SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability
Oct 31, 2025
Explore the intriguing world of bug bounty programs, where new HTTP headers are making waves for identifying researchers. Proton has launched a breach observatory to uncover unreported data breaches, raising questions about transparency. Discover best practices for hardening Microsoft Exchange Server, implemented in collaboration with national cyber security agencies. Finally, learn about a critical vulnerability in the MOVEit file transfer program, prompting immediate action for users. Tune in for essential insights in cyber security!
AI Snips
Chapters
Transcript
Episode notes
Don't Trust Headers To Authorize Scans
- Do not rely on bug-bounty headers to filter or allow traffic because they can be forged.
- Instead, use them only as supplementary signals and never as sole evidence of legitimate scanning.
Bug-Bounty Request Headers Appearing
- New bug-bounty request headers (e.g., X-Request-Purpose) are appearing in honeypot logs and claim to identify research scans.
- Johannes Ulrich warns these headers can be easily spoofed and shouldn't be used to trust or block traffic.
Small Businesses Often Slip Under The Radar
- Small and retail businesses dominate observable breach listings, likely due to weaker detection and lower visibility.
- Johannes Ulrich suggests many small breaches go unnoticed because owners choose silence to avoid attention.