cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs

Hi All

 

Claims that the cloud is riddled with URL spoofing vanity domains, which apparently cloud providers do not check.   Apparently this occurs when a cloud service allows a vanity subdomain, but does not validate the subdomain or use the subdomain to provide services.

 

https://www.helpnetsecurity.com/2022/05/11/url-spoofing-zoom-box-google-docs/HI

 

A related story here:  https://www.darkreading.com/cloud/vanity-urls-could-be-spoofed-for-social-engineering-attacks

 

Regards

 

Caute_Cautim

 

 

3 Replies
Beads
Advocate I

I see a marketing problem here. The tech is good, almost obvious enough to be a head slap kind of moment.

 

Problem is in the use of the word "fingerprint". Biometrics is a tough enough sell, particularly when you look at the patchwork of state and Federal laws either on the books or in bill form. Not that this has anything to do with the digital fingerprint but the word is now clumsy and needs to be avoided as to not alarm laypeople.

 

Had to many discussions these past couple of years as to the word "fingerprint". Parent's, business executives, IT and end-users. Fingerprint is becoming the equivalent of any number of four letter words not suitable for this board.

 

Otherwise, I like the idea and execution.

 

- B/Eads

VG1
Viewer

https://www.darkreading.com/cloud/vanity-urls-could-be-spoofed-for-social-engineering-attacks

 

"Users should always be skeptical of links, especially if the linked page requests too much information or leads to other links or files. We recommend educating your coworkers about the risk associated with clicking on such links and especially submitting PII and other sensitive information via forms, even if they appear to be hosted by your company’s sanctioned SaaS accounts," Varonis stated in the advisory."

 

While vendors should implement better security practices to prevent threat actors from grabbing subdomains to spoof users, the overall security across the ecosystem to protect users from malicious links continue to be poor (emails, SMS, etc.). However, user education is key as no solution can prevent end-users from disclosing PII or protected / confidential data if they are not alert, aware, or cautious about potential cybersecurity risks related to external links and data collections.

Caute_cautim
Community Champion

@VG1   We can only continue the security awareness campaigns, and hope at the critical moment, that the users gets an intuitive feeling that they should not accept the link or download etc.

 

Regards

 

Caute_Cautim