According to the Hunters team, the vulnerability is based on Google Workspace's role in managing user identities across Google Cloud services.
Yonatan Khanashvilli, threat hunting expert at Team Axon at Hunters, posted a much more detailed explanation of DeleFriend.
Hunters disclosed this flaw to Google in August 2023 and wrote, "Google is currently reviewing the issue with their Product team to assess potential actions based on our recommendations." An anonymous Google representative told The Hacker News in November 2023, "This report does not identify an underlying security issue in our products. As a best practice, we encourage users to make sure all accounts have the least amount of privilege possible (see guidance here). Doing so is key to combating these types of attacks."
[
add
]
[
|
|
...
]