Home New Trending Search
About Privacy Terms
#
#SessionHijacking
Posts tagged #SessionHijacking on Bluesky
Persberichten
Persberichten
@persberichten.com
1 month ago
Post image

Palo Alto Networks waarschuwt: aanvallen beginnen steeds vaker in de browser

#Persbericht #Cybersecurity #Phishing #PaloAltoNetworks #Socialengineering #Unit42 #Kwaadaardigewebsites #Sessionhijacking #BrowserDefensePlaybook #Browserveiligheid #Webbrowser

0 0 1 0
Nishant Kaushik
Nishant Kaushik
@nishantkaushik.com
1 month ago
Preview
Beware! Fake ChatGPT browser extensions are stealing your login credentials If you've installed a browser extension to enhance your ChatGPT experience, you might want to think again.

Malicious browser extensions that steal account credentials and hijack sessions aren’t new.
But in the agentic era, this is about to become a design relied upon by good actors as well. It’s imperative that the #identity +
#security folks work on an alt. to #TokenHijacking & #SessionHijacking in #AI

1 0 0 0
Persberichten
Persberichten
@persberichten.com
1 month ago
Post image

Palo Alto Networks waarschuwt: aanvallen beginnen steeds vaker in de browser

#Persbericht #Cybersecurity #Phishing #PaloAltoNetworks #Socialengineering #Unit42 #Kwaadaardigewebsites #Sessionhijacking #BrowserDefensePlaybook #Browserveiligheid #Webbrowser

0 0 1 0
piggo
piggo
@pigondrugs.bsky.social
2 months ago
Malicious Chrome Extensions Hijack Enterprise Accounts

~Socket~
5 extensions steal session cookies for account takeover on HR/ERP platforms like Workday & NetSuite.
-
IOCs: api. databycloud. com, api. software-access. com, user. software-access. com
-
#Chrome #Malware #SessionHijacking #ThreatIntel

0 0 0 0
CyberMaterial
CyberMaterial
@cybermaterial.bsky.social
2 months ago
Post image

LangChain Core Flaw Enables Prompt Injection '
Read More: buff.ly/Q0o5P2M

#ChromeExtensions #BrowserMalware #PhantomShuttle #SessionHijacking #CredentialTheft #WebStoreSecurity #BrowserSecurity #ThreatIntel

0 0 0 0
CyberMaterial
CyberMaterial
@cybermaterial.bsky.social
2 months ago
Post image

Malicious Chrome Extensions Steal Data
Read Now: buff.ly/BZe8LCj

#ChromeExtensions #BrowserMalware #PhantomShuttle #SessionHijacking #CredentialTheft #WebStoreSecurity #BrowserSecurity #ThreatIntel

0 0 0 0
Manuel Bissey
Manuel Bissey
@mbissey.bsky.social
2 months ago
Preview
Session tokens give attackers a shortcut around MFA - Help Net Security Session token theft lets attackers bypass MFA by stealing browser based session tokens. Learn how it works, why teams miss it.

Session token theft is rising — attackers bypass passwords entirely by stealing what proves you’re already logged in. Auth doesn’t end at login. 🎟️⚠️ #IdentitySecurity #SessionHijacking

0 0 0 0
LMG Security
LMG Security
@lmgsecurity.bsky.social
3 months ago
Video thumbnail

More than 4.3 million users were affected before anyone realized ShadyPanda’s extensions had turned into surveillance tools. Listen to today's #CybersideChats for more: www.chatcyberside.com/e/shady-pand...

Or watch the video: youtu.be/x9AaE94KanM

#Security #SessionHijacking #Cybersecurity

2 0 0 0
@rescueronnie.bsky.social
4 months ago
Preview
Crush Info-Stealers Before They Breach Everything I'm going to cut through the noise. An Info-Stealer isn't a giant camping by the backdoor on your network.

Crush Info-Stealers Before They Breach Everything

#Cybercrime, #InfoStealers, #SessionHijacking, #TokenReplay, #IdentitySecurity, #BrowserSecurity, #Passkeys, #ZeroTrust

www.linkedin.com/pulse/crush-...

