit. While this data can help load sites faster and keep you logged in, it also accumulates a lot of unnecessary information. This data buildup can potentially pose privacy risks.

Over time, your browser’s cookies and cache collect a lot of junk files. Some of this data comes from sites you’ve visited only once, while others track your browsing habits to serve targeted ads. For example, you might see frequent ads for items you viewed recently. Clearing your cache regularly helps eliminate this unnecessary data, reducing the risk of unknown data trackers lurking in your browser.

Though clearing your cache means you’ll have to log back into your favourite websites, it’s a small inconvenience compared to the benefit of protecting your privacy and freeing up storage space on your phone.

How to Clear Cookies and Cache in Google Chrome

To clear cookies and cache in Google Chrome on your Android device, tap the More button (three vertical dots) in the top right corner. Go to History and then Delete browsing data. Alternatively, you can navigate through Chrome’s Settings menu to Privacy and Security, and then Delete browsing data. You’ll have options under Basic and Advanced settings to clear browsing history, cookies and site data, and cached images and files. You can choose a time range to delete this data, ranging from the past 24 hours to all time. After selecting what you want to delete, tap Clear data.

How to Get Rid Of Unnecessary Web Files in Samsung Internet

For Samsung Internet, there are two ways to clear your cookies and cache. In the browser app, tap the Options button (three horizontal lines) in the bottom right corner, then go to Settings, and select Personal browsing data. Tap Delete browsing data to choose what you want to delete, such as browsing history, cookies, and cached images. Confirm your choices and delete.

Alternatively, you can clear data from the Settings app on your phone. Go to Settings, then Apps, and select Samsung Internet. Tap Storage, where you’ll find options to Clear cache and Clear storage. Clear cache will delete cached files immediately, while Clear storage will remove all app data, including cookies, settings, and accounts.

How to Declutter in Mozilla Firefox

In Mozilla Firefox, clearing cookies and cache is also straightforward. Tap the More button (three vertical dots) on the right of the address bar, then go to Settings and scroll down to Delete browsing data. Firefox offers options to delete open tabs, browsing history, site permissions, downloads, cookies, and cached images. Unlike Chrome, Firefox does not allow you to select a time range, but you can be specific about the types of data you want to remove.

Firefox also has a feature to automatically delete browsing data every time you quit the app. Enable this by going to Settings and selecting Delete browsing data on quit. This helps keep your browser tidy and ensures your browsing history isn’t accessible if your phone is lost or stolen.

Regularly clearing cookies and cache from your Android browser is crucial for maintaining privacy and keeping your device free from unnecessary data. Each browser—Google Chrome, Samsung Internet, and Mozilla Firefox—offers simple steps to manage and delete this data, boosting both security and performance. By following these steps, you can ensure a safer and more efficient browsing experience on your Android device.


Read more »
user consent
Apple CMA Cookies Digital Advertising Google Privacy user consent

Google Backtracks on Cookie Phaseout: What It Means for Users and Advertisers


 

In a surprising announcement, Google confirmed that it will not be eliminating tracking cookies in Chrome, impacting the browsing experience of 3 billion users. The decision came as a shock as the company struggled to find a balance between regulatory demands and its own business interests.

Google’s New Approach

On July 22, Google proposed a new model that allows users to choose between tracking cookies, Google’s Topics API, and a semi-private browsing mode. This consent-driven approach aims to provide users with more control over their online privacy. However, the specifics of this model are still under discussion with regulators. The U.K.’s Competition and Markets Authority (CMA) expressed caution, stating that the implications for consumers and market outcomes need thorough consideration.

Privacy Concerns and Industry Reaction

Privacy advocates are concerned that most users will not change their default settings, leaving them vulnerable to tracking. The Electronic Frontier Foundation (EFF) criticised Google’s Privacy Sandbox initiative, which was intended to replace tracking cookies but has faced numerous setbacks. The EFF argues that Google’s latest move prioritises profits over user privacy, contrasting sharply with Apple’s approach. Apple’s Safari browser blocks third-party cookies by default, and its recent ad campaign highlighted the privacy vulnerabilities of Chrome users.

Regulatory and Industry Responses

The CMA and the U.K.’s Information Commissioner expressed disappointment with Google’s decision, emphasising that blocking third-party cookies would have been a positive step for consumer privacy. Meanwhile, the Network Advertising Initiative (NAI) welcomed Google’s decision, suggesting that maintaining third-party cookie support is essential for competition in digital advertising.

The digital advertising industry may face unintended consequences from Google’s shift to a consent-driven privacy model. This approach mirrors Apple’s App Tracking Transparency, which requires user consent for tracking across apps. Although Google’s new model aims to empower users, it could lead to an imbalance in data access, benefiting large platforms like Google and Apple.

Apple vs. Google: A Continuing Saga

Apple’s influence is evident throughout this development. The timing of Apple’s privacy campaign, launched just days before Google’s announcement, underscores the competitive dynamics between the two tech giants. Apple’s App Tracking Transparency has already disrupted Meta’s business model, and Google’s similar approach may further reshape the infrastructure of digital advertising.

Google’s Privacy Sandbox has faced criticism for potentially enabling digital fingerprinting, a concern Apple has raised. Despite Google’s defense of its Topics API, doubts about the effectiveness of its privacy measures persist. As the debate continues, the primary issue remains Google’s dual role as both a guardian of user privacy and a major beneficiary of data monetisation.

Google’s decision to retain tracking cookies while exploring a consent-driven model highlights the complex interplay between user privacy, regulatory pressures, and industry interests. The outcome of ongoing discussions with regulators will be crucial in determining the future of web privacy and digital advertising.



Read more »
Technology
Chrome Cookies Google Online Privacy Technology

Third-Party Cookies Stay: Google’s New Plan for Web Browsing Privacy


Google no longer intends to remove support for third-party cookies, which are used by the advertising industry to follow users and target them with ads based on their online activity.

Google’s Plan to Drop Third-Party Cookies in Chrome Crumbles

In a significant shift, Google has decided to abandon its plan to phase out third-party cookies in its Chrome browser. This decision marks a notable change in the tech giant’s approach to user privacy and web tracking, reflecting the complexities and challenges of balancing privacy concerns with the needs of advertisers and regulators.

In a recent post, Anthony Chavez, VP of Google's Privacy Sandbox, revealed that the search and advertising giant has realized that its five-year effort to build a privacy-preserving ad-tech stack requires a lot of work and has implications for online advertisers, some of whom have been vocally opposed. 

“In light of this, we are proposing an updated approach that elevates user choice. Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing,” Anthony said.

For the time being, the Privacy Sandbox, a suite of APIs for online ad delivery and analytics that are intended to preserve privacy, will coexist with third-party cookies in Chrome.

The Initial Plan

Google’s initial plan, announced in early 2020, aimed to eliminate third-party cookies from Chrome by 2022. Third-party cookies, which are used by advertisers to track users across different websites, have been a cornerstone of online advertising. However, they have also raised significant privacy concerns, as they enable extensive tracking of user behavior without explicit consent.

Instead of dropping third-party cookie support in the Chrome browser next year - subject to testing that began in January - Google intends to give Chrome users the option of playing in its Privacy Sandbox or in the adjacent land of data surveillance, where third-party cookies support all manner of information collection.

It remains to be seen whether Chrome's interface for selecting between Privacy Sandbox and standard third-party cookies will be less confusing than the much-criticized "Enhanced ad privacy in Chrome" popup that announced the arrival of Privacy Sandbox APIs in Chrome last year.

Delays and Challenges

Despite the ambitious timeline, Google’s plan faced numerous delays. The company extended the deadline multiple times, citing the need for more time to develop and test alternative technologies. The complexity of replacing third-party cookies with new solutions that could satisfy both privacy advocates and the advertising industry proved to be a significant hurdle.

One of the key challenges was ensuring that the new technologies would not undermine the effectiveness of online advertising. Advertisers rely heavily on third-party cookies to target ads and measure their performance. Any replacement technology needed to provide similar capabilities without compromising user privacy.

Feedback from Stakeholders

Throughout the process, Google received extensive feedback from various stakeholders, including advertisers, publishers, and regulators. Advertisers expressed concerns about the potential impact on their ability to deliver targeted ads, while regulators emphasized the need for robust privacy protections.

In response to this feedback, Google made several adjustments to its plans. The company introduced new proposals, such as Federated Learning of Cohorts (FLoC), which aimed to group users into cohorts based on similar interests rather than tracking individual users. However, these proposals also faced criticism and skepticism from privacy advocates and industry experts.

The Decision to Abandon the Plan

Ultimately, Google decided to abandon its plan to phase out third-party cookies. Instead, the company will introduce a new experience that allows users to make an informed choice about their web browsing privacy. This approach aims to provide users with greater control over their data while still enabling advertisers to deliver relevant ads.

Read more »
VPN
Cookies Cyber Threats phishing Privacy Software VPN

Here’s Why You Shouldn’t Trust VPNs Blindly


 

In an era where we should be gravely concerned about online privacy and security, Virtual Private Networks (VPNs) have come through as indispensable tools for safeguarding digital identities. However, amidst the buzz of VPN advertisements promising invincibility against cyber threats, it's crucial to peel back the layers of misinformation and understand the realities of VPN capabilities.

