Security Stop Press : Potential ‘DeleFriend’ Security Flaw Found in Google Workspace

Security Stop Press

Written by Pronetic

Pronetic is a leading provider of core IT support for ISO 27001, Cyber Essentials and Cyber Essentials Plus compliance.

December 8, 2023

Researchers from cyber security firm Hunters have reported finding a Google Workspace design flaw that could allow attackers to steal emails from Gmail, data from Google Drive, and carry out other unauthorised actions within Google Workspace APIs on all of the identities in a target domain.

The design flaw (a fact reportedly disputed by Google), dubbed ‘DeleFriend,’ can be exploited by a process that involves attackers being able to leverage an existing domain-wide delegation permission to create their own fresh private key to perform API calls to Google Workspace on behalf of other identities in the domain.

It’s been reported that the Workspace domain-wide delegation feature’s potential “security risk” has been known to Google since June. Palo Alto Networks Unit 42 suggest that a way to mitigate the risk is to position service accounts with domain delegation permissions within a higher-level folder in the Google Cloud Platform (GCP) hierarchy.

You May Also Like…

0 Comments

Why Choose Pronetic

We Are ISO 27001 & Cyber Essentials Plus Certified

Be reassured that we have been externally audited. You can have complete peace of mind that the team managing your IT systems and safeguarding your data are independently vetted annually.

Seamless & Comprehensive IT Support

Our investment in people, tools and processes, continuously improved, ensures that we don’t just deliver exceptional I.T. support but include your compliance to Cyber Essentials or ISO 27001 “baked-in”. Yes, that means no more annual headaches and stress when your certification comes round.

Expert Support Money Back Guarantee

We're confident in the value we deliver. That's why we offer a 90-day, no-quibble money-back guarantee. If, for any reason, you're not completely satisfied with our IT support services, we'll provide a full refund and cancel your contract without any hassle.

Book Your Free IT Strategy Call Now!

Simply Fill In The Form Below To Receive Your Free IT Strategy Call:

By submitting this form, you consent to us using your personal information to contact you. For more information please see our privacy policy.