InfoSecBulletin Cybersecurity for mankind
Google Workspace has introduced new features to enhance account and data security for businesses. These features aim to make it harder for unauthorized individuals to take control of admin and user accounts, as well as prevent the extraction of sensitive data.
A few of these options are already accessible in preview, while the remaining ones will be available by the end of the year.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Google Workspace account security enhancements:
Google Workspace, previously known as G Suite, offers a comprehensive range of cloud-based productivity and collaboration tools and services. The platform offers exclusive features for businesses and enterprise users, including advanced settings, administrative tools, work insights, data retention, and eDiscovery. The Google Workspace team has just made an exciting announcement:
* Google’s largest enterprise customers and resellers will soon be required to use 2-Step Verification (2SV) as a security measure for their enterprise administrators.
* Workspace administrators will have the power to demand that two administrators approve sensitive actions, such as modifying 2SV settings for a user.
* Google’s AI-driven defenses are designed to automatically safeguard sensitive actions in Gmail, such as setting up email filtering or forwarding. These actions are frequently targeted by attackers who seek to delete or intercept emails.
* Administrators of workspaces will have a seamless ability to export workspace logs directly into Chronicle, the cybersecurity subsidiary of Alphabet which provides cloud-based analytics for enterprise security data.
New DLP and digital sovereignty controls
Enterprise data loss prevention (DLP) now includes new features to improve security. These features give security teams more control over sharing sensitive information through Gmail. Additionally, they control who can share sensitive content in Drive based on security status.
Administrators can use Google AI to classify and label data in Google Drive automatically. This helps to ensure that data is properly shared and protected from being taken without authorization.
A new method to protect enterprise data from third parties is being developed. It uses client-side encryption and stores encryption keys with trusted providers.
Organizations can choose where their data is processed, store a copy of their Workspace data in a country of their choice, and limit access to specific regional support personnel.
