Storm malware automates session hijacking for entry-level hackers

Rookie cybercriminals now use subscription malware to hijack enterprise and cryptocurrency accounts ...

Zero Trust: Bridging the Gap Between Authentication and Trust

Passing MFA doesn't mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains ...
Computerworld

Chrome Token-Theft Extensions, Nadella Europe Sovereignty, ChatGPT Age-Checks | Ep. 41

In today’s 2-Minute Tech Briefing, researchers flag fake Chrome productivity extensions stealing session tokens from Workday, NetSuite, and SuccessFactors. Satya Nadella argues Europe’s sovereignty ...
Arabian Post

Storm malware turns browser theft into access

Security researchers at Varonis have identified a new infostealer dubbed Storm that appears to mark a more polished phase in ...
Hosted on MSN

North Korean hackers using malicious QR codes in spear phishing, FBI warns

North Korean group Kimsuky is using QR code phishing to steal credentials Attacks bypass MFA via session token theft, exploiting unmanaged mobile devices outside EDR protections FBI urges ...
Neowin

Google is making it harder for hackers to hijack your Workspace account

Google has rolled out new security measures to curb Workspace account takeovers, amid a surge in cookie and authentication token theft. Google says that it is introducing three enhancements to help ...
Arabian Post

EvilTokens turns Microsoft sign-ins into bait

EvilTokens, a newly identified phishing-as-a-service operation, is offering cybercriminals a ready-made way to hijack Microsoft accounts by abusing a legitimate sign-in process rather than stealing ...
Dark Reading

'SessionShark' ToolKit Evades Microsoft Office 365 MFA

Threat actors are showcasing a service called "SessionShark 0365 2FA/MFA," which is a phishing-as-a-service (PhaaS) toolkit intended for fellow hackers. The creators of the toolkit are attempting to ...