Hello and welcome to the Thursday, June 4th, 2006 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu undergraduate certificate program in Cybersecurity Fundamentals.

Today's diary is nothing earth-shattering new, but I noticed that we still get a ton of requests and with a somewhat sort of increasing tendency for swagger.jason.

Swagger.jason is aagger.J.son is a file that defines Rest Web Services using the Swagger

Open API standard. This is usually sort of reconnaissance. They either look for what particular

API functionality is supported, but also often what type of API it is,

if it's some kind of standard package or so,

that can be identified via the Spaggar.jason metadata,

which often includes something like name of the particular API.

So that can then be used to, for example, look for vulnerable APIs.

Spaggart.jason is certainly something that you should keep installed

if the API is intended to be sort of for public consumption.

On the other hand, well, it's I think something where you should really stay ahead

of the attackers here and should proactively scan sort of your internal API attack surface

to figure out if there's anything that's outdated that's not supposed to be there or just not

supposed to be public. And Google published an interesting blog post how they're going to roll out a new type of caller

ID verification.

Now, spoof caller ID is nothing new.

Has been done for decades probably now.

But it has become more and more of a problem because, of course, AI is now being used to accurately impersonate the voice.

And in some cases, even sort of the face and video calls.

...