Trending News: A ceasefire between Israel and Hamas has come into effect in GazaAnge Postecoglou repeats the transfer message after the recent Tottenham loss“She did it!” |Thune’s precise shot gave Manchester United the lead in the derby!ELN peace talks fail, at least 80 dead in northeastern Colombia Armed group news"vegan" and "It’s lurking": Ukrainian soldiers on the front line (June 15, 2024)Netflix, United Airlines, Verizon, Texas Instruments and more stocks to watch this weekManchester City are back, says a happy Pep4/10 Spurs star may have just cost Anjie his jobSKI vs CWA Dream11 Today’s Prediction Match 19 West Indies Jamaica T10 2025Best Noise-Canceling Earbuds for 2025Biden tells Charleston, S.C. church ‘I’m not going anywhere’ on final day in officeAlmanac: January 19 – CBS NewsUS VP-elect Vance meets with Chinese counterpart before inauguration By ReutersToon completes Derby hat-trick after Keating misses kick-offHow to Unblock CapCut in US? Use a VPNDeadly dog ​​attacks in Iran; rare video indonesian "uncontacted" tribe (22.6.2024)Factbox-What we know about the Gaza hostage and prisoner exchange By ReutersAccess to this page has been denied.The current Man Utd squad may be the worst in the club’s 147-year historyAston Villa engineer deal to hijack Chelsea transfer for ‘brilliant’ £17m aceICC World Test Championship points table, WTC points table after the first test between PAK and WI in 2025The Pentagon says AI is speeding up its ‘kill chain’President Biden says ‘the gunfire has subsided in Gaza today’Aid is starting to slowly arrive in Gaza after a cease-fire between Israel and Hamas took effectROSEN, NATIONAL TRIAL COUNSEL, Urges Rentokil Initial plc Investors With Losses Greater Than $100K to Secure Counsel Before Important January 27th Securities Class A Deadline By Investing.comSomething went wrong later while playing ball! Thune slams costly city mistakesConservation groups say new border wall further endangers rare desert fishBodies on Saudi Streets During Hajj; football offers refuge from violence in Haiti (6/7/2024)The thing about rich bossesHow does your Nest Egg stack up? That’s what it takes to be in the top 10% of retirement saversA big win sends the player ratings champions top of La LigaWolves spend £10m to sign ‘powerful’ midfielder and he’s on his wayBest Coffee Maker in 2025Shakib Al Hassan embroiled in new controversy as arrest warrant issued in fraud caseTikTok resumes service in US after Trump promisesAt least 80 dead, several kidnapped in Colombia after failed peace talks, official saysROSEN, A TOP RANKED LAW FIRM, Encourages Dentsply Sirona Inc. Investors With Losses Greater Than $100K to Secure Advice Before Jan. 27 Securities Class Deadline Matters By Investing.comReal Madrid boss Ancelotti hails Kylian Mbappe as ‘the best center forward in the world’Manchester City Women vs Manchester United Women – Live match updatesTikTok Returns to US After Trump Promises to Delay BanAU-W vs EN-W, 1st T20I: Match Prediction, Dream11 Team, Fantasy Tips & Pitch Report | Women’s Ashes 2025Ambulances enter Gaza on first day of ceasefire agreement | GazaIsraeli strikes hit Gaza’s fishing industry; tracking the trade in exotic pets in Pakistan (6.1.2024)‘it’s just a glimpse of hope’Ivanka Trump and Jared Kushner won’t trade their $24 million Miami mansion for the White House. This is how they made their moneyManchester United leading the race for ‘exciting’ £54m star player; confident they can strike a dealTikTok has restored service in the USNellie defends performance at Trump inauguration, says ‘it was an honor’The head of Save the Children says that connecting children from Gaza is “a real moment of hope and danger”With confidence in ruins, most 18-34 year olds are turning to violence to push for changeTikTok to restore service in US after Trump’s assurancesMatch report and 4 talking points from Portman’s road savingManchester City celebrate Haaland’s new contract with goal extravaganza at IpswichTikTok says it is restoring service in the USMarcus Stoinis shocks everyone with stunning catch at backwards in BBLThree freed Israeli hostages arrive in IsraelFirst-hand story of an African migrant: arrested and returned twice (6/8/2024)Joy and tears as Israelis watch Gaza captives return By ReutersAn under-the-radar move in stocks shows a bullish sign for 2025Sorry tractor boys for rude visitorsCeltic chasing ‘one of Africa’s best players’Exiled Afghan female cricketer urges ICC to take action over Taliban’s sports restrictionsSyrian minister rejects Kurdish-led SDF proposal to create own military group Syria war newsScars on both sides of the Middle East conflict after the ceasefire took effectThe Danish and US powers cover the ghost towns of Greenland in the ArcticMIT Shuts Down Database After