Latest news with #GeminiforWorkspace
Business Wire
30-07-2025
- Business Wire
SafeBreach Labs to Showcase Original Research in Four Talks across Black Hat USA 2025 and DEF CON 33 Conferences
LAS VEGAS--(BUSINESS WIRE)-- SafeBreach, the leader in enterprise exposure validation, today announced that members of its SafeBreach Labs research team will present three pieces of groundbreaking original research across four sessions at the Black Hat USA 2025 and DEF CON 33 conferences in Las Vegas next week. This year's sessions further cement the reputation of the SafeBreach Labs team as recognized experts and thought leaders in cybersecurity research. Over the past seven years, team members have consistently earned speaking slots at both Black Hat USA and DEF CON simultaneously, while presenting more than 50 additional talks at conferences around the world. In addition, the SafeBreach Labs team has discovered 50+ zero-day vulnerabilities and been nominated twice for the Pwnie Awards for Most Innovative Research and Best Privilege Escalation. The team's research this year will demonstrate significant vulnerabilities in AI-powered workplace systems and Windows operating system components that impact enterprise security: Invitation Is All You Need! Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite At Black Hat on Wednesday, August 6 at 4:20 pm PT At DEF CON on Sunday, August 10 at 10:00 am PT SafeBreach Security Research Team Lead Or Yair, cybersecurity expert Ben Nassi, and PhD Student Stav Cohen will present their discovery of a new variant of Promptware called Targeted Promptware Attacks that allows Gemini for Workspace agents to be hacked through simple Google Calendar invitations, revealing 15 different exploitations across Gemini's web interface, mobile application, and Google Assistant. The session will explain how attackers can generate toxic content, perform spamming and phishing, delete calendar events, control home appliances, video stream and geolocate victims, and more. Their findings indicate that more than 70% of identified Promptware risks are high/critical and require immediate mitigations. You Snooze, You Lose: RPC-Racer Winning RPC Endpoints against Services At DEF CON on Friday, August 8 at 2 pm PT SafeBreach Security Researcher Ron Ben Yizhak will present how he discovered the ability for unprivileged users to impersonate trusted RPC servers—and how SafeBreach's new RPC-Racer toolset identifies and exploits these vulnerabilities. From racing services at boot time to tricking high-integrity processes into trusting malicious fake servers, this session dives deep into manipulation of RPC clients and demonstrates the real-world risks. Win-DoS Epidemic: A crash course in abusing RPC for Win-DoS & Win-DDoS At DEF CON on Sunday, August 10 at 12:30 pm PT Building on original LDAPNightmare research released earlier this year, SafeBreach Security Research Team Lead Or Yair and Research Lead Shahak Morag will discuss how they exploited security gaps in Microsoft Windows RPC to develop a novel DDoS technique—dubbed Win-DDoS—that can harness the power of tens of thousands of public domain controllers around the world to create a malicious botnet with vast resources. The presentation will also demonstrate how they discovered four new DoS vulnerabilities along the way, with abilities ranging from crashing an individual domain controller to crashing any Windows computer within a domain. The presentation raises implications for enterprise resilience, risk modeling, and defense strategies, while providing new insights for OS-level hardening. "The SafeBreach Labs team has established a remarkable history of presenting original research at both Black Hat USA and DEF CON—this year is no different,' said Tomer Bar, VP of Security Research at SafeBreach. "The team's work reveals critical vulnerabilities across both AI-powered workplace systems and traditional Windows infrastructure, showcasing the critical need for organizations to continuously validate their security posture against emerging attack vectors. We're proud of the impact this research has not only in strengthening the SafeBreach exposure validation platform, but also in helping the broader security community understand and defend against these sophisticated threats." The SafeBreach exposure validation platform is utilized by some of the largest financial services, healthcare, manufacturing, and transportation organizations in the world to validate security control performance, identify gaps, and take remedial action to strengthen security posture and reduce overall business risk. SafeBreach maintains a 24-hour service-level agreement (SLA) to add new attacks to its Hacker's Playbook based on critical US-CERT and FBI Flash alerts, so customers can immediately test against the latest threats. With the industry's most advanced threat research team, SafeBreach is able to ensure its playbook boasts an unmatched collection of 30,000+ attacks. For more information about the sessions or to schedule a time to connect with SafeBreach experts at Black Hat USA 2025 on August 5-9 and DEF CON on August 7-10, stop by our booth #5416 or visit About Black Hat Founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. Grown from a single annual conference to the most respected information security event series internationally, these multi-day events provide the security community with the latest cutting-edge research, developments, and trends. Today