Dark Reading

Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks

Many of the tools that organizations are deploying to isolate Internet traffic from the internal network — such as multifactor authentication, zero-trust network access, SSO, and identity provider ...
Infosecurity-magazine.com

Tackling the Emerging Threat of Session Hijacking and MFA Bypass

When it comes to enterprise cyber-threats, credentials are rightly viewed as the keys to the kingdom. Why use a piece of malicious code on a vulnerable system or human when a valid credential opens ...
HHS

A Deep Dive into SaaS Session Hijacking

In a previous blog, we introduced the growing threat of session hijacking and explained how dangerous and discrete these attacks can be. Today, we’ll walk through a demonstration of SaaS session ...
Security Info Watch

Infoblox Uncovers MFA-Bypassing “Evilginx” Phishing Operation Targeting U.S. Universities

DNS analysis links more than 70 malicious domains to a months-long phishing campaign impersonating U.S. university login portals, including the University of California ...
Computerworld

Many Android devices vulnerable to session hijacking through the default browser

The default browser in Android versions older than 4.4 has a vulnerability that allows malicious websites to bypass a critical security mechanism and take control of a user’s authenticated sessions on ...