Cookies Exploit Allows Persistent Access After Password Reset

A Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts.
A developer, PRISMA, discovered a major Google cookie exploit in Oct 2023 that allows persistent access post-password reset.
A threat actor later integrated it into Lumma Infostealer, causing a ripple effect across malware groups.
Cybersecurity researchers at Cloudsek recently identified a new critical Google Cookies exploit that enables threat actors to persistently gain Google access after a password reset.
Malware reverses to target Chrome's WebData token service table that helps in extracting:-.
The table holds crucial columns like:-.
Chromium's source code unveils the MultiLogin endpoint, an internal sync mechanism for Google accounts.
It aligns browser account states with Google's authentication cookies for a consistent user experience.
Several attempts were made to locate it using Google Dork, but all of them were unsuccessful.
The MultiLogin endpoint manages simultaneous sessions by accepting account IDs and auth-login tokens.
This undocumented MultiLogin endpoint, a crucial part of Google's OAuth system, allows for the regeneration of cookies.
Lumma's sophisticated approach involves encrypting the token: GAIA ID pair, blackboxing the exploit and adding secrecy to its core mechanics.
Black boxing serves two purposes, and here we have mentioned them:-.
Lumma's sophisticated exploit manipulates the token: GAIA ID pair, enabling continuous cookie regeneration for Google services.
Alarming is its persistence post-password reset, which allows:-.
Encrypting the key component signals a shift towards advanced, stealth-focused cyber threats, highlighting the stealth and protection of exploit methodologies in malware development.


This Cyber News was published on gbhackers.com. Publication date: Wed, 03 Jan 2024 15:43:04 +0000


Cyber News related to Cookies Exploit Allows Persistent Access After Password Reset

What Are the Cybersecurity Threats When Allowing Third-Party Cookies on Mac? - Let's explore the dangers of allowing third-party cookies on a Mac. Let's learn what third-party cookies are. Third-party cookies are small files that websites use to track your activity. These cookies can follow you across multiple sites, gathering ...
5 months ago Securityboulevard.com
Cookies Exploit Allows Persistent Access After Password Reset - A Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts. A developer, PRISMA, discovered a major Google cookie exploit in Oct 2023 that allows ...
11 months ago Gbhackers.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
6 months ago Cyberdefensemagazine.com
Malware abuses Google OAuth endpoint to 'revive' cookies, hijack accounts - Session cookies are a special type of browser cookie that contains authentication information, allowing a person to automatically log in to websites and services without entering their credentials. These types of cookies are meant to have a limited ...
11 months ago Bleepingcomputer.com
CVE-2024-36950 - In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until ...
6 months ago Tenable.com
Vesta Admin Panel Vulnerability Allows Complete Linux Server Takeover - This alarming exploit leverages weaknesses in the password reset mechanism, posing a severe risk to users relying on Vesta for server management. According to the Fortbridge report, the core of the vulnerability lies in using the bash $RANDOM ...
2 months ago Cybersecuritynews.com
Password Advice for the Rest of Us - Cisco Blogs - The key function you’re wanting out of a password manager is the ability to create passwords that are at least twenty (20) characters long, with all the typical mix of letters, numbers and symbols, as well as the ability to create a unique password ...
2 months ago Feedpress.me
Securden Password Vault Review 2024: Security, Pros & Cons - Securden Password Vault is a password management solution geared towards supervising multiple accounts and sensitive login credentials. Yes, Securden Password Vault can be accessed for free. If you're looking for an enterprise-level password solution ...
10 months ago Techrepublic.com
Understand the pros and cons of enterprise password managers - To counter these threats, corporate IT security teams are turning to business-grade password managers to help centralize and streamline password and credential management. A password manager is a credential vault that gives IT teams a unified digital ...
10 months ago Techtarget.com
6 Best Enterprise Password Managers for 2024 Rated - Password managers are security tools that store, manage, and share authorization credentials safely for individual users and groups. In this article, I evaluate the top password managers and their ability to deliver and support solutions for ...
9 months ago Esecurityplanet.com
News agency AFP hit by cyberattack, client services impacted - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Out of these cookies, the cookies ...
2 months ago Securityaffairs.com
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
2 months ago Securityaffairs.com
CVE-2024-35931 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
UMC Health System diverted patients following a ransomware attack - US healthcare provider UMC Health System had to divert patients due to a network outage caused by a ransomware attack. Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal ...
2 months ago Securityaffairs.com
How to Share a Wi-Fi Password: A Step-by-Step Guide - You can unsubscribe at any ...
2 months ago Techrepublic.com
Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
10 months ago Bleepingcomputer.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
9 months ago Techrepublic.com
Latest Information Security and Hacking Incidents - Google has been planning to eliminate cookies for years, and today is the first of many planned quiet periods. About 30 million users, or 1% of the total, had their cookies disabled by the Chrome web browser as of this morning. Cookies will be ...
11 months ago Cysecurity.news
Lumma malware can allegedly restore expired Google auth cookies - The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing ...
1 year ago Bleepingcomputer.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
1 year ago Bleepingcomputer.com
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
10 months ago Techrepublic.com
Rhadamanthys information stealer introduces AI-driven capabilities - The malware allows operators to harvest a broad range of information, including system information, credentials, cryptocurrency wallets, browser passwords, cookies, and data stored in various applications. “This allows Rhadamanthys to extract ...
2 months ago Securityaffairs.com
CVE-2024-23648 - Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique ...
10 months ago
CVE-2022-41933 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki ...
1 year ago
CVE-2023-35934 - yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)