‘CyberGuy’: Big Brother in the Big Apple<\/h4>\n
NYC drivers face a $15 daily congestion fee for entering the toll congestion zone south of 60th Street, monitored by license plate readers. Kurt “CyberGuy” Knutsson gives the details.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
A new exploit threat lets hackers access your Google account using expired cookies that contain your login information. The exploits, which were discovered late last year, target session cookies, which only have a limited lifespan. However, they can “revive” those cookies, putting your personal information at risk.<\/p>\n
A hacker named PRISMA first revealed they found a way to bring back expired Google session cookies. Since then, cybersecurity firm CloudSEK<\/u> discovered an exploit in a program that allows users to synchronize their Google accounts across multiple devices. Now, hackers are using that exploit to steal your login and other information. Here’s a breakdown of how it all unfolded and how you can protect yourself.<\/p>\n
CLICK TO GET KURT\u2019S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO\u2019S TO MAKE YOU SMARTER<\/u><\/strong><\/p>\n Google Chrome start-up page<\/span> (Kurt “CyberGuy” Knutsson)<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n As reported by BleepingComputer<\/u>, certain malware strains have discovered a backdoor into Google\u2019s authentication system. The vulnerability lies in the MultiLogin endpoint, which remains undocumented and largely unknown to the public. This clandestine gateway enables threat actors to revive expired authentication cookies, granting unauthorized access to users\u2019 Google accounts.<\/p>\n Google Chrome start-up page<\/span> (Kurt “CyberGuy” Knutsson)<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n MORE: BEWARE OF THIS MCAFEE GOOGLE CHROME AD SCAM<\/u><\/strong><\/p>\n Before we dive deeper, let\u2019s understand the role of session cookies. These specialized browser cookies contain authentication information. If you\u2019ve ever experienced the convenience of returning to a site without re-entering your credentials, you\u2019ve encountered session cookies. However, their design intentionally limits their lifespan to prevent prolonged unauthorized access.<\/p>\n MORE: HOW GOOGLE’S DATA CAN MAKE YOU A SUSPECT IN A CRIME YOU DIDN’T COMMIT<\/u><\/strong><\/p>\n In November of last year, cybercriminals associated with the Lumma and Rhadamanthys info-stealing malware strains made a bold claim: they could resurrect expired Google Authentication cookies stolen during cyberattacks. Armed with these seemingly defunct cookies, a hacker gains entry to a victim\u2019s Google account, even if the user has logged out, reset their password, or their session has expired.<\/p>\n The exploit\u2019s origins trace back to a Telegram post by a threat actor known as PRISMA. In October, they unveiled their discovery: a method to restore Google authentication cookies that had reached their expiration date. This revelation set the stage for further investigation.<\/p>\n Enter CloudSEK<\/u>, a cybersecurity firm committed to predicting and preventing cyberattacks. Their researchers took on the challenge, reverse engineering the exploit. Their findings revealed that the MultiLogin endpoint served as the linchpin for the hackers. This undocumented feature facilitates account synchronization across various Google services, making it an ideal target for malicious actors’ nefarious activities.<\/p>\n Google Chrome start-up page<\/span> (Kurt “CyberGuy” Knutsson)<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n MORE: GOOGLE FINALLY ADMITS DATA COLLECTION IN CHROME’S INCOGNITO MODE<\/u><\/strong><\/p>\n The exploitation of MultiLogin raises serious concerns for those of you who are Google account holders. To safeguard against this threat, consider the following steps:<\/p>\n 1) Sign out of the affected browser:<\/strong> Google is aware of this issue and has taken action to secure compromised accounts. Google’s recommendation is to simply sign out of the affected browser to revoke session cookies.<\/p>\n 2) Enhanced Safe Browsing:<\/strong> Enable Enhanced Safe Browsing in Chrome for additional protection against malware<\/u> and phishing attacks<\/u>.<\/p>\n On your computer:<\/p>\n On your smartphone:<\/p>\n 3) Regularly change passwords:<\/strong> Regularly change your Google password to keep your account safe from hackers. If you struggle with creating new passwords, consider using a password manager<\/u>.<\/p>\n 4) Have good antivirus software on all your devices:<\/strong>\u00a0The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Choose the best option for your PC<\/u>, Mac<\/u>, iPhone<\/u> or Android<\/u> smartphone. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails and ultimately protect you from being hacked.\u00a0Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices<\/u>.<\/p>\n In light of the recent exploits targeting Google accounts through resurrected session cookies, it’s imperative to strengthen our defenses against such cyberthreats. From the initial discovery by PRISMA to the subsequent investigations by CloudSEK, the vulnerabilities in Google’s MultiLogin endpoint have now been exposed.<\/p>\n To protect your account, ensure you sign out of affected browsers, enable Enhanced Safe Browsing, regularly update passwords, and have good\u00a0antivirus software across all your devices. By implementing these security measures, you can thwart attempts to compromise your online privacy and safeguard your digital identities.<\/p>\n How important do you think it is for technology companies like Google to continually update and enhance their security protocols to protect you from evolving cyberthreats? Let us know by writing us at <\/strong>Cyberguy.com\/Contact<\/u><\/strong>.<\/u><\/strong><\/p>\n For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com\/Newsletter<\/u><\/strong>.<\/u><\/strong><\/p>\n Ask Kurt a question or let us know what stories you’d like us to cover<\/u>.<\/u><\/p>\n Answers to the most asked CyberGuy questions:<\/p>\n Copyright 2024 CyberGuy.com.\u00a0All rights reserved.<\/i><\/p>\n <\/p>\n![\"Beware](\"https:\/\/a57.foxnews.com\/static.foxnews.com\/foxnews.com\/content\/uploads\/2024\/02\/1200\/675\/1-Beware-of-this-sneaky-Google-attack-that-steals-your-expired-cookies.jpg?ve=1&tl=1\")
<\/source><\/source><\/source><\/source><\/picture><\/div>\nExploiting Google’s MultiLogin<\/strong><\/h2>\n
![\"Beware](\"https:\/\/a57.foxnews.com\/static.foxnews.com\/foxnews.com\/content\/uploads\/2024\/02\/1200\/675\/2-Beware-of-this-sneaky-Google-attack-that-steals-your-expired-cookies.jpg?ve=1&tl=1\")
<\/source><\/source><\/source><\/source><\/picture><\/div>\nThe role of session cookies<\/strong><\/h3>\n
The Lumma and Rhadamanthys connection<\/strong><\/h3>\n
PRISMA\u2019s revelation<\/strong><\/h3>\n
CloudSEK\u2019s investigation<\/strong><\/h3>\n
![\"Beware](\"https:\/\/a57.foxnews.com\/static.foxnews.com\/foxnews.com\/content\/uploads\/2024\/02\/1200\/675\/3-Beware-of-this-sneaky-Google-attack-that-steals-your-expired-cookies.jpg?ve=1&tl=1\")
<\/source><\/source><\/source><\/source><\/picture><\/div>\nProtecting against MultiLogin exploit<\/strong><\/h2>\n
\n
\n
Kurt’s key takeaways<\/strong><\/h2>\n