0 0 0 0
FUNBIRD LLC
FUNBIRD LLC
@funbirdllc.bsky.social
5 months ago
Video thumbnail

OSI Layers & Common Attacks 🧱⚠️
#OSIModel #CyberSecurity #NetworkAttacks #Phishing #IPspoofing #DoS #SessionHijacking #MITM #Infosec #TechSecurity #Networking

0 0 0 0
Cyber Samir
Cyber Samir
@cybersamir.bsky.social
6 months ago
Preview
Cookie Hijacking: How Hackers Steal Browser Sessions Like Silent Ghosts Cookie Hijacking: Stealing Browser Sessions Like a Silent Ghost WARNING: This article is intended for educational purposes and ethical security testing only. Unauthorized access to sessions or systems is illegal and unethical. Use this knowledge to enhance your cybersecurity defenses, not to exploit others. Introduction In the realm of cybersecurity, cookie hijacking (also known as session hijacking) is a stealthy technique used by attackers to compromise user sessions.

Hackers can steal your browser sessions silently through cookie hijacking. Stay alert, stay protected
#CyberSecurity #CookieHijacking #SessionHijacking #BrowserSecurity #OnlineSafety #Hackers #DataProtection #TechAwareNepal #CyberAwareness #InfoSec

0 0 0 0
@bradleyschagrin.bsky.social
7 months ago
Preview
Man-in-the-Middle: The Art of Digital Pickpocketing Between Whispers: The Unseen World of Man-in-the-Middle

Man-in-the-Middle: The Art of Digital Pickpocketing open.substack.com/pub/bradleys...
#Cybersecurity #ARPspoofing #DNSspoofing #SSLstripping #EvilTwin #SessionHijacking #BGPhijacking #ICMPredirect #NetworkDefense #ZeroTrust #ExecutiveSecurity

1 0 0 0
@bradleyschagrin.bsky.social
7 months ago
Preview
Man-in-the-Middle: The Art of Digital Pickpocketing Between Whispers: The Unseen World of Man-in-the-Middle

Man-in-the-Middle: The Art of Digital Pickpocketing open.substack.com/pub/bradleys...
#Cybersecurity #ARPspoofing #DNSspoofing #SSLstripping #EvilTwin #SessionHijacking #BGPhijacking #ICMPredirect #NetworkDefense #ZeroTrust #ExecutiveSecurity

1 0 0 0
@bradleyschagrin.bsky.social
8 months ago
Preview
Man-in-the-Middle: The Art of Digital Pickpocketing Between Whispers: The Unseen World of Man-in-the-Middle

#Cybersecurity #ARPspoofing #DNSspoofing #SSLstripping #EvilTwin #SessionHijacking #BGPhijacking #ICMPredirect

1 0 0 0
@bradleyschagrin.bsky.social
8 months ago
Preview
Man-in-the-Middle: The Art of Digital Pickpocketing Between Whispers: The Unseen World of Man-in-the-Middle

#Cybersecurity #ARPspoofing #DNSspoofing #SSLstripping #EvilTwin #SessionHijacking #BGPhijacking #ICMPredirect

1 0 0 0
@bradleyschagrin.bsky.social
8 months ago
Preview
Man-in-the-Middle: The Art of Digital Pickpocketing Between Whispers: The Unseen World of Man-in-the-Middle

Man-in-the-Middle: The Art of Digital Pickpocketing open.substack.com/pub/bradleys...
#Cybersecurity #ARPspoofing #DNSspoofing #SSLstripping #EvilTwin #SessionHijacking #BGPhijacking #ICMPredirect

1 0 0 0
Insights Into Things Podcasts
Insights Into Things Podcasts
@insightsintothings.com
9 months ago
Preview
Billions of session cookies for sale sparks security warning : Law enforcement crackdowns are gathering pace but online marketplaces still teeming with valuable tokens

Over 93.7B stolen cookies are for sale on the dark web; 7–9% remain active, enabling hackers to hijack sessions and bypass MFA. #CyberSecurity #Infostealer #SessionHijacking #MFABypass #DarkWeb #Redline #LummaC2 #CookiesTheft #DataBreach #ThreatIntel www.theregister.com/2025/05/29/b...

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
9 months ago
Post image

Stealer malware now exfiltrates live session tokens, enabling rapid enterprise breaches. Learn how to defend against these swift attacks. #CyberSecurity #StealerMalware #SessionHijacking Link: thedailytechfeed.com/the-rapid-ev...

