Cybersecurity researchers have discovered a bug in Google Workspace that can reportedly allow a hacker to steal users’ data. This vulnerability will reportedly allow an attacker access an organisation's Google Drive and steal data from the same without being recorded at all. This bug is affecting only users who do not have a paid enterprise licence for Google Workspace.
Users' private drive actions are not documented when they don't have a paid Google Workspace licence. By cancelling their expensive licence and switching to the free "Cloud Identity Free" licence, hackers can stop logging and recording. With the exception of a visible to administrators' notification that a paid licence was cancelled, this enables threat actors to exfiltrate files without leaving any evidence.
"A threat actor who gains access to an admin user can revoke the user's license, download all their private files, and reassign the license," the researchers said. The experts also notified Google of its findings.
In the meantime, hackers are using previously undiscovered malware to target iPhones over iMessage in order to take full control of the iOS device and spy on users. The mobile Advanced Persistent Threat (APT) campaign, which used previously unidentified malware to target iOS devices, was found by the cybersecurity firm Kaspersky.
With the ultimate objective of "hiddenly spying on users," the ongoing campaign known as "Operation Triangulation" disseminates zero-click exploits via iMessage to run malware and take complete control of the device and user data.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
