top of page

Services
Professional services
Security Risk Assessment
Customized risk and compliance gap assessments with a tailored roadmap to address gaps and vulnerabilities.
Virtual CISO (vCISO)
Expert security leadership that assesses, addresses, and continually improves your security posture and compliance, all at a fraction of the cost of a full-time CISO.
Penetration Testing
Comprehensive penetration testing to uncover vulnerabilities and reinforce your defenses before attackers can exploit them.
Incident Response
Incident response plan development and testing, paired with rapid, expert action to contain security incidents, minimize damage, and maintain compliance with industry standards.
Managed Services
Third-Party Risk Management
Securely manage vendor relationships from start to finish.
Security Awareness Training
Empower your team to recognize threats.
Email Security
Protect your inbox from phishing and spam.
Vulnerability Management
Continuous scanning and alerts for swift risk remediation.
Managed Detection & Response (MDR)
Quickly detect, respond, and recover from advanced threats.
Password Management
Secure, manage, and simplify passwords.
Dark Web Monitoring
Monitor exposed data before it’s used against you.
Industry
Healthcare
Ensure patient trust with robust data protection and compliance.
Financial Services
Safeguard financial data while meeting compliance at every level.
K-12 Education
Enhance student safety and privacy while supporting educational goals.
Framework
HIPAA
SOC 2
Additional frameworks
Simplify security: How to build your security program with NIST CSF 2.0
Download the ebook
Resources
Resources
Blog
Stay updated with the latest trends and insights in cybersecurity. From industry news to expert analyses, our blog keeps you informed.
Podcast
Listen to expert discussions on pressing cybersecurity issues. Featuring interviews and practical advice, our podcast keeps you engaged and informed.
Security community
Stay updated with the latest security news and join the conversation. Connect with peers, share insights, and leave comments on the most recent updates.
Guides and reports
Access comprehensive guides and reports with actionable insights and strategies to improve your security stance.
Master HIPAA: How to achieve compliance with our ultimate guide
Download the guide
Company
Contact
Partners

Free Cybersecurity Review

To test this feature, visit your live site.

Jake Geier

Jan 14

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

Name: Pivotalogic, Inc.
Address: 6900 Wedgwood Rd N Ste 460, Maple Grove, MN, 55311, US

in Security Bulletin

Who:

Vulnerability discovered in Google’s “Sign in with Google” OAuth authentication flow.
Truffle Security, led by co-founder and CEO Dylan Ayrey, identified the issue.

What:

Attackers can exploit domain ownership changes by purchasing domains of defunct startups.
Re-created email accounts on purchased domains can be used to access SaaS platforms previously tied to the accounts, such as OpenAI ChatGPT, Slack, Notion, Zoom, and HR systems.
Sensitive data at risk includes tax documents, pay stubs, Social Security numbers, and hiring records.

Impact:

Millions of users’ data could be compromised.
No current protections for downstream software providers against this flaw.
Google reopened the bug report (December 2024), awarded a bounty of $1,337, and labeled the issue as high impact.
Individuals remain vulnerable once off-boarded from startups, with no safeguards against domain ownership exploitation.

Read the full article HERE

0 answers0 replies

Comments (0)

bottom of page

Professional services

Customized risk and compliance gap assessments with a tailored roadmap to address gaps and vulnerabilities.

Expert security leadership that assesses, addresses, and continually improves your security posture and compliance, all at a fraction of the cost of a full-time CISO.

Comprehensive penetration testing to uncover vulnerabilities and reinforce your defenses before attackers can exploit them.

Incident response plan development and testing, paired with rapid, expert action to contain security incidents, minimize damage, and maintain compliance with industry standards.

Managed Services

Securely manage vendor relationships from start to finish.

Empower your team to recognize threats.

Protect your inbox from phishing and spam.

Continuous scanning and alerts for swift risk remediation.

Quickly detect, respond, and recover from advanced threats.

Secure, manage, and simplify passwords.

Monitor exposed data before it’s used against you.

Industry

Ensure patient trust with robust data protection and compliance.

Safeguard financial data while meeting compliance at every level.

Enhance student safety and privacy while supporting educational goals.

Framework

Simplify security: How to build your security program with NIST CSF 2.0

Resources

Master HIPAA: How to achieve compliance with our ultimate guide