"Researchers Say Design Flaw in Google Workspace Puts Orgs at Risk"

Google is disputing a recent report by a security vendor about a design flaw in Google Workspace that exposes users to data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's domain-wide delegation feature allows attackers to steal email from Gmail, exfiltrate data from Google Drive, and perform other unauthorized actions within Google Workspace Application Programming Interfaces (APIs) on all identities in a targeted domain. Researchers have published proof-of-concept (POC) code on GitHub showing how an attacker could exploit the flaw to carry out various malicious actions against Google Cloud Platform (GCP) customers. This article continues to discuss the design flaw in Google Workspace and Google's response to this discovery.

Dark Reading reports "Researchers Say Design Flaw in Google Workspace Puts Orgs at Risk"

Submitted by grigby1

Submitted by Gregory Rigby on