Yazılar

FBI Issues Urgent Warning for All Gmail Users Over New Cookie-Based Hack

/in /tarafından

The FBI has issued an urgent warning for Gmail users worldwide after detecting a new wave of cyberattacks exploiting a session cookie vulnerability that allows hackers to bypass two-factor authentication and gain full access to victims’ accounts.

With over 1.8 billion users globally, Gmail is one of the most popular email platforms — and also one of the most targeted by cybercriminals. According to the FBI, attackers are using sophisticated techniques to steal login cookies from infected devices, granting them access not just to Gmail accounts, but also to connected services like social media, online banking, and cloud storage.

The attack begins when victims unknowingly click malicious links or visit fake websites, downloading malware that silently extracts session cookies — files that store login information so users don’t have to re-enter passwords. Once stolen, these cookies allow hackers to impersonate users and access their accounts without needing credentials or authentication codes.

The FBI warns that this technique effectively neutralizes two-factor authentication, long considered one of the strongest security measures against account hijacking.

To protect users, the agency recommends:

  • Regularly deleting browser cookies.

  • Avoiding the “Remember this device” option when logging in.

  • Only visiting secure websites that use HTTPS.

  • Frequently checking account login history for suspicious activity.

Google has acknowledged that cookie theft affects users across the web and said it is developing new security measures to mitigate the threat, describing the attacks as part of a growing, lucrative cybercrime trend.

UK’s Capita fined £14 million over 2023 cyber breach affecting 6.7 million people

/in /tarafından

Capita has been fined £14 million ($18.7 million) by the UK Information Commissioner’s Office (ICO) for failing to protect personal data during a 2023 cyberattack that compromised information belonging to 6.7 million individuals, the outsourcing firm said on Wednesday.

The company, which provides services to UK government departments and major corporations, said the fine was part of a settlement with the ICO. Capita had previously estimated that the breach could cost up to £20 million in financial damages.

The ICO report found that Capita failed to maintain adequate network protections, allowing unauthorized access and privilege escalation, and did not respond properly to early security alerts. The regulator said the case underscored the growing pressure on British companies to strengthen cyber defenses following major breaches at Marks & Spencer, Co-op, and Jaguar Land Rover.

“With so many cyber attacks in the headlines, our message is clear: every organization, no matter how large, must take proactive steps to keep people’s data secure,” said John Edwards, the UK’s Information Commissioner.

Capita said it has since introduced advanced cybersecurity measures and completed an internal overhaul of its digital infrastructure. “Following an extended period of dialogue with the ICO, we are pleased to have concluded this matter,” said CEO Adolfo Hernandez.

The firm expects a free cash outflow of £59 million–£79 million in 2025, up from previous guidance of £45 million–£65 million, but noted that all other financial targets remain unchanged.

According to the National Cyber Security Centre (NCSC), the number of “highly significant” cyber incidents in Britain has doubled year-on-year, reflecting growing systemic risks across the public and private sectors.

Dutch Court Orders Meta to Simplify Facebook and Instagram Timelines

/in /tarafından

A Dutch court has ordered Meta Platforms to change how it presents Facebook and Instagram timelines, ruling that users must be given a simple and direct way to opt out of personalized content based on profiling.

The decision, issued on Thursday, found that elements of Meta’s current design violate the EU’s Digital Services Act (DSA), a sweeping law intended to curb manipulative digital practices and increase user control over online platforms.

Under the ruling, Meta has two weeks to implement the changes in the Netherlands. Users must be able to select a chronological timeline or another non-profiled feed, and — critically — that choice must remain active instead of resetting when users close the app or browser.

The court said Meta’s practice of automatically reverting users to the algorithmic “recommended content” feed amounted to a “dark pattern”, a manipulative design that limits free choice and infringes on the right to freedom of information.

“People in the Netherlands are not sufficiently able to make free and autonomous choices about the use of profiled recommendation systems,” the court said.

The timing of the ruling was also significant: the court noted that these design practices could influence public opinion ahead of the Dutch general election on October 29, emphasizing the importance of media neutrality and user autonomy.

META TO APPEAL

Meta said it would appeal the decision, insisting it had already made substantial adjustments to comply with the DSA and had notified Dutch users about how to view non-personalized feeds.

“We introduced substantial changes to our systems to meet our regulatory obligations under the DSA,” a Meta spokesperson said. “Proceedings like this threaten the digital single market and the harmonized regulatory regime that should underpin it.”

Meta also argued that such rulings should be handled at the EU level rather than by individual member states, warning that fragmented national court decisions could undermine the DSA’s unified enforcement goals.

DIGITAL RIGHTS GROUP CELEBRATES

The Dutch digital rights organization Bits of Freedom, which filed the case, welcomed the court’s ruling.

“It is unacceptable that a few American tech billionaires can determine how we view the world,” said spokesperson Maartje Knaap, calling the decision a major victory for digital freedom and user rights in Europe.

The ruling marks a new milestone in the EU’s effort to hold global tech firms accountable under the DSA — and could inspire similar challenges in other member states as regulators and courts push for greater transparency and user control in digital platforms.