Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

Infostealers such as Lumma and Rhadamanthys have integrated the generation of persistent Google cookies through token manipulation. [TechWeb]( Follow Dark Reading: [RSS]( January 03, 2024 LATEST SECURITY NEWS & COMMENTARY [Attackers Abuse Google OAuth Endpoint to Hijack User Sessions]( Infostealers such as Lumma and Rhadamanthys have integrated the generation of persistent Google cookies through token manipulation. [Cybercriminals Share Millions of Stolen Records During Holiday Break]( The "Leaksmus" event on the Dark Web exposed some 50 million records containing sensitive information from people all around the world. [10 Years After Yahoo Breach, What's Changed? (Not Much)]( Yahoo customers suffered the largest data breaches in history by some measures. But a decade on, experts warn, we still haven't learned our lesson. [Google Settles Lawsuit Over Tracking 'Incognito Mode' Chrome Users]( Google tracked privacy-conscious Internet users, and now it's paying for it. [Cyberattackers Target Nuclear Waste Company via LinkedIn]( The hackers were unsuccessful in their attempt, but this is not the first time the company has experienced this kind of attack. [Startups Scramble to Build Immediate AI Security]( AI may be inherently insecure, but only a handful of startups have put forward real visions to mitigate AI's threats and keep data private. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['Operation Triangulation' Spyware Attackers Bypass iPhone Memory Protections]( The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures. [Skynet Ahoy? What to Expect for Next-Gen AI Security Risks]( The innovation that ChatGPT and other LLMs demonstrate is a good thing, but safeguards and other security frameworks must keep pace. [In Cybersecurity and Fashion, What's Old Is New Again]( What a recent rise in DDoS attacks portends — and how to prepare for 2024. [MORE]( PRODUCTS & RELEASES [Palo Alto Networks Closes Talon Cybersecurity Acquisition]( [Ransomware Attacks in November Rise 67% From 2022]( [SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [I Securely Resolve: CISOs, IT Security Leaders Share 2024 Resolutions]( As cybersecurity leaders confront ever more complex challenges, the new year offers security leaders a chance to strategically reevaluate and plan for 2024. LATEST FROM THE EDGE [CISO Planning for 2024 May Struggle When It Comes to AI]( Artificial intelligence (AI) is constantly evolving. How can security executives plan for something so unpredictable? LATEST FROM DR TECHNOLOGY [Localization Mandates, AI Regs to Pose Major Data Challenges in 2024]( With more than three-quarters of countries adopting some form of data localization and, soon, three-quarters of people worldwide protected by privacy rules, companies need to take care. LATEST FROM DR GLOBAL [Israel Battles Spike in Wartime Hacktivist, OT Cyberattacks]( Israel's cybersecurity industry made strides in the past year despite the backdrop of the war in Gaza. WEBINARS - [Tips for Managing Cloud Security in a Hybrid Environment]( - [What's In Your Cloud?]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses]( - [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software]( - [Pixelle's OT Security Triumph with Security Inspection]( - [IT Zero Trust vs. OT Zero Trust: It's all about Availability]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [Increase Speed and Accuracy with AI Driven Static Analysis Auditing]( - [The Need for a Software Bill of Materials]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120179&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_01.03.24&sp_cid=51206&utm_content=DR_NL_Dark%20Reading%20Daily_01.03.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#05 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)