Hello, welcome to the Wednesday, March 8, 2003 edition of the Sands and its Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

And we have yet another diary written by one of our interns from the Sands Technology Institute

College.

These interns, they're working with our honeypots and also are looking for other attacks

that they're then writing up.

And the latest here that I found worth while sharing as a diary was written by David Boyd.

David looked at scans that he saw looking for a configuration file.

And turns out that this configuration file is associated with a Visual Studio code extension

SFTP.

SFTP, not a bad protocol.

If you want to upload, download files, it's basically related to S.H and works like FTP, which makes it pretty easy, but it's all

nicely encrypted, but you still, of course, need credentials.

And what apparently happens here is that developers are creating these configuration files with

their username and password in clear text, and then they're pushing these configuration files

together with the entire source code of their application to a live website, which

of course exposes them, and that's what attackers are looking for.

So if you're seeing scans for dot vScode slash sftp.jason, that's the attack here.

If you're using this extension, vS code sftp, make sure you are securing those credentials.

When you're copy pasting data via clipboard in many operating systems, pretty much all

applications that you may currently have active are able to access that clipboard.

That kind of access across different applications, of course, can be abused,

...