Ghosttoken Exploit Allows Hackers to Backdoor Google Accounts Through GCP Flaw - 1

Ghosttoken Exploit Allows Hackers to Backdoor Google Accounts Through GCP Flaw

  • Written by Ari Denial Cybersecurity & Tech Writer

Astrix Security, an Israeli cybersecurity startup, has uncovered and disclosed details of a zero-day vulnerability in Google Cloud Platform (GCP) that could have allowed attackers to hide an unremovable, malicious application within a victim’s Google account.

This vulnerability, known as GhostToken, affected all Google accounts, including those in the enterprise-focused Workspace accounts. The discovery was reported to Google on June 2022, and after more than nine months of patch development, Google has finally deployed a global patch on April 2023. This flaw could have allowed cybercriminals to backdoor Google accounts and gain unauthorized access to sensitive information.

According to a report by Astrix Security , a new exploit has been discovered that allows a malicious app to be hidden from Google’s application management page. This is the only place where Google users can manage apps connected to their accounts.

The exploit makes the malicious app unremovable from the Google account since users cannot see it or revoke its access. The attacker has the ability to reveal their application at any time and utilize the token to gain entry into the victim’s account.

Once they are done, they can quickly hide the application again to restore its unremovable state. Essentially, the attacker holds a ‘ghost’ token to the victim’s account, making it difficult for users to remove the malicious app from their Google account. This new exploit highlights the importance of being vigilant about the apps connected to your Google account and regularly checking and revoking access to any suspicious apps.

Attackers can gain permanent and unremovable access to victims’ Google accounts by converting authorized third-party apps into malicious trojan apps, according to Astrix Security Research Group.

The vulnerability allows attackers to delete and restore a Google Cloud Platform project repeatedly, which can hide the malicious app and allow access to victims’ personal data. Google’s patch allows users to remove apps in a ‘pending deletion’ state and protect their accounts from hijack attempts. Astrix recommends checking all authorized third-party apps and ensuring they only have necessary permissions.

Data Breach: ABA Reports 1.5 Million Member Accounts Hacked - 2

Data Breach: ABA Reports 1.5 Million Member Accounts Hacked

  • Written by Ari Denial Cybersecurity & Tech Writer

The American Bar Association (ABA) announced that it has experienced a data breach, where hackers have infiltrated its network and accessed older login credentials for 1.5 million members.

This association is the world’s largest association of lawyers, notified its members of a data breach that occurred in March 2023. The breach may have exposed the login credentials of a legacy member system that was decommissioned in 2018. The ABA activated its incident response plan and hired cybersecurity experts to investigate the unusual network activity.

ABA has confirmed that an unauthorized third party gained access to its network in March 2023, potentially obtaining certain information. The breach impacted 1,466,000 members who used the old ABA website prior to 2018 or the ABA Career Center since 2018.

The ABA stated that no corporate or personal data was stolen, and the legacy credentials were hashed and salted for security. While the stolen credentials may pose a threat, there is no evidence of their abuse yet.

According to the notification sent to impacted members, the passwords compromised in the American Bar Association (ABA) breach were hashed and salted, meaning that random characters were added to the plaintext password and then converted into cybertext.

However, threat actors can still potentially dehash the passwords over time. Adding to the concern, the ABA states that “in many instances,” the password may have been a default password assigned by the ABA during registration if the account holder did not later change it.

ABA members are at risk of their current membership portal being breached as a result of using the same credentials for the new member system as the legacy system that was closed in 2018, which hackers breached in March 2023.

This poses a risk of unauthorized access to other accounts. To prevent further unauthorized access, the ABA advises its members to change their passwords on the site and on any other sites that use the same login credentials. Additionally, ABA members are warned to be vigilant of spear-phishing emails that impersonate the ABA, as threat actors may use them to obtain more personal information.