• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers warn of spear phishing exploit in google docs

Researchers warn of spear-phishing exploit in Google Docs

You are here: Home / General Cyber Security News / Researchers warn of spear-phishing exploit in Google Docs
January 7, 2022

Menace actors have observed an exploit in a Google Docs comment attribute that utilizes Google’s personal automatic email notification operate to send destructive hyperlinks.

Email security experts Avanan explained it experienced notified Google of the flaw on 3 January just after noticing a spike in usage about December 2021.

The attack consists of hackers using their possess Google accounts to generate a Google Doc, to which they merely invite a target using the comments part with the ‘@’ perform. This routinely sends a notification email to the supposed target’s inbox, informing them that a different consumer has commented on a document and pointed out them. The email is from Google, and so it is tough to tell irrespective of whether the message is malicious.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


However, the remark on the email can be loaded with a destructive backlink for phishing sites or malware, and there seems to be no filtering mechanisms in position, in accordance to Avanan. What is actually extra, the hackers email deal with is not proven in the notification the receiver will only see a identify, producing it quite straightforward to impersonate a victim’s colleagues or friends.

The exploit is quite simple to execute and has been obtainable considering the fact that the Autumn of 2020. Google has attempted to mitigate the problem but are yet to entirely near it off, partly due to the point it needs its personal email company to get the job done.

An example of the spear phishing exploit on Google Docs

Attackers also usually are not essential to share the doc with their targets, as simply just messaging them is plenty of to induce the email alert. Avanan implies that the very same methods function on Google Slides and other collaboration resources in the Google’s Workspace suite.

Outlook consumers surface to be the favoured targets, according to Avanan, but it is thought the exploit has made use of around 100 Google accounts and has by now attacked 500 inboxes across 30 different organisations.

To safeguard on your own, and your organisation, Avanan suggests steering clear of clicking on inbound links in e-mail, deploying stricter file-sharing rules throughout Google Workspace, and using an Internet security services from a trustworthy vendor, specifically one that capabilities phishing URL protection.


Some areas of this short article are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Thousands of Schools Impacted After IT Provider Hit by Ransomware
Next Post: Researchers Warn of New Log4Shell-Like Java Vulnerability Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.