Cybersecurity researchers have discovered a significant forensic security deficiency in Google Workspace that enables a hacker to exfiltrate data in Google Drive without any trace. Also Read - Android 14 may come with advance memory protection feature: Report
According to researchers from Mitiga Security, once a malicious user inside has accessed the organisation’s Google Drive, they can take action without being recorded at all. Also Read - Fitbit users will get the Google Account login option starting June 6: Why should you care about it?
This flaw affects only users who do not have a paid enterprise licence for Google Workspace. Also Read - Here's how to create images with AI in Google Slides, "help me visualize"
Users who do not have a paid Google Workspace licence have their private drive actions left undocumented.
Hackers can disable logging and recording by cancelling their paid licence and switching to the free “Cloud Identity Free” licence.
This enables threat actors to exfiltrate files without leaving any trace, save for the indication that a paid licence was revoked, which is visible to administrators.
“A threat actor who gains access to an admin user can revoke the user’s license, download all their private files, and reassign the license,” the researchers said.
The experts also notified Google of its findings, who is yet to respond.
Meanwhile, hackers are targeting iPhones with previously unknown malware, via iMessage to, gain complete control over the iOS device and spy on users.
Cybersecurity company Kaspersky discovered the mobile Advanced Persistent Threat (APT) campaign targeting iOS devices with previously unknown malware.
Dubbed as ‘Operation Triangulation’, the ongoing campaign distributes zero-click exploits via iMessage to run malware gaining complete control over the device and user data, with the final goal to “hiddenly spy on users”.
–IANS
Deficiency in Google Workspace allows untraceable data theft: Details here - Techlusive
Read More
No comments:
Post a Comment