A VPN, short for Virtual Private Network, encrypts internet traffic, creating a secure tunnel for data transmission. By masking users' IP addresses and their locations, VPNs offer concentrated anonymity and access to geo-restricted content. While these features provide a layer of protection, it's essential to acknowledge the limitations inherent in VPN technology.

Social Media Risks

Despite VPN encryption, personal information voluntarily shared on social media platforms remains vulnerable. From name and email address to posts and shares, users expose sensitive data, susceptible to exploitation by malicious actors. Enabling users to review privacy settings and exercise caution in sharing personal information is paramount in mitigating social media risks.

Phishing Scams

Phishing, a prevalent form of online scam, exploits human vulnerability rather than technical weaknesses. While VPNs can deter interception of internet traffic, they cannot thwart users from falling victim to phishing schemes. Combating phishing necessitates user education on identifying suspicious messages and exercising caution while sharing sensitive information online.

Harmful Software 

While some VPNs offer malware-blocking features, they are not comprehensive antivirus solutions. Collaborating VPNs with robust antivirus software enhances defence mechanisms against malware and viruses. Being careful while selecting reputable VPN providers and deploying supplementary security measures is imperative in maintaining your digital resilience.

Tracking Cookies Intrusions 

VPNs mitigate anonymity risks at the network level but fall short in combating tracking cookies embedded in web browsers. Regularly clearing cookies on devices mitigates privacy intrusions, albeit at the expense of convenience. Balancing privacy concerns with usability demonstrates the challenging endeavour in exploring the digital world safely. 

Online Accounts Digital Footprints 

Despite VPN usage, online activities remain traceable, particularly within centralised platforms like Google. Logging out from accounts during sensitive transactions and diversifying usage of privacy-focused services minimise digital footprints. Embracing alternative platforms prioritising user privacy essentially presents a paradigm shift towards decentralised digital ecosystems.

VPNs serve as go-to tools for navigating online privacy and security. However, they are not reliable for all digital threats. We need to get a hold of VPN limitations and empower users to adopt a multifaceted approach to digital defence, integrating VPNs with supplementary security measures and prudent online practices.

By synthesising expert insights and user-centric perspectives, it's evident that coursing through the VPNs requires a nuanced understanding of both its offerings and constraints. 


Read more »
junk files
Android Browser Cche Cookies Cyber Security Cyberattacks CyberThreat Firefox Google Chrome junk files

Banish Browser Clutter: How to Easily Remove Junk Files on Android

 


A web browser on users' Android phones may collect data, such as cookies and cache, that can be useful, but can also be unwanted and may pose a security risk to their privacy. It is recommended that users clear these data regularly so that junk can be removed from their devices and that unknown data trackers will not be able to store extraneous information on their devices. 

It is important to know that cleaning cache and cookies depends on the type of browser users use, such as Google Chrome, Samsung Internet, or Mozilla Firefox. The process of clearing this data varies from browser to browser and usually involves entering the browser settings and choosing the data that users wish to delete. 

By clicking on the More button in Google Chrome and navigating to History, users can clear their browser's cookies and cache. Deletes can be done in a variety of ways with this browser, such as by deleting browsing history, cookies and site information, cached images and files, or selecting a time range during which they should be deleted. 

It is possible to delete browsing data, cookies, and cache on the Samsung Internet browser app or through the phone's settings menu, just as Samsung Internet offers similar options. As far as Mozilla Firefox is concerned, there are several ways to clear browsing data, including the Open tabs, Browsing History, Site Data, and Downloads folder, as well as the Cookies and Cached images and files. Most of the junk that builds up inside the device's cache and cookies is just plain junk. Some of it could have come from a single site a user visited. 

As a result of this tracking, some companies are showing their users advertisements based on the items they are buying or watching on the internet. Other companies are tracking their browsing history on an active basis, helping them show them advertisements based on those items. As a result, it is essential to clear out the cache frequently. The tool enables users to remove any data they no longer need on their phone, especially if they have a cookie in their phone that contains a cookie from a known data tracker. 

Users will have to log back into some of their favourite websites after clearing the cache, but this is a small price to pay to make sure their phone does not accumulate unnecessary data by doing so. It is important to note that the steps vary slightly depending on the kind of phone and web browser that the user is using. 

In the Android version of Google Chrome, users can delete cookies and cache by first tapping the More button at the top right of the browser, which is indicated by a column of three dots. They can then tap History, and then they can delete their cookies and cache. Chrome users can also access this by clicking the Privacy and Security menu in their Chrome Settings. As well as removing browsing history, cookies, and site data, Chrome offers two advanced settings to clear users' cached files and images. 

The user can select which time ranges to delete from the drop-down menu when selecting whether he/she wants to delete the entire history or select a selection from anywhere within the past 24 hours to within the last four weeks. When users tap on the Advanced tab, users can also access additional options such as deleting saved passwords, auto-complete information for forms, and site settings. 

When they have selected the items they want to delete, tap the blue Clear data button at the bottom of the screen. If Chrome determines that certain websites are "important" to its users, they might receive a prompt asking them to confirm before clearing the cache, if Chrome deems that particular website to be "important" to the user. Similar to the Chrome browser for Android, the Mozilla Firefox Android app also allows users to clear their cache from within the application. 

It is possible to access this feature by tapping on the More button that is located to the right of the address bar, also indicated by three vertically aligned dots. In the Settings menu, tap the Delete browsing data option. Then scroll down and select the option. There is a lot of freedom in Firefox when it comes to the Delete browsing data menu compared to the other three browsers mentioned here, in that it allows users to delete all current open tabs, their browsing history, their site data, their permissions, and even their Downloads folder, along with their Cookies and Cached files and images. 

As with Chrome, users have the option to select a time range, however, they can be more specific regarding the type of data that they wish to remove, as opposed to merely picking a time range. As a bonus, Firefox also comes with an option that allows users not to retain their browsing data after they have signed up for the application but before they begin using it. 

There is an option within the Settings tab that instructs Firefox to delete any combination of these settings every time the user quits the browser. This will eliminate any combination of these settings every time the user quits the browser. If users want to remain tidy with their browser history, this functionality can be quite useful since they can avoid accidentally handing their browsing history over to a person who may have stolen the phone from them or gained access to it in some other way.
Read more »
Technology
Browser Chrome Cookies Google Technology

Google Disables 30 Million Chrome User Cookies


Eliminating Cookies: Google's Next Plan

Google has been planning to eliminate cookies for years, and today is the first of many planned quiet periods. About 30 million users, or 1% of the total, had their cookies disabled by the Chrome web browser as of this morning. Cookies will be permanently removed from Chrome by the end of the year—sort of.

Cookies are the original sin of the internet, according to privacy campaigners. For the majority of the internet's existence, one of the main methods used by tech businesses to monitor your online activity was through cookies. Websites use cookies from third firms (like Google) for targeted adverts and many other forms of tracking.

These are referred to as "third-party cookies," and the internet's infrastructure includes them. They are dispersed throughout. We may have sent you cookies if you visited Gizmodo without using an ad blocker or another type of tracking protection. 
Years of negative press about privacy violations by Google, Facebook, and other internet corporations in 2019 were so widespread that Silicon Valley was forced to respond. 

Project: Removing third-party cookies from Chrome

Google declared that it was starting a project to remove third-party cookies from Chrome. Google gets the great bulk of its money from tracking you and displaying adverts online. Since Chrome is used by almost 60% of internet users, Google's decision to discontinue the technology will successfully eliminate cookies forever.

First of all, on January 4, 2023, Google will begin its massive campaign to eradicate cookies. Here's what you'll see if you're one of the 30 million people who get to enjoy a cookieless web.
How to determine whether Google disabled your cookies

The first thing that will appear in Chrome is a popup that will explain Google's new cookie-murdering strategy, which it terms "Tracking Protection." You might miss it if, like many of us, you react to pop-ups with considerable caution, frequently ignoring the contents of whatever messages your computer wants you to read.

You can check for more indicators to make sure you're not getting a ton of cookies dropped on you. In the URL bar, there will be a small eyeball emblem if tracking protection is enabled.

If you wish to enable a certain website to use cookies on you, you can click on that eyeball. In fact, you should click on it because this change in Chrome is very certain to break some websites. The good news is that Chrome has a ton of new capabilities that, should it sense a website is having issues, will turn off Tracking Protection.

Finally, you can go check your browser’s preferences. If you open up Chrome’s settings, you’ll find a bunch of nice toggles and controls about cookies under the “Privacy and security” section. If they’re all turned on and you don’t remember changing them, you might be one of the lucky 30 million winners in Google’s initial test phase.

Google is still tracking you, but it’s a little more private

Of course, Google isn’t about to destroy its own business. It doesn’t want to hurt every company that makes money with ads, either, because Google is fighting numerous lawsuits from regulators who accuse the company of running a big ol’ monopoly on the internet. 

You can now go check the options in your browser. The "Privacy and security" area of Chrome's settings contains a number of useful toggles and controls regarding cookies. If all of them are on and you don't recall turning them off, you could be among the fortunate 30 million individuals who won in Google's initial test phase.

You are still being tracked by Google, but it's a little more discreet

Naturally, Google has no intention of ruining its own company. It also doesn't want to harm other businesses that rely on advertising revenue, as Google is now defending itself against multiple cases from authorities who claim the corporation has a monopoly on the internet.






