This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
10
Threat actors leverage document publishing sites for ongoing credential and session token theft
Comments
TLDR:
- Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements.
- Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security in users who recognize them as familiar or legitimate.
- DDP sites allow adversaries to quickly deploy and decommission malicious documents on a single platform. Talos IR also observed an adversary move between DDP sites within a short period.
Does anyone have a list of recommended DDP Sites to block already made? I see Publuu, Marq, FlipSnack, Issuu, and RelayTo listed but not much in the way of specific URLs. Thanks!
Post Details
We try to extract some basic information from the post title. This is not
always successful or accurate, please use your best judgement and compare
these values to the post title and body for confirmation.
- Posted
- 6 months ago
- Reddit URL
- View post on reddit.com
- External URL
- blog.talosintelligence.c...