![]() ![]() ![]() File icons can easily be forged, but filetype extensions are not: whenever you see something that ends with anything other than *.pdf, then it is NOT a PDF file. Pay attention to file types, NOT the icons. There’s a few security practices that you, regardless of who you are, are advised to do. This video from The PC Security Channel has summarized on how such attacks work (including circumventing antivirus protections): Content creators however must pay extra attention to the file coming from emails. ![]() If you’re just a regular user, this kinds of attacks are less likely to target you, the average Joe. We all have seen YouTube channels, big or small, get hijacked before – and the patterns are more or less the same, with crypto scams livestreaming on the compromised channel. Like a quick access keycard vulnerable to RFID cloning – Session Tokens are also vulnerable in this way, as malware can simply copy the cookie itself and grants attackers access to the account as if they’re physically there. Ever used the “keep myself logged in” feature on websites? When enabled, the website will save a session token to the device it’s logged into, so next time when you come back to the website, it’ll look for the cookie and skips the login process for you. Session Tokens is a type of cookies stored in your device, which acts like a quick access keycard. This kind of attacks do not require passwords or email to be known, attackers only need one thing – Session Tokens. Well, that’s what Linus himself thought too, and he was scrambling for hours trying to reset passwords and 2FA (two-factor authentication), but to no avail. ![]() You’d expect the info stealer would be looking for something like email addresses and password, since that is, in theory, all that matters to login websites. ![]()
0 Comments
Leave a Reply. |