Read more »
malware
Browser Cookies Cyber Attacks Cybersecurity Google Account malware

Cookie Intrusion: Urgent Warning as Malware Targets Google Accounts

 


In a chilling development on the cybersecurity front, a potent new malware strain has emerged, employing an unconventional tactic to infiltrate Google accounts. This intricate risk leverages cookies, typically used for benign website functionality, as a gateway for unauthorised access. Cybersecurity professionals are alarmed by the ingenuity displayed by the perpetrators of this novel attack method. Exploring the digital world demands a heightened sense of vigilance. Whether you're an individual safeguarding personal data or an organisation securing critical information, staying alert is key to warding off these sneaky cyber threats. 

Browser cookies serve the practical purpose of remembering actions on websites, but they also pose security risks. While Google Chrome addresses third-party cookies, a recent vulnerability exposes Google accounts to potential compromise. Malicious groups are actively selling an exploit that enables unauthorised access, bypassing passwords and two-factor authentication. Discovered in October 2023, Google is diligently addressing the identified issue through reverse engineering methodologies. 

This zero-day exploit allows cybercriminals to retrieve session cookies, a critical element in Google's login authentication. Even after users change passwords, this vulnerability remains a threat. The exploit was initially disclosed by an entity known as PRISMA, leading to subsequent investigations. Google acknowledges the issue and advises affected users to sign out on compromised devices for added security. To counter such threats, users are also encouraged to enable Enhanced Safe Browsing in Chrome, offering protection against phishing and malware downloads. 

The discovery of a zero-day vulnerability in session cookies has given rise to a concerning scenario, as at least six malware developers actively exploit this weakness. Detecting compromise in such cases is not immediate, emphasising the need for heightened user awareness and proactive security measures. Here's a detailed guide to fortify your defences: 

 1. Clear Browser Cookies: 

 Begin by regularly clearing your browser cookies. This minimises the chances of unauthorised access through compromised session cookies. 

 2. Unlink Google Account from Unused Devices: 

 Take a moment to review and unlink your Google account from devices that are infrequently or no longer used. This severs potential access points for malicious actors. 

 3. Google Chrome Users, Stay Alert: 

 Google Chrome users should be particularly vigilant. If you notice any unusual activity on your Google account, consider it a potential red flag. Swiftly changing your password adds an extra layer of security. 

 4. Immediate Password Change: 

 In the event of abnormal account behaviour, do not hesitate to change your password promptly. This proactive step helps thwart unauthorised access and safeguards your account. 

 5. Regular Security Checks: 

 Incorporate regular security checks into your online routine. Be mindful of any notifications or alerts from Google regarding your account activity. 

 6. Stay Informed: 

Stay abreast of cybersecurity developments. Keep an eye on reputable sources for updates and insights into emerging threats, ensuring you remain informed and equipped to protect your digital assets. 

By implementing these proactive measures, users can significantly reduce the risk of falling victim to exploits targeting session cookies while bolstering the overall security of their Google accounts.



Read more »
SpyCloud
cookie theft Cookies Cyber Security CyberCrime Infostealer MFA session cookies SpyCloud

Stolen Session Cookies Turns Into the Next Cyber Threat


According to the recent Identity Exposure Report by SpyCloud, 87,000 credentials linked to Fortune 1000 C-level executives were recovered from the criminal underworld, in year 2022. Security leaders across organizations continue to live in constant terror of becoming a victim of a cyberattack and for good reason.

Cybercriminals can access networks and commit crimes including fraud, session hijacking, account takeover, and attacks with ransomware using exposed assets, such as usernames and passwords. Even though companies focus on enhancing their security tactics, like adding user authentication such as multifactor authentication and passkeys, criminals too put efforts into constantly being better in their crimes to bypass these high-end security barriers. One such method used commonly by threat actors includes using stolen active session cookies to commit session hijacking, which defeats the effectiveness of the conventionally employed safeguards.

In order to better their network defense and safeguard their customers, organizations and security experts must have a better understanding of the criminals’ methodologies to commit cybercrimes, like how they utilized stolen data for their profit.

Session Cookies 

Session cookies are present all over the online space, from websites to applications that assign a cookie or token to identify their users. The series of characters used in the process is further stored on the device, making re-access easier for the user. 

While this function provides personalized and smooth experience to users, this could be harmful if the data falls into the wrong hands. Using infostealer malware, cybercriminals can exfiltrate cookies and a variety of other data types from infected computers and implant them into browsers that cannot be easily detected, giving them the ability to pose as authentic users in a process known as session hijacking.

Impersonating as a legit user, a threat actor can thus freely navigate over the network committing fraud, helping a ransomware attack, stealing important company data, and more. No matter how the user signed in—using a username and password, a passkey, or by successfully completing the multifactor authentication (MFA) requirements—a session cookie will still confirm the user's identity.

Due to its difficult-to-detect nature, low cost of acquisition (normally available online for only a few dollars online/month), and regular success in stealing cookies and other recent, high-quality data has made infostealer quality soar. 

