Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
paul200310
Newcomer III
‎01-23-2019 01:21 PM
‎01-23-2019 01:21 PM

Year 2019 ssl and tls is more vulnerable

This year 2019 most of the attack will come via SSL/TLS channel.

example..

 

This is one of the process of user id and password harvesting from top corporation.

 

Each and every day this URL being changed. It is sharing simple spreadsheet macros to destination system.

 

Most of the firewall confused to detect it as malicious...

 

https://baliaalaskaadventure.com

 

https://seoprroccket.com

 

 

 

Cyber
Reply
0 Kudos
4 Replies
denbesten
Community Champion
‎01-24-2019 09:53 PM
‎01-24-2019 09:53 PM

This is one of the biggest reasons why URL filtering is best accomplished by hiring a service to maintain the list, rather than trying to "roll your own".  

Reply
0 Kudos
paul200310
Newcomer III
‎01-24-2019 10:08 PM
‎01-24-2019 10:08 PM

My experience is saying that those URLs are confused Next gen firewall and proxy as well.

 

Latest URL filtering signature unable to detect it unless you made Manuel exception on vendor side.

 

Thinks are ephemeral....All renounce researcher are fail to identify this new variant...

 

Unless we have some sort  of SSL inspection device in line.

Cyber
Reply
0 Kudos
denbesten
Community Champion
‎01-25-2019 01:08 AM
‎01-25-2019 01:08 AM

If you were to report it to your firewall/proxy vendor and ask that they mark it malicious, it would benefit many more people than just adding it to your own private list.  

 

Also, most filtering systems allow unknowns by default.  Changing this to default-deny is painful, but will generally catch cr*p like this.

Reply
0 Kudos
paul200310
Newcomer III
‎01-25-2019 01:36 AM
‎01-25-2019 01:36 AM

With in second hundred system were compromise..............till vendor categorized as malicious.....As quick fix deny that host ip at perimeter device ACL....  May be your Internet Router from were your entire external site being routed...

Cyber
Reply
0 Kudos