SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware
Feb 28, 2025
Join Ben Powell, a principal security engineer with 15 years in cybersecurity, as he dives into some pressing digital threats. He discusses the Njrat malware exploiting Microsoft's dev tunnels and highlights new vulnerabilities in Apple’s FindMy that could endanger users. The conversation also covers alarming trends in mass website exploitation through XSS vulnerabilities in virtual tour frameworks. Plus, learn about effective strategies against ransomware and the strengths and weaknesses of various cybersecurity solutions for small businesses.
14:27
Episode guests
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- The recent Njrat malware campaign exploits Microsoft Dev Tunnels for command and control, undetected by typical monitoring due to its legitimate nature.
- A security flaw in Apple's Find My network allows tracking of devices with minimal computational effort, emphasizing the importance of updating to iOS 18.2 for users.
Deep dives
Exploitation of Microsoft Dev Tunnels by NJRAD Malware
A new version of NJRAD malware has been discovered leveraging Microsoft Dev Tunnels, a service designed for developers to test web applications. Since the service is legitimate, the activity can go unnoticed, allowing NJRAD to exfiltrate credentials by relaying traffic through these tunnels. The domain devtunnels.ms serves as a key indicator of compromise, as it should primarily be accessed by active developers. Organizations are encouraged to monitor this domain's traffic to detect any unauthorized use indicative of malicious activity.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
