The excitement you feel when your SOC reports the first phishing email that found a way around ATP Safe Links...

@seb aaah! Was it at least marked retroactively as bad?

@Shib Nope. The URL was redirected through LinkedIn and ended on the phishing website, which runs on the Google PaaS platform. Two trustworthy domains that trip them.

@seb that’s dope. I wonder when we will have “newly discovered URLs” to counter like “newly discovered domains”.

@Shib Well, it is a sandboxing solution that optimized for performance by whitelisting trusted domains. Apparently scanning all domains doesn’t seem to be feasible.

Also, since URLs are weaponized after delivery in our days, the security solution needs to scan the URL multiple times.

@seb sure but just tracking from self reporting services new URLs created, in like a 15, 30 , 90 day list shared between cloud providers and see who connects/what it is. Don’t allow users to click on S3 storage URLs created in the past 10 days etc.

Sign in to participate in the conversation

InfoSec Community within the Fediverse. Instance is supposed to be fast and secure. Everyone is welcome - Jump on Board!

We have a Getting Started Guide here:

Other Cyber Communities: