Hello and welcome to the Friday, March 8, 2024 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

We got a guest diary today again by one of our Sands.edu undergraduate interns, Josh Lockwood looked into whether or not

attackers are targeting certain networks with particular attacks. And the one thing he looked at

was attacks that are specific to EWS. There are a couple of URLs. which have commonly see hit in our honeypods

like AWS credentials, AWS config, that are specific to AWS deployments. And yes, what

Josh found out was that a honeypot that he had deployed in AWS did receive this,

these requests. Another honeypot in Asia did not see any of these requests. But we need to look at

this in more detail and take a look at all of our honeypots. We have a bunch of users who have deployed honeypots

in different cloud providers.

And then, of course, we also have honeypots

in home networks and small business networks.

So it'll be interesting to see in the look at closer look at some of the differences

that we see in attacks against these different networks.

It's, of course, relatively easy to get lists of IP address ranges that are used by specific

cloud providers, so attackers may as well take advantage of that and target these specific

networks if they're looking for a vulnerability that only occurs

in those particular cloud providers.

We've got an interesting update from Apple today.

Now, first of all, somewhat expected we got an update for MacOS and some of the other

operating systems like TVOS, watchOS, and now also a vision

OS. This was expected because we got the iOS update a couple days ago, and of course,

...