Varonis researchers examined the vanity URLs for Zoom, Box, and Google services and discovered that they may all be abused for nefarious reasons — or might have been before solutions were applied.
According to Varonis, a data security and analytics business, criminal actors can fake Vanity URLs supplied by SaaS apps for phishing and social engineering. Researchers discovered that SaaS programs frequently simply evaluate the URI — in this case, the “/s/1234” component — but fail to validate the vanity URL’s subdomain. An attacker can take advantage of this by altering the subdomain of a link created by their own SaaS accounts.
Read More: https://www.securityweek.com/saas-app-vanity-urls-can-be-spoofed-phishing-social-engineering
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.