all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How Google plans to make stolen session cookies worthless for attackers

Add to bookmarks
April 3, 2024, 5:30 a.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by browsers when a user logs into web resources. Getting ahold of them allows attackers to mount “pass-the-cookie” attacks by injecting stolen access tokens into new web sessions and thus “impersonating” the original user without having to authenticate themselves. … More →


The post …

access accounts attackers authentication browsers called chrome cookies credentials device don't miss feature google hot stuff logs malware mfa plans prevent privacy public-key cryptography resources security session stolen web working

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks 12 hours ago | www.helpnetsecurity.com
alto articles attackers attacks +25
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 2 days, 6 hours ago | www.helpnetsecurity.com
android android apps app apps +17
Trellix Wise automates security workflows with AI, streamlining threat detection and remediation 2 days, 8 hours ago | www.helpnetsecurity.com
artificial artificial intelligence cyber cyber risk +21
Microsoft, Google widen passkey support for its users 2 days, 9 hours ago | www.helpnetsecurity.com
account protection authentication awareness bitwarden +18
Cyble Vision X covers the entire breach lifecycle 2 days, 9 hours ago | www.helpnetsecurity.com
access artificial artificial intelligence aspect +23
BlackBerry CylanceMDR improves cybersecurity defensive strategy 2 days, 9 hours ago | www.helpnetsecurity.com
address advanced ai platform amp +28
FortiGate 200G series boosts campus connectivity for Wi-Fi 7 2 days, 10 hours ago | www.helpnetsecurity.com
ai-powered campus connectivity firewall +15
Nokod Security Platform secures low-code/no-code development environments and apps 2 days, 10 hours ago | www.helpnetsecurity.com
applications apps automations code +23
Lenovo launches AI-based Cyber Resiliency as a Service 2 days, 11 hours ago | www.helpnetsecurity.com
copilot copilot for security cyber cyber protection +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens
View on infosec-jobs.com
View more jobs