28 matches found
Prototype Pollution
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Prototype Pollution via the GSuiteAdmin node parameter. An attacker with permissions to create or modify workflows can execute arbitrary code by supplying crafted parameters that pollute...
Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users
The threat actors behind a large-scale adversary-in-the-middle AiTM phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. "This campaign specifically targeted chief executives and other senior members of various organization...
GHSA-73RP-Q4RX-5GRC Incorrect Authorization in microweber
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
Incorrect Authorization in microweber
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
Authentication flaw
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
PT-2022-14015 · Google +1 · G-Suite +1
Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.2.15 Description: The issue allows an attacker to create an account in the application using a victim's email, as there is no email confirmation. This enables the attacker to gain pre-authentication t...
BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks
Business email compromise BEC attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitaliz...
Trend Micro Cloud App Security Blocked 12.7 Million High-Risk Email Threats in 2019 – in addition to those detected by cloud email services’ built-in security
On March 3, 2020, the cyber division of Federal Bureau of Investigation FBI issued a private industry notification calling out Business Email Compromise BEC scams through exploitation of cloud-based email services. Microsoft Office 365 and Google G Suite, the two largest cloud-based email service...
This Week in Security News: Trend Micro Detects a 10 Percent Rise in Ransomware in 2019 and New Wi-Fi Encryption Vulnerability Affects Over a Billion Devices
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro detected a 10 percent rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability...
Cybergang Favors G Suite and Physical Checks For BEC Attacks
Researchers have uncovered a new business email compromise BEC threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. The cybercrime ring is unique in its leveraging of Google’s cloud-based productivity suite, G Suite, and for its use of...
BitDam Study Exposes High Miss Rates of Leading Email Security Systems
Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines. Actually, you don't have to. This actually happened. Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt t...
News Wrap: Which Companies Are Doing Privacy Right and Which Aren't?
The Threatpost team breaks down the top data privacy-related news this week, including: Google’s acknowledgement that G Suite passwords had been stored in plaintext – since 2005. The database of golfing app Game Golf left misconfigured, exposing millions of data points on games played plus...
Google says it stored some G Suite passwords in plain text for 14 years
By Uzair Amir This issue is linked with G Suite users only while free consumer Google accounts remained unharmed. A couple of days ago it was reported that Google has been using Gmail to secretly store its users' purchase history for years. Now, the company has revealed that its team recently...
Google Stored G Suite Passwords in Plaintext Since 2005
Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening. G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently...
Google Stored G Suite Users' Passwords in Plain-Text for 14 Years
After Facebook and Twitter, Google becomes the latest technology giant to have accidentally stored its users' passwords unprotected in plaintext on its servers—meaning any Google employee who has access to the servers could have read them. In a blog post published Tuesday, Google revealed that it...
Hit the Easy Button for Your Organization’s Gmail Security
Fifteen years ago, Gmail was launched by Google. The web-based service now has 1.5 billion users a month. In addition to being the extremely popular personal email service, Gmail is also a key component of G Suite for organizations. One of the many reasons of Gmail’s popularity is its security...
Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
Google’s official G Suite Twitter account, which has more than 800,000 followers, on Tuesday became the latest victim of an increasingly widespread Bitcoin scam, according to researchers. The growing size and scope of the scam — as well as the cybercriminals’ success in hijacking high-profile,...