Security Feed
  1. Archives

Dec 29 2023 Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Source

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset. [...]

Posted by Bill Toulas on Fri 29 December 2023 in BleepingComputer.

Tags: Security, Google.

Categories

  1. 12
  2. Ars Technica
  3. AWS Security
  4. BleepingComputer
  5. Brian Krebs
  6. Bruce Schneier
  7. GCP Security
  8. Google Project Zero
  9. Mozilla Security
  10. The Daily Swig
  11. The Guardian
  12. The Register
  13. Threatpost

Tag cloud

  • Security
  • Uncategorized
  • Web Security
  • malware
  • vulnerabilities
  • Security, Identity, & Compliance
  • Microsoft
  • Security Blog
  • Biz & IT
  • privacy
  • hacks
  • Identity & Security
  • Google
  • Government
  • Foundational (100)
  • Announcements
  • Security & Identity
  • Cloud security
  • CryptoCurrency
  • hacking
  • Data and computer security
  • Technology
  • Intermediate (200)
  • A Little Sunshine
  • Technical How-to

Security Feed. Powered by Pelican and m.css. Code is available on GitLab.