Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs

11-May-22

Researchers uncovered various URL spoofing issues in Box, Zoom, and Google Docs, which could allow phishers to construct malicious content URLs that appear to be hosted by an organization’s SaaS account.

The flaws stem from the lack of validation of so-called vanity URLs, which allow attackers with their own SaaS accounts to change the URL of pages holding malicious files, forms, and landing pages in order to increase their ability to deceive visitors. Read More…