CyberWire Daily - A swift fix for a serious router bug.
Episode Date: July 1, 2024Juniper issues an emergency patch for its routers. A compromised helpdesk portal sends out phishing emails. Prudential updates the victim count in their February data breach. Rapid7 finds trojanized s...oftware installers in apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high WiFi network. Florida Man's Violent Bid for Bitcoin Ends Behind Bars. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). A scholarship scammer gets a one-way ticket home. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CSO Perspectives preview N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM): A Rick-the-Toolman episode. N2K CyberWire Pro members can find the full episode here. Rick’s accompanying essay can be found here. If you are not yet an N2K CyberWire Pro member, you can get a preview of the episode here. Selected Reading Juniper Networks Warns of Critical Authentication Bypass Vulnerability (SecurityWeek) Router maker's support portal hacked, replies with MetaMask phishing (Bleeping Computer) Prudential Financial Data Breach Impacts 2.5 Million (SecurityWeek) Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz (Rapid7 Blog) Police allege ‘evil twin’ in-flight Wi-Fi used to steal info (The Register) Inside a violent gang’s ruthless crypto-stealing home invasion spree (ARS Technica) Cyber insurance costs finally stabilising, says Howden (Tech Monitor) AI Transcript, Fake School Website: Student’s US Scholarship Scam Exposed on Reddit (Hackread) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. I'm going to go. The system count in their February data breach. Rapid7 finds trojanized software installers and apps from a popular developer in India.
Australian authorities arrest a man for running a fake mile-high Wi-Fi network.
Florida man's violent bid for Bitcoin ends behind bars.
N2K's CSO Rick Howard has a preview of his latest CSO Perspectives podcast,
The Current State of Identity and Access Management.
And a scholarship scammer gets a one-way ticket home.
It's Monday, July 1st, 2024. I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us here today. It's great to have you with us.
Juniper Networks issued emergency patches for a
critical vulnerability affecting its routers, urging users to apply them immediately. The
authentication bypass flaw scored a perfect 10 on both CVSS 3.1 and 4 systems, highlighting its
severity. The bug allows attackers to bypass authentication and take full control of affected devices,
particularly in high-availability redundant configurations.
Impacted products include the Session Smart Router,
Session Smart Conductor Management Platform,
and WAN Assurance routers.
Although no exploits have been reported,
Juniper's urgent patch release
indicates serious concerns. Upgrading conductor nodes automatically applies security fixes to
connected routers, though individual router upgrades are still recommended.
Juniper says the fixes are non-disruptive to production traffic.
Merku, a Canadian router manufacturer,
has a compromised help desk portal
sending MetaMask phishing emails
in response to support tickets,
leaping computer reports.
When users submit support requests,
they receive phishing emails titled
MetaMask, Mandatory MetaMask Account Update Required.
The email falsely instructs users to update their Metamask account
within 24 hours to avoid losing access.
The phishing link uses deceptive URL formatting to appear legitimate,
but redirects users to a malicious site.
Bleeping Computer contacted Merku about the issue
and is advising users to avoid the
support portal and ignore related emails. Metamask, a popular cryptocurrency wallet,
often attracts phishing attempts. A February 2024 data breach at Prudential Financial
has compromised the personal information of over 2.5 million individuals,
the company revealed in an updated notification.
Initially disclosed in February, Prudential first reported that 36,000 individuals might be affected.
The compromised data includes names, addresses, driver's license numbers, and non-driver ID card numbers.
Prudential discovered the breach on February 5th
and launched an investigation with external experts. A class action lawsuit was filed in June
and the Alpha Black Cat Ransomware Group claimed responsibility.
Prudential is offering two years of free credit monitoring to those affected.
credit monitoring to those affected. On June 18th of this year, Rapid7 investigated suspicious activity linked to NoteZilla, RecentX, and CopyWiz installers from ConceptWorld, a software supplier
based in India. These installers were found trojanized, embedding information-stealing
malware. Rapid7 disclosed the issue to ConceptWorld on June 24th, which promptly removed the malicious RAPID7 scheduled task. Affected users should check for signs of compromise and consider re-imaging their systems.
The malicious installers have been distributed
since early June of this year,
while the malware family, dubbed DLL Fake,
has been active since January of this year.
