Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Royal Mail jeopardizes users with open redirect flaw

Royal Mail has left an open redirect vulnerability on one of its sites, exposing its customers to phishing attacks and malware infections. The centuries-old Royal Mail is the largest courier company in the UK, boasting twice the market share of Amazon. The centuries-old Royal Mail is the largest courier company in the UK, boasting twice […]

Royal Mail has left an open redirect vulnerability

Royal Mail has left an open redirect vulnerability on one of its sites, exposing its customers to phishing attacks and malware infections.

The centuries-old Royal Mail is the largest courier company in the UK, boasting twice the market share of Amazon.

The centuries-old Royal Mail is the largest courier company in the UK, boasting twice the market share of Amazon.

At the beginning of the year, the company made headlines after it refused to pay LockBit’s $80 million ransom, calling it “absurd.” The ransomware attack by a Russia-linked syndicate crippled Royal Mail, and it temporarily couldn’t dispatch items overseas.

The company might have upped its security game since the incident, however, recent Cybernews research shows that there’s room for improvement.

Our research team found that a site belonging to Royal Mail had an open redirect vulnerability.

An open redirect vulnerability is a security flaw that arises when a web application utilizes user-supplied input, such as a URL or parameter, to direct the user to a different page without appropriately verifying or cleansing the input.

Royal Mail has left an open redirect vulnerability

“The vulnerability can be exploited by attackers to trick users into visiting malicious websites or phishing pages by disguising the malicious URL as a legitimate one,” Cybernews researchers explained.

We’ve repeatedly informed the company about the flaw, and the site in question has been down for months now, indicating that Royal Mail is working to mitigate the issue or has already done so. The company has yet to respond to our requests for comments.

Significance

  • Users can be lured into fake websites designed to steal credentials and credit card numbers, among other things.
  • Open redirect vulnerabilities can be leveraged to download malicious software onto the victims’ devices.
  • Users might end up on pages filled with spam and other low-quality content.

If you want to know more about mitigation take a look at the original post at:

https://cybernews.com/security/royal-mail-open-redirect-flaw/

About the author: Jurgita Lapienytė, Chief Editor @CyberNews

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ObjCShellz)