The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
https://thecyberwire.com/podcasts/daily-podcast
episode 296: Google's not being ghosted from vulnerabilities. [Research Saturday]
Tal Skverer from Astrix Security joins to discuss their work on "GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts." Astrix’s Security Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) on June 19, 2022, which was found to affect all Google users.
The research states "The vulnerability, dubbed “GhostToken”, could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim’s Google account infected with a trojan app forever." Google issued a patch to this vulnerability in April of this year, but researchers explain why this can be severe.
The research can be found here:
- GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts
Learn more about your ad choices. Visit megaphone.fm/adchoices