0 0 0 0
DEV Community
DEV Community
@dev.to.web.brid.gy
9 months ago
Preview
MFA Fatigue Attacks and Session Hijacking: How Threat Actors Bypass Modern Defenses Multi-factor authentication (MFA) is no longer a silver bullet. Threat actors have evolved. If your security model ends at "just enable MFA"—you’ve already lost. This article dives deep into how modern attackers: * Bypass MFA using fatigue and phishing * Hijack sessions via stolen tokens * Exploit SAML/SSO trust relationships * Target enterprise environments through DevOps blind spots ## TL;DR * **MFA fatigue (push bombing)** targets human behavior, not code. * **Token/session hijacking** bypasses MFA after it’s been completed. * **SAML/SSO** can be abused if tokens or trust chains are intercepted. * **DevOps pipelines** are rarely hardened for lateral movement via session theft. ## What is an MFA Fatigue Attack? **"MFA Fatigue"** = Overwhelming a user with push notifications until they approve one by accident or frustration. **Attack Flow:** 1. Steal username + password (via phishing, breach, or stuffing) 2. Trigger repeated push MFA requests 3. Hope the user taps “approve” to stop the noise **Real-World Example: Uber (2022)** * Attacker obtained credentials via social engineering * Spammed the user with MFA requests for hours * User eventually approved one * Gained VPN access → internal tools → domain admin * MFA didn’t fail—user behavior did ## Session Hijacking: MFA Is Useless After Login Once a user authenticates, a session token (JWT, SAML assertion, OAuth bearer token) is issued. **If an attacker steals the token:** * MFA is bypassed * They impersonate the user * Lateral movement becomes easy **Attack Vectors:** * XSS in internal apps → steals cookies * Phishing proxies (Evilginx2, Muraena) * Browser malware → exfiltrates cookies * Misconfigured NGINX reverse proxies **Example:** GET /dashboard HTTP/1.1 Host: admin.example.com Authorization: Bearer eyJhbGciOiJIUzI1... Replay that token—you're in. ## SAML and SSO Bypass **SSO + SAML/OAuth** is common in enterprises. But if the Identity Provider (IdP) is compromised: * Tokens can be forged * Tokens can be replayed across services * Validation can be bypassed **Golden SAML Attack (SolarWinds):** * Attacker compromised IdP private key * Minted arbitrary SAML tokens * Impersonated any user, including admins * Bypassed all login, password, and MFA mechanisms ## Why DevOps Pipelines Are an MFA Blind Spot **DevOps environments = soft underbelly:** * CI/CD tokens * Cloud credentials * GitHub/GitLab PATs * API keys in environment vars **Problem:** * MFA is applied to humans * Not to service principals, PATs, or automation pipelines **Real Scenarios:** * Long-lived tokens are rarely rotated * Role assumptions (e.g., AWS STS) bypass MFA * Attackers pivot via DevOps tools to cloud infra ## Defense Strategies That Actually Work ### ✅ 1. Enforce Conditional Access and Risk-Based MFA * Azure AD Conditional Access * Okta Risk Scoring * Cisco Duo Adaptive Policies **Example: Allow access only if:** * Compliant device * Safe IP range * MDM enrolled **Block or reauth if:** * Impossible travel * High-risk device * First-time app sign-in ### ✅ 2. Replace Push-Based MFA With FIDO2 or Passkeys Push MFA is **phishable and fatigue-prone**. **Use:** * FIDO2 hardware keys (YubiKey, SoloKey) * Platform authenticators (Windows Hello, FaceID) **Advantages:** * Bound to origin (blocks phishing proxies) * No push prompts * No shared secrets ### ✅ 3. Shorten Token Lifespans Attackers love long sessions. **Best Practices:** * OAuth tokens: expire in 1–2 hours * SAML assertions: short validity, reauth on sensitive actions * Idle timeout policies * Rotate refresh tokens * Revoke sessions on sign-out, password change, or anomaly detection ### ✅ 4. Monitor and Audit Session Use **Use telemetry to catch abuse:** * SIEM logs → same token, multiple IPs * Azure sign-in logs → "MFA not performed" * AWS CloudTrail → STS token reuse * GitHub audit logs → PAT creation **Alert on:** * Tokens reused in different geolocations * SAML from expired or invalid IdPs * Repeated logins without MFA Practical Example of Defending MFA Fatigue in Azure AD Conditional Access # Example: Block legacy MFA attempts and enforce user risk checks # Requires AzureADPreview module Import-Module AzureADPreview # Create a Conditional Access policy that blocks legacy authentication New-AzureADMSConditionalAccessPolicy -DisplayName "Block Legacy Auth" ` -State "Enabled" ` -Conditions @{ Users = @{ IncludeUsers = @("All") } ClientAppTypes = @("Other") # Legacy Auth } ` -GrantControls @{ BuiltInControls = @("Block") } # Enforce MFA on high risk sign-ins only New-AzureADMSConditionalAccessPolicy -DisplayName "Risk-based MFA" ` -State "Enabled" ` -Conditions @{ Users = @{ IncludeUsers = @("All") } SignInRiskLevels = @("High") } ` -GrantControls @{ BuiltInControls = @("Mfa") } ### ✅ 5. Lock Down DevOps and CI/CD Access **Key actions:** * Use short-lived OIDC tokens (e.g., GitHub Actions → AWS) * Remove long-lived PATs * Rotate service principal secrets regularly * Protect `.env` files from leaks **Example leak:** AWS_SECRET_ACCESS_KEY=longtermleakyboi **Fix:** * Use tools like Gitleaks or TruffleHog to scan for secrets * Store secrets in vaults (e.g., AWS Secrets Manager, HashiCorp Vault) * Enforce commit hooks to block secret commits ## Final Thoughts MFA is necessary—but **not enough**. **Attackers are:** * Weaponizing human behavior * Exploiting protocol and logic flaws * Hijacking post-auth tokens * Targeting DevOps soft spots ## What You Can Do Today * Replace push MFA with **FIDO2** * Monitor for suspicious **token reuse** * Harden **CI/CD** and SSO trust chains * Rotate secrets and **shorten token lifetimes** * Educate users on **why “just tapping approve” is dangerous** ## Resources * Microsoft: Protect against MFA fatigue attacks * Okta’s Golden SAML Attack Explained * MITRE ATT&CK: MFA Fatigue * Evilginx2 GitHub * Yubico FIDO2 Keys * TruffleHog Secrets Scanner
0 0 0 0
Ralf Ladner
Ralf Ladner
@ralf-ladner.bsky.social
9 months ago
Post image

