Tag: google security

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
News

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Malware that steals information is currently using MultiLogin, an undocumented Google OAuth API, to take over user sessions and grant persistent access to Google services even after a password reset. As per CloudSEK, the crucial vulnerability enables threat actors to sustain access to a legitimate session in an unauthorized way by facilitating cookie formation and session persistence. On October 20, 2023, a threat actor going by the handle PRISMA initially disclosed the method on their Telegram channel. Since then, it has been included in several malware-as-a-service (MaaS) stealer families, including RisePro, Lumma, Rhadamanthys, Stealc, Meduza, and Whitesnake. When users sign in to their accounts in the Chrome web browser, the MultiLogin authentication endpoint is primarily int...
Google Adopts Passkeys as Default Sign in Method for All Users
News

Google Adopts Passkeys as Default Sign in Method for All Users

Five months after rolling out support for the passwordless standard for Google Accounts, backed by the FIDO Alliance, across all platforms, Google stated on Tuesday that all users would now be able to set up passkeys by default. According to Google's Sriram Karra and Christiaan Brand, "This means the next time you sign in to your account, you'll start seeing prompts to create and use passkeys, simplifying your future sign-ins." Furthermore, it indicates that the'skip password when possible' choice will be enabled in your Google Account settings. A new type of authentication called passkeys completely does away with the necessity for usernames and passwords, or even for any other authentication element read more Google Adopts Passkeys as Default Sign-in Method for All Users. Stay ...