28 Feb 2025

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

This SANS Internet Storm Center Stormcast episode covers several cybersecurity threats. The podcast discusses the use of Microsoft dev tunnels by Njrat malware for credential exfiltration, highlighting `devtunnels.io` as a key indicator of compromise. It also details a method to subvert Apple's MyFind network using spoofed keys, costing approximately $5 in cloud computing time, and mentions a patch released in iOS 18.2. Finally, it examines a cross-site scripting vulnerability in the Crepano library used for 360-degree virtual tours, currently exploited for advertising but with potential for more malicious use. The episode concludes with an interview segment on ransomware defense strategies using Microsoft Defender for Business and Wazoo, contrasting their capabilities in detection and customization.

Outlines

Continue

Preview

How to Get Rich: Every EpisodeNaval

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Cybersecurity Threats: Njrat Exploiting Dev Tunnels and Apple MyFind Vulnerability

Cross-Site Scripting Attack Targeting 360-Degree Virtual Tours

Ransomware Defense Strategies for Small Businesses: A Comparison of Microsoft Defender and Wazuh

SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

00:00Cybersecurity Threats: Njrat Exploiting Dev Tunnels and Apple MyFind Vulnerability

Cybersecurity Threats: Njrat Exploiting Dev Tunnels and Apple MyFind Vulnerability

03:20Cross-Site Scripting Attack Targeting 360-Degree Virtual Tours

Cross-Site Scripting Attack Targeting 360-Degree Virtual Tours

04:48Ransomware Defense Strategies for Small Businesses: A Comparison of Microsoft Defender and Wazuh

Ransomware Defense Strategies for Small Businesses: A Comparison of Microsoft Defender and Wazuh