@seb aaah! Was it at least marked retroactively as bad?
@Shib Nope. The URL was redirected through LinkedIn and ended on the phishing website, which runs on the Google PaaS platform. Two trustworthy domains that trip them.
@seb that’s dope. I wonder when we will have “newly discovered URLs” to counter like “newly discovered domains”.
@Shib Well, it is a sandboxing solution that optimized for performance by whitelisting trusted domains. Apparently scanning all domains doesn’t seem to be feasible.
Also, since URLs are weaponized after delivery in our days, the security solution needs to scan the URL multiple times.
@seb sure but just tracking from self reporting services new URLs created, in like a 15, 30 , 90 day list shared between cloud providers and see who connects/what it is. Don’t allow users to click on S3 storage URLs created in the past 10 days etc.
INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Instance is supposed to be fast and secure. Everyone is welcome - Jump on Board!
We have a Getting Started Guide here: https://guide.ioc.exchange
Other Cyber Communities:
HAVE FUN and STAY SAFE!