One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2120056 |
| Date de publication | 2020-12-22 11:00:00 (vue: 2020-12-22 12:05:54) |
| Titre | \'Tis the season for session hijacking - Here\'s how to stop it |
| Texte | This blog was written by an independent guest blogger. The air is getting colder, leaves are falling from the trees, and people everywhere are settling in for the holiday season. Which means one thing - increased cybersecurity vulnerability. With more aspects of the winter holidays relegated to online platforms this year, people everywhere are more susceptible to cyberattacks. Luckily, there are plenty of simple steps you can take to protect yourself from digital threats and online scams. But there is one particularly nefarious type of cyberattack that you might not be aware of. This is session hijacking. In this article, we will take a look at what session hijacking is, how the holidays make you extra vulnerable to this type of attack, and how to prevent it from happening to you. What is Session Hijacking? Let’s start with the terms. A session is the period of time when a user is actively accessing an application, website, or other online service. Each user session begins when you log into a website or app and ends when you log out of it. For example, when you type your username and password into a banking application, that begins your session on that online application. When you log into an online application, the server typically generates a temporary session cookie in your browser. This cookie tells your browser that you are logged in and have been authenticated on the server. Each temporary session cookie is marked by a unique session ID, or key. If a hacker is able to access your unique session ID, they can access your session. Session hijacking, also called “cookie hijacking”, can follow several patterns. One method, cross-site scripting, or XSS, essentially works like this. An attacker implants a script into the web server the victim is trying to access. The victim then authenticates their presence on the tampered-with server, creating a unique session ID that includes the attacker’s script. The server returns the page code with the attacker’s script to the victim, whose own browser enacts the script, sending the victim’s unique session cookie to the attacker. The attacker is then granted access to the user’s session, meaning they can witness any interaction taking place there and steal any sensitive information revealed in the session. Malvertising is another current “hot” technique that induces a victim to click on an ad infected with malicious code that snags the session ID, thus granting the hacker access to the victim’s unique session key. Here again, the victim is authenticated on the server and the hacker can hijack the victim’s session. All the attacker has to do is input the victim’s session ID on their own browser, tricking the server into reading the hacker’s browser connection as the victim’s already authenticated session. Holidays under threat The coronavirus pandemic has had many wide-ranging effects on all of us. One result of this global situation is the massive increase in cybersecurity vulnerability. Studies have shown precipitous rises in spam attempts, as opportunistic hackers seek to prey on widespread uncertainty. But the pandemic places cybersecurity at risk on another level as well. This year, the holidays have gone digital to an extent never seen bef |
| Envoyé | Oui |
| Condensat | “brute “cookie “session able above accept access accessible accessing accomplished action actively activity address ads after again against air alert all almost already also another any app appear application applications are article aspect aspects attack attacker attacker’s attacks attempts attendee’s attendees authenticate authenticated authenticates avoid aware bank banking been before begins being best blocker blockers blog blogger broader browser but call called calls can card celebrating chains changing click code colder commerce common conference conferences confuse connection contacts contain control cookie cookies coronavirus creating credit cross current cyberattack cyberattacks cybersecurity damages date decrease defenses deploy desktop details detect device devices difficult digital distanced does don’t done drastic each easily easy effects employ enacts end ends ensuring entering entire especially essentially even every everywhere example extension extent extra falling family first follow following force” friends from frustrate gained generated generates get getting gifts giving global gone granted granting greatly guessing; guest hacker hacker’s hackers had happening happy harder has have here hijack hijacker hijackers hijacking hijacking” holiday holidays home households how id’s ids immediately impersonate implants implement importantly inactive includes including increase increased incurred independent induces infected information input interaction intercept key kick leaves let’s level like likelihood link links log logged logging login longer look looking losing luckily make malicious malvertising managed many marked massive may meaning means meeting meetings messages method methods might more need nefarious network networks never new next not number numerical obtain office often once one online only opportunistic opportunities other out outlined own page pandemic particularly password patterns people period personal place places platform platforms plenty plus potentially practices precipitous predict presence prevent prey protect protecting public quality ranging reading recording regenerate relegated relies remote replaced reputable require result returns revealed rife rise rises risk run safe same savvy scams script scripting season secure seek seeking seem seems seen sending sense sensitive server servers service session sessions settling several severe shopping shore shown simple simply site sites situation snags sniffing social socially software sometimes spam standalone start stay steal steps stick stop strange stream studies subtle successful such susceptible suspicious system take taking tampered technique tells temporary terms than then thereby these thing those threat threats throughout thus time tis tools traffic trees tricking trusted try trying type typically uncertainty under unique unwanted use user user’s username users uses victim victim’s video vigilant vulnerabilities vulnerability vulnerable web website websites well what when which who whole whose wide widespread will winter witness works write written xss year your yourself zoombombing |
| Tags | Spam Studies |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.