Cybersecurity researchers have detailed a “severe design flaw” in Google Workspace’s domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. “Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized […]
Posts Tagged ‘security flaw’
Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows – CVE-2023-38545 (CVSS score: 7.5) – SOCKS5 heap-based buffer overflow vulnerability CVE-2023-38546 (CVSS score: 5.0) – Cookie injection with none file CVE-2023-38545 is […]
11
Oct
2023
Microsoft fixed three zero-days under actively exploitation in its patch dump for the month of October. The computing giant addressed a zero-day vulnerability tracked as CVE-2023-36563, a disclosure flaw in WordPad that can be exploited to obtain hashed passwords. WordPad is a no-frills word processing program bundled into the Windows operating system – although Microsoft […]
SATURDAY, APRIL 20, 2024
WHITE PAPERS
Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...
ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...
Latest Comments