The important feature of the zero-day solution is “session persistence”, which means a hacker’s session using a target Google account will continue to remain valid in the face of a password change. This means the true owner of the Google account won’t be able to kick them out with a password reset. But further, it also allows any threat actor exploiting it to “generate valid cookies in the event of a session disruption”, which CloudSEK says enhances the attacker’s ability to… Source link
Read More »Google Accounts Hacked Without Need for Passwords
