Quishing Campaign Exploits Microsoft Open



            Redirect Vulnerability


            Diving  into  a  new  sophisticated  campaign,  exploiting  Microsoft's  Open  Redirect  vulnerability
            through quishing

            By Elad Damari, Incident Response Group Manager, Perception Point


            QR  codes  can  be  found  almost  everywhere,  helping  people  access  useful  information  and  other
            webpages as fast as they can open their smartphone cameras.

            Many of us don’t think twice before scanning them. But to cybercriminals, their pervasiveness presents
            a new opportunity; the chance to deploy a sophisticated phishing strain designed to make us let our guard
            down while malware is uploaded or sensitive information stolen. After all, no one can verify a QR code is
            safe just by looking at it.

            Dubbed as quishing, this subclass of email-bound phishing has taken off in the past year. In the span of
            just one month – from August to September – the number of quishing attacks skyrocketed by 427%.




            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          107
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.