Hackers Are Stealing Cookies, UnRAR Vulnerability Discovered, and Google Increases Workspace Security
Cookie Theft and Exploitation
by Artie Kaye
It is good practice to clear your cookies regularly, and log out of websites regularly as well. Cookies store information and credentials and have an expiration timer. There are ways for a hacker to gain access to the cookies on your system. By obtaining a copy of a session cookie that is still valid, it is possible to gain access to the account and information related to that cookie. In some cases it is also possible to bypass security functions like multi factor authentication as well. This is a security flaw that some companies do not see as their problem, claiming that the browser is responsible for that kind of security. What is worrisome is that some of these entities claim to practice zero trust. To help diminish the potential misuse of your cookies, log out when you’re finished with a site and clear the browser cache routinely.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
UnRAR Vulnerability On Linux
by Artie Kaye
UnRAR is a file compression tool available on Linux. Researchers found a vulnerability that could bypass security measures meant to prevent files being copied to a location the user does not specify. This flaw was found to be affecting Zimbra email services, as they used UnRAR to scan compressed files for malicious content. It could allow an unauthorized user to gain access to the entire email system. CISA has issued a warning regarding this exploit. Zimbra has since switched to using 7z for the scanning. RarLab, the creators of UnRAR have addressed the vulnerability as well, but the version update required is dependent on what version of Linux is being run. It is recommended to download the program from their official site to update.
The flaw is listed as CVE-2022-30333.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Google Workspace Increases Security
by Artie Kaye
Any attempts to access or change account settings that are suspicious will require additional verification with updates Google has made to their Workspace service. Administrators will be able to see a log of all incidents which are flagged as suspicious, but end users should only experience a few extra verification requests. This is intended to make things more secure, and prevent data loss for their customers. Administrators can turn off the function for a brief time if required, but it automatically turns back on. This function only works for users who use Google as their login identity.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)