Tag

Zeroday

All articles tagged with #zeroday

cybersecurity2 years ago•1 min saved

"New Malware Bypasses Password Changes by Exploiting Google OAuth to Hijack Accounts"

CloudSEK researchers have reverse-engineered a zero-day exploit that leverages an undocumented Google OAuth endpoint, 'MultiLogin,' to regenerate persistent Google cookies even after password resets. Initially discovered by a developer named PRISMA, the exploit has been used by various malware, including Lumma Infostealer and White Snake, to maintain access to Google services. The exploit manipulates token:GAIA ID pairs extracted from Chrome's token_service table, allowing attackers to persistently exploit user accounts. Google has not yet confirmed the exploitation of this vulnerability.

via Security Affairs|

##cloudsek #cybersecurity

technology-cybersecurity2 years ago•0 min saved

"Revealed: Advanced Zero-Day Exploits and Hidden Hardware Features in Global iPhone Hacking Campaign"

Russian cybersecurity experts have uncovered one of the most sophisticated hacking campaigns, believed to be orchestrated by U.S. intelligence agencies. This campaign utilized a series of 12 steps and four zero-day vulnerabilities to execute a zero-click hack on iPhones, enabling espionage activities against targets in several countries, including Russia, China, Syria, Israel, and NATO members. The revelation was made at a hacker conference and has raised significant concerns about the extent of U.S. cyber surveillance capabilities.

via Haaretz|

##cyberespionage #internationalspying

national-security-and-cybersecurity2 years ago•0 min saved

"Operation Triangulation: The Most Advanced iPhone Hack Exploiting Hidden Hardware Vulnerabilities"

At a hacker conference, Russian cybersecurity experts disclosed an intricate iPhone hack, believed to be orchestrated by U.S. intelligence agencies, to conduct espionage on high-profile targets across Russia, China, Syria, Israel, and NATO countries. This sophisticated cyber operation involved 12 steps and utilized four zero-day vulnerabilities, allowing for a zero-click intrusion into devices. The revelation comes amid heightened scrutiny over cybersecurity practices and international espionage, with India's Prime Minister Narendra Modi criticizing Apple for exposing new targets of the infamous Pegasus spyware.

via Haaretz|

##cyberespionage #iphonehack