SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware

Njrat Compaign Using Microsoft dev Tunnels:
A recent version of the Njrat remote admin tool is taking advantage of Microsoft's developer tunnels (devtunnels.ms) as a command and control channel.
https://isc.sans.edu/diary/Njrat%20Campaign%20Using%20Microsoft%20Dev%20Tunnels/31724
NrootTag Apple FindMy Abuse
Malware could use a weakness in the keys used for Apple FindMy to abuse it to track victims. Updates were released with iOS 18.2, but to solve the issue the vast majority of Apple users must update.
https://nroottag.github.io/
360XSS: Mass Website Exploitation via Virtual Tour Framework
The Krpano VR library which is often used to implement 3D virtual tours on real estate websites, is currently being abused to inject spam messages. The XSS vulnerabilty could allow attackers to inject even more malicious JavaScript.
https://olegzay.com/360xss/
SANS.edu Research: Proof is in the Pudding: EDR Configuration Versus Ransomware. Benjamin Powell
https://www.sans.edu/cyber-research/proof-pudding-edr-configuration-versus-ransomware/