home.social
Sign in Create account

#sessionhijacking — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sessionhijacking, aggregated by home.social.

  1. ransomNews @[email protected] ·

    ⚠️ Extensions hijack sessions instead of just stealing data At least 12 fake #TikTok downloader extensions inject scripts to capture Facebook session cookies, enabling full account takeover without credentials across Chrome and Edge installs. #ransomNews #BrowserSecurity #SessionHijacking

    #tiktok #ransomnews #browsersecurity #sessionhijacking
  2. Tarnkappe.info @[email protected] ·

    📬 Storm Infostealer umgeht 2FA: Malware übernimmt Accounts ohne Passwort
    #DarkCommerce #Malware #2FAumgehen #AccountÜbernahme #BrowserDatenklau #Cybercrime #Datendiebstahl #Infostealer #MalwareasaService #SessionHijacking #StormInfostealer sc.tarnkappe.info/d93668

    #darkcommerce #malware #2faumgehen #accountubernahme #browserdatenklau #cybercrime
  3. Nishant Kaushik @[email protected] ·

    Bad actors are creating browser extensions that claim to be ChatGPT productivity tools, but that steal your account credentials and hijack sessions instead.
    While researchers can find and warn us about these malicious extensions, it’s important to recognize that we’re about to enter an era where this kind of behavior is actually relied on by good actors (read: agents) as well. It’s imperative that we work on developing alternatives to this.
    #Security #TokenHijacking #SessionHijacking
    bitdefender.com/en-us/blog/hot

    #security #tokenhijacking #sessionhijacking
  4. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    FlowFixation: AWS Apache Airflow Service Takeover Vulnerability

    Date: March 21, 2024
    CVE: Not specified
    Sources: Tenable Blog

    Issue Summary

    Tenable Research discovered a vulnerability, named FlowFixation, in AWS Managed Workflows for Apache Airflow (MWAA) that could allow session hijacking leading to a full takeover of the victim's web management panel.

    Technical Key findings

    FlowFixation combines session fixation and XSS via Amazon AWS domain misconfiguration, enabling attackers to authenticate known sessions and gain control over victim's Apache Airflow management panels.

    Vulnerable products

    • AWS Managed Workflows for Apache Airflow (MWAA)

    Impact assessment

    Potential for remote code execution on underlying instances and lateral movement to other services.

    Patches or workaround

    AWS has addressed the vulnerability. Users should ensure they are using updated services.

    Tags

    #AWS #ApacheAirflow #CloudSecurity #SessionHijacking #Vulnerability

    #aws #apacheairflow #cloudsecurity #sessionhijacking #vulnerability