DeleFriend Weakness Puts Google Workspace Security at Risk

Security researchers have uncovered a new design flaw in the Google Workspace Domain-Wide Delegation feature. Named "DeleFriend" by Hunters' Team Axon, the vulnerability could potentially expose Google Workspace to unauthorized access and privilege escalation in its APIs. According to an advisory published by the team on Tuesday, exploiting this flaw could lead to the unauthorized access of emails in Gmail, extraction of data from Google Drive and other illicit activities within Google Workspace APIs across all identities in the targeted domain. DeleFriend permits potential attackers to manipulate established delegations in both Google Cloud Platform and Google Workspace. Notably, this manipulation can occur without the high-privilege Super Admin role in Workspace, typically necessary for creating new delegations. Instead, by having lower-privileged access to a targeted GCP project, attackers can generate multiple JSON web tokens incorporating various OAuth scopes. The objective is to identify successful combinations of private key pairs and authorized OAuth scopes, signaling the activation of domain-wide delegation for the service account. Team Axon's research paper also introduced a proof-of-concept tool to evaluate security risks within Google Workspace and GCP environments in relation to this flaw. "These types of vulnerabilities underscore why having independent visibility into SaaS Data Access is critical," commented Tim Davis, vice president of solution consulting at DoControl. "No SaaS platform will ever have perfect security, and this only reiterates the need for having tools in place to recognize, alert, and even automatically remediate when data in a SaaS platform is being accessed via previously unseen or abnormal means, whether by users, APIs, or 3rd party applications." Key recommendations outlined in the Hunters blog post include smart role management, limiting OAuth scopes, implementing detection engineering and maintaining a continuous examination of security postures. The responsible disclosure timeline reveals that the vulnerability was reported to Google on August 7 2023, initially categorized as an "Abuse Risk," and accepted on October 31 2023. Despite being disclosed, the flaw persists as of the latest update. "Google is currently reviewing the vulnerability, but in the meantime, security teams using Google Workspace should audit their permissions and be sure that the GCP permissions are locked down to only accounts that need the access," explained Adam Neel, cyber-research unit detection engineer at Critical Start. "This permission is commonly given through the 'Editor' role, but custom roles could have it as well. To exploit this vulnerability, attackers must have initial access to a GCP IAM user. Without direct access to an account, attackers will be unable to exploit this vulnerability."

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 20:25:00 +0000


Cyber News related to DeleFriend Weakness Puts Google Workspace Security at Risk

Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
11 months ago Darkreading.com
DeleFriend Weakness Puts Google Workspace Security at Risk - Security researchers have uncovered a new design flaw in the Google Workspace Domain-Wide Delegation feature. Named "DeleFriend" by Hunters' Team Axon, the vulnerability could potentially expose Google Workspace to unauthorized access and privilege ...
11 months ago Infosecurity-magazine.com
Google Workspace Marketplace: 4 Tips for Choosing the Best Apps - An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace. We may be compensated by vendors who appear on this page through methods such as ...
11 months ago Techrepublic.com
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
10 months ago Cyberdefensemagazine.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
9 months ago Techtarget.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
6 months ago Techrepublic.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
9 months ago Darkreading.com
Key elements for a successful cyber risk management strategy - In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel ...
9 months ago Helpnetsecurity.com
Third-Party Security Assessments: Vendor Risk Management - As businesses rely more heavily on external vendors to provide critical services and support, the importance of effective vendor risk management strategies becomes paramount. This article explores the significance of third-party security assessments, ...
9 months ago Securityzap.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
Key Takeaways from the Gartner® Market Guide for Insider Risk Management - Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. The report reveals several key findings about ...
10 months ago Securityboulevard.com
Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines - Recently, the Securities and Exchange Commission adopted rules about the handling and reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and organizations must disclose cybersecurity incidents ...
9 months ago Cyberdefensemagazine.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
5 months ago Cisa.gov
Denmark orders schools to stop sending student data to Google - The Danish data protection authority has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. The matter was brought to the agency's attention ...
9 months ago Bleepingcomputer.com
How to Complete an IT Risk Assessment - An effective security strategy needs to put managing risk at the heart of its approach. An IT risk assessment process is used by organizations to identify and prioritize the most pressing risks to their IT environment. Naturally, it focuses on IT ...
10 months ago Heimdalsecurity.com
Critical Start Implements Cyber Risk Assessments With Peer Benchmarking and Prioritization Engine - PRESS RELEASE. PLANO, Texas, Jan. 11, 2024 /PRNewswire/ - Today, Critical Start, a leading provider of Managed Detection and Response cybersecurity solutions and pioneer of Managed Cyber Risk Reduction, announced general availability of Critical ...
9 months ago Darkreading.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 month ago Helpnetsecurity.com
4 Metrics That Help CISOs Become Strategic Partners With the Board - Many CISOs experience burnout, and most find it difficult to be recognized as strategic, growth-oriented partners to their leadership team and board of directors. Challenges CISOs Face When Reporting to the Board It can be hard for CISOs to prove ...
11 months ago Darkreading.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
11 months ago Microsoft.com
Meet the Cisco Security Risk Score - In April 2023, we rebranded our risk-based vulnerability management solution, Kenna. Effective immediately, the Kenna Risk Score is renamed to the Cisco Security Risk Score. VI is renamed to Cisco Vulnerability Intelligence, and Kenna. To strengthen ...
10 months ago Feedpress.me
Google Workspace Announced New Password Policies, What is Changing - Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. Google Workspace has announced new password policies that will impact how users and third-party ...
1 month ago Gbhackers.com
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
4 months ago Crowdstrike.com
Critical Start Asset Visibility helps customers become more proactive within their security program - Critical Start launched their Asset Visibility offering. As part of an MCRR strategy, Asset Visibility helps customers become more proactive within their security program, helping them uncover assets that need protection, validate that the expected ...
9 months ago Helpnetsecurity.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
9 months ago Cysecurity.news
CyberProof Announces Strategic Partnership With Google Cloud - PRESS RELEASE. ALISO VIEJO, Calif. and BENGALURU, India, May 6, 2024 /PRNewswire/ - CyberProof, a UST company, has announced an extended partnership with Google Cloud focused on leveraging Google Chronicle Security Operations and other Google Cloud ...
5 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)