![]() ![]() “Applications like Google Drive and Workspace are Tier0 apps – many organizations lack the necessary controls to prevent unauthorized access to critical data.” “Mitiga’s discovery of ‘forensic security deficiency’ in Google Workspace reinforces, yet again, the ongoing issue of data security in software-as-a-service applications,” Corey O’Connor, director of products at software-as-a-service security company DoControl Inc., told SiliconANGLE. Undertaking responsible disclosure, the Mitiga researchers reached out to Google before going public with their findings but have yet to receive a response. The researchers recommend regular monitoring of Admin Log Events in Google Workspace, especially focusing on license assignment and revocation actions, as sudden changes could indicate a potential threat. If these actions occur in quick succession, it may suggest a threat actor is manipulating licenses. If it’s revoked before the account is disabled, the account can potentially download sensitive files from a private drive unnoticed. The second involves targeting employees during the process of revoking a paid license. The first is that if a user’s account is compromised, a threat actor can manipulate the user’s license to access and download private files while leaving behind only logs of license revocation and reassignment. The security vulnerability can be exploited in two ways. The lack of visibility makes it possible for threat actors to manipulate or steal data without detection. ![]() The researchers explain that by default, all Google Drive users start with a “Cloud Identity Free” license and unless an administrator assigns a paid license, no logs are recorded for actions taken within a user’s private drive. The security issue relates explicitly to actions carried out by users who don’t have a paid enterprise license for Google Workspace. A previously unknown security issue in Google LLC’s Workspace could allow an attacker to exfiltrate data from Google Drive without being traced.ĭetailed Tuesday by researchers at Mitiga Security Inc., the vulnerability is the result of a forensic deficiency that allows a user to exfiltrate data without generating any record of the activity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |