Google's not being ghosted from vulnerabilities. [Research Saturday]

Tal Skverer from Astrix Security joins to discuss their work on "GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts." Astrix’s Security Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) on June 19, 2022, which was found to affect all Google users.
The research states "The vulnerability, dubbed “GhostToken”, could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim’s Google account infected with …

accounts app application astrix security cloud cloud platform discuss exploiting flaw found gcp google google accounts infrastructure june platform research security security research trojan vulnerabilities work