New phishing ploy exploits secure sessions to hijack data

Are traditional web security controls (HTTPS) useless? A new phishing attack has surfaced that exploits a user's browser if he/she is logged into their bank while also surfing the web (aka "in-session phishing"). So, you might be logged into your bank over a secure session but the attacker uses YOUR browser to piggyback onto your bank session.

Src: New phishing ploy exploits secure sessions to hijack data - SC Magazine US
Src: Move aside e-mail phishing, in-session phishing is in! | Oracle Blog

No comments: