In the “manage versions” functionality that is being offered by Google Drive, the news is rife that hackers can now trick into unpatched security weakness to distribute malicious files that seemingly appear to be legitimate documents as well as images. The unpatched security weakness allows malware attackers to carry out cyber-attacks by achieving a high rate of success.
According to a news report by The Hacker News, the latest security issue in the “manage versions” of Google Drive has been left unpatched by Google. Mind you! The report adds that a legitimate version of a file can be disguised of a malicious file that appears to be unchanged during online previewed. However, when this same file is downloaded it could be used to carry out cyber-attacks. Owing to this, one can be lured to download a file without even knowing that it contains malicious content and is a threat. Google is yet to comment on the same. However, we need to be mindful while downloading the Google Drive file as it could be making are prone to cybercrime.
The Hacker News further revealed that this flaw was reported by Google to A Nikoci, who is a professional system administrator. Under this flaw, the users can be targetted by cybercriminals as a legitimate version of the file that’s already been shared among a group of users can be replaced by a malicious file. “Google lets you change the file version without checking if it’s the same type. They did not even force the same extension,” added Nikoci.
Earlier, the tech giant has also built advanced security protections into Google products to automatically identify and stop threats before they ever reach its users. Google’s machine learning models in Gmail already detect and block more than 99.9 percent of spam, phishing, and malware. The built-in security by Google also protects the users by alerting them before they enter fraudulent websites, scanning apps in Google Play before they download, and more.
With many of the COVID-19 related scams coming in the form of phishing emails, it’s important to pause and evaluate any COVID-19 email before clicking any links or taking other action. Be wary of requests for personal information such as your home address or bank details. Fake links often imitate established websites by adding extra words or letters to them—check the URL’s validity by hovering over it (on desktop) or with a long press (on mobile).
According to Google, “Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organizations, and even official coronavirus maps.”
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App.