SaaS App Vanity URLs Vulnerable to Phishing and Social Engineering

18
SaaS App Vanity URLs Vulnerable to Phishing and Social Engineering

Varonis researchers examined the vanity URLs for Zoom, Box, and Google services and discovered that they may all be abused for nefarious reasons — or might have been before solutions were applied. 

According to Varonis, a data security and analytics business, criminal actors can fake Vanity URLs supplied by SaaS apps for phishing and social engineering. Researchers discovered that SaaS programs frequently simply evaluate the URI — in this case, the “/s/1234” component — but fail to validate the vanity URL’s subdomain. An attacker can take advantage of this by altering the subdomain of a link created by their own SaaS accounts.

Read More: https://www.securityweek.com/saas-app-vanity-urls-can-be-spoofed-phishing-social-engineering

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.