Connect with us

Technology

Beware of this sneaky Google attack that steals your expired cookies

Published

on

Beware of this sneaky Google attack that steals your expired cookies

A new exploit threat lets hackers access your Google account using expired cookies that contain your login information. The exploits, which were discovered late last year, target session cookies, which only have a limited lifespan. However, they can “revive” those cookies, putting your personal information at risk.

A hacker named PRISMA first revealed they found a way to bring back expired Google session cookies. Since then, cybersecurity firm CloudSEK discovered an exploit in a program that allows users to synchronize their Google accounts across multiple devices. Now, hackers are using that exploit to steal your login and other information. Here’s a breakdown of how it all unfolded and how you can protect yourself.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

Google Chrome start-up page (Kurt “CyberGuy” Knutsson)

Advertisement

Exploiting Google’s MultiLogin

As reported by BleepingComputer, certain malware strains have discovered a backdoor into Google’s authentication system. The vulnerability lies in the MultiLogin endpoint, which remains undocumented and largely unknown to the public. This clandestine gateway enables threat actors to revive expired authentication cookies, granting unauthorized access to users’ Google accounts.

Beware of this sneaky Google attack that steals your expired cookies

Google Chrome start-up page (Kurt “CyberGuy” Knutsson)

MORE: BEWARE OF THIS MCAFEE GOOGLE CHROME AD SCAM

The role of session cookies

Before we dive deeper, let’s understand the role of session cookies. These specialized browser cookies contain authentication information. If you’ve ever experienced the convenience of returning to a site without re-entering your credentials, you’ve encountered session cookies. However, their design intentionally limits their lifespan to prevent prolonged unauthorized access.

MORE: HOW GOOGLE’S DATA CAN MAKE YOU A SUSPECT IN A CRIME YOU DIDN’T COMMIT

The Lumma and Rhadamanthys connection

In November of last year, cybercriminals associated with the Lumma and Rhadamanthys info-stealing malware strains made a bold claim: they could resurrect expired Google Authentication cookies stolen during cyberattacks. Armed with these seemingly defunct cookies, a hacker gains entry to a victim’s Google account, even if the user has logged out, reset their password, or their session has expired.

Advertisement

PRISMA’s revelation

The exploit’s origins trace back to a Telegram post by a threat actor known as PRISMA. In October, they unveiled their discovery: a method to restore Google authentication cookies that had reached their expiration date. This revelation set the stage for further investigation.

CloudSEK’s investigation

Enter CloudSEK, a cybersecurity firm committed to predicting and preventing cyberattacks. Their researchers took on the challenge, reverse engineering the exploit. Their findings revealed that the MultiLogin endpoint served as the linchpin for the hackers. This undocumented feature facilitates account synchronization across various Google services, making it an ideal target for malicious actors’ nefarious activities.

Beware of this sneaky Google attack that steals your expired cookies

Google Chrome start-up page (Kurt “CyberGuy” Knutsson)

MORE: GOOGLE FINALLY ADMITS DATA COLLECTION IN CHROME’S INCOGNITO MODE

Protecting against MultiLogin exploit

The exploitation of MultiLogin raises serious concerns for those of you who are Google account holders. To safeguard against this threat, consider the following steps:

1) Sign out of the affected browser: Google is aware of this issue and has taken action to secure compromised accounts. Google’s recommendation is to simply sign out of the affected browser to revoke session cookies.

Advertisement

2) Enhanced Safe Browsing: Enable Enhanced Safe Browsing in Chrome for additional protection against malware and phishing attacks.

On your computer:

  • Open Google Chrome on your computer
  • Click the initial in the top-right corner of the browser window
  • Tap Manage your Google Account 
  • Click Security on the left
  • Under Enhanced Safe Browsing for your account – make sure it is turned On

On your smartphone:

  • Open Google Chrome on your computer
  • Click the initial in the top-right corner of the browser window
  • Tap Google Account 
  • Click Security 
  • Scroll down and under Enhanced Safe Browsing for your account – make sure it is turned On

3) Regularly change passwords: Regularly change your Google password to keep your account safe from hackers. If you struggle with creating new passwords, consider using a password manager.

4) Have good antivirus software on all your devices: The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Choose the best option for your PC, Mac, iPhone or Android smartphone. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails and ultimately protect you from being hacked. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Kurt’s key takeaways

In light of the recent exploits targeting Google accounts through resurrected session cookies, it’s imperative to strengthen our defenses against such cyberthreats. From the initial discovery by PRISMA to the subsequent investigations by CloudSEK, the vulnerabilities in Google’s MultiLogin endpoint have now been exposed.

