We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

    • Tech/Science

    Google’s Surprising Security Advice for Gmail Users

    Jhon Posted on

    Google Offers Surprising Security Advice for Gmail Users

    Have you tried turning it off and on again? That was the go-to advice offered by the character of Roy, a long-suffering support technician, in the cult TV sitcom The IT Crowd, which ended in 2013. Now, Google is suggesting the same advice in 2024 for Gmail users following reports of a password change–resistant attack being exploited by information-stealing attackers.

    In an adversary intelligence analysis published December 29, CloudSEK researcher Pavan Karthick M detailed how Google accounts could be compromised by exploiting an undocumented authentication endpoint that is used for cross-services synchronization. Attackers were found to be using this to critically exploit session cookies used to log into Google users’ accounts without needing to enter credentials. This could then enable access to the security Holy Grail that is the Gmail inbox.

    The first mention of this exploit was on October 20 in a Russian-language Telegram channel. By November 14, however, it was known to have been included within malware being used by the Lumia criminal group and soon after adopted by other threat actors. As recently as December 27, threat actors have been seen on the dark web demonstrating the use of this exploit against Google account session cookies.

    So far, so “meh” from the security surprise perspective. After all, attackers have been using session cookie hijacks for the longest time. Well, not quite the longest time, as session cookies usually come complete with a timeout that prevents their continued use. This is where this particular exploit becomes interesting. According to the CloudSEK threat intelligence analysis, expired session cookies could be restored to allow continued and prolonged access by the attackers. Moreover, the research states that the exploit enables continuous access to Google services even after users reset their passwords.

    A Google spokesperson says the company is “aware of recent reports of a malware family stealing session tokens” and acknowledges that such attacks “involving malware that steal cookies and tokens”

    Tagged:

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    Jhon
    View all posts

    You Might Also Like