Think you have a false positive on this rule?

Sid 1-47120

Message

BROWSER-OTHER Multiple browsers url spoofing attempt

Summary

This event is generated when an attempt to spoof a website using Microsoft Edge, is detected

Impact

Attempted User Privilege Gain

Detailed information

This issue can be used for Phishing attacks, because when the web browser is loading a website, the malicious code can stop the load of that website and then load a malicious website. In this context, the URL will remain as the benign site but the content will be of the malicious site.

Affected systems

  • Microsoft Edge

Ease of attack

Simple

False positives

N/A

False negatives

N/A

Corrective action

Upgrade to the latest Microsoft Edge version

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8278