SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving
4 snips
Nov 26, 2025 Spyware is exploiting vulnerabilities in messaging apps, using tools like keystroke loggers to invade users' privacy. A warning against inputting passwords into random websites highlights the danger of careless online behavior. The critical vulnerabilities in Fluent Bit that could allow remote takeovers are discussed, urging rapid patching for affected users. As Thanksgiving approaches, the focus turns to being safe online and the importance of trusting cloud security.
AI Snips
Chapters
Transcript
Episode notes
Encryption Protects Transport Not Compromised Ends
- End-to-end encryption protects messages in transit but not on compromised endpoints.
- Johannes Ulrich warns that keystroke loggers and screenshots defeat encryption's endpoint security.
Always Verify Who You're Messaging
- Verify identities in messaging apps and be wary of impersonation.
- Johannes Ulrich advises users to always confirm who they're talking to before trusting messages.
Stop Pasting Secrets Into Random Websites
- Avoid pasting secrets into random online prettifier or pastebin-like sites.
- Johannes Ulrich recommends using local tools like jq or IDE formatters to keep secrets off public servers.