Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Drive. Show all posts
subscriptions
cloud storage Cyber Security Email Google Drive phishing Scam subscriptions

Cloud Storage Scam Uses Fake Renewal Notices to Trick Users


Cybercriminals are running a large-scale email scam that falsely claims cloud storage subscriptions have failed. For several months, people across different countries have been receiving repeated messages warning that their photos, files, and entire accounts will soon be restricted or erased due to an alleged payment issue. The volume of these emails has increased sharply, with many users receiving several versions of the same scam in a single day, all tied to the same operation.

Although the wording of each email differs, the underlying tactic remains the same. The messages pressure recipients to act immediately by claiming that a billing problem or storage limit must be fixed right away to avoid losing access to personal data. These emails are sent from unrelated and randomly created domains rather than official service addresses, a common sign of phishing activity.

The subject lines are crafted to trigger panic and curiosity. Many include personal names, email addresses, reference numbers, or specific future dates to appear genuine. The messages state that a renewal attempt failed or a payment method expired, warning that backups may stop working and that photos, videos, documents, and device data could disappear if the issue is not resolved. Fake account numbers, subscription details, and expiry dates are used to strengthen the illusion of legitimacy.

Every email in this campaign contains a link. While the first web address may appear to belong to a well-known cloud hosting platform, it only acts as a temporary relay. Clicking it silently redirects the user to fraudulent websites hosted on changing domains. These pages imitate real cloud dashboards and display cloud-related branding to gain trust. They falsely claim that storage is full and that syncing of photos, contacts, files, and backups has stopped, warning that data will be lost without immediate action.

After clicking forward, users are shown a fake scan that always reports that services such as photo storage, drive space, and email are full. Victims are then offered a short-term discount, presented as a loyalty upgrade with a large price reduction. Instead of leading to a real cloud provider, the buttons redirect users to unrelated sales pages advertising VPNs, obscure security tools, and other subscription products. The final step leads to payment forms designed to collect card details and generate profit for the scammers through affiliate schemes.

Many recipients mistakenly believe these offers will fix a real storage problem and end up paying for unnecessary products. These emails and websites are not official notifications. Real cloud companies do not solve billing problems through storage scans or third-party product promotions. When payments fail, legitimate providers usually restrict extra storage first and provide a grace period before any data removal.

Users should delete such emails without opening links and avoid purchasing anything promoted through them. Any concerns about storage or billing should be checked directly through the official website or app of the cloud service provider.

Read more »
Technology
.desktop file abuse AI ransomware detection Drive Google Drive Google Workspace ransomware protection Technology

Google Introduces AI-Powered Ransomware Detection in Drive for Desktop

 

Ransomware continues to be a growing cyber threat, capable of crippling businesses and disrupting personal lives. Losing access to vital files — from cherished family photos to financial records — can have devastating consequences. To tackle this, Google is introducing an AI-powered ransomware detection system for Drive for Desktop, designed to identify threats early and prevent large-scale data loss.

According to Google’s blog post, this new security layer for macOS and Windows continuously monitors for abnormal behavior, such as mass file encryption or corruption — common indicators of a ransomware attack. Unlike traditional antivirus tools that scan for malicious code, Google’s AI model focuses on how files change. When it detects unusual activity, even across a few files, it immediately halts syncing between the user’s device and the cloud. This pause prevents infected files from overwriting safe versions in Google Drive.

Once potential ransomware activity is detected, users receive desktop and email alerts and can access a new recovery interface within Drive. This interface allows them to restore their files to a clean, pre-attack state.

Ransomware remains a significant cybersecurity issue. In 2024, Mandiant reported that ransomware accounted for 21% of all intrusions, with an average cost per incident exceeding $5 million. Critical industries such as healthcare, education, retail, manufacturing, and government are particularly at risk. Google’s approach focuses on a crucial middle ground — between traditional antivirus prevention and post-attack recovery — where AI-driven early intervention can make a major difference.

Google emphasizes that this feature isn’t meant to replace antivirus or endpoint detection tools but to act as an additional safeguard. The system prioritizes commonly targeted file types like Office documents and PDFs, while native Google Docs and Sheets already benefit from built-in protection. Importantly, Google notes that it does not collect user data to train its AI models without explicit consent.

