How can I secure my account and not worry about data security?
Trevor Hilligoss, a former FBI digital crime expert and current vice president of SpyCloud Labs, highlighted the growing threat posed by the cookie vulnerability. According to him, a negligent attitude to cookies can lead to the compromise of accounts in Google and other services.
Recently, a vulnerability was discovered OAuth2 authorization protocol that allows attackers to hijack Google accounts. It threatens the security of even those users who use multi-factor authentication (MFA) in their accounts.
Hilligoss explains that cookie theft is an account hacking technique that is gaining popularity in light of the proliferation of multi-factor authentication. It allows attackers to import the victim's session cookies into their systems and gain access to the target profile even without the need to enter a password.
The expert emphasizes that the problem of cookie theft is much more serious than many assume, and its prevention is very difficult. Google accounts are particularly attractive to criminals because of the critical personal information they contain.
Even novice cybercriminals can rent a low-cost infostealer and steal their target's session cookies in a few clicks, without having to have any advanced technical knowledge.
Hilligoss explains that modern malware effectively steals cookies stored in local browser databases. This data, along with information about the system and user, is sent to attackers, allowing them to fake the user's identity and current session.
The expert emphasizes the importance of preventing devices from being infected with malware, and also recommends using reliable antivirus programs, avoiding clicking on advertising links, and regularly updating the software on the device you are using. It is also extremely important to periodically manually terminate sessions from devices that you no longer use, as well as to limit the duration of sessions.
In conclusion, Hilligoss notes that he personally strictly monitors cybersecurity in his home, using firewalls, password managers, and avoiding MFA via email and SMS, as they can be intercepted.
Hilligoss compares the current situation with the spread of cheap subscription malware for every taste and color to "five-year-olds with grenades in their hands," emphasizing how easy it is now for even an inexperienced attacker to compromise someone else's account.
Trevor Hilligoss, a former FBI digital crime expert and current vice president of SpyCloud Labs, highlighted the growing threat posed by the cookie vulnerability. According to him, a negligent attitude to cookies can lead to the compromise of accounts in Google and other services.
Recently, a vulnerability was discovered OAuth2 authorization protocol that allows attackers to hijack Google accounts. It threatens the security of even those users who use multi-factor authentication (MFA) in their accounts.
Hilligoss explains that cookie theft is an account hacking technique that is gaining popularity in light of the proliferation of multi-factor authentication. It allows attackers to import the victim's session cookies into their systems and gain access to the target profile even without the need to enter a password.
The expert emphasizes that the problem of cookie theft is much more serious than many assume, and its prevention is very difficult. Google accounts are particularly attractive to criminals because of the critical personal information they contain.
Even novice cybercriminals can rent a low-cost infostealer and steal their target's session cookies in a few clicks, without having to have any advanced technical knowledge.
Hilligoss explains that modern malware effectively steals cookies stored in local browser databases. This data, along with information about the system and user, is sent to attackers, allowing them to fake the user's identity and current session.
The expert emphasizes the importance of preventing devices from being infected with malware, and also recommends using reliable antivirus programs, avoiding clicking on advertising links, and regularly updating the software on the device you are using. It is also extremely important to periodically manually terminate sessions from devices that you no longer use, as well as to limit the duration of sessions.
In conclusion, Hilligoss notes that he personally strictly monitors cybersecurity in his home, using firewalls, password managers, and avoiding MFA via email and SMS, as they can be intercepted.
Hilligoss compares the current situation with the spread of cheap subscription malware for every taste and color to "five-year-olds with grenades in their hands," emphasizing how easy it is now for even an inexperienced attacker to compromise someone else's account.
