cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer III

Year 2019 ssl and tls is more vulnerable

This year 2019 most of the attack will come via SSL/TLS channel.

example..

 

This is one of the process of user id and password harvesting from top corporation.

 

Each and every day this URL being changed. It is sharing simple spreadsheet macros to destination system.

 

Most of the firewall confused to detect it as malicious...

 

https://baliaalaskaadventure.com

 

https://seoprroccket.com

 

 

 

Cyber
4 Replies
Community Champion

Re: Year 2019 ssl and tls is more vulnerable

This is one of the biggest reasons why URL filtering is best accomplished by hiring a service to maintain the list, rather than trying to "roll your own".  

Newcomer III

Re: Year 2019 ssl is and tls is more vulnerable

My experience is saying that those URLs are confused Next gen firewall and proxy as well.

 

Latest URL filtering signature unable to detect it unless you made Manuel exception on vendor side.

 

Thinks are ephemeral....All renounce researcher are fail to identify this new variant...

 

Unless we have some sort  of SSL inspection device in line.

Cyber
Community Champion

Re: Year 2019 ssl is and tls is more vulnerable

If you were to report it to your firewall/proxy vendor and ask that they mark it malicious, it would benefit many more people than just adding it to your own private list.  

 

Also, most filtering systems allow unknowns by default.  Changing this to default-deny is painful, but will generally catch cr*p like this.

Highlighted
Newcomer III

Re: Year 2019 ssl is and tls is more vulnerable

With in second hundred system were compromise..............till vendor categorized as malicious.....As quick fix deny that host ip at perimeter device ACL....  May be your Internet Router from were your entire external site being routed...

Cyber