Protecting Businesses and Their Customers

According to SpyCloud data, cookie theft by cyber thieves is already fairly frequent, with over 22 billion device and session cookie records seized by criminals last year. This entry point will expand because fraudsters are having great success accessing accounts and businesses via these cookies. For organizations trying to preserve their bottom line, having a strategy to proactively disrupt criminal operations is a vital requirement.

The recently developed malwares are difficult to be detected, considering their well-crafted designs. Common infostealers frequently leave little to no evidence of infection on the victim's device and exfiltrate sensitive data in a matter of seconds.

However, there are certain measures organizations can adopt in order to evade any risk from this malware as listed below: 

  • Educating employees about these threats has become crucial. Employees can alone reduce total malware exposure by identifying phishing attempts, exercising caution while using unmanaged or poorly maintained devices to access corporate systems and networks, not sharing passwords, and being aware of potentially harmful email attachments, websites, and downloads.
  • The risk of session hijacking is decreased by removing "remember me" settings on platform login pages and regularly eliminating browser cookies, ensuring that thieves can't access active session cookies even in the event of malware infection. 
  • Security teams can obtain a comprehensive understanding of the compromised devices and data threatening their firms by using darknet data that has been ingested, vetted, and evaluated. Teams can invalidate open session cookies, reset the exposed application information, and patch any remaining vulnerabilities with this insight. By addressing the threat of stolen data before it escalates into a full-blown security issue, this strategy lessens the harm to enterprises.  

Read more »
Phishing Attack
Cookies Dark Web Data Breach FBI Malicious Software NCA Phishing Attack

Operation Cookie Monster Shuts Down a Global Dark Web Marketplace



A multinational coalition of 17 law enforcement agencies has cracked down on the largest illicit dark web market in the world in an extensive operation dubbed Operation Cookie Monster. Thousands of stolen identities and online login passwords that were being sold on the marketplace were found thanks to this international investigation. The FBI and Dutch National Police-led operation has significantly hindered global efforts to combat cybercrime.

The platform in question was Genesis Market, founded in 2018, which harvested data from malicious software deployed by hackers into computer networks. It advertised and sold stolen data such as usernames, passwords, bank account details, and device fingerprints like computer and mobile phone identifiers. According to law enforcement agencies, the site had offered over 80 million account access credentials from more than 1.5 million compromised computers worldwide since its inception, including thousands of credentials stolen from over 460,000 devices that were advertised for sale when it was taken offline.

Rob Jones, Director General and Threat Leadership of Britain’s National Crime Agency (NCA) stated, "Behind every cybercriminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending. Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market.” 

The operation seized not only stolen identities but also browser fingerprints which can be used for identity theft. Louise Ferrett, an analyst at British cybersecurity firm Searchlight Cyber said that these browser fingerprints are harvested from computers infected with malicious software.

Europol’s Head of the European Cybercrime Centre Edvardas Å ileris said, "Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers.” 

The importance of this operation cannot be understated – it has set a valuable precedent for international cooperation in cybercrime-fighting initiatives. In addition to tracking down those responsible for malicious software deployment and identity theft activities on this platform, police have also taken measures to prevent future occurrences with preventative activity such as searches and arrests. 

While Operation Cookie Monster may have been successful in taking down one marketplace selling stolen identities, it is essential to remain vigilant against other forms of cybercrime that are still out there – such as hacking and phishing attacks – in order to ensure secure online transactions and prevent identity theft in the future.


Read more »
Vulnerable
Cookies Cyber Security Cyberattacks HIPAA Meta Pixel PHI PII Potential Threats Vulnerable

Consenting to Cookies is Not Sufficient

 


While most companies are spending a great deal of their time implementing cookie consent notices, it is becoming increasingly evident that the number and size of developments and lawsuits relating to privacy are on the rise. As a result, companies and their customers are rarely protected by these notices, which is not a surprise.  

It is undeniable that transparency is a worthwhile endeavor. But, the fact remains that companies can be vulnerable to several potential threats that are often beyond their direct control.   

For example, the recent lawsuits involving the Meta Pixel, which also affect many U.S. healthcare companies and are affecting many doctors, are an ideal example of this issue.    

The issue lies in the way websites are designed and built, which contributes to the problem. Except for a few of the biggest tech companies, all of the websites are built using third-party cloud services that are hosted on the web. Among the services offered here are CRM, analytics, form builders, and also trackers for advertisers that take advantage of these functions. Various third parties have a great deal of autonomy over these decisions. However, they are not regulated properly. 

Many kinds of pixels are available on the internet, and many of them serve some purpose. Usually, marketers use this type of data when they want to target advertisements to potential customers. In addition, they want to see how effective their ads are when it comes to reaching them. It is also imperative to note that, by using these trackers, highly specific and detailed personal data is also being collected. This data is being incorporated into existing data portfolios. 

