Sunday April 5, 2020
Home Lead Story Researchers D...

Researchers Discover Two New Android Malware That Steal Cookies From Social Media Sites

However one can prevent themselves from becoming a victim of cookie theft by blocking third-party cookie access

0
//
Cookies
However one can prevent themselves from becoming a victim of cookie theft by blocking third-party cookie access on their phone's web browser and only let your data be saved until you quit the browser. Pixabay

Researchers at cybersecurity firm Kaspersky have discovered two new Android malware modifications that, when combined, can steal cookies collected by the browser and app of popular social networking sites and then allow the thieves to discreetly gain control of the victim’s account in order to send various ill-intentioned content.

Cookies are small pieces of data collected by websites to track users’ activity online in an effort to create personalized experiences in the future.

While they are often perceived as a harmless nuisance, they can, in the wrong hands, pose a security risk. That is because, when websites store these cookies, they use a unique session ID that identifies the user in the future without requiring a password or login.

“By combining two attacks, the cookie thieves have discovered a way to gain control over their victims’ account without arising suspicions. While this is a relatively new threat-so far, only about 1000 individuals have been targeted-that number is growing and will most likely continue to do so, particularly since it’s so hard for websites to detect,” malware analyst Igor Golovin, Security Researcher at Kaspersky said in a statement.

Kaspersky
Researchers at cybersecurity firm Kaspersky have discovered two new Android malware modifications that, when combined, can steal cookies collected by the browser and app of popular social networking sites and then allow the thieves to discreetly gain control of the victim’s account in order to send various ill-intentioned content. Wikimedia Commons

“Even though we typically don’t pay attention to cookies when we are surfing the web, they are still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention,” Golovin added.

However one can prevent themselves from becoming a victim of cookie theft by blocking third-party cookie access on their phone’s web browser and only let your data be saved until you quit the browser.

ALSO READ: Tech Giant Apple Suspends All Active Shooting on Projects For Apple TV+ Series Due to Coronavirus Concerns

One can also use a reliable security solution like Kaspersky Security Cloud that includes a Private Browsing feature, which prevents websites from collecting information about users activity online. (IANS)

Next Story

Video Meeting App Zoom Prone to Hacking: Report

Zoom bug can let hackers steal your Windows password

0
zoom hacking
The video conferencing app Zoom has an unpatched bug can let hackers steal users Windows password. (Representational Image). Pixabay

Slammed for the lack of users privacy and security by the US Federal Bureau of Investigation (FBI) and cybersecurity experts, video meeting app Zoom is also prone to hacking, a new report has claimed, saying an unpatched bug can let hackers steal users Windows password.

The �Zoom client for Windows’ is vulnerable to the ‘UNC path injection’ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems, reports TheHacckeNews.

The latest finding by cybersecurity expert @_g0dmode, has also been “confirmed by researcher Matthew Hickey and Mohamed A. Baset,’ the report said late Wednesday.

Please follow NewsGram on Twitter to get updates on the latest news

The attack involves the “SMBRelay technique” wherein Windows automatically exposes a user’s login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it.

“The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat,” the report claimed. Besides Windows credentials, the vulnerability can also be exploited to launch any programme present on a targeted computer.

zoom hacking
The Zoom client for Windows’ is vulnerable to the ‘UNC path injection’ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems, reports TheHacckeNews. Pixabay

Zoom has been notified of this bug but the flaw is yet to be fixed. “Users are advised to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app,” said the report. Another media report claimed that Zoom doesn’t use end-to-end encryption to protect calling data of its users.

Please follow NewsGram on Instagram to get updates on the latest news

As businesses, schools and colleges and millions of SMBs use video conferencing tool Zoom during the work-from-home scenario, the US Federal Bureau of Investigation (FBI) has warned people about porn material being popped up during the video meetings.

Also Read- Facebook Announces To Expand Community Help Feature

The Boston branch of the law enforcement agency said it has received multiple reports of Zoom conferences being disrupted by pornographic and/or hate images and threatening language.

The video conferencing app late last month updated its iOS app to remove the software development kit (SDK) that was providing users’ data to Facebook through the Login with Facebook feature. (IANS)