Activists Use It to Find School Ties to Israeli MilitaryGoalscorer Anderson concedes relief after Nottingham Forest beat SouthamptonMcCarty’s header adds insult to injury for IpswichEnnis VS. Stanionis welterweight unification expected to take place on April 12 in Atlantic CityHow to watch President Trump’s inauguration live from Washington, D.C.The long-awaited ceasefire between Hamas and Israel comes into effectTikTok addict welcomes ban: ‘This app has permeated every corner of our consciousness’Fast fashion chain plots store closures struggling to surviveTikTok is Back OnlineTottenham boss Postecoglou hasn’t lost ‘belief or determination’ despite fans’ anger at Everton defeatWolves could sign a ‘1v1 specialist’ who is Sarabia’s dream upgradeTrump gives companies needed assurancesUkraine cracks down on draft evaders; Iranian women protest against the regime "Observer" application (30.3.2024)AU-WU19 vs BD-WU19 Dream11 Today’s Prediction Match 9 U19 Women’s World Cup T20 2025TikTok says it is restoring service in the US By ReutersVolatile rates likely to hurt S&P 500 gains: Goldman SachsTikTok says it is restoring service in the USThis is the worst team in Manchester United’s history to admit Amorim after the Brighton defeat.New contract, Haaland again! Erling added fifth point after Clark’s turnoverOnana’s mistake exacerbates Manchester United’s 1-3 loss to Brighton | Manchester United Football NewsWhite House Middle East envoy says Israel-Hamas ceasefire ‘leaves nothing to chance’Watch: Liam Dawson knocks out JJ Smuts with one hand in SA20 2025 matchDonald Trump is planning an executive order to help TikTok stay in serviceTikTok is in the process of restoring service in the United States after Trump promised an executive orderWhat to expect on WednesdayNewcastle United covet ‘elusive’ winger worth £25mNancy Pelosi’s daughter tells Jill Biden worried about ‘her husband’s legacy’Hamas is trying to show that it has regained control of GazaInside the first Crypto Ball: Snoop, the Treasury Secretary—and a $70 billion memecoin surprise from TrumpMy Best Hyper Growth Stock to Buy in 2025Best Smoke Detectors for 2025‘I’m ready’ – Whyte prepares for Joshua rematchCesc Fabregas talks Ansu Fati to Como transfer links“That’s beautiful!” | Foden doubles as Manchester City dominateHamas releases Israeli prisoners to ICRC in chaotic scenes in Gaza
Sun. Jan 19th, 2025
Trending News: A ceasefire between Israel and Hamas has come into effect in GazaAnge Postecoglou repeats the transfer message after the recent Tottenham loss“She did it!” |Thune’s precise shot gave Manchester United the lead in the derby!ELN peace talks fail, at least 80 dead in northeastern Colombia Armed group news"vegan" and "It’s lurking": Ukrainian soldiers on the front line (June 15, 2024)Netflix, United Airlines, Verizon, Texas Instruments and more stocks to watch this weekManchester City are back, says a happy Pep4/10 Spurs star may have just cost Anjie his jobSKI vs CWA Dream11 Today’s Prediction Match 19 West Indies Jamaica T10 2025Best Noise-Canceling Earbuds for 2025Biden tells Charleston, S.C. church ‘I’m not going anywhere’ on final day in officeAlmanac: January 19 – CBS NewsUS VP-elect Vance meets with Chinese counterpart before inauguration By ReutersToon completes Derby hat-trick after Keating misses kick-offHow to Unblock CapCut in US? Use a VPNDeadly dog ​​attacks in Iran; rare video indonesian "uncontacted" tribe (22.6.2024)Factbox-What we know about the Gaza hostage and prisoner exchange By ReutersAccess to this page has been denied.The current Man Utd squad may be the worst in the club’s 147-year historyAston Villa engineer deal to hijack Chelsea transfer for ‘brilliant’ £17m aceICC World Test Championship points table, WTC points table after the first test between PAK and WI in 2025The Pentagon says AI is speeding up its ‘kill chain’President Biden says ‘the gunfire has subsided in Gaza today’Aid is starting to slowly arrive in Gaza after a cease-fire between Israel and Hamas took effectROSEN, NATIONAL TRIAL COUNSEL, Urges Rentokil Initial plc Investors With Losses Greater Than $100K to Secure Counsel Before Important January 27th Securities Class A Deadline By Investing.comSomething went wrong later while playing ball! Thune slams costly city mistakesConservation groups say new border wall further endangers rare desert fishBodies on Saudi Streets During Hajj; football offers refuge from violence in Haiti (6/7/2024)The thing about rich bossesHow does your Nest Egg stack up? That’s what it takes to be in the top 10% of retirement saversA big win sends the player ratings champions top of La LigaWolves spend £10m to sign ‘powerful’ midfielder and he’s on his wayBest Coffee Maker in 2025Shakib Al Hassan embroiled in new controversy as arrest