Google Docs | Breaking Cybersecurity News | The Hacker News

The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. "An important feature that sets it apart is that, unlike previous campaigns, which relied on .NET applications, this one used Delphi as the programming language," Kaspersky  said  in a report published last week. Ducktail , alongside  Duckport  and  NodeStealer , is part of a  cybercrime ecosystem  operating out of Vietnam, with the attackers primarily using sponsored ads on Facebook to propagate malicious ads and deploy malware capable of plundering victims' login cookies and ultimately taking control of their accounts. Such attacks primarily single out users who may have access to a Facebook Business account. The fraudsters then use the unauthorized access to place advertisements for financial gain, perpetuatin...

Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor (version 1.8.13) that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and CVE-2021-34817 — were discovered and reported on June 4 by researchers from SonarSource, following which patches have been shipped for the latter in  version 1.8.14  of Etherpad released on July 4. Etherpad is a real-time collaborative interface that enables a document to be edited simultaneously by multiple authors. It is an open-source alternative to Google Docs that can be self-hosted or used through one of the many third-party public instances available. "The XSS vulnerability allows attackers to take over Etherpad users, including admins. This can be used to steal or manipulate sensitive data," SonarSource vulnerability researcher Paul Gerste  said  in a report shar...

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different security tools, hoping that multiple layers of protection will keep them safe.  But in reality, this patchwork approach often creates blind spots, making it harder—not easier—to defend against threats. To truly secure Google Workspace, businesses need a unified security strategy that offers complete protection without unnecessary complexity. The problem with most security solutions is that they only solve part of the puzzle. Point solutions, like tools that block malware or phishing attacks, might work well for a specific type of threat but fail to recognize suspicious user behavior, unauthori...

Did someone just share a random Google Doc with you? First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it's from someone you know. I, my colleagues at The Hacker News, and even people all around the Internet, especially journalists, are receiving a very convincing OAuth phishing email, which says that the person [sender] " has shared a document on Google Docs with you. " Once you clicked the link, you will be redirected to a page which says, " Google Docs would like to read, send and delete emails, as well access to your contacts, " asking your permission to "allow" access. If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password. Beware! New GoogleDocs Phishing Email Scam Spreading Across the World — Here's Everything You Need to K...

You all are quite aware of phishing attacks , and for those who are not, Phishing scams are typically fraudulent email messages, masquerading as a well known and trustworthy entity in an attempt to gather personal and financial information from victims. However, phishing attacks have become more sophisticated recently. The Pro-hacker group, Syrian Electronic Army (SEA) is also popular for its advance phishing attack and had purposely targeted twitter account and websites of various popular brands like Forbes, Microsoft, Obama, Facebook, CNN, eBay and PayPal in the past using phishing techniques. Security researchers have seen an increase in the number of phishing attacks every day, but recently a tricky scam came across by the researchers at the Symantec , which is targeting Google Docs and Google Drive users. Under this phishing scam, an email with a subject of " Documents ", tricks recipient to view an ' important document ' stored on the Google Docs by cli...