All news with #google workspace tag

Hardening Google Workspace: Practical Guidance for Teams

🔒 Small security teams can harden Google Workspace by enforcing MFA, restricting admin roles, and tightening sharing and OAuth app permissions. The article stresses stronger email defenses — advanced phishing controls, DMARC/DKIM/SPF — and proactive monitoring for account takeovers through alerts and behavioral signals. It argues native controls form a solid foundation but leave gaps, and recommends augmenting them with Material Security for unified visibility and automated remediation.

TELUS Boosts Productivity with ChromeOS and Cameyo Deployment

🚀 TELUS modernized its global digital workplace by deploying ChromeOS, Google Workspace, Cameyo, and Chrome Enterprise Premium to create a browser-first, zero-trust app streaming platform. The TELUS Desktop Stream replaced costly VDI, avoided a $15 million infrastructure refresh, and cut login times by threefold. More than 100 applications now run through Cameyo, improving call-center throughput and agent productivity. IT teams report simplified management, stronger contextual security, and reduced reliance on VPNs.

JS Bank modernizes with Google stack and ChromeOS rollout

🚀 JS Bank migrated its distributed IT estate to a unified Google ecosystem—deploying 1,500 Chromebooks and Chromeboxes while adopting Google Workspace and Chrome Enterprise Premium. The change delivered nearly 90% endpoint standardization, cut device management time by 40%, and halved daily support tickets. Built-in ChromeOS protections simplified security and reduced reliance on multiple third-party antivirus and anti-malware tools.

ShadowLeak: Zero-click flaw exposes Gmail via ChatGPT

🔓 Radware disclosed ShadowLeak, a zero-click vulnerability in OpenAI's ChatGPT Deep Research agent that can exfiltrate sensitive Gmail inbox data when a single crafted email is present. The technique hides indirect prompt injections in email HTML using tiny fonts, white-on-white text and CSS/layout tricks so a human user is unlikely to notice the commands while the agent reads and follows them. In Radware's proof-of-concept the agent, once granted Gmail integration, parses the hidden instructions and uses browser tools to send extracted data to an external server. OpenAI addressed the issue in early August after a responsible disclosure on June 18, and Radware warned the approach could extend to many other connectors, expanding the attack surface.

California Modernizes Public Services with Google Cloud

🚀 California is partnering with Google Cloud to modernize state and local services by applying AI, security, and infrastructure solutions. Agencies such as Covered California use Document AI, Assured Workloads, and AI-driven security to speed eligibility decisions and protect sensitive data. Universities including UCR and Caltech are using Vertex AI and AI-optimized HPC for research acceleration. Workspace, Gemini, and Agentspace are cited as productivity and information-management enablers.

SalesLoft Drift Breaches Expose Fourth-Party OAuth Risk

🔐 The SalesLoft acquisition of Drift exposed a hidden fourth‑party attack surface when legacy OAuth tokens—some dormant for 18 months—were abused to access customer Salesforce instances and a limited number of Google Workspace accounts. Attackers leveraged inherited tokens to enumerate and exfiltrate data, revealing how M&A can transfer persistent permissions outside visibility. The author calls for continuous, behavior‑based monitoring of every OAuth token and API call and recommends practical "OAuth archaeology" to inventory, rotate, or revoke legacy access.

Salesloft Drift Supply-Chain Attacks Also Hit Google

🔒 Google and security vendors say the Salesloft Drift supply-chain campaign is broader than initially reported. Threat actors tracked as UNC6395 harvested OAuth tokens from the Salesloft Drift integration with Salesforce and also accessed a very small number of Google Workspace accounts. Organizations should treat any tokens connected to Drift as potentially compromised, revoke and rotate credentials, review third-party integrations, and investigate connected systems for signs of unauthorized access.

Google: Salesloft Drift OAuth Breach Impacts Integrations

🔐 Google and Mandiant warn Salesloft Drift customers that OAuth tokens tied to the Drift platform should be treated as potentially compromised. Stolen tokens for the Drift Email integration were used to access email from a small number of Google Workspace accounts on August 9, 2025; Google stressed this is not a compromise of Workspace or Alphabet. Google revoked affected tokens, disabled the Workspace–Drift integration, and is urging customers to review, revoke, and rotate credentials across all Drift-connected integrations while investigations continue.

Google warns Salesloft breach hit some Workspace accounts

🔒 Google warns that the Salesloft Drift compromise is larger than first reported and included theft of OAuth tokens beyond the Salesforce integration. Threat actors used stolen tokens tied to the Drift Email integration to access a very small number of Google Workspace email accounts on August 9. Google says the tokens have been revoked, the Drift–Workspace integration is disabled, and affected customers were notified. Organizations using Drift should revoke and rotate all connected authentication tokens and review integrations for exposed secrets.

LLMs Remain Vulnerable to Malicious Prompt Injection Attacks

🛡️ A recent proof-of-concept by Bargury demonstrates a practical and stealthy prompt injection that leverages a poisoned document stored in a victim's Google Drive. The attacker hides a 300-word instruction in near-invisible white, size-one text that tells an LLM to search Drive for API keys and exfiltrate them via a crafted Markdown URL. Schneier warns this technique shows how agentic AI systems exposed to untrusted inputs remain fundamentally insecure, and that current defenses are inadequate against such adversarial inputs.

Total Economic Impact of ChromeOS: ROI, Savings, Security

📊 Google commissioned a Forrester Total Economic Impact™ study to quantify the value of ChromeOS for enterprise deployments. The analysis modeled a composite organization (multinational, $5B revenue, 40,000 employees) and found a 208% ROI over three years, an NPV of $6.8M, and a payback period under six months. Key benefits included 90,000 saved productivity hours, $1.3M in device and licensing savings, $1.2M from strengthened security, and $1.1M in reduced IT support costs.

Cloudflare CASB API Scanning for ChatGPT, Claude, Gemini

🔒 Cloudflare One users can now connect OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini to Cloudflare's API CASB to scan GenAI tenants for misconfigurations, DLP matches, data exposure, and compliance risks without installing endpoint agents. The API CASB provides out-of-band posture and DLP analysis, while Cloudflare Gateway delivers inline prompt controls and Shadow AI identification. Integrations are available in the dashboard or through your account manager.

Phishing Campaign Uses UpCrypter to Deploy RATs Globally

📧 Fortinet FortiGuard Labs has observed a phishing campaign using fake voicemail and purchase-order lures to direct victims to convincing landing pages that prompt downloads of JavaScript droppers. The droppers retrieve the UpCrypter loader, which conducts anti-analysis and sandbox checks before fetching final payloads, including various RATs such as PureHVNC, DCRat and Babylon. Attacks since August 2025 have targeted manufacturing, technology, healthcare, construction and retail/hospitality across multiple countries; defenders are urged to block malicious URLs, strengthen email authentication, and monitor anomalous M365 activity.

Layered Defenses Against Indirect Prompt Injection

🔒 Google GenAI Security Team outlines a layered defense strategy to mitigate indirect prompt injection attacks that hide malicious instructions in external content like emails, documents, and calendar invites. They combine model hardening in Gemini 2.5 with adversarial training, purpose-built ML classifiers, and "security thought reinforcement" to keep models focused on user tasks. Additional system controls include markdown sanitization, suspicious URL redaction via Google Safe Browsing, a Human-In-The-Loop confirmation framework for risky actions, and contextual end-user mitigation notifications that complement Gmail protections.