Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google Workspace Vulnerabilities Exposed

November 17, 2023
Reading Time: 10 mins read
in Alerts
Google Workspace Vulnerabilities Exposed

A recent report from Bitdefender reveals a series of novel attack methods that expose vulnerabilities in Google Workspace and the Google Cloud Platform (GCP), potentially empowering threat actors to execute ransomware attacks, data exfiltration, and password recovery exploits.

Martin Zugec, the technical solutions director at Bitdefender, emphasizes that starting from a single compromised machine, threat actors could escalate their attacks by moving to other cloned machines with Google Credential Provider for Windows (GCPW) installed, gaining access to the cloud platform with customized permissions, or decrypting locally stored passwords to extend their assault beyond the Google ecosystem.

Despite Google marking the bug as ineligible for fixing due to being outside its threat model, Bitdefender warns that threat actors can exploit these gaps to transform a single endpoint compromise into a network-wide breach.

Furthermore, the attacks hinge on exploiting an organization’s use of Google Credential Provider for Windows (GCPW), offering mobile device management (MDM) and single sign-on (SSO) capabilities. GCPW facilitates remote management of Windows devices within Google Workspace environments, allowing users to access their Windows devices with the same credentials used for Google accounts.

At the same time, the attackers leverage the GCPW setup to extract an account’s refresh OAuth tokens, bypassing multi-factor authentication (MFA) protections and utilizing the refresh token to construct HTTP requests for accessing and manipulating sensitive data associated with Google accounts. A second exploit, the Golden Image lateral movement, takes advantage of VM deployments, allowing the cloning of machines with pre-installed GCPW to clone associated passwords.

In addition, the third attack involves accessing plaintext credentials by leveraging acquired access tokens to send HTTP requests to an undocumented API endpoint, obtaining the private RSA key necessary to decrypt the password field.

Bitdefender underscores the severity of having access to plaintext credentials, enabling attackers to impersonate legitimate users, potentially leading to complete account takeover. The report highlights the critical importance for organizations to address these vulnerabilities promptly and underscores the need for thorough audits of applications to prevent exploitation by threat actors monitoring open-source repositories opportunistically.

Reference:

  • The Chain Reaction: New Methods for Extending Local Breaches in Google Workspace
Tags: AttackersBitdefenderCloud SecurityCyber AlertCyber Alerts 2023Cyber AttacksCybersecurityGoogleGoogle WorkspaceNovember 2023RansomwareVulnerabilities
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial