Privacy Aware Bots

A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them.

https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796

Critical Ingress Nightmare Vulnerability

ingress-nginx fixed four new vulnerabilities, one of which may lead to a Kubernetes cluster compromise. Note that at the time I am making this live, not all of the URLs below are available yet, but I hope they will be available shortly after publishing this podcast

https://www.darkreading.com/application-security/critical-ingressnightmare-vulns-kubernetes-environments

https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

https://kubernetes.io/blog/

FBI Warns of File Converter Scams

File converters may include malicious ad ons. Be careful where you get your software from.

https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam

VSCode Extension Includes Ransomware

https://x.com/ReversingLabs/status/1902355043065500145

Rss Apple Podcaster
Podden och tillhörande omslagsbild på den här sidan tillhör Johannes B. Ullrich. Innehållet i podden är skapat av Johannes B. Ullrich och inte av, eller tillsammans med, Poddtoppen.

Senast besökta

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware

00:00