Cybersecurity researchers have discovered a significant forensic security deficiency in Google Workspace that enables a hacker to exfiltrate data in Google Drive without any trace.
According to researchers from Mitiga Security, once a malicious user inside has accessed the organization’s Google Drive, they can take action without being recorded at all.
This flaw affects only users who do not have a paid enterprise license for Google Workspace.
Users who do not have a paid Google Workspace license have their private drive actions left undocumented.
Hackers can disable logging and recording by canceling their paid license and switching to the free “Cloud Identity Free” license.
This enables threat actors to exfiltrate files without leaving any trace, save for the indication that a paid license was revoked, which is visible to administrators.
“A threat actor who gains access to an admin user can revoke the user’s license, download all their private files, and reassign the license,” the researchers said.
The experts also notified Google of its findings, which is yet to respond.
Meanwhile, hackers are targeting iPhones with previously unknown malware, via iMessage to, gain complete control over the iOS device and spy on users.
Cybersecurity company Kaspersky discovered the mobile Advanced Persistent Threat (APT) campaign targeting iOS devices with previously unknown malware.
Dubbed ‘Operation Triangulation’, the ongoing campaign distributes zero-click exploits via iMessage to run malware gaining complete control over the device and user data, with the final goal to “hiddenly spy on users”.
