Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services Oct 28, 2024Ravie LakshmananCloud Security / Cyber Attack A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset Read more…
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now Read more…
The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing Read more…
AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims’ sessions and achieve remote code Read more…