To protect your account, ensure you sign out of affected browsers, enable Enhanced Safe Browsing, regularly update passwords, and have good antivirus software across all your devices. By implementing these security measures, you can thwart attempts to compromise your online privacy and safeguard your digital identities.

Advertisement

How important do you think it is for technology companies like Google to continually update and enhance their security protocols to protect you from evolving cyberthreats? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.

Advertisement

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Technology

Microsoft is working with Nvidia, AMD, and Intel to improve upscaling support in PC games

Published

on

Microsoft is working with Nvidia, AMD, and Intel to improve upscaling support in PC games

Microsoft has outlined a new Windows API designed to offer a seamless way for game developers to integrate super resolution AI-upscaling features from Nvidia, AMD, and Intel. In a new blog post, program manager Joshua Tucker describes Microsoft’s new DirectSR API as the “missing link” between games and super resolution technologies, and says it should provide “a smoother, more efficient experience that scales across hardware.”

“This API enables multi-vendor SR [super resolution] through a common set of inputs and outputs, allowing a single code path to activate a variety of solutions including Nvidia DLSS Super Resolution, AMD FidelityFX Super Resolution, and Intel XeSS,” the post reads. The pitch seems to be that developers will be able to support this DirectSR API, rather than having to write code for each and every upscaling technology.

The blog post comes a couple of weeks after an “Automatic Super Resolution” feature was spotted in a test version of Windows 11, which promised to “use AI to make supported games play more smoothly with enhanced details.” Now, it seems the feature will plug into existing super resolution technologies like DLSS, FSR, and XeSS rather than offering a Windows-level alternative. 

Microsoft says that the new API will be available soon via a preview version of its Agility SDK. It plans to offer a “sneak peek” of how DirectSR can be used during a developer session at the forthcoming Game Developers Conference (GDC). The session will take place on March 21st, and will include representatives from both Microsoft as well as Nvidia and AMD.

Continue Reading

Technology

Apple warns against using rice to dry out your wet iPhone; here’s what to do instead

Published

on

Apple warns against using rice to dry out your wet iPhone; here’s what to do instead

Join Fox News for access to this content

Plus special access to select articles and other premium content with your account – free of charge.

Please enter a valid email address.

By entering your email and pushing continue, you are agreeing to Fox News’ Terms of Use and Privacy Policy, which includes our Notice of Financial Incentive. To access the content, check your email and follow the instructions provided.

Having trouble? Click here.

Cellphones getting water damage is nothing new. Before the iPhone, I had a flip phone that fell into a swimming pool. The first thing everyone told me to do was to dry the phone out with rice.

The idea is that the rice will draw out any excess water, saving your phone from being destroyed by water damage.

Advertisement

This method remains many people’s tried-and-true method for saving a waterlogged phone, and I’ve seen it work firsthand. 

However, a new support document by Apple has just come out, and the company is asking people to please not place their iPhones in a bowl or bag of rice.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

An iPhone in a bowl of rice (Kurt “CyberGuy” Knutsson)

Why shouldn’t you put your wet iPhone in rice?

Apple is now warning customers that placing their iPhones into a bowl or bag of rice might actually slow down the drying process and damage their phone’s internal components. In particular, the company warns that small particles of wet rice may end up in your iPhone, damaging the phone’s logic board.

Advertisement

REVOLUTIONARY DEVICE LETS YOU POINT, CLICK WITH YOUR TONGUE

iPhone rice trick 2

Wet iPhone (Kurt “CyberGuy” Knutsson)

What Apple recommends you do instead

Next time your iPhone takes a dip in the swimming pool or the toilet, instead of running for the rice in the cabinet, Apple suggests doing this instead.

Step 1 – Tap the water out

Apple suggests that your first immediate step should be lightly tapping the iPhone against your hand with the charging connector pointed down. This should pull some of the water inside your iPhone out. Don’t be alarmed if only a few drops of water come from the connector port. Leave your iPhone somewhere dry, with some airflow.

iPhone rice trick 3

Image of an iPhone and power cord (Kurt “CyberGuy” Knutsson)

MORE: BEST ACCESSORIES FOR YOUR PHONE

Advertisement

Step 2 – Wait 30 minutes, then try to charge your iPhone

You should leave your iPhone alone for a period of 30 minutes. Once 30 minutes have gone by, you can attempt to charge your iPhone again. If your iPhone charges, congratulations. There’s no water damage to your iPhone and you can resume using it. If you receive an alert saying “liquid detected in USB-C (or lightning) port,” you unfortunately still have water in your iPhone. However, luckily, hope isn’t lost.

