SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware
Feb 28, 2025
Join Ben Powell, a principal security engineer with 15 years in cybersecurity, as he dives into some pressing digital threats. He discusses the Njrat malware exploiting Microsoft's dev tunnels and highlights new vulnerabilities in Apple’s FindMy that could endanger users. The conversation also covers alarming trends in mass website exploitation through XSS vulnerabilities in virtual tour frameworks. Plus, learn about effective strategies against ransomware and the strengths and weaknesses of various cybersecurity solutions for small businesses.
AI Snips
Chapters
Transcript
Episode notes
Njrat and Dev Tunnels
- Monitor network traffic for the domain devtunnels.ms.
- Unless actively developing software using dev tunnels, its presence may indicate a compromise.
Apple FindMy Abuse
- Apple's FindMy network is vulnerable to malicious key pair generation. Attackers could track devices by creating valid keys.
360XSS Vulnerability
- Websites using 3D virtual tours are vulnerable to cross-site scripting attacks. The Krpano VR library is being exploited to inject spam and potentially malicious JavaScript.