5 Monitoring-Tipps für die Cybersecurity von OT-Netzen

#Anomalieerkennung #Cybersicherheit #Monitoring #NetzwerkMonitoring #OperationalTechnology #OTMonitoring #OTSicherheit @Paessler #Schwachstellenmanagement #SessionHijacking

netzpalaver.de/2025/...

0 0 0 0
Retail & Hospitality ISAC
Retail & Hospitality ISAC
@rhisac.org
10 months ago
Post image

📢 Don’t miss #RHISAC’s Threat Landscape Briefing this Friday, May 16 at 11AM ET!

Get intel from Flare & Kasada on #SessionHijacking & how 6.8M stolen accounts fueled Q1 #CredentialStuffing attacks.

🔓 Open to non-members
🔗 us02web.zoom.us/meeting/regi...

1 0 0 0
Technijian
Technijian
@technijian.bsky.social
10 months ago
Preview
Alert: Cookie Bite Attack on Entra ID Puts Microsoft 365 at Risk Cookie Bite attack on Azure Entra ID exposes Microsoft 365 to session hijacking, MFA bypass, and persistent threats. Learn how Technijian...

🚨 ALERT: Microsoft 365 Under Siege! 🚨

🔗 technijian.com/microsoft/co...

#Microsoft365 #CyberSecurity #AzureEntraID #CookieBiteAttack #MFABypass #SessionHijacking #ZeroTrust #BrowserSecurity #CloudSecurity #InfoSec #CyberAwareness #Technijian #MS365Protection #ThreatDetection #InfosecNews

1 1 0 0
💥Cybercrimeinfo | Ptr Lhss💥
💥Cybercrimeinfo | Ptr Lhss💥
@cybercrimeinfo.bsky.social
1 year ago
Preview
Vraag van de week: 2fa niet ondoordringbaar: een casus over lumma stealer en session hijacking / Tips / Menu Hulpmiddelen & Kwetsbaarheden | Cybercrimeinfo Leer hoe cybercriminelen 2FA omzeilen via session hijacking en lumma stealer malware. Bescherm je organisatie tegen deze geavanceerde aanvallen met praktische tips.

Op Cybercrimeinfo ontvingen wij een belangrijke vraag die veel organisaties bezighoudt: "Hoe kunnen cybercriminelen twee-factor authenticatie (2FA) omzeilen?

www.ccinfo.nl/menu-hulpmid...
#2FA #sessionhijacking #LummaStealer #cyberaanval #cybersecurity #Cybercrime #Hacking #Beveiliging

0 0 0 0
Rene Robichaud
Rene Robichaud
@neroqc.bsky.social
1 year ago
Preview
What is Cookies Hacking (Hijacking)? How To Prevent it? Imagine someone sneaking into your kitchen not for the cookies in your jar but for something far more...

What is Cookies Hacking (Session Hijacking)? How to prevent it?
blogs.quickheal.com/what-is-cook...
#Infosec #Security #Cybersecurity #CeptBiro #CookiesHacking #SessionHijacking

0 0 0 0