Things got a little backed up - we're processing the data and things should be back to normal within the hour.

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

10
Threat actors leverage document publishing sites for ongoing credential and session token theft
Comments
8bit_zach

TLDR:

  • Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements.
  • Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security in users who recognize them as familiar or legitimate.
  • DDP sites allow adversaries to quickly deploy and decommission malicious documents on a single platform. Talos IR also observed an adversary move between DDP sites within a short period.
8bit_zach

Does anyone have a list of recommended DDP Sites to block already made? I see Publuu, Marq, FlipSnack, Issuu, and RelayTo listed but not much in the way of specific URLs. Thanks!

Author
Account Strength
100%
Account Age
10 years
Verified Email
Yes
Verified Flair
No
Total Karma
48,606
Link Karma
13,133
Comment Karma
34,412
Profile updated: 4 days ago
Posts updated: 5 months ago
8bit_zach

Subreddit

r/netsec

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
6 months ago
Reddit URL
View post on reddit.com
External URL
blog.talosintelligence.c...