Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google’s Risk Domain Delegation Flaw

November 29, 2023
Reading Time: 2 mins read
in Alerts
EU Commission Criticized on Spyware

 

In a recent revelation, cybersecurity experts from Hunters’ Team Axon have unearthed a significant design flaw within Google Workspace’s Domain-Wide delegation feature. Termed “DeleFriend,” this flaw poses a serious threat as it enables the exploitation of existing delegations, potentially leading to unauthorized access and the escalation of privileges within Workspace APIs, all without the need for Super Admin privileges.

Despite being responsibly disclosed to Google as part of the Bug Hunters program in August 2023, the flaw remains active, raising concerns about the continued vulnerability of Google Workspace. To aid in detection and reduce the risks associated with DeleFriend’s exploitation, Team Axon has developed a proof-of-concept tool, featured in a comprehensive blog post. This tool aims to assist organizations in identifying misconfigurations within their Workspace settings, offering a proactive approach to thwart potential attacks leveraging this flaw. The research paper accompanying this discovery provides a deep dive into the Domain-Wide delegation feature, outlining its intricate workings and highlighting the potential for malicious exploitation, emphasizing the urgency for organizations to fortify their defenses.

The research paper not only elucidates the technical intricacies of the flaw but also offers actionable insights in the “Let’s go hunting” section. This segment of the paper outlines comprehensive threat hunting techniques and best practices to mitigate the risks associated with Domain-Wide delegation attacks. By delving into detection methodologies and proposing defensive strategies, this resource aims to empower organizations in safeguarding their systems against potential exploits stemming from this critical flaw in Google Workspace.

Reference:

  • Security Risk Domain Wide Delegation Flaw Threatens Google Workspace Takeover
Tags: Cyber AlertCyber Alerts 2023GoogleHackerNovember 2023SoftwareThreat ActorsVulnerabilities
ADVERTISEMENT

Related Posts

Microsoft Defender Bug Allows SYSTEM Access

Uncanny Automator Bug Risks WordPress Sites

May 14, 2025
Microsoft Defender Bug Allows SYSTEM Access

Devs Hit By PyPI Solana Token Secret Theft

May 14, 2025
Microsoft Defender Bug Allows SYSTEM Access

Microsoft Defender Bug Allows SYSTEM Access

May 14, 2025
Apple Fixes Critical Bugs in iOS and MacOS

Hackers Exploit Output Messenger Zero-Day

May 13, 2025
Apple Fixes Critical Bugs in iOS and MacOS

ASUS Fixes Critical Flaws in DriverHub

May 13, 2025
Apple Fixes Critical Bugs in iOS and MacOS

Apple Fixes Critical Bugs in iOS and MacOS

May 13, 2025

Latest Alerts

Microsoft Defender Bug Allows SYSTEM Access

Uncanny Automator Bug Risks WordPress Sites

Devs Hit By PyPI Solana Token Secret Theft

Hackers Exploit Output Messenger Zero-Day

ASUS Fixes Critical Flaws in DriverHub

Apple Fixes Critical Bugs in iOS and MacOS

Subscribe to our newsletter

    Latest Incidents

    Alabama Cybersecurity Event Hits Services

    Andy Frain Data Breach Impacts 100k People

    Hong Kong DSC Hit By Ransomware Attack

    Alleged Steam Breach Exposes 89M Records

    Ulhasnagar Municipal Corporation Hacked

    Madison County Iowa Systems Disrupted

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial