Google Workspace weaknesses allow plaintext password theft


Researchers have discovered new vulnerabilities in Google Workspace, and these exploits may allow for ransomware attacks, data exfiltration, and password decryption.

The techniques, according to Bitdefender researchers, might also be used to migrate from machine to machine and get access to Google Cloud Platform (GCP) with customized permissions.

According to the infoseccers, Google informed them that since the flaws are beyond the scope of the company’s threat model, they would not be fixed or get security updates.

Vulnerabilities that depend on compromised local workstations, such as the ones Bitdefender has brought to light today, aren’t categorized as Google-specific issues because an organization’s current security procedures ought to protect against compromises via techniques like malware.

Read More…