U.S. and Australian government cybersecurity agencies are warning that common and easily exploitable security vulnerabilities in websites and web apps can be abused to carry out large-scale data breaches.
In a joint advisory published Thursday, U.S. cybersecurity agency CISA, the National Security Agency and the Australian Cyber Security Centre said that the vulnerabilities, known as insecure direct object references (IDORs), allow malicious hackers to access or modify sensitive data on an organization’s servers because of a lack of proper security checks.
An IDOR vulnerability is like having a key to your mailbox, but that key also allows you to unlock every other mailbox on your street. IDORs can be particularly problematic because, like a row of mailboxes, a bad actor can exploit …