Rapid7 advises verifying software integrity
and checking for infection indicators
like hidden tasks and unusual network connections.
Australia's federal police charged a man for running fake Wi-Fi networks on a commercial flight in order to harvest flyers' credentials.
Flight crew members reported a suspicious Wi-Fi network during a domestic flight, leading to the man's
arrest. He was found with a portable wireless access device, laptop, and phone. A search of
his home revealed more evidence. The suspect allegedly created Wi-Fi hotspots with SSIDs
similar to airline networks, tricking users into providing email and social media credentials.
networks, tricking users into providing email and social media credentials.
Australia's federal police charged him with unauthorized access and dishonest dealings.
No evidence suggests he used the data, but charges imply intent. The AFP advises using VPNs and avoiding sensitive apps on public Wi-Fi. The accused was released on bail with Internet restrictions.
The U.S. Justice Department has convicted Remy Ross St. Felix,
a 24-year-old from Florida,
for leading a violent gang targeting cryptocurrency holders.
The gang's primary strategy involved home invasions
and physical coercion to steal victims' crypto assets.
Their most notorious crime involved breaking into the home of an elderly couple in North Carolina,
where they physically assaulted the victims and forced them to transfer over $150,000 in Bitcoin and Ether.
The gang, consisting of over a dozen members, executed a series of brutal
attacks across four states, Florida, Texas, North Carolina, and New York. Their tactics included
armed robberies, death threats, beatings, torture, and even kidnapping. Despite their extreme measures,
their success was limited. They managed to extort significant sums in only a
few instances, with the six-figure theft from the North Carolina couple being their most notable
haul. Court documents reveal the gang's formation in 2021 orchestrated primarily via telegram.
Their operations included dressing as construction workers to deceive victims and conditioning targets with
frequent pizza deliveries. One of their attacks in Texas involved binding a family with zip ties,
hitting them, and using hot irons and other torture methods. Another failed attempt involved
a break-in at a home they mistakenly thought was occupied, only to find it was an empty rental property.
St. Felix and his gang continued planning further attacks until St. Felix's arrest in July of 2023 in New York, where he was found with an AK-style rifle and zip ties in his vehicle. Cell tower
records, bank transactions, and Google Cloud storage records helped identify St. Felix as the ringleader.
Cryptocurrency tracing efforts revealed attempts to obfuscate stolen funds using crypto exchanges,
but ultimately linked the transactions back to him.
The risk-reward balance for such violent crimes proved unfavorable for St. Felix and his crew.
They faced severe legal consequences, with St. Felix and his crew. They face severe legal consequences,
with St. Felix potentially serving a life sentence.
The case underscores the growing threat of physical crypto theft
and the importance of robust security measures for crypto holders.
Security experts advise maintaining privacy,
adding technical hurdles to transferring large sums,
and being cautious with personal information to mitigate the risks of such attacks.
A tip of the hat to the DOJ and FBI in rounding up these crooks.
Looks like they'll be trading in their crypto wallets for prison jumpsuits.
Coming up after the break, Rick Howard has a preview of his latest CSO Perspectives podcast,
The Current State of Identity and Access Management.
Stay with us. Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages,
it's easy to say so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
It is always my pleasure to welcome back to the show Rick Howard. He is the CyberWire's
Chief Security Officer, also our Chief Analyst. Rick, great to have you back.
Hey, Dave.
Officer, also our Chief Analyst. Rick, great to have you back. Hey, Dave. So, you got a new episode of CSO Perspectives that is queued up and ready to be sent out to the world. I know this week's
topic is something that is of particular personal interest to you. What do you got for us this week,
Rick? Well, it is, Dave, and thanks for asking. I think we mentioned last week that I went out to give the awards for the Cybersecurity Canon Project at the Rocky Mountain Information Assurance Conference.
And during that process, guess who I run into?
An old pal of mine, an old colleague, and the originator of the Zero Trust idea, Mr. John Kinderbog.
You know, it's a small world.
What can I tell you? Wow. All right.
So, did he say to you, hey, Howard, you got a lot of guts coming back here after what you pulled,
or was it a more friendly greeting? I'm not allowed to say for lots of legal reasons.
Got it. The restraining order is still in place. All right.