warrant issued in fraud caseTikTok resumes service in US after Trump promisesAt least 80 dead, several kidnapped in Colombia after failed peace talks, official saysROSEN, A TOP RANKED LAW FIRM, Encourages Dentsply Sirona Inc. Investors With Losses Greater Than $100K to Secure Advice Before Jan. 27 Securities Class Deadline Matters By Investing.comReal Madrid boss Ancelotti hails Kylian Mbappe as ‘the best center forward in the world’Manchester City Women vs Manchester United Women – Live match updatesTikTok Returns to US After Trump Promises to Delay BanAU-W vs EN-W, 1st T20I: Match Prediction, Dream11 Team, Fantasy Tips & Pitch Report | Women’s Ashes 2025Ambulances enter Gaza on first day of ceasefire agreement | GazaIsraeli strikes hit Gaza’s fishing industry; tracking the trade in exotic pets in Pakistan (6.1.2024)‘it’s just a glimpse of hope’Ivanka Trump and Jared Kushner won’t trade their $24 million Miami mansion for the White House. This is how they made their moneyManchester United leading the race for ‘exciting’ £54m star player; confident they can strike a dealTikTok has restored service in the USNellie defends performance at Trump inauguration, says ‘it was an honor’The head of Save the Children says that connecting children from Gaza is “a real moment of hope and danger”With confidence in ruins, most 18-34 year olds are turning to violence to push for changeTikTok to restore service in US after Trump’s assurancesMatch report and 4 talking points from Portman’s road savingManchester City celebrate Haaland’s new contract with goal extravaganza at IpswichTikTok says it is restoring service in the USMarcus Stoinis shocks everyone with stunning catch at backwards in BBLThree freed Israeli hostages arrive in IsraelFirst-hand story of an African migrant: arrested and returned twice (6/8/2024)Joy and tears as Israelis watch Gaza captives return By ReutersAn under-the-radar move in stocks shows a bullish sign for 2025Sorry tractor boys for rude visitorsCeltic chasing ‘one of Africa’s best players’Exiled Afghan female cricketer urges ICC to take action over Taliban’s sports restrictionsSyrian minister rejects Kurdish-led SDF proposal to create own military group Syria war newsScars on both sides of the Middle East conflict after the ceasefire took effectThe Danish and US powers cover the ghost towns of Greenland in the ArcticMIT Shuts Down Database After Activists Use It to Find School Ties to Israeli MilitaryGoalscorer Anderson concedes relief after Nottingham Forest beat SouthamptonMcCarty’s header adds insult to injury for IpswichEnnis VS. Stanionis welterweight unification expected to take place on April 12 in Atlantic CityHow to watch President Trump’s inauguration live from Washington, D.C.The long-awaited ceasefire between Hamas and Israel comes into effectTikTok addict welcomes ban: ‘This app has permeated every corner of our consciousness’Fast fashion chain plots store closures struggling to surviveTikTok is Back OnlineTottenham boss Postecoglou hasn’t lost ‘belief or determination’ despite fans’ anger at Everton defeatWolves could sign a ‘1v1 specialist’ who is Sarabia’s dream upgradeTrump gives companies needed assurancesUkraine cracks down on draft evaders; Iranian women protest against the regime "Observer" application (30.3.2024)AU-WU19 vs BD-WU19 Dream11 Today’s Prediction Match 9 U19 Women’s World Cup T20 2025TikTok says it is restoring service in the US By ReutersVolatile rates likely to hurt S&P 500 gains: Goldman SachsTikTok says it is restoring service in the USThis is the worst team in Manchester United’s history to admit Amorim after the Brighton defeat.New contract, Haaland again! Erling added fifth point after Clark’s turnoverOnana’s mistake exacerbates Manchester United’s 1-3 loss to Brighton | Manchester United Football NewsWhite House Middle East envoy says Israel-Hamas ceasefire ‘leaves nothing to chance’Watch: Liam Dawson knocks out JJ Smuts with one hand in SA20 2025 matchDonald Trump is planning an executive order to help TikTok stay in serviceTikTok is in the process of restoring service in the United States after Trump promised an executive orderWhat to expect on WednesdayNewcastle United covet ‘elusive’ winger worth £25mNancy Pelosi’s daughter tells Jill Biden worried about ‘her husband’s legacy’Hamas is trying to show that it has regained control of GazaInside the first Crypto Ball: Snoop, the Treasury Secretary—and a $70 billion memecoin surprise from TrumpMy Best Hyper Growth Stock to Buy in 2025Best Smoke Detectors for 2025‘I’m ready’ – Whyte prepares for Joshua rematchCesc Fabregas talks Ansu Fati to Como transfer links“That’s beautiful!” | Foden doubles as Manchester City dominateHamas releases Israeli prisoners to ICRC in chaotic scenes in Gaza
Sun. Jan 19th, 2025

