July 26, 2024 at 04:55PM Researchers discovered a Python package called “lr-utils-lib” on PyPi, designed to target specific macOS machines and steal Google Cloud Platform credentials. The package conceals malicious code in its setup, posing as a legitimate package, and uses social engineering tactics. The campaign is unique due to its highly targeted nature, posing … Read more
July 25, 2024 at 06:10AM Researchers have identified a privilege escalation vulnerability, named ConfusedFunction, in Google Cloud Platform’s Cloud Functions service, enabling unauthorized access to other services and sensitive data. The issue with Cloud Build service account permissions, exposed by Tenable, has been addressed by Google, although existing instances remain unaffected. Other cloud providers have … Read more
November 28, 2023 at 08:06AM A design flaw in Google Workspace’s domain-wide delegation (DWD) feature poses a serious security risk, allowing threat actors to gain unauthorized access to Workspace APIs. The flaw, called DeleFriend, can be exploited by manipulating existing delegations in Google Cloud Platform and Workspace. It enables theft of emails, data exfiltration, and … Read more
November 16, 2023 at 07:00AM Novel attack methods targeting Google Workspace and the Google Cloud Platform have been demonstrated, posing risks of ransomware, data exfiltration, and password recovery attacks. Threat actors could exploit vulnerabilities in Google Credential Provider for Windows (GCPW) to gain access to machines and bypass multi-factor authentication protections. These attacks highlight the … Read more
November 15, 2023 at 01:36PM Researchers at Bitdefender have identified weaknesses in Google Workspace that could potentially lead to ransomware attacks, data exfiltration, and password decryption. These vulnerabilities could also be used to access Google Cloud Platform with custom permissions and propagate from one machine to another. Google has stated that these weaknesses are outside … Read more
October 24, 2023 at 03:03PM Kaspersky has released a report detailing the iOS zero-click attacks it suffered. Dubbed ‘Operation Triangulation’, the attacks used malicious iMessage attachments to exploit a zero-day vulnerability and deploy spyware named TriangleDB. The attackers implemented stealth techniques to avoid detection, including using two validators to collect device information and ensure the … Read more