Blog

Unveiling How Malware Defies Password Resets via Google MultiLogin Exploit

Unveiling How Malware Defies Password Resets via Google MultiLogin Exploit

In our earlier blog, we talked about how some people could misuse Google OAuth to take over someone’s session without permission. Surprisingly, this seemingly harmless part turned out to be a favorite for malware that steals information. CloudSEK found a serious problem where malware uses MultiLogin to keep control of a user’s session, even after

Read More
Exploiting Google OAuth Endpoint for Unauthorized User Session Hijacking

Exploiting Google OAuth Endpoint for Unauthorized User Session Hijacking

In the dynamic landscape of cybersecurity, a recent revelation by threat actor “Prisma” has brought to light a significant exploit that allows the generation of persistent Google cookies through token manipulation. This discovery, highlighted by CloudSEK’s threat intelligence researcher, Pavan Karthick M, has far-reaching implications, shaping the narrative of cyber threats in recent times.  

Read More
How to Prevent API Breaches: A Guide to Robust API Security

How to Prevent API Breaches: A Guide to Robust API Security

APIs provide great opportunities for businesses to interconnect systems and share data. However, they also introduce significant security risks if not properly protected. APIs have become the backbone of digital business, with over 90% of companies relying on them for their applications according to Red Hat. However, while APIs drive innovation, they also expand the

Read More
Mastering ISO 27001 Implementation: Your Comprehensive Handbook

Mastering ISO 27001 Implementation: Your Comprehensive Handbook

Introduction In today’s digital world, protecting sensitive information and data is of utmost importance. That’s why many organizations turn to international standards like ISO 27001 to establish robust information security management systems (ISMS). Implementing ISO 27001 can provide a framework for identifying risks, implementing controls, and ensuring the confidentiality, integrity, and availability of information. In

Read More