A critical flaw in Google’s “Sign in with Google” system has put millions of Americans at risk of data theft. This vulnerability primarily impacts former employees of startups that have shut down. Truffle Security identifies that the issue arises from how Google’s OAuth login handles changes in domain ownership. When …

U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a second security flaw affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products to its Known Exploited Vulnerabilities (KEV) catalog, noting that it is actively being exploited. CVE-2024-12686 is a medium-severity vulnerability (CVSS score: 6.6) that could let an attacker …

Executive Summary: Native Resource Abuse: Threat actor dubbed Codefinger uses compromised AWS keys to encrypt S3 bucket data via SSE-C, leveraging AWS’s secure encryption infrastructure in a way that prevents recovery without their generated key. Irrecoverable Data Loss: AWS CloudTrail logs only an HMAC of the encryption key, which is …