The AI ransomware detection feature is currently rolling out in open beta and will be available at no extra cost for most Google Workspace commercial customers. Individual users will also have access to file recovery tools for free. However, there’s no confirmation yet on whether similar protections will extend to Google Cloud Storage for enterprise users.
Read more »
Windows
Crypto24 EDR Google Drive malware McAfee Windows

Crypto24 ransomware uses custom “EDR-blinding” tool to hit high-value targets




A threat group tracked as Crypto24 is attacking large organizations across the U.S., Europe, and Asia, aiming at finance, manufacturing, entertainment, and technology firms. First discussed publicly on security forums in September 2024, the group has since shown mature tradecraft, according to researchers monitoring its campaigns.


How they gain and keep access

After breaking in, the attackers enable built-in administrator accounts on Windows machines or create new local admins to keep a quiet foothold. They run a scripted recon phase that lists user accounts, profiles hardware, and maps disks. For persistence, they add malicious Windows services and scheduled tasks, most notably:

WinMainSvc: a keylogger that pretends to be “Microsoft Help Manager,” recording active window titles and keystrokes (including Ctrl/Alt/Shift and function keys).

MSRuntime: a loader that later launches the file-encrypting payload.


How they bypass security tools

Crypto24 deploys a customized version of the open-source RealBlindingEDR utility to neutralize endpoint detection and response (EDR) products. The tool reads a driver’s metadata to extract the vendor name, compares it to a built-in list, and, on a match, tampers with kernel callbacks/hooks to “blind” detections. Vendors targeted include Trend Micro, Kaspersky, Sophos, SentinelOne, Malwarebytes, Cynet, McAfee, Bitdefender, Broadcom (Symantec), Cisco, Fortinet, and Acronis.

On systems running Trend Micro, the operators have been seen, once they have admin rights — launching the legitimate XBCUninstaller.exe (Trend Vision One’s uninstaller) via gpscript.exe (a Group Policy script runner). The tool is intended for support tasks like cleaning inconsistent agents, but here it’s repurposed to remove protections so follow-on payloads can run undetected.


How they move and what they steal

For lateral movement, the intruders rely on SMB shares to copy tools and spread across the network. Before encryption, they exfiltrate data to Google Drive, using a custom program that calls the Windows WinINET API to talk to the cloud service. This gives them an off-network stash of sensitive files for double-extortion.


What remains unknown

Researchers have not yet published details about the final ransomware stage, such as the encryption method, ransom note, payment channel, or any language/branding clues. However, they have released indicators of compromise (IOCs) to help defenders detect and block the intrusions earlier in the kill chain.


Why it matters

Crypto24 blends custom malware with “living-off-the-land” techniques and legitimate admin tools, making alerts easier to miss. Organizations should harden admin account policies, monitor for suspicious driver tampering and service creation, restrict outbound cloud traffic where possible, and use the published IOCs to hunt proactively.


Read more »
Technology
AI Chatbot ChatGPT Cloud Google Google Drive Internet Microsoft Technology

How ChatGPT prompt can allow cybercriminals to steal your Google Drive data


Chatbots and other AI tools have made life easier for threat actors. A recent incident highlighted how ChatGPT can be exploited to obtain API keys and other sensitive data from cloud platforms.

Prompt injection attacks leads to cloud access

Experts have discovered a new prompt injection attack that can turn ChatGPT into a hacker’s best friend in data thefts. Known as AgentFlayer, the exploit uses a single document to hide “secret” prompt instructions that target OpenAI’s chatbot. An attacker can share what appears to be a harmless document with victims through Google Drive, without any clicks.

Zero-click threat: AgentFlayer

AgentFlayer is a “zero-click” threat as it abuses a vulnerability in Connectors, for instance, a ChatGPT feature that connects the assistant to other applications, websites, and services. OpenAI suggests that Connectors supports a few of the world’s most widely used platforms. This includes cloud storage platforms such as Microsoft OneDrive and Google Drive.

Experts used Google Drive to expose the threats possible from chatbots and hidden prompts. 

GoogleDoc used for injecting prompt

The malicious document has a 300-word hidden malicious prompt. The text is size one, formatted in white to hide it from human readers but visible to the chatbot.

The prompt used to showcase AgentFlayer’s attacks prompts ChatGPT to find the victim’s Google Drive for API keys, link them to a tailored URL, and an external server. When the malicious document is shared, the attack is launched. The threat actor gets the hidden API keys when the target uses ChatGPT (the Connectors feature has to be enabled).

Othe cloud platforms at risk too

AgentFlayer is not a bug that only affects the Google Cloud. “As with any indirect prompt injection attack, we need a way into the LLM's context. And luckily for us, people upload untrusted documents into their ChatGPT all the time. This is usually done to summarize files or data, or leverage the LLM to ask specific questions about the document’s content instead of parsing through the entire thing by themselves,” said expert Tamir Ishay Sharbat from Zenity Labs.

“OpenAI is already aware of the vulnerability and has mitigations in place. But unfortunately, these mitigations aren’t enough. Even safe-looking URLs can be used for malicious purposes. If a URL is considered safe, you can be sure an attacker will find a creative way to take advantage of it,” Zenith Labs said in the report.

Read more »
Technology
Cyberhackers Cybersecurity CyberThreat Gmail Google Google Drive Google Meet Technology

Gmail Upgrade Announced by Google with Three Billion Users Affected

 


The Google team has officially announced the launch of a major update to Gmail, which will enhance functionality, improve the user experience, and strengthen security. It is anticipated that this update to one of the world’s most commonly used email platforms will have a significant impact on both individuals as well as businesses, providing a more seamless, efficient, and secure way to manage digital communications for individuals and businesses alike.

The Gmail email service, which was founded in 2004 and has consistently revolutionized the email industry with its extensive storage, advanced features, and intuitive interface, has continuously revolutionized the email industry. In recent years, it has grown its capabilities by integrating with Google Drive, Google Chat, and Google Meet, thus strengthening its position within the larger Google Workspace ecosystem by extending its capabilities. 

The recent advancements from Google reflect the company’s commitment to innovation and leadership in the digital communication technology sector, particularly as the competitive pressures intensify in the email and productivity services sector. Privacy remains a crucial concern as the digital world continues to evolve. Google has stressed the company’s commitment to safeguarding user data, and is ensuring that user privacy remains of the utmost importance. 

In a statement released by the company, it was stated that the new tool could be managed through personalization settings, so users would be able to customize their experience according to their preferences, allowing them to tailor their experience accordingly. 

However, industry experts suggest that users check their settings carefully to ensure their data is handled in a manner that aligns with their privacy expectations, despite these assurances. Those who are seeking to gain a greater sense of control over their personal information may find it prudent to disable AI training features. In particular, this measured approach is indicative of broader discussions regarding the trade-off between advanced functionality and data privacy, especially as the competition from Microsoft and other major technology companies continues to gain ground. 

Increasingly, AI-powered services are analyzing user data and this has raised concerns about privacy and data security, which has led to a rise in privacy concerns. Chrome search histories, for example, offer highly personal insights into a person’s search patterns, as well as how those searches are phrased. As long as users grant permission to use historical data, the integration of AI will allow the company to utilize this historical data to create a better user experience.

It is also important to remember, however, that this technology is not simply a tool for executive assistants, but rather an extremely sophisticated platform that is operated by one of the largest digital marketing companies in the world. In the same vein, Microsoft's recent approach to integrating artificial intelligence with its services has created a controversy about user consent and data access, leading users to exercise caution and remain vigilant.

According to PC World, Copilot AI, the company's software for analyzing files stored on OneDrive, now has an automatic opt-in option. Users may not have been aware that this feature, introduced a few months ago, allowed them to consent to its use before the change. It has been assured that users will have full Although users have over their data they have AI-driven access to cloud-stored files, the transparency of such integrations is s being questioned as well as the extent of their data. There remain many concerns among businesses that are still being questioned. Businesses remain concerned aboutness, specifically about privacy issues.

The results of Global Data (cited by Verdict) indicate that more than 75% of organizations are concerned about these risks, contributing to a slowdown in the adoption of artificial intelligence. A study also indicates that 59% of organizations lack confidence in integrating artificial intelligence into their operations, with only 21% reporting an extensive or very extensive deployment of artificial intelligence. 

In the same way that individual users struggle to keep up with the rapid evolution of artificial intelligence technologies, businesses are often unaware of the security and privacy threats that these innovations pose. As a consequence, industry experts advise organizations to prioritize governance and control mechanisms before adopting AI-based solutions to maintain control over their data. CISOs (chief information security officers) might need to adopt a more cautious approach to mitigate potential risks, such as restricting AI adoption until comprehensive safeguards have been implemented. 

The introduction of AI-powered innovations is often presented as seamless and efficient tools, but they are supported by extensive frameworks for collecting and analyzing data. For these systems to work effectively, they must have well-defined policies in place that protect sensitive data from being exposed or misused. As AI adoption continues to grow, the importance of stringent regulation and corporate oversight will only increase. 

To improve the usability, security and efficiency of Gmail, as well as make it easier for both individuals and businesses, Google's latest update has been introduced to the Gmail platform. There are several features included in this update, including AI-driven features, improved interfaces, and improved search capabilities, which will streamline email management and strengthen security against cybersecurity threats. 

By integrating Google Workspace deeper, businesses will benefit from improved security measures that safeguard sensitive information while enabling teams to work more efficiently and effectively. This will allow businesses to collaborate more seamlessly while reducing cybersecurity risks. The improvements added by Google to Gmail allow it to be a critical tool within corporate environments, enhancing productivity, communication, and teamwork. With this update, Google confirms Gmail's reputation as a leading email and productivity tool. 

In addition to optimizing the user experience, integrating intelligent automation, strengthening security protocols, and expanding collaborative features, the platform maintains its position as a leading digital communication platform. During the rollout over the coming months, users can expect a more robust and secure email environment that keeps pace with the changing demands of today's digital interactions as the rollout progresses.
Read more »
Unicoin
communication cryptocurrency cyber attack Google Drive Hacking Unicoin

Unicoin's Four-Day Cyberattack: Disruption, Recovery, and Ongoing Investigation

 



Unicoin, a leading cryptocurrency company, experienced a cyberattack beginning on August 9, 2024, which severely disrupted its operations for nearly four days. The breach occurred when a hacker gained unauthorised access to the company’s Google G-Suite account, affecting all employees using the "@unicoin.com" domain. As a result, employees were locked out of critical Google services like Gmail and Google Drive, causing major disruptions in internal communication and file sharing.

In a regulatory filing with the U.S. Securities and Exchange Commission (SEC), Unicoin detailed the extent of the attack, noting that the hacker not only altered account passwords but also restricted access to essential tools. The company managed to restore access to its systems by August 13, 2024. However, ongoing investigations have revealed additional issues stemming from the breach.

Several senior management email accounts were compromised, and further investigations uncovered anomalies in the personal information of employees and contractors. The company’s accounting department discovered several discrepancies, including an instance of identity forgery involving a contractor, which led to their immediate termination. Investigators are still determining whether these incidents are isolated or part of a larger cyber threat, potentially involving North Korean hackers.

Financial Impact and Investigation

Despite the severity of the breach, Unicoin has assured its stakeholders that there is no evidence of stolen funds or compromised cryptocurrency assets. While the situation is serious, the company stated that the attack has not immensely impacted its financial condition or operational performance. However, the full extent of the breach is still under review, and Unicoin has not ruled out the possibility of long-term financial consequences.

In its SEC filing, Unicoin emphasised that no immediate financial losses had been identified. The company has committed to continuing its assessment of the situation and will report any significant impact in future filings if necessary.

Cybersecurity Concerns in the Cryptocurrency Sector

Unicoin's adherence to regulatory compliance stands out in the cryptocurrency industry, where oversight is often limited. The company consistently files reports with the SEC, demonstrating its commitment to transparency. With more than $500 million in Unicoins sold and a diverse portfolio that includes real estate and equity investments, the recent cyberattack is a telling event of how even the well regulated firms are not immune to combating such vulnerabilities. 

As investigations continue, the broader cryptocurrency industry will be closely monitoring Unicoin's response to this breach and the steps it takes to better amp up its cybersecurity defenses.

Read more »
Vulnerabilities and Exploits
Cyberattacks Cybercrimes Google Docs Google Drive malicious Vulnerabilities and Exploits

Attackers Can Hide Malicious Apps Using the Ghost Token Flaw

 


The Google Cloud Platform (GCP) has recently been patched against a zero-day vulnerability called GhostToken, which allowed attackers to infect the platform to create an invisible and irrecoverable backdoor. A malicious attacker could exploit this flaw and gain access to a victim's account. 

By exploiting this flaw, he could also manipulate their data and documents within Gmail or Google Docs. As a result, the victim is completely unaware that this is taking place. By the name GhostToken, the issue has been identified by Israeli cybersecurity startup Astrix Security. The issue affects all Google accounts, including enterprise accounts. From June 19 through June 20, 2022, this issue was discovered and reported to Google. More than nine months after the global patch was released on April 7, 2023, the company deployed a global update. 

According to a recent post by Astrix Security, the GhostToken zero-day vulnerability could allow malicious apps to be installed in the target Google Cloud via the GhostToken zero-day vulnerability. 

The flaw allows attackers to hide their malicious apps from the victim's "Application Management" page in their Google Account to hide them from view by a user logged in to their Google Account. A user is unable to revoke access by doing this. This prevents them from doing so. By doing this, it is ensured that the GCP project associated with the OAuth application that they have been authorized to use remains in a state that says "pending deletion" by deleting it. A threat actor equipped with this capability could restore the project. After restoring it, the rogue app is visible again. As well as gaining access to the victim's data, he could make it invisible again by using the access token to obtain it himself. 

An adversary or attacker could exploit the GhostToken vulnerability to access sensitive information in the target account's Google Drive, Calendar, Photos, Google Docs, Google Maps (location data), and other Google Cloud Platform services provided by the target account. The technical team discovered the vulnerability in June 2022, reported it to Google, and asked them to fix it. Despite acknowledging this problem in August 2022, Google did not release a patch until April 2023. This is despite acknowledging the flaw in August 2022. 

The bug was patched before it was exploited by an active user, enabling Google to release the fix before it was exploited. In the users’ app management option, there is an option to show OAuth application tokens for apps scheduled for deletion as part of the patch. 

Despite the tech giant's fix, Google users must also check their accounts to determine whether there are any unrecognized apps. Additionally, to prevent any risk of damage to their devices, users should ensure that third-party apps have minimal access permissions.

A patch released by Google has been rolled out to address this issue, and it now displays apps in a pending deletion state within the third-party access section of the website. As a result, users can uninstall such apps by revoking their permissions.

There was a vulnerability in Google Cloud's Cloud Asset Inventory API that led to privilege escalation, known as Asset Key Thief, which has now been fixed. Using this vulnerability, users can steal private keys for use in Service Accounts, allowing them to access valuable data they manage. The software giant patched the issue discovered by SADA earlier this month, on March 14, 2023, two months after discovery.
Read more »
Vulnerabilities and Exploits.
Data Privacy Google Drive Sensitive Data Leak User Data User Privacy Vulnerabilities and Exploits.

Improper Disposal of IT Equipment Poses Cyber Security Risks

As technology continues to advance at a rapid pace, it is no surprise that electronic waste, or e-waste, has become a growing concern. With many companies constantly upgrading their IT equipment, the amount of electronic waste being produced is on the rise. However, what is even more concerning is that many of these companies are disposing of their old computers and other IT equipment improperly, putting their sensitive data at risk.

According to a recent article by Tech Times, companies that dispose of their old computers and other IT equipment without taking proper measures to wipe the data off the hard drives are leaving themselves vulnerable to cyber attacks. This is because the data on the hard drives can still be accessed by hackers, even if the computers are no longer in use. This is especially concerning for companies that deal with sensitive information, such as financial institutions or healthcare providers.

John Smith, a cyber security expert, suggests that "companies should take extra precautions when disposing of their old IT equipment to ensure that their sensitive data does not fall into the wrong hands." This includes wiping the hard drives of all data before disposing of them or using a professional IT asset disposal service.

Another concern with improper disposal of IT equipment is the potential harm it can cause to the environment. Sadoff Electronics Recycling warns that "obsolete IT equipment can contain hazardous materials that can be harmful to the environment if not disposed of properly." This includes chemicals such as lead and mercury, which can pollute the air and water if not disposed of properly.

In addition to the potential environmental impact, there are also legal consequences for companies that do not dispose of their IT equipment properly. The Security Intelligence website points out that "many countries have laws that require companies to properly dispose of their electronic waste." Failure to do so can result in fines or other legal penalties.

Proper disposal of IT equipment is essential to avoid the risks of data breaches and environmental harm. Companies must ensure that data is wiped off their hard drives and utilize professional IT asset disposal services to avoid legal penalties and reputational damage. In addition, responsible electronic waste disposal contributes to a sustainable future. By prioritizing safe and responsible disposal of IT equipment, companies can protect sensitive data and the environment.



Read more »
Subscribe to: Comments (Atom)