Hackers have discovered and taken advantage of a vulnerability present in Google’s OAuth endpoint within the current cyber threat landscape. This particular vulnerability acts as a workaround, allowing hackers to bypass the usual security measures linked to passwords. Through this exploit, these malicious individuals can gain unauthorized access to Google accounts, putting user privacy at risk and compromising the security of valuable data stored within these accounts. This breach is of utmost importance as it has the potential to expose users to numerous risks concerning the confidentiality of their personal information and data.
Google’s OAuth Endpoint:
CloudSEK researchers have discovered a previously unknown vulnerability that impacts Google’s OAuth endpoint. This vulnerability enables threat actors to regenerate expired Google authentication cookies by exploiting the “MultiLogin” endpoint. By extracting Chrome profile tokens and IDs, these malicious actors gain unauthorized access to compromised accounts, posing a persistent threat. To mitigate this risk, users are advised to log out, update their password, and then log back in. This will effectively revoke any unauthorized access and enhance the security of their accounts.
Exploit Demo: Cookie Restoration
Hudson Rock, a threat intelligence company, has recently released a YouTube video that unveils a cybercriminal’s demonstration of the cookie restoration exploit. This video showcases the exploit’s functionality and highlights how easily it can be implemented among various cyber threats.
Related Articales:
https://www.independent.co.uk/tech/google-security-hack-cookies-password-b2473319.html
sharanukalyan
Related posts
Categories
- Blog (9)
- Chrome (2)
- cisco (1)
- Cloud security (1)
- Crypto Scam (1)
- Cryptocurrency (2)
- Cryptojacking (1)
- CVE (20)
- Cyber News (9)
- cyber security (2)
- Data breaches (1)
- Email security (1)
- Email spoofing (1)
- Fashion (1)
- Guide (1)
- malware (1)
- Malware attack (1)
- Mandiant (1)
- News (15)
- OpenSSH (1)
- Password attack (1)
- Patch (6)
- Payment Security (1)
- phishing (1)
- ransomware (2)
- RCE (9)
- SMTP Smuggling (1)
- SQL injection attack (1)
- XSS attacks (2)
- zeroday (9)