Google Workspace bug allows untraceable data theft from Drive files

Cybersecurity researchers have found a big forensic safety deficiency in Google Workspace that permits a hacker to exfiltrate data in Google Drive with none hint.

According to researchers from Mitiga Security, as soon as a malicious consumer inside has accessed the organisation’s Google Drive, they’ll take motion with out being recorded in any respect.

This flaw impacts solely customers who do not need a paid enterprise licence for Google Workspace.

Users who do not need a paid Google Workspace licence have their non-public drive actions left undocumented.

Hackers can disable logging and recording by cancelling their paid licence and switching to the free “Cloud Identity Free” licence.

This permits risk actors to exfiltrate files with out leaving any hint, save for the indication {that a} paid licence was revoked, which is seen to directors.

“A risk actor who features entry to an admin consumer can revoke the consumer’s license, obtain all their non-public files, and reassign the license,” the researchers mentioned.

The specialists additionally notified Google of its findings, who’s but to reply.

Meanwhile, hackers are focusing on iPhones with beforehand unknown malware, by way of iMessage to, achieve full management over the iOS machine and spy on customers.

Cybersecurityfirm Kaspersky found the cell Advanced Persistent Threat (APT) marketing campaign focusing on iOS units with beforehand unknown malware.

Dubbed as ‘Operation Triangulation’, the continuing marketing campaign distributes zero-click exploits by way of iMessage to run malware gaining full management over the machine and consumer data, with the ultimate objective to “hiddenly spy on customers”.

(With inputs from IANS)