technology-and-cybersecurity2.895 min read
"Protect Your Google Account: Expert Tips to Thwart MultiLogin Vulnerabilities and Malware Attacks"
2 years ago•Source: Forbes
Technology And Cybersecurity News
The latest technology and cybersecurity stories, summarized by AI
Featured Technology And Cybersecurity Stories
View original source
1.93 min•2 years ago
"Google Accounts at Risk: OAuth Flaws and Malware Enable Unauthorized Access"
A vulnerability in Google's OAuth protocol, named "MultiLogin," was exploited by a malware developer, allowing cyber-criminals to hijack Google accounts by synchronizing them across services. The exploit enables persistent access to Google services even after a password reset, by generating valid session cookies. Google has acknowledged the issue and taken steps to secure affected accounts, advising users to log out to invalidate stolen tokens and recommending the use of Enhanced Safe Browsing in Chrome for additional protection.
More Top Stories
2
"LastPass Mandates 12-Character Minimum for Master Passwords Post-Security Update"
BleepingComputer•2 years ago
3
More Technology And Cybersecurity Stories
"Securing Android Against Advanced Banking Threats That Evade Fingerprint Authentication"
Originally Published 2 years ago — by New York Post
Android users are being warned about the Chameleon banking trojan, a sophisticated malware that can bypass biometric security measures and steal PINs and banking information. The malware disguises itself as legitimate apps and can even circumvent Android 13's restricted setting feature. To protect against this threat, users should only download apps from official stores, keep their Android system updated, install reliable antivirus software, and avoid sideloading apps. If compromised, it's advised to change passwords using another device, use identity theft protection services, contact banks, alert contacts, and consider restoring the device to factory settings.
"Google Patches Up Almost 100 Security Flaws in Android Update"
Originally Published 2 years ago — by WIRED
December saw a flurry of security updates across major tech firms. Apple patched iOS vulnerabilities, including a WebKit browser engine flaw and a Kernel issue, and added protections against a Bluetooth-based attack. Google addressed nearly 100 security issues in Android, including critical Framework and System flaws, and patched an exploited Chrome zero-day vulnerability. Microsoft's Patch Tuesday was lighter, focusing on over 30 vulnerabilities, including a spoofing issue in Power Platform Connector. Mozilla fixed 18 Firefox security issues, and Apache patched a critical Struts 2 framework flaw. Atlassian and SAP also released critical patches for their respective software, addressing RCE vulnerabilities and privilege escalation bugs.
"Operation Triangulation: Unprecedented iPhone Exploit Campaign Unveils Unknown Hardware Vulnerabilities"
Originally Published 2 years ago — by TechSpot
Kaspersky has uncovered details about "Triangulation," a highly sophisticated iOS spyware that exploited previously unknown Apple hardware features and zero-day vulnerabilities. The malware, which affected iPhones on iOS 15.7 and earlier, could activate without user interaction and access the device's physical memory, leaking sensitive data like microphone recordings and location. Although the latest Apple firmware patches these vulnerabilities, the origin and knowledge of the exploits used by the spyware remain a mystery, with some speculating on possible internal sources or reverse engineering by hackers. Apple has updated its devices to fix the security flaws, but the implications of the spyware's capabilities continue to raise concerns.
"Microsoft Shuts Down MSIX Protocol to Block Malware Exploits"
Originally Published 2 years ago — by TechRadar
Microsoft has taken action to disable the ms-appinstaller protocol handler by default due to its exploitation by hackers to deploy malware, including ransomware. The company observed four threat actors, including Storm-0569 and FIN7, using the handler to bypass security mechanisms and distribute malware through fake ads and phishing via Microsoft Teams. The handler is now disabled in App Installer version 1.21.3421.0 or higher to prevent further abuse. This follows previous incidents where MSIX files were used for malware distribution, highlighting ongoing cybersecurity challenges.
"Apple's Urgent Security Patch Fixes Pegasus Spyware Threat on iOS Devices"
Originally Published 2 years ago — by Haaretz
Apple has released an urgent update for all iPhone operating systems after researchers discovered a new security breach exploited by Israeli NSO's Pegasus spyware, prompting concerns about potential backlash from the United States.