Well, he got me to thinking about the importance of zero trust. And you know, Dave, I talk about zero trust all the time. And it had a big chapter in the book RSA this year. We redid the diagram for the book.
And I got to tell you, our N2K art director, Brigitte Wild,
she did a complete makeover of it.
And man, is it gorgeous.
You should see it.
Okay.
So you can, anybody wants to go see it, it's on the book website. It's called n2k.com slash cybersecurity first principles book, all one word.
Right. So anyway,
go look at the diagram. And what occurred to me, though, is that there's all kinds of tactics that you can deploy in order to do zero trust. But in order to get it right, you absolutely have to nail
identity and access management. And if you look at my chart, you can't really tell that that's
more important than all the others. So I thought it was time to do an update on the importance of identity and access management for our podcast.
Well, can we unpack that some? I mean, what puts identity and access management in such a critical
spot? Well, I mean, you can't really do zero trust, which is basically reducing the chances
of anything having access that you're
not supposed to have access to. And when I say anything, I'm talking about people,
I'm talking about devices like your phones or your laptops, and I'm even talking about
software modules like the stuff we pull off the open source and even modules that we write
ourselves. So identity and access management gives us a way to first identify all of those things
and then management of it is to say, well, this thing has access to this other piece
and that's it.
And the only way you can do that is with a robust identity and access management program.
And the problem is that it's easier said than done and it's really expensive.
Yeah.
The problem is that it's easier said than done, and it's really expensive.
Yeah.
Well, and I think the degree to which, you know, the bat signal gets lit up whenever one of these companies who provides this, you know, has anything that looks like a security vulnerability, it's all hands on deck.
It is all hands on deck. And the tool you go to first is to figure out what the bad things touched.
Right.
So, again, you have to get identity and access management correct.
Right.
So, the bottom line to all of this is in order to pursue that zero trust journey, you have to have a way to accomplish those tasks.
And that is the tactic that you need to think about.
Yeah.
When we talk about zero trust, I mean, do you think that we're past the hype bubble with it
where people have settled?
For a while, it seemed to me like
every other pitch I was getting
for someone to come on the show
was they wanted to talk about zero trust.
It was hot.
People had new offerings for it.
People were interested in it.
Have we settled into
more of a rational state
of considering what it is and how to
implement it? Well, you know, I'm a huge fan of the Gartner hype model, right? Where it talks about
new ideas go up to the peak of inflated expectations. And then we all get sick of the
idea because it doesn't really, we don't really have a solution yet that does all the things we
thought it was going to do. And so the idea plunges down to the trough of disillusionment, right? And that's what you're talking about. There was a point there
when every security vendor says, my security tool does zero trust. We handle it all. And, you know,
when security professionals looked at those solutions, we said, hmm, maybe it does some of
them, but not everything we need. And so we've been down in the trough for a while.
To answer your question, I think we're just slowly coming out of it now.
People are starting to think of it as not as a security feature for some tool you're going to buy.
But it's more of a strategy.
You know, it's a journey to better protect your enterprise.
Yeah.
All right.
Well, it is the latest episode of CSO Perspectives,
and the host is my N2K CyberWire
colleague, Rick Howard.
Rick, thanks so much for joining us.
Thanks, Dave.
Cyber threats are evolving every second, Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company
safe and compliant. And finally, Aryan Anand, a 19-year-old Indian student,
scammed his way into a scholarship at Lehigh University.
Anand fabricated numerous documents,
including a fake death certificate for his father
to bolster his application for admission and financial aid at Lehigh he created a phony
school domain and email address posing as his school principal to add credibility to his forged
class 12 transcripts using chat GPT he crafted compelling admission essays and even managed to
pass exams. Anand's scheme unraveled after he bragged about his exploits on Reddit under an
alias. His post, titled, I Have Built My Life and Career on Lies and Fraud, caught the eye of a
vigilant moderator. The moderator's investigation revealed Anand's
real identity and led to his expulsion and arrest. Lehigh University and authorities took swift
action, resulting in Anand's deportation. One Redditor summed it up, stating,
My man was an absolute genius, a dumbass, a foreshadower, all at the same time.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at N2K.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester
with original music and sound design
by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. data products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your
role. Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.