Black Hat Briefings and Trainings are held annually in the United States, Europe, and Asia, providing premier venues for elite security researchers and trainers to find their audience. About SafeBreach SafeBreach is the leader in enterprise-grade exposure validation, providing the world's largest brands with safe and scalable capabilities to understand, measure and remediate threat exposure and associated cyber risk. The award-winning SafeBreach exposure validation platform combines pioneering breach and attack simulation and innovative attack path validation capabilities to help enterprise security teams measure and address security gaps at the perimeter and beyond. Backed by a world-renowned original threat research team and world-class support, SafeBreach helps enterprises transform their security strategy from reactive to proactive safely and at scale. To learn more about how SafeBreach helps enterprises with end-to-end exposure visibility, visit
Yahoo
31-01-2025
- Business
- Yahoo
The Latest Gmail Update Includes 1 Risky AI Feature You Need To Be Careful About
If you have been using your Gmail lately, you might be distracted by its new appearance. Starting this week, Google rolled out new artificial intelligence features for its enterprise and business Gmail plans that are front and center in your inbox. Called Gemini, these default AI features include a prominent 'Summarize this email' button that appears at the top of all emails and a 'Help me write' function that shows up when you want to draft a reply. Google claims Gemini is 'a strategic thought partner to bring ideas to life and find ways to problem solve,' but I think of it as a nuisance. So far, I do not think that Gemini can summarize any quicker than a succinct subject line in an email. When I click the 'Summarize this email' button, what I receive takes just as long, if not longer, for me to synthesize as just skimming an email. And on top of doing more reading, I feel like I'm wasting time by fact-checking Gemini's answers. I do, however, see some use in the 'Help me write' function for the kind of formulaic emails people send all the time. Gemini can draft answers to your boss based on previous email threads, and you can choose to 'formalize,' 'elaborate' or 'shorten' what you see. The main problem with this feature is that you still need to be a close editor. What is crucial in any working relationship is tone. It's what can signal if you need to stay buttoned-up formal or whether you are growing closer to colleagues. And Gemini does not yet pick up on the human sarcasm and humor that bonds people together. When I used the 'Help me write' suggestions, casual brainstorming emails with my own manager sounded too stuffy and formal, even with the 'shorten' option. And using what Gmail drafted without edits could have negative consequences to your career. If I replied to my close colleagues' suggestions using the email signature 'Best,' that Gemini suggested, I believe my tone would sound oddly cold and a little hostile, too. Even Google itself does not want you to rely on it. 'Gemini for Workspace can make mistakes, including about people, so double-check it' is the reminder you see at the bottom of the Gemini pop-up in your inbox. On top of efficiency concerns, there are data privacy concerns. Do you want to share your drafted ideas and emails to Google AI? 'Your content is not human reviewed or used for Generative AI model training outside your domain without permission,' Google states on its privacy hub site. But the parameters of what permission users gave and when is not explicitly stated. For now, expect to get used to Google Gemini's features. If you, like me, miss the old Gmail, tough luck. Gmail users were automatically opted into this feature, and turning it off has larger consequences for your inbox. To turn off Google Gemini and other 'smart' Google Workspace features: In Gmail, click the Settings button and then 'See all settings.' Under the 'General' tab, scroll to 'Google Workspace smart features.' Click 'Manage Workspace smart feature settings.' Turn off smart features in Google Workspace. Keep in mind that turning off smart features are all-or-nothing. If you toggle off these features, you will get rid of the 'Summarize this email' prompt, but it will also get rid of other longtime 'smart' functions you might enjoy, like the ability to personalize your search with keywords, or get nudges about emails you received a few days ago, or be able to see flight itineraries and invitations from Gmail in Calendar. You do not have to rely on Google AI to clear your inbox. Beyond smart features, you can also use Gmail's file and folder systems to organize your inbox and make summarizing easy. Creating one folder or label called 'Past Emails,' for example, and moving all non-actionable emails there is one quick way to make skimming many emails easy ― no AI assistant needed. And no matter what you plan to do with Gemini's Gmail features, my general advice remains. Whether you are in Slack or in Gmail, think twice before sharing your most sensitive conversations in an online message. So much gets lost to tone. If you really need an AI assistant to workshop more than three paragraphs of a hard conversation, I would suggest asking for a meeting where you can talk it out in person. Why Ending A Work Email With 'Thanks' Can Be The Worst Option The Secrets To A Super Organized Inbox The Rudest Things You Can Do When Emailing
