Google recently patched a zero-day vulnerability called GhostToken that enabled attackers to hide malicious applications in a victim’s Google account, making them unable to revoke its access.
The flaw allowed a threat actor to gain permanent access to the victim’s data, such as emails, locations, and sensitive data from Google Calendar, Photos, and Drive.
Google has now deployed a patch to display apps in a pending deletion state on the third-party access page, allowing users to revoke the permission granted to such apps.
This follows the discovery of another vulnerability in the Cloud Asset Inventory API and an issue with insufficient forensic visibility into GCP.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply