https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18149#M830 <P>This year 2019 most of the attack will come via SSL/TLS channel.</P><P>example..</P><P>&nbsp;</P><P>This is one of the process of user id and password harvesting from top corporation.</P><P>&nbsp;</P><P>Each and every day this URL being changed. It is sharing simple spreadsheet macros to destination system.</P><P>&nbsp;</P><P>Most of the firewall confused to detect it as malicious...</P><P>&nbsp;</P><P><A href="http://baliaalaskaadventure.com/" target="_blank" rel="noopener">https://baliaalaskaadventure.com</A></P><P>&nbsp;</P><P><SPAN><A href="https://seoprroccket.com" target="_blank" rel="noopener">https://seoprroccket.com</A></SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 23 Jan 2019 18:21:53 GMT paul200310 2019-01-23T18:21:53Z https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18149#M830 <P>This year 2019 most of the attack will come via SSL/TLS channel.</P><P>example..</P><P>&nbsp;</P><P>This is one of the process of user id and password harvesting from top corporation.</P><P>&nbsp;</P><P>Each and every day this URL being changed. It is sharing simple spreadsheet macros to destination system.</P><P>&nbsp;</P><P>Most of the firewall confused to detect it as malicious...</P><P>&nbsp;</P><P><A href="http://baliaalaskaadventure.com/" target="_blank" rel="noopener">https://baliaalaskaadventure.com</A></P><P>&nbsp;</P><P><SPAN><A href="https://seoprroccket.com" target="_blank" rel="noopener">https://seoprroccket.com</A></SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 23 Jan 2019 18:21:53 GMT https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18149#M830 paul200310 2019-01-23T18:21:53Z https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18267#M832 <P>This is one of the biggest reasons why URL filtering is best accomplished by hiring a service to maintain the list, rather than trying to "roll your own".&nbsp;&nbsp;</P> Fri, 25 Jan 2019 02:53:09 GMT https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18267#M832 denbesten 2019-01-25T02:53:09Z https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18268#M833 <P>My experience is saying that those URLs are confused Next gen firewall and proxy as well.</P><P>&nbsp;</P><P>Latest URL filtering signature unable to detect it unless you made Manuel exception on vendor side.</P><P>&nbsp;</P><P>Thinks are ephemeral....All renounce researcher are fail to identify this new variant...</P><P>&nbsp;</P><P>Unless we have some sort&nbsp; of SSL inspection device in line.</P> Fri, 25 Jan 2019 03:08:11 GMT https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18268#M833 paul200310 2019-01-25T03:08:11Z https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18270#M834 <P>If you were to report it to your firewall/proxy vendor and ask that they mark it malicious, it would benefit many more people than just adding it to your own private list.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Also, most filtering systems allow unknowns by default.&nbsp; Changing this to default-deny is painful, but will generally catch cr*p like this.</P> Fri, 25 Jan 2019 06:08:23 GMT https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18270#M834 denbesten 2019-01-25T06:08:23Z https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18271#M835 <P>With in second hundred system were compromise..............till vendor categorized as malicious.....As quick fix deny that host ip at perimeter device ACL....&nbsp; May be your Internet Router from were your entire external site being routed...</P> Fri, 25 Jan 2019 06:36:00 GMT https://community.isc2.org/t5/Tech-Talk/Year-2019-ssl-and-tls-is-more-vulnerable/m-p/18271#M835 paul200310 2019-01-25T06:36:00Z