Juniper issues an emergency patch for its routers. A compromised helpdesk portal sends out phishing emails. Prudential updates the victim count in their February data breach. Rapid7 finds trojanized software installers in apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high WiFi network. Florida Man's Violent Bid for Bitcoin Ends Behind Bars. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). A scholarship scammer gets a one-way ticket home.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CSO Perspectives preview
N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM): A Rick-the-Toolman episode. N2K CyberWire Pro members can find the full episode here. Rick’s accompanying essay can be found here. If you are not yet an N2K CyberWire Pro member, you can get a preview of the episode here.
Selected Reading
Juniper Networks Warns of Critical Authentication Bypass Vulnerability (SecurityWeek)
Router maker's support portal hacked, replies with MetaMask phishing (Bleeping Computer)
Prudential Financial Data Breach Impacts 2.5 Million (SecurityWeek)
Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz (Rapid7 Blog)
Police allege ‘evil twin’ in-flight Wi-Fi used to steal info (The Register)
Inside a violent gang’s ruthless crypto-stealing home invasion spree (ARS Technica)
Cyber insurance costs finally stabilising, says Howden (Tech Monitor)
AI Transcript, Fake School Website: Student’s US Scholarship Scam Exposed on Reddit (Hackread)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
You're listening to the Cyberwire Network, powered by N2K. When it comes to ensuring your company has top-notch security practices, things can get complicated fast. Vanta automates compliance for SOC 2, ISO 27001, HIPAA, and more, saving you time and money. In Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center. Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and prove security in real time. Our listeners can claim a special offer of $1,000 off Vanta at vanta.com/cyber. That's V-A-N-T-A.com/cyber for $1,000 off Vanta. Juniper issues an emergency patch for its routers, a compromised help desk portal sends out phishing emails, credential updates the victim count in their February data breach, Rapid7 finds trojanized software installers and apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high Wi-Fi network. Florida man's violent bid for Bitcoin ends behind bars. N2K's CSO Rick Howard has a preview of his latest CSO Perspectives podcast, the current state of identity and access management. The scholarship scammer gets a one-way ticket home. It's Monday, July 1, 2024. I'm Dave Thitner and this is your CyberWire Intel Briefing. Thanks for joining us here today. It's great to have you with us. Juniper networks issued emergency patches for a critical vulnerability affecting its routers, urging users to apply them immediately. The authentication bypass flaw scored a perfect 10 on both CVSS 3.1 and 4 systems, highlighting its severity. The bug allows attackers to bypass authentication and take full control of affected devices, particularly in high availability redundant configurations. Impacted products include the session smart router, session smart conductor management platform, and WAN assurance routers. Although no exploits have been reported, Juniper's urgent patch release indicates serious concerns. Upgrading conductor nodes automatically applies security fixes to connected routers, though individual router upgrades are still recommended. Juniper says the fixes are non-disruptive to production traffic. Mirku, a Canadian router manufacturer, has a compromised help desk portal, sending metamask phishing emails in response to support tickets, leaping computer reports. When users submit support requests, they receive phishing emails titled Metamask, mandatory Metamask account update required. The email falsely instructs users to update their Metamask account within 24 hours to avoid losing access. The phishing link uses deceptive URL formatting to appear legitimate, but redirects users to a malicious site, leaping computer contacted Mirku about the issue and is advising users to avoid the support portal and ignore related emails. Metamask, a popular cryptocurrency wallet, often attracts phishing attempts. A February 2024 data breach at Prudential Financial has compromised the personal information of over 2.5 million individuals, the company revealed in an updated notification. Initially disclosed in February, Prudential first reported that 36,000 individuals might be affected. The compromised data includes names, addresses, drivers license numbers, and non-driver ID card numbers. Prudential discovered the breach on February 5 and launched an investigation with external experts. A class action lawsuit was filed in June and the Alpha Black Cat Ransomware Group claimed responsibility. Prudential is offering two years of free credit monitoring to those affected. On June 18 of this year, Rapid7 investigated suspicious activity linked to Notezilla, Recent X, and CopyWiz installers from ConceptWorld, a software supplier based in India. These installers were found trojanized, embedding information-stealing malware. Rapid7 disclosed the issue to ConceptWorld on June 24, which promptly removed the malicious installers and replaced them with legitimate versions. The malware targeted browser credentials, crypto wallets, and logged keystrokes, persisting via a scheduled task. Affected users should check for signs of compromise and consider re-imaging their systems. The malicious installers have been distributed since early June of this year, while the Malware family dubbed DLL Fake has been active since January of this year. Rapid7 advises verifying software integrity and checking for infection indicators like hidden tasks and unusual network connections. Australia's federal police charged a man for running fake Wi-Fi networks on a commercial flight in order to harvest flyers credentials. Flight crewmembers reported a suspicious Wi-Fi network during a domestic flight, leading to the man's arrest. He was found with a portable wireless access device, laptop, and phone, a search of his home revealed more evidence. The suspect allegedly created Wi-Fi hotspots with SSID's similar to airline networks, tricking users into providing email and social media credentials. Australia's federal police charged him with unauthorized access and dishonest dealings. No evidence suggests he used the data, but charges imply intent. The AFP advises using VPNs and avoiding