Google Workspace Vulnerability Could Enable Unidentified Data Theft From Drive Files
A major flaw in the forensic security of Google Workspace has been uncovered by cybersecurity experts, which allows a hacker to extract data from Google Drive undetected.
According to researchers at Mitiga Security, once a malicious insider accesses an organization’s Google Drive, they can take action without logging in.
This error only affects users who do not have a paid Google Workspace business license.
Users who do not have a paid Google Workspace license leave their driving activity undocumented.
Hackers can disable registration and registration by canceling the paid license and switching to the free “Cloud Identity Free” license.
This allows threat actors to steal files without leaving a trace, except to notify system administrators of the revocation of a paid license.
“A threat actor who gains access to the system administrator can revoke the user’s authorization, download all of their private files, and reset the license,” the researchers said.
The experts also reported their findings to Google, and they have yet to respond.
Meanwhile, hackers are targeting iPhones with previously unknown malware via iMessage to take full control of the iOS device and spy on users.
Cybersecurity firm Kaspersky has detected a mobile Advanced Persistent Threats (APT) campaign targeting iOS devices with previously unknown malware.
An ongoing campaign called “Operation Triangulation” distributes zero-click exploits on iMessage to execute malware that gains complete control over device and user data. The ultimate goal is “invisible spying on users.”