Security News > 2023 > November > Royal Mail cybersecurity still a bit of a mess, infosec bods claim

Royal Mail cybersecurity still a bit of a mess, infosec bods claim
2023-11-13 06:31

Infosec in brief After spending almost a year cleaning up after various security snafus, the UK's Royal Mail had an open redirect flaw on one of its sites, according to infosec types.

Open redirects essentially allow attackers to use a legitimate website or a web application - in this case, a Royal Mail website - to redirect users to a malicious website by manipulating the URL. It occurs when the application doesn't validate user input, so miscreants can manipulate it as they please.

A vulnerability in the protocol allows unauthenticated remote attackers to register arbitrary services, which can be used to spoof UDP traffic and conduct a denial-of-service attack.

A ransomware attack on a radiology group in New York state that affected 92,000 residents has resulted in a $450,000 fine because the company failed to upgrade its systems to prevent known attacks.

The AG's office said that attackers made off with names, birthdates, social security numbers, drivers license information, diagnoses and other personal information.

"In the face of increasing cyber attacks and more sophisticated scams to steal private data, I urge all companies to make necessary upgrades and security fixes to their computer hardware and systems," James warned.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/13/royal_mail_cybersecurity_still_a/