Last week, security researcher Alex Lanstein found a phishing email abusing an open redirect from the Cisco WebEx website being used to deliver malware. An open redirect is a technique used to disguise the real destination of a link, abusing a situation in which a website will take any URL as one of the parameters it accepts and forwards the browser to that specified URL. For example, https://www.google.com/url?q=https://www.example.com will redirect to example.com (although Google has also implemented a warning page to make it clear the visitor will no longer be on Google’s site). Fixing open redirects can be very simple and implemented in a variety of ways, including the warning page used in the Google example. In the particular example that Alex gave, hovering over the “Join meeting” button shows what would appear to be the real secure-web.cisco.com domain but, looking more closely reveals the malicious address at the end.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that