I'm trying to log into a Hub account and am being told there's a security vulnerability. Is this a Hub thing or an account specific thing to me?
Community Member
7 replies
Hi Peter, are there any other details you can provide? I've never heard of this before.
Community Member
Hi Peter, I am available and dialed in now, here is the zoom link: https://us06web.zoom.us/j/82406554737?pwd=Gpgs43EbIBbRhBG0t3fUsE1ahtd1aM.1
For posterity:
Peter is having this issue only while using a wifi network that uses Cisco Umbrella for security. The security warning was being issued by Cisco Umbrella, with the category "Newly Seen Domain."
Cisco Umbrella defines this as:
Peter is having this issue only while using a wifi network that uses Cisco Umbrella for security. The security warning was being issued by Cisco Umbrella, with the category "Newly Seen Domain."
Cisco Umbrella defines this as:
"Newly Seen Domains" (NSD) is a security category that identifies domains that have been queried for the first time within the past 24 hours by any user of Cisco Umbrella DNS service (including the free OpenDNS service for home users). This security category works the same as any other security category and can be enabled as part of an existing security setting or a new one. Domains stay in the list for a period of 24 hours."
[...]
The only real definition of a 'newly seen domain' is exactly that—it's newly seen. As a result, a significant portion of the domains that are categorized as ‘newly seen’ will not, in fact, be malicious and detections of good domains are expected to occur with this security category."
[...]
Additionally, only fully-qualified domain names (second-level domain or a subdomain of a second-level domain) are considered to be 'domains' that are newly seen — top-level domains and country-code top-level domains are not included in 'newly seen domains' so as to not block large groupings of domains."
Since Decile Hub uses subdomains for accounts, a Hub account that has never been seen by Cisco Umbrella would get flagged under these rules for 24 hours, but should be fine after that, or from a network that does not use Cisco Umbrella. Nothing malicious seems to be happening here.
[...]
The only real definition of a 'newly seen domain' is exactly that—it's newly seen. As a result, a significant portion of the domains that are categorized as ‘newly seen’ will not, in fact, be malicious and detections of good domains are expected to occur with this security category."
[...]
Additionally, only fully-qualified domain names (second-level domain or a subdomain of a second-level domain) are considered to be 'domains' that are newly seen — top-level domains and country-code top-level domains are not included in 'newly seen domains' so as to not block large groupings of domains."
Since Decile Hub uses subdomains for accounts, a Hub account that has never been seen by Cisco Umbrella would get flagged under these rules for 24 hours, but should be fine after that, or from a network that does not use Cisco Umbrella. Nothing malicious seems to be happening here.
Apply to VC Lab Cohort 21
Get full access to Decile Base and the Decile Hub venture platform for free by joining the VC Lab program.
Apply to VC Lab Cohort 21