If you’ve found yourself relying on Google’s software ecosystem more than ever these past few months, you’re not alone. Google’s Drive, Docs and G-Suite services make working from home easier when it comes to tasks like collaborating on projects.

In fact, Google took the unprecedented steps of offering its paid G-Suite services like Google Meet for free during the COVID-19 pandemic. Tap or click here to see what Google did to help at-home workers over the past few months.

With so many people relying on Google’s productivity software, hackers are seeing the perfect opportunity to wreak havoc and steal data. And now, security researchers have found a previously undiscovered bug in Google Drive that could allow hackers to swap out legitimate files with malicious ones. Here’s how it works, and what you can do about it.

According to a report in The Hacker News, an unpatched security flaw in Google Drive is posing a unique risk to users — particularly those working regularly from home.

The issue, which was discovered by system administrator A. Nikoci, is caused by Google Drive’s failure to check different versions of files stored on the cloud. This could potentially allow hackers to swap out normal files in favor of malicious ones, which Google Drive would simply read as an “updated version” of the previous files.

When the issue occurs, Google doesn’t even give you any alerts or updates other than the fact that document has been updated. For at-home workers, this could lead to dangerous scenarios where users go to open the file and are instead treated to a cyberattack.

To make matters worse, Google Drive doesn’t even care if the file type is the same as the previous version. This means that hostile executable programs could be swapped out over harmless documents.

On Aug. 22, Nikoci claimed to notify Google about the security issue. He has not yet received a response and as of the time of this article’s publication, the issue remains unpatched.

Because Google seemingly hasn’t taken action to address this problem on its end, the burden once again falls on users to keep themselves safe. The best workaround you can do is to simply be aware of sudden, unexpected changes to your Google Drive files.

If you get one that you weren’t expecting, simply reach out to teammates or coworkers before opening it. Ask them to confirm who, if anyone, may have changed the file. If no one can figure out who did it, it’s probably dangerous.

At that point, your best course of action is to perform a security checkup on your Google Account. Tap or click here to see how to do it.

But for those of us who rely on Google Drive for our own personal use, there won’t be any teammates to confirm the issue with. At that point, your best defense is a solid anti-malware suite that can protect you in real time.

Hopefully, Google responds to the issue and patches it accordingly. Since so many of us depend on its software ecosystem every day, Google Drive is a feature we can’t afford to lose.

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and are used specifically to collect user personal data are termed as non-necessary cookies.

These cookies are used by our advertising partners to provide more relevant advertisements and a better user experience.

Analytics cookies collect information on how users interact with our site. These third-party cookies are used to improve our site.

Source: https://www.komando.com/security-privacy/google-drive-malware-flaw/751102/

World news – CA – Hackers can now use Google Drive to install malware on your computer

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/


Please enter your comment!
Please enter your name here