Avanan's research into an exploit flaw in the Google Docs' comments feature was highlighted in Threatpost. The exploit allows hackers to easily send malicious links via the comment feature. As Threatpost writes:
So far, attackers have hit more than 500 inboxes across 30 tenants from more than 100 different Gmail accounts by exploiting the feature of Google’s cloud-based word processing app, according to the report.
Attackers target users of Google Docs by adding a comment to a document that mentions the targeted user with an “@,” which automatically sends an email to that person’s inbox. That email, which comes from Google, includes text as well as the malicious links.
Read the rest of the article at Threatpost.
