SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 31 October 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
X-Request-Purpose: Identifying "research" and bug bounty related scans?
Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are supposed to identify the researcher conducting the scans
https://isc.sans.edu/diary/X-Request-Purpose%3A%20Identifying%20%22research%22%20and%20bug%20bounty%20related%20scans%3F/32436
Proton Breach Observatory
Proton opened up its breach observatory. This website will collect information about breaches affecting companies that have not yet made the breach public.
https://proton.me/blog/introducing-breach-observatory
Microsoft Exchange Server Security Best Practices
A new document published by a collaboration of national cyber security agencies summarizes steps that should be taken to harden Exchange Server.
https://www.nsa.gov/Portals/75/documents/resources/cybersecurity-professionals/CSI_Microsoft_Exchange_Server_Security_Best_Practices.pdf?ver=9mpKKyUrwfpb9b9r4drVMg%3d%3d
MOVEit Vulnerability
Progress published an advisory for its file transfer program MOVEIt . This software has had heavily exploited vulnerabilities in the past.
https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Friday, October 31st, 2025 edition of the Sands and |
| 0:10.4 | at Storm Center's Stormcast. |
| 0:12.5 | My name is Johannes Ulrich, recording today from Jacksonville, Florida. |
| 0:17.7 | And this episode is brought to you by the Sands.edu, credit certificate program in cybersecurity leadership. |
| 0:24.9 | This week, I noticed some new HTTP request headers in our Honeypot logs, |
| 0:31.1 | and these HTTP request headers are related to Buck Bounty programs. |
| 0:36.8 | There is an X-request purpose header. |
| 0:39.7 | The value is just research for this header, |
| 0:43.0 | and then also specific headers for specific bug bounty programs |
| 0:46.8 | like Hacker 1 and Buck Crowd. |
| 0:51.0 | There are a couple of bug bounties that I was able to find that actually ask researchers to use these specific headers. |
| 0:57.9 | As always, when you're talking request headers like this, nothing is guaranteed. |
| 1:03.2 | It's very easy for someone, of course, to impersonate a researcher using those headers. |
| 1:09.4 | And then, of course, there is no guarantee that researchers will |
| 1:12.4 | actually use these headers as they're conducting scans for their buck bounty research. |
| 1:18.6 | I assume that companies participating in these buck bounty programs try to use these headers |
| 1:24.4 | to maybe figure out how many of the requests that they're seeing are related to bug bounties, |
| 1:30.3 | and at least to be able to notify researchers that are well-behaved, |
| 1:34.9 | that are actually using the correct headers in case something is going wrong here, |
| 1:39.0 | in case they like a denial of service or something like this, |
| 1:41.3 | so they can reach out to the researcher and ask them maybe to |
| 1:44.4 | stop their scans or throttle them as necessary. If you're in curiosity here, I think the value of |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.