Hello and welcome to the Thursday, November 7, 2024 edition of the Sandinet Stormsanders Stormcast.

My name is Johannes Ulrich and then I'm recording from Riyadh, Saudi Arabia.

Today's blog post comes from one of our Sands.edu bachelor degree interns.

Trevor Coleman writes about a search and activity against

their honeypot from back in early August. The amazing part here is that one single IP address,

one link single source IP address was responsible for 62 million different attacks, covering pretty

much all major web application attacks. Of course, these type of attacks are often used

to build a botnet. It's a little bit interesting that all the attacks came from one single

IP address, not from a botnet itself. There's no indication in this

case that this attack was sort of more a research scan, where someone is just enumerating

vulnerable systems without actively exploiting them as well. And do you have an air fryer, maybe one that is controllable via a mobile app, which an organization

that calls itself the UK's consumer champion did take a look at some of these apps and air

fryers and, well, what they found shouldn't really surprise anybody, but

these devices tend to be rather chatty in the sense that they are export trading data back

to the manufacturer. In general, the recommendation here is to be careful if you're buying

devices like this, also as you are setting them up be careful

what permissions you grant the related apps and what information you are entering as you are

registering for an account overall it's always a little bit questionable if an appliance like this

doesn't work unless you set up an account.

That usually also implies that if the manufacturer no longer supports the particular device, it may no longer work.

And the report recently released by the UK's National Cyber Security Center outlines a threat that they are calling PICME GOAT.

This particular threat is targeting perimeter security devices.

...