Yazılar

FBI Issues Urgent Warning for All Gmail Users Over New Cookie-Based Hack

/in /tarafından

The FBI has issued an urgent warning for Gmail users worldwide after detecting a new wave of cyberattacks exploiting a session cookie vulnerability that allows hackers to bypass two-factor authentication and gain full access to victims’ accounts.

With over 1.8 billion users globally, Gmail is one of the most popular email platforms — and also one of the most targeted by cybercriminals. According to the FBI, attackers are using sophisticated techniques to steal login cookies from infected devices, granting them access not just to Gmail accounts, but also to connected services like social media, online banking, and cloud storage.

The attack begins when victims unknowingly click malicious links or visit fake websites, downloading malware that silently extracts session cookies — files that store login information so users don’t have to re-enter passwords. Once stolen, these cookies allow hackers to impersonate users and access their accounts without needing credentials or authentication codes.

The FBI warns that this technique effectively neutralizes two-factor authentication, long considered one of the strongest security measures against account hijacking.

To protect users, the agency recommends:

  • Regularly deleting browser cookies.

  • Avoiding the “Remember this device” option when logging in.

  • Only visiting secure websites that use HTTPS.

  • Frequently checking account login history for suspicious activity.

Google has acknowledged that cookie theft affects users across the web and said it is developing new security measures to mitigate the threat, describing the attacks as part of a growing, lucrative cybercrime trend.

FBI Warns AI-Generated Voices Used to Impersonate Senior U.S. Officials in Cyber Campaign

/in /tarafından

The FBI has issued a public warning that malicious actors are leveraging AI-generated voice messages and text to impersonate senior U.S. government officials, targeting both current and former federal and state officials in a sophisticated social engineering campaign.

According to the FBI’s announcement on Thursday, the aim of the scheme is to:

  • Gain access to personal accounts of government officials

  • Target additional contacts once access is gained

  • Harvest sensitive information or even solicit funds fraudulently

How the Scheme Works:

  • Attackers initiate text message conversations to build rapport with the targets.

  • Once trust is established, they urge the recipient to switch to another platform, often linking to a hacker-controlled website designed to harvest credentials like usernames and passwords.

  • In some cases, attackers use AI-generated voice clips to convincingly impersonate the tone and mannerisms of known officials.

Threat Scope:

The FBI has not disclosed how many individuals have been targeted or whether the actors are financially motivated cybercriminals or state-aligned entities. The use of generative AI makes attribution and detection more difficult, and the agency continues to assess the full scope of the threat.

This follows a December 2024 warning from the FBI regarding the broader use of AI-generated contentincluding text, audio, images, and videoto commit crimes such as fraud, extortion, and identity theft.

Broader Implications:

The campaign underscores the growing threat of generative AI in cybercrime, particularly in impersonation and phishing-style attacks aimed at high-value targets. Government agencies and private sector organizations are now being urged to:

  • Strengthen multi-factor authentication

  • Train personnel to recognize AI-driven impersonation attempts

  • Avoid clicking on unsolicited links or moving conversations to unknown platforms

As AI tools become more accessible, security experts warn that digital impersonation will become an increasingly common tactic for attackers seeking access to sensitive systems or socially engineered pathways into secure environments.

FBI Warns Against Using Public Phone Charging Stations

/in /tarafından

The FBI has issued a warning advising consumers to avoid using public phone charging stations due to the risk of exposing their devices to malware and monitoring software. According to a recent tweet from the FBI’s Denver branch, public USB charging stations, commonly found in malls and airports, may be compromised by malicious actors aiming to infect devices with harmful software. The FBI recommends carrying your own charger and USB cord and using a traditional electrical outlet instead.

This precaution stems from concerns that have been raised by security experts for years. The term “juice jacking,” coined in 2011, refers to the risk of malware being transmitted through compromised charging stations. Drew Paik, a former security expert at Authentic8, explains that simply plugging your phone into a compromised charger can infect your device, potentially compromising personal data such as emails, text messages, photos, and contacts.

The concern is that charging cords can transfer data as well as power. For example, when an iPhone is connected to a Mac via a charging cord, data such as photos can be transferred. A compromised charging port could allow hackers to access a wide range of personal information.

The FBI’s Vikki Migoya noted that the reminder is part of ongoing efforts to keep the public safe, especially while traveling. The Federal Communications Commission (FCC) has also issued a warning, noting that corrupted charging ports can lead to the extraction of personal data or even lock a device. In some cases, criminals might even leave infected cables at charging stations or distribute them as promotional items.