Employees of failed startups are at special risk of stolen personal data through old Google logins


As if losing your job when the startup you work for collapses isn’t bad enough, now a security researcher has found that employees of failed startups are at particular risk of having their data stolen. This ranges from their private Slack messages to Social Security numbers and, possibly, bank accounts.

The researcher who discovered the issue is Dylan Ayrey, co-founder and CEO of Andreessen Horowitz-backed startup Truffle Security. Ayrey is best known as the creator of the popular open source project TruffleHog, which helps detect data leaks when bad actors acquire identity login tools (ie, API keys, passwords , and tokens).

Ayrey is also a rising star in the bug hunting world. Last week at security conference ShmooConhe gave a talk on a flaw he found in Google OAuth, the technology behind “Sign in with Google,” which people use instead of passwords.

Ayrey gave his speech after reporting the vulnerability to Google and other companies that may be affected and was able to share its details because Google does not prohibit its bug hunters from speaking about their findings. . (Google’s decade-old Project Zerofor example, often showing errors it finds in other products of technology giants such as Microsoft Windows.)

He discovered that when malicious hackers buy defunct domains of a failed startup, they can use them to log into cloud software configured to allow every employee of the company to have access, such as in the company’s chat or video app. From there, many of these apps offer company directories or user information pages where the hacker can discover the actual emails of former employees.

Using the domain and those emails, hackers can use the “Sign in with Google” option to access multiple cloud software applications at startup, often finding multiple employee emails. .

To test the error he found, Ayrey bought a failed startup domain and from it logged into ChatGPT, Slack, Notion, Zoom, and an HR system with Social Security numbers. .

“That’s probably the biggest threat,” Ayrey told TechCrunch, because the data from a cloud HR system is “the easiest they can be to monetize, and the Social Security numbers and the information in banking and anything else in HR systems is likely to be targeted. He said old Gmail accounts or Google Docs created by employees, or any data created using Google apps. , not dangerous, and confirmed by Google.

While any failed company with a domain for sale could fall victim, startup employees are especially vulnerable because startups tend to use Google apps and a lot of cloud software to run their businesses.

Ayrey estimates that tens of thousands of former employees are at risk, as well as millions of SaaS software accounts. This is based on his research that found 116,000 website domains currently available for sale from failed technology startups.

Control is available but not perfect

Google actually has tech in its OAuth configuration that should prevent the risks outlined by Ayrey, if the SaaS cloud provider uses it. This is called a “sub-identifier,” which is a series of numbers unique to each Google account. While an employee can have multiple email addresses attached to their work Google account, the account must have only one sub-identifier, always.

If configured, when the employee goes to log into a cloud software account using OAuth, Google will send the email address and the sub-identifier to identify the person. So, even if malicious hackers recreate email addresses with domain control, they don’t necessarily recreate these identifiers.