sensitive apps on public Wi-Fi. The accused was released on bail with internet restrictions. The US Justice Department has convicted Remy Ross St. Felix, a 24-year-old from Florida, for leading a violent gang targeting cryptocurrency holders. The gang's primary strategy involved home invasions and physical coercion to steal victims' crypto assets. Their most notorious crime involved breaking into the home of an elderly couple in North Carolina where they physically assaulted the victims and forced them to transfer over $150,000 in Bitcoin and Ether. The gang, consisting of over a dozen members, executed a series of brutal attacks across four states, Florida, Texas, North Carolina, and New York. Their tactics included armed robberies, death threats, beatings, torture, and even kidnapping. Despite their extreme measures, their success was limited. They managed to extort significant sums in only a few instances, with the six-figure theft from the North Carolina couple being their most notable haul. Court documents reveal the gang's formation in 2021 orchestrated primarily via Telegram. Their operations included dressing as construction workers to deceive victims and conditioning targets with frequent pizza deliveries. One of their attacks in Texas involved binding a family with zip ties, hitting them and using hot irons and other torture methods. Another failed attempt involved a break-in at a home they mistakenly thought was occupied, only defined it was an empty rental property. St. Felix and his gang continued planning further attacks until St. Felix's arrest in July of 2023 in New York, where he was found with an AK-style rifle and zip ties in his vehicle. Cell tower records, bank transactions, and Google Cloud storage records helped identify St. Felix as the ringleader. Cryptocurrency tracing efforts revealed attempts to obfuscate stolen funds using crypto exchanges, but ultimately linked the transactions back to him. The risk-reward balance for such violent crimes proved unfavorable for St. Felix and his crew. They faced severe legal consequences with St. Felix potentially serving a life sentence. The case underscores the growing threat of physical crypto theft and the importance of robust security measures for crypto holders. Security experts advise maintaining privacy, adding technical hurdles to transferring large sums, and being cautious with personal information to mitigate the risks of such attacks. A tip of the hat to the DOJ and FBI and rounding up these crooks looks like they'll be trading in their crypto wallets for prison jumpsuits. Coming up after the break, Rick Howard has a preview of his latest CSO Perspectives podcast, the current state of identity and access management. Stay with us. And now, a word from our sponsor, know-before. Where would infosec professionals be without users making security mistakes? Working less than 60 hours per week, maybe, actually having a weekend every so often. While user behavior can be a challenge, they can also be an infosec professional's greatest asset once properly equipped. Users want to do the right thing, but often lack the knowledge to do so. That's one of the reasons know-before-developed security coach, a real-time security coaching tool that takes alerts from your existing security stack and sends immediate coaching to users who've taken risky actions. Joining security tools will likely block a user from visiting a high-risk website, for example, but the user might not understand why. Security coach analyzes these alerts and provides users with relevant security tips via email or Slack, coaching them on why the action they just took was risky. Help users learn from their mistakes and strengthen your organization's security culture with Security Coach. Learn more at knowbefore.com/securitycoach. That's knowbefore.com/securitycoach, and we thank know-before for sponsoring our show. The IT world used to be simpler. You only had to secure and manage environments that you controlled. One came new technologies and new ways to work. Now employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. It is always my pleasure to welcome back to the show Rick Howard. He is the CyberWires Chief Security Officer, also our Chief Analyst, Rick. Great to have you back. Hey Dave. So you got a new episode of CSO Perspectives that is queued up and ready to be sent out to the world. I know this week's topic is something that is of particular personal interest to you. What do you got for us this week, Rick? Well, it is, Dave, and thanks for asking. I think we mentioned last week that I went out to give the awards for the Cyber Security Canon Project at the Rocky Mountain Information Assurance Conference. During that process, guess who I run into? An old pal of mine, an old colleague, and the originator of the Zero Trust idea, Mr. John Kinderbach. It is a small world. What can I tell you? Wow. All right. Did he say to you, "Hey, Howard, you got a lot of guts coming back here after what you pulled," or was it more friendly, or friendly greeting? I'm not allowed to say for lots of legal reasons. I got it. Got it. The restraining order is still in place. All right. Well, he got me to thinking about the importance of Zero Trust, and you know, Dave, I talk about Zero Trust all the time, and it had a big chapter in the book we published last year. In fact, when we did, when Simone and I did the presentation at RSA this year, we redid the diagram for the book, and I got to tell you, our N2K art director, Brigitte Wild, she did a complete makeover of it, and man, is it gorgeous. You should see it. Yeah. Okay. So anybody wants to go see it, it's on the book website, it's called N2K.com/Cyber Security First Principles Book, all one word, right? So anyway, go look at the diagram, and what occurred to me, though, is that there's all kinds of tactics that you can deploy in order to do Zero Trust, but in order to get it right, you absolutely have to nail identity and access management, and if you look at my chart, you can't really tell that that's more important than all the others. So I thought it was time to do an update on the importance of identity and access management for our podcast. Well, can we unpack that some? I mean, what puts identity and access management in such a critical spot? Well, I mean, you can't really do Zero Trust, which is basically reducing the chances of anything having access that you're not supposed to have access to, and when I say anything, I'm talking about people, I'm talking about