- NordvPN has launched a kidnapped session alert function to avoid fraud attacks
- The new function alerts users when their credentials are on sale on the dark website
- Expand the already comprehensive protection package of threat protection
NordvPN has introduced a new feature to protect users from the sale of their cookies on the dark website.
The NordvPN kidnapped alert function is the latest incorporation into its threat protection for tools, which improves online safety by blocking websites, trackers and malicious ads, and scanning discharges for malware.
The movement sees Nordvpn, qualified as the best VPN of Techradar reviewers, addressing the flourishing sand of the ‘session kidnapping’.
Session piracy is the new black when it comes to stealing its data. Instead of attacking increasingly robust authentication processes, computer pirates adopt a different approach: waiting for a user to complete the authentication themselves before stealing their cookies. They do not pirate like you get connected, but instead as you stay connected.
Once again, the cybersecurity firm seeks to strengthen its protection services against the avant -garde of piracy innovations.
Inside the Nordvpn kidnapped session alert function
Session kidnapping is one of the most dangerous threats faced by users today, massively exposing users to serious problems, such as financial fraud and identity theft.
The new NordvPN function claims to stop the kidnapping of sessions on their tracks when monitoring markets on the dark website and alert the user in real time if their cookies are on sale.
As? As users navigate, the tool first verifies if the web browser uses an authentication cookie. If so, then it stuck all the cookie, making it a cryptographic fingerprint without exposing its content.
Then compare part of the hash with a massive database of approximately 130 billion cookies compromised through Nordstellar, the Nordvpn cyber threat intelligence tool, which continually scan the Internet to monitor the threats of fraud in evolution.
When a threat is detected, NordvPN alerts the user directly in the affected browser tab and provides detailed instructions. “We immediately advise users to change the passwords of committed accounts and close the session of all the devices in which they have logged in,” explains Domininkas Virbickas, Nordvpn products director.
Virbickas emphasizes that privacy protection is integrated into the central design of the function. “The system uses a hash -based approach where only a part of the cookie hash is sent to our backend to scan: the full session cookie information never leaves the user’s device.”
Currently, the kidnapped session alert verifies the most popular websites, including. Twitch.
A new answer to a new threat
The characteristic occurs as the attacks on the client’s side by cybercriminals continue to increase. This is a type of safety rape that occurs in the user’s device, such as the browser or mobile application, instead of on the server.
Using tools for theft of information and SQL injection attacks, computer pirates steal valuable cookies that contain session information, which gives access to user accounts even if they have used the 2FA verification.
This is particularly worrying since cookies are often still valid for 30 days, giving computer pirates a long time to act, using stolen credentials to transfer money or making unauthorized purchases through stolen data, such as credit card numbers and personal information.
Given the speed with which criminals act, Virbickas recommends that users who receive alert take immediate measures on the subject without wasting any time. “Speed remains essential because malicious actors work quickly to exploit stolen credentials before victims can respond.”
The new feature is part of an extension of the protection pro threat capabilities, with NordvPN recently by launching a cryptographic wallet verification scan and better malware protection.
But there is also more in the pipe: Virbickas reveals that NordvPN will soon launch a function that verifies the URLs in emails and alerts users about insecure links. “Initially it will work with Gmail, but we plan to extend it to other email platforms too.”
