Gmail And YouTube hackers bypass Google’s 2FA | Russian hackers steal US government emails with Microsoft | CISA makes its malware analysis system publicly available
Gmail And YouTube hackers bypass Google’s 2FA | Russian hackers steal US government emails with Microsoft | CISA makes its malware analysis system publicly available
Good morning. It's Monday 15th April. The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation. Follow us on Twitter and on LinkedIn. Users who have found themselves locked out of their Google account, with passwords and 2FA details changed to prevent them from getting back in, have fallen victim to what’s known as a session cookie hijack attack. This attack most often starts with a phishing email leading to malware that can capture the session cookies. The trouble is, if a nefarious actor can get hold of these cookies after a user has logged in successfully, then they can essentially replay them and bypass the need for a 2FA code.
.