Security News

Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it’s inevitable as your...

DriveFS Sleuth automates the investigation of Google Drive File Stream disk artifacts. The tool can parse the disk artifacts and build a filesystem tree-like structure enumerating the synchronized files along with their respective properties.

Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months. Setting Google Drive to "Anyone with the link can view" makes it viewable only to those with the exact URL, typically reserved for collaboration between people working with non-sensitive data.

Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. The Google Drive team linked the users' data loss problems to a synchronization issue and said it only affected "a limited subset" using the desktop Drive app versions v84.0.0.0 - 84.0.4.0.

Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023. Google Drive is a cloud-based storage service that allows people to store and access files from any internet-connected device via their Google account.

Google Workspace has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. "Google Workspace provides visibility into a company's Google Drive resources using 'Drive log events,' for actions such as copying, deleting, downloading, and viewing files. Events that involve external domains also get recorded, like sharing an object with an external user," Mitiga's Ariel Szarf and Or Aspir explained.

State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide. The Chinese hackers used Google accounts to send their targets email messages with lures that tricked them into downloading custom malware from Google Drive links.

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. What's changed in the newer iterations is the use of cloud services like Dropbox and Google Drive to conceal their actions and retrieve additional malware into target environments.

State-backed hackers part of Russia's Federation Foreign Intelligence Service have started using Google Drive legitimate cloud storage service to evade detection. "We have discovered that their two most recent campaigns leveraged Google Drive cloud storage services for the first time," Unit 42 analysts who spotted the new trend said.

The ascension of the use of search engines to deliver malware over the past 12 months provides insight into how adept some attackers have become at SEO. Malware downloads referred by search engines were predominantly malicious PDF files, including many malicious fake CAPTCHAs that redirected users to phishing, spam, scam, and malware websites. The report also found that most malware over the past 12 months was downloaded from within the same region as its victim, a growing trend that points to the increasing sophistication of cybercriminals, which more frequently stage malware to avoid geofencing filters and other traditional prevention measures.