June 11, 2019
Spammers are using unsolicited Google Calendar invitations to lure users to sites crafted to steal their credentials. Kaspersky researchers recommend disabling the “automatically add invitations” option in the Google Calendar Event Setting menu. Spammers are also sending unsolicited notifications through Gmail. John Strand spoke about this issue at the SANS Pen Test HackFest Summit in November 2018. (For the link, see Ed Skoudis’s comment below.)
Editor’s Note
[Skoudis]
There are a lot of very interesting attack vectors for various cloud-based services and information security pros need to understand them so we can defend our organizations’ critical data. John Strand’s talk at the SANS Pen Test Hackfest explained not only the Google Calendar issue, but also several other attacks associated with various cloud providers and their services. I consider it a must-watch.
www.youtube.com: The Clouds Are Out to Get Me! – SANS Pen Test HackFest Summit 2018