Hello and welcome to the Thursday, April 16th, 2006 edition of the Sands

Inanded Storm Center's Stormcast. My name is Johannes Ulrich, recording today from Stockholm, Germany.

And this episode is brought you by the Sands.edu credit certificate program in Purple Team Operations.

Configuration files containing secrets are a common target for attackers today.

Typically attackers are scanning web servers for commonly used configuration files like.env.

Gie noted in his honeypod logs that attackers are now more and more scanning for files

associated with AI tools.

For example, attackers are scanning four files associated with OpenClaw, Clod, and Open AI.

Just like any configuration files, these files should not be kept in a document

route at hackers will usually use the credentials contained in these files to steal tokens,

which can lead to rather large invoices from these AI vendors. So make sure that, first of all,

the secrets are probably protected,

but in addition, well, set up the right billing alerts and limits for your particular

AI tools. So that way you're at least being alerted and hopefully are limiting the damage

that's done in case some of these secrets will eventually be.

And then we got some postscripts to yesterday's Microsoft Patch Tuesday.

Microsoft states that some devices with an un-recommended BitLocker Group policy configuration

might require to enter their BitLlocker recovery key on the first

restart after installing this update.

So what Microsoft's saying here is that you may have to enter your bitlocker key, which

of course a lot of people don't necessarily have just sitting around there, hopefully, and

it can be a little bit difficult to get to.

...