DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware
SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

Update: 2025-02-28
Share

Description



Njrat Compaign Using Microsoft dev Tunnels:

A recent version of the Njrat remote admin tool is taking advantage of Microsoft's developer tunnels (devtunnels.ms) as a command and control channel.

https://isc.sans.edu/diary/Njrat%20Campaign%20Using%20Microsoft%20Dev%20Tunnels/31724

NrootTag Apple FindMy Abuse

Malware could use a weakness in the keys used for Apple FindMy to abuse it to track victims. Updates were released with iOS 18.2, but to solve the issue the vast majority of Apple users must update.

https://nroottag.github.io/

360XSS: Mass Website Exploitation via Virtual Tour Framework

The Krpano VR library which is often used to implement 3D virtual tours on real estate websites, is currently being abused to inject spam messages. The XSS vulnerabilty could allow attackers to inject even more malicious JavaScript.

https://olegzay.com/360xss/

SANS.edu Research: Proof is in the Pudding: EDR Configuration Versus Ransomware. Benjamin Powell

https://www.sans.edu/cyber-research/proof-pudding-edr-configuration-versus-ransomware/
Comments 
In Channel
SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities

SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities

2025-04-3008:51

SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC

SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC

2025-04-2907:37

SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited

SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited

2025-04-2807:55

SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;

SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;

2025-04-2506:38

SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco

SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco

2025-04-2405:44

SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed

SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed

2025-04-2306:18

SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE

SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE

2025-04-2205:35

SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug

SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug

2025-04-2107:31

SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy

SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy

2025-04-1806:18

SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News;

SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News;

2025-04-1706:04

SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes

SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes

2025-04-1605:54

SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware

SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware

2025-04-1505:35

SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

2025-04-1407:07

SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit

SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit

2025-04-1105:34

SANS Stormcast ThursdayApril 10th: Getting Past PyArmor; CenterStack RCE; Android 0-Day Patch; VMware Tanzu Patches; Odd Win11 Directory; WhatsApp File Confusion; SANS AI Guide;

SANS Stormcast ThursdayApril 10th: Getting Past PyArmor; CenterStack RCE; Android 0-Day Patch; VMware Tanzu Patches; Odd Win11 Directory; WhatsApp File Confusion; SANS AI Guide;

2025-04-1006:35

SANS Stormcast Wednesday, April 10th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet

SANS Stormcast Wednesday, April 10th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet

2025-04-0907:19

SANS Stormcast Tuesday, April 8th:

SANS Stormcast Tuesday, April 8th:

2025-04-0806:18

SANS Stormcast Monday April 7th 2025: New Username Report; Quickshell Vulnerability; Apache Traffic Director Request Smuggeling

SANS Stormcast Monday April 7th 2025: New Username Report; Quickshell Vulnerability; Apache Traffic Director Request Smuggeling

2025-04-0706:14

SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update

SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update

2025-04-0406:16

SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail

SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail

2025-04-0309:23

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

Dr. Johannes B. Ullrich