Royal Mail Jeopardizes Users With Open Redirect Flaw
The centuries-old Royal Mail is the largest courier company in the UK, boasting twice the market share of Amazon. At the beginning of the year, the company made headlines after it refused to pay LockBit’s $80 million ransom, calling it “absurd.” The ransomware attack by a Russia-linked syndicate crippled Royal Mail, and it temporarily couldn’t dispatch items overseas. The company might have upped its security game since the incident, however, recent Cybernews research shows that there’s room for improvement. Cybernews researchers found that a site belonging to Royal Mail had an open redirect vulnerability. An open redirect vulnerability is a security flaw that arises when a web application utilizes user-supplied input, such as a URL or parameter, to direct the user to a different page without appropriately verifying or cleansing the input.