But Ayrey, working with an affected SaaS HR provider, discovered that this identifier was “unreliable,” as he said, meaning the HR provider found it had changed in a very small percentage of cases: 0.04 %. That may be a statistic close to zero, but for an HR provider that manages many daily users, it adds up to hundreds of failed logins every week, locking people out of their accounts. account. That’s why this cloud provider doesn’t want to use Google’s sub-identifier, Ayrey said.

Google argues that the sub-identifier is constantly changing. As this search came from the HR cloud provider, not the researcher, it was not submitted to Google as part of the bug report. Google says that if it finds evidence that the sub-identifier is unreliable, the company will respond to it.

Google changed its mind

But Google is also ignoring how important this issue is. At first, Google dismissed Ayrey’s bug entirely, quickly closing the ticket and saying it wasn’t a bug but a “fraud” issue. Google is not entirely wrong. This risk comes from hackers taking control of domains and abusing the email accounts they recreate through them. Ayrey did not take issue with Google’s initial decision, calling it a data privacy issue where Google’s OAuth software was working as intended even though users might have been hurt. “That’s not as cut and dry,” he said.

But three months later, after ShmooCon accepted his talk, Google changed its mind, reopened the ticket, and paid Ayrey a $1,337 bounty. A similar thing happened to him in 2021 when Google reopened his ticket after he gave a famous speech about his findings at the Black Hat cybersecurity conference. Google even awarded Ayrey and his bug-finding partner Allison Donovan the third annual security researcher prize awards (with $73,331).

Google has not yet issued a technical fix for the bug, or a timeline for when it might be available — and it’s unclear whether Google will make a technical change to address it. issue. The company, however, has updated it documentation to tell cloud providers to use the sub-identifier. Google also offers instructions to the founders of how companies can shut down Google Workspace and prevent the problem.

Ultimately, Google said, the fix is ​​for founders who shut down a company to make sure they properly shut down all of their cloud services. “We appreciate Dylan Ayrey’s help in identifying the risks that arise from customers forgetting to opt-out of third-party SaaS services as part of their denial of service,” the spokesperson said.

Ayrey, a founder himself, understands why many founders can’t make sure their cloud services are disabled. Shutting down a company is actually a complex process done during what can be an emotionally painful time — involving many things, from disposing of employee computers, to closing accounts. in the bank, until the tax is paid.

“If the founder has to deal with shutting down the company, they’re probably not in a big head space to think about all the things they need to think about,” Ayrey said.



Source link

    • itstargetnews

    Related Posts

    Best Noise-Canceling Earbuds for 2025
    Best Noise-Canceling Earbuds for 2025

    Bowers and Wilkins PI7 S2: In 2023, Bowers & Wilkins upgraded its great sounding PI7 canceling earbuds. The new S2 model has better battery life and Bluetooth range, now up…

    Continue reading
    How to Unblock CapCut in US? Use a VPN
    How to Unblock CapCut in US? Use a VPN

    CapCut is not “bundled” with TikTok January 19, 2025. The ban is a result of ByteDance’s failure to comply with the 2024 law, which requires that ByteDance is about to…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    1
    A ceasefire between Israel and Hamas has come into effect in Gaza
    Breaking News
    A ceasefire between Israel and Hamas has come into effect in Gaza
    2
    Ange Postecoglou repeats the transfer message after the recent Tottenham loss
    Sports
    Ange Postecoglou repeats the transfer message after the recent Tottenham loss
    3
    “She did it!” |Thune’s precise shot gave Manchester United the lead in the derby!
    Sports
    “She did it!” |Thune’s precise shot gave Manchester United the lead in the derby!
    4
    ELN peace talks fail, at least 80 dead in northeastern Colombia Armed group news
    Breaking News
    ELN peace talks fail, at least 80 dead in northeastern Colombia Armed group news
    5
    "vegan" and "It’s lurking": Ukrainian soldiers on the front line (June 15, 2024)
    Breaking News
    "vegan" and "It’s lurking": Ukrainian soldiers on the front line (June 15, 2024)
    Business News
    Netflix, United Airlines, Verizon, Texas Instruments and more stocks to watch this week
    6
    Manchester City are back, says a happy Pep
    Sports
    Manchester City are back, says a happy Pep
    7
    4/10 Spurs star may have just cost Anjie his job
    Sports
    4/10 Spurs star may have just cost Anjie his job
    8
    SKI vs CWA Dream11 Today’s Prediction Match 19 West Indies Jamaica T10 2025
    Sports
    SKI vs CWA Dream11 Today’s Prediction Match 19 West Indies Jamaica T10 2025