MORE: 5 BEST PORTABLE PHONE CHARGERS OF 2024

iPhone rice trick 4

Liquid Detected alert on iPhone (Apple)

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

Step 3 – Leave your iPhone in a dry area for 24 hours

If you receive an alert saying “liquid detected in USB-C (or lightning) port,” you unfortunately still have water in your iPhone. Apple warns against using a blow-dryer or any other heat gun device to dry your iPhone after it takes a splash. You should instead leave your phone in a dry area with some airflow and allow for 24 hours to pass. A room with a ceiling fan is a great place to leave your iPhone while it dries.

iPhone rice trick 5

Charging Not Available alert on iPhone (Apple)

Step 4 – Retest the connector

After 24 hours have passed, you should try to charge your iPhone again. If your iPhone charges, you are all good. If it doesn’t charge, Apple recommends removing the charging cable from the wall outlet and changing electrical sources for a moment. Apple recommends against trying to insert a cotton swab or any other foreign object into your charging port.

Advertisement

If your iPhone’s charging port is damaged or not working properly, you may want to consider alternative charging methods that do not rely on the port. For example, some iPhones support wireless charging, which uses a magnetic pad or stand to charge your phone without plugging in a cable. This way, you can avoid inserting anything into the port and prevent further damage. 

Now, if all that doesn’t work and your iPhone still does not charge or shows signs of water damage, such as a wet screen, distorted audio or malfunctioning buttons, you may need to contact Apple for repair or replacement. You can check your warranty status and common issues not covered under warranty by clicking here.

Remember to back up your data before sending your iPhone for repair, as you may lose some or all of your information.

MORE: HOW TO PROTECT AN IPHONE & IPAD FROM MALWARE 2024

Kurt’s key takeaways

It’s important to remember that all iPhones since the iPhone 12 are able to safely withstand submersion in water of up to 20 feet for 30 minutes. If you do end up dropping your iPhone in the water, just don’t run for the rice.

Advertisement

Do you think Apple should make their iPhones more water-resistant or waterproof? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most asked CyberGuy questions:

Advertisement

Copyright 2024 CyberGuy.com. All rights reserved.

Continue Reading

Technology

X adds live video to Spaces instead of bringing back Periscope

Published

on

X adds live video to Spaces instead of bringing back Periscope

Spaces, the live audio feature for X, is now letting hosts turn on their video during chat sessions. The platform formerly known as Twitter announced the news on Wednesday as owner / CTO Elon Musk reposted a walkthrough from a user named “Dogedesigner.”

Spaces users will notice a new option to “enable video” when they first create a new Spaces session. Hosts can opt for either their phone’s front or back-facing cameras as well as either a landscape or vertical view of their video feed. 

The Video Spaces are available on the iOS version of the X app, but we haven’t seen them available on Android or the web yet. Multiple users reported significant lag while trying out the feature so far.

Right now, only hosts have the ability to turn on video. The end result is a prominent display of the host’s video feed, which is then surrounded by icons of co-hosts, speakers, and any listeners. At first glance, it’s an environment that resembles Twitch — expect for the fact that any selected audience members can chime in at any minute. A host’s video feed also only lives inside a Spaces session, so users will have to join the session in order to tune in.

When Elon Musk announced that Spaces would get video late last year, his description of it sounded closer to a videoconferencing app or video call app like FaceTime, where the video feed switches to whoever is currently speaking. 

Advertisement

But for now, a typical Spaces with video session prominently features the host’s video feed, which is surrounded by the smaller icons of any other speakers, co-hosts, or listeners in the room. It’s not exactly like Twitch since anyone you give permission to can speak back to you, but it does turn the host into the main event in a similar fashion. 

The new video integration of X Spaces is separate from the platform’s existing live broadcast feature, which lets users directly livestream video. Spaces functions as a live chatroom, where multiple users can tune in and speak. In contrast, the audience in a typical live broadcast can only comment or send hearts

Continue Reading

Trending