nielsjacquet

ok true, but the issue as i see it here ( and reading on / watching other creators who faced similar issues) is that the hack is using session cookies and the lack on google's side where there is no 2fa or pw re-entry needed when changing credentials. a seperate machine (stripped and fortified) and not using accounts on other machines is maybe a crude solution but one that is already safer than just nothing. i had no idea that it was possible.

that is the safest way but a pain in the butt sometimes...

That is what i have to do before i begin my working day, unlock admin account and login to a seperate machine to access intune. All is locked down with conditional access (only verified machines can have access) and 2FA

yeah that is the biggest obstacle in IT, getting emlpoyees to use the correct tools and avoid shadow IT. Awareness and adption are a must but not the most sexy thing ever.

Safest way to avoid these hacks is to have a VM to access only youtube services with service account(s). And never use these accounts on day to day use machines. Also enable conditional access and 2fa to login to the VM.

Even better timing, people are getting fired already ?

Nice timing! posted 20 mins ago

Put all the devices in an MDM, preferably JAMF, and push the app to the devices in scope or push a script.