Google has reportedly stated that it will not address vulnerabilities in its Credential Provider for Windows, as they fall outside the company's threat model. Bitdefender has highlighted weaknesses in the system that could be exploited by threat actors.
The infoseccers say Google told them the weaknesses would not be addressed and won't receive any security fixes since they fall outside the company's threat model. Vulnerabilities that rely on compromised local machines, like those highlighted by Bitdefender today, aren't considered Google -specific bugs since a compromise through methods like malware should be covered by an organization's existing security controls.
Bitdefender says this shouldn't be taken lightly and the weaknesses highlighted in its research are potentially realistically exploitable. Threat actors often seek out and exploit these gaps in coverage," it says in its report.The attacks hinge on an organization's use of Google Credential Provider for Windows (GCPW), which offers mobile device management (MDM) and single sign-on (SSO) capabilities. When GCPW is installed on a machine, a local Google Accounts and ID Administration (GAIA) account is created, which has elevated privilege
Google Vulnerabilities Credential Provider For Windows Bitdefender Threat Actors
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Windows Vulnerability Allows Attackers to Gain SYSTEM PrivilegesAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The vulnerability affects Windows Cloud Files Mini Filter Driver and also can lead to SYSTEM privileges. It also received a 7.8 CVSS rating. He warns that both of these flaws are probably paired with a code execution bug in the attacks that Microsoft has observed.
Read more »
Google Chrome to Phase Out Third-Party CookiesGoogle's Chrome browser will gradually phase out third-party cookies, starting with one percent of users. This marks a major transition for the internet economy.
Read more »
Outlander Brings Scottish Folklore to Worldwide AudiencesOutlander has brought Scotland's folklore and myth to worldwide audiences with Diana Gabaldon's bestselling books and subsequent hit TV show. Interest in the Celtic mythology contained in the Outlander universe remains high, with almost 100,000 monthly Google searches.
Read more »
Meta accused of processing data for behavioral ad targeting without legal basisRegulators are waiting for a reply from Google regarding the status of a claim against Meta for processing data for behavioral ad targeting without a legal basis. Hanff argues that Meta has been doing this for at least the past five years, which makes it unlawful.
Read more »
Artificial Intelligence Predicts Hurricane LandfallResearchers say that Artificial Intelligence can predict where a hurricane will hit land much sooner than traditional forecasting systems. A new AI tool from Google DeepMind accurately predicted the landfall of September's hurricane Lee in Canada three days in advance.
Read more »
Google will not address vulnerabilities in its Credential Provider for WindowsGoogle has reportedly stated that it will not address vulnerabilities in its Credential Provider for Windows, as they fall outside the company's threat model. Bitdefender has highlighted weaknesses in the system that could be exploited by threat actors.
Read more »