Financial and Healthcare Data are Being Misused 

In most cases, the risks associated with visiting a healthcare website are much higher than when you are visiting any other website. Facebook is not a suitable place for you to share the medical conditions that you are researching with your friends who use that service. This data is not something that you want to be included in your social graph, and you do not want it added. Therefore, the crux of the issue in these lawsuits can be summarized this way: Protected Health Information (PHI) is protected by HIPAA (Health Insurance Portability and Accountability Act), which the actions described in the preceding sentence violate. Seeing digital advertising through the lens of healthcare can also shine a light on how troubling it can be when tracking is used. This is when viewed through the lens of advertising.   

As far as financial services are concerned, the same rules apply. A similar consequence may occur if an unauthorized party gains access to personally identifiable information (PII) or financial data, such as Social Security Numbers or credit card numbers, as well as other confidential data, and it is not handled correctly. This could have dire consequences. Privacy is crucial to safety. Details about your private life should be kept private for the right reasons. Modern advertising practices do not mesh well with these aspects of our lives, which are all significant.   

In addition to the Meta Pixel case, two other recent lawsuits provide us with a deeper understanding of how complex and broad the problem is, and how far it extends.  

Analyzing Sensitive Data From a Different Perspective 

In a recent lawsuit, Oracle was accused of trying to use the 4.5 billion records they currently hold as a proxy system for tracking sensitive consumer data. They have deliberately chosen not to share with any third parties. For comparison, the global population is 8 billion people. The concept of re-identification of de-identified data is far from an invention, but it serves as a clear example of why it matters so much to gather all these pieces of data, no matter how random they may seem. A person can infer most of the details of their life with almost astonishing accuracy. This is if they have access to enough data from Oracle, or whoever gets hold of the data. The data will end up being used in the same way in the end as this is a certainty. 

In a recent case, web testing tools were used to record the sessions of users on a website. This was so that they could see how well users navigated the site as they worked through the steps. As web developers and marketers, it is extremely common for them to use these tools to make their user interfaces more usable. 

In short, some companies are being accused of wiretapping under the Wiretap laws because they are using these tools to gather information. The reason for this is that these tools are capable of transmitting a considerable amount of information without the user's knowledge and the website owner's knowledge. It is inconceivable to believe that such a thing could happen. Even though this may seem like a minor issue, it is very clear once you look at it through the lens of sensitive data. 
Read more »
User Privacy
California Cookies Data Privacy Laws Employee Data Privacy User Privacy

California's Consumer Privacy Act has Been Updated

 

California's unique consumer privacy law was strengthened on January 1 as a result of a ballot initiative that 2020 voters endorsed. A new privacy law that puts new requirements on companies to make sure that employees have more authority over the gathering and utilization of their personal data takes effect this year.

What does California's Consumer Privacy Act imply?

In June 2018, Governor Brown signed the California Consumer Privacy Act (CCPA) into law. A ground-breaking piece of legislation, it imposes requirements on California businesses regarding how they acquire, use, or disclose Californians' data and gives the people of California a set of data rights equal to those found in Europe.

The California Privacy Rights Act (CPRA), which amends the historic California CCPA by extending its protections to staff, job seekers, and independent contractors, will go into effect on January 1, 2023, and firms that employ California residents must ensure they have taken the necessary steps to comply by that date.

An updated version of CCPA

Residents of California can ask for their data to be updated, destroyed, or not sold as a result. These standards now also apply to employers for the first time.

If you've noticed those boxes at the bottom of almost every website asking about your preferences for data privacy, you know the California privacy legislation has a significant impact. Employment lawyer Darcey Groden of Fisher Phillips predicts that it will also apply to employers.

While many businesses have the infrastructure in place to deal with customer data, attorney Darcey Groden noted that the employment connection is significantly more complex. In the job situation, there is just a lot of data that is continually being collected.

In most cases, you will need to account for your human resources file, health information, emails, and surveillance footage. This law is exceedingly intricate and it will be expensive to adhere to it. According to Zoe Argento, it will be particularly difficult for businesses that do not deal with consumers, for instance, businesses in the manufacturing and construction industries.

Companies with many employees and gathering a lot of data, like gig platforms, could also be significantly impacted. They normally do not have a privacy department, so this is quite new to them. Increased accountability around how some platforms use worker data to design their algorithm may result from more transparency.




Read more »
User Privacy
Chrome Extension Cookies data security Mobile Security User Privacy

Malicious Chrome Extensions Siphoning Data from 1.4 million Users

 

Threat analysts at McAfee unearthed five malicious Chrome extensions manufactured to track user's browsing activity and deploy code into e-commerce websites. 

With over 1.4 million installs, the malicious extensions can alter cookies on e-commerce platforms without the victim’s knowledge so that scammers can receive affiliate payments for the purchased products. The five malicious extensions that exploit affiliate marketing are as follows: 

• Netflix Party (800,000 downloads), 
• Netflix Party 2 (300,000), 
• Full Page Screenshot Capture (200,000), 
• FlipShope Price Tracker Extension (80,000), 
• AutoBuy Flash Sales (20,000). 

"The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole explained. "The latter borrows several phrases from another popular extension called GoFullPage."

All five extensions employ an identical methodology to target users. The web app manifest ("manifest.json" file), responsible for managing the extension behavior on the victim’s system, loads a multifunctional script (B0.js) that sends the browsing data to a domain the hackers' control (“langhort[.]com”). 

The data is deployed via POST requests each time the victim visits a new URL. The stolen data includes the URL in base64 form, the user ID, device location (country, city, zip code), and an encoded referral URL. The researchers also disclosed that the user tracking and code injection behavior resides in a script named ‘b0.js’, which contains many other functions as well. 

Additionally, the security firm identified the evasive mechanism that delays the malicious activity by 15 days from the time of installation of the extension to help keep its activity concerted and avoid raising red flags. 

McAfee recommends users extensively check extensions before installing them, even if they already have a large install base, and to pay close attention to the permissions the extensions ask for, such as the permission to run on any website the user visits. 

Last month, security researchers at Kaspersky estimated that more than 1.3 million users have been impacted by malicious browser extensions in just the first six months of this year alone. In fact, from January 2020 to June 2022, researchers unearthed that more than 4.3 million users had adware concealed in their browser extensions. Although Google is working rigorously to eliminate malicious extensions, new ones continue to pop up at a rapid pace.
Read more »
MFA
Botnet Cobalt Strike Cookies Data Breach Encryption Google Chrome MFA

Sophos: Employing Stolen Session Cookies to Navigate MFA & Access Networks

Hackers on the internet keep getting better. Stealing cookies from recently completed or ongoing web sessions is one new strategy they have been employing to avoid multi-factor authentication (MFA). 

Recently, Sophos researchers reported a new attack technique that is already becoming more prevalent. According to the researchers, the "cookie-stealing cybercrime spectrum" is vast, encompassing entry-level hackers as well as sophisticated rivals who employ a variety of strategies. 

On dark web forums, cybercriminals purchase stolen credentials in bulk or collect cookies. Because ransomware groups exploit genuine executables, both those that are already present and those that are added as tools, 'their operations may not be detected by simple anti-malware defenses.'

Cookie theft

Cookies are used by cloud infrastructures as well for user authentication. It's becoming simpler for entry-level attackers to engage in credential theft thanks to the malware-as-a-service sector. 

For instance, all they need to do is purchase a copy of an information-stealing Trojan like Raccoon Stealer to bulk collect information like cookies and passwords and then sell them on illicit markets like Genesis. Once this data is purchased, other criminals in the attack chain, such as ransomware developers, can search through it for anything they think would help their attacks. 

In contrast hand, in two of the most recent events that Sophos studied, the attackers adopted a more focused strategy. For one event, the hackers infiltrated a target's network for months in order to collect cookies from the Microsoft Edge browser. The attackers employed Cobalt Strike and Meterpreter activity to take advantage of a legal compiler tool in order to scrape access tokens after the initial penetration occurred via an exploit kit.

The attackers dropped a malicious payload that scraped cookie files for a week using a legal Microsoft Visual Studio component.

"Although mass cookie theft has been an issue, hackers are using a far more focused and efficient method to steal cookies. There is no limit to the kinds of nefarious activities attackers might engage in with stolen session cookies now that so much of the workplace is web-based. Hackers have the power to alter cloud infrastructures, corrupt corporate email, persuade other staff members to download malware, and even modify product code. Their own imagination is their only constraint," said Sean Gallagher, principal threat researcher at Sophos.

Cookies Access Systems Against Safety Protocols

According to Digital Trends, hackers are able to abuse different online tools and services as a result of cookie theft. This exploitation can occur in browsers, web-based programs, web services, malware-infected emails, and ZIP files. Since cookies are so popular, hacking with them is a sophisticated practice.

Sophos lists Emotet botnet as one cookie-stealing virus that preys on data in the Google Chrome browser. Acquiring data from credit cards and saved logins are the objectives. Even if the browser is encrypted and uses multifactor authentication, the Emotet botnet can still gather login information.

Ransomware organizations also gather cookies. As hackers exploit genuine executables that are both already present and ones that can bring with them tools, simple anti-malware defenses are unable to detect their actions, according to eSecurity Planet.

Read more »
Subscribe to: Posts (Atom)