[SANS ISC] Open redirects … and why Phishers love them, (Fri, Jun 18th)

Working from home, did you get a meeting invite recently that pointed to https://meet.google.com ?  Well, that’s indeed where Google’s online meeting tool is located. But potentially the URL you got is not “only” leading you there.

Google Meet and Google Hangouts have a so-called open-redirect vulnerability. Phishers have found it, and are currently abusing it in droves. Your users believe they are clicking on a Google link, but end up somewhere else alltogether.

Benign example:  https://meet.google.com/linkredirect?dest=https://cwe.mitre.org/data/definitions/601.html

Obviously, the Phishers wont’t send your users to the Mitre vulnerability database, but rather make use of obfuscated destination URLs which commonly then lead to a phishing site that mimics a Google or Microsoft login page.

Google Hangouts https://hangouts.google.com has the same problem, and is also being abused.

Battling the never ending Phishing wave is difficult enough without major companies providing help to the crooks in the form of Open Redirects. If you have open redirects in your online web presence, and they are turning up in vulnerability reports for your site, please take them seriously, and fix them.

 

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[ZDNet] New York Power Authority to beef up cybersecurity with new IronNet, AWS deal

All posts, ZDNet

New York Power Authority is the nation’s largest state public power organization. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Experts say log4shell exploits will persist for ‘months if not years’

All posts, ZDNet

As attacks exploiting the Log4j flaw evolve, experts worry about how long it will take organizations will respond. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Ransomware locks down prison, knocks systems offline

All posts, ZDNet

Inmates were confined to their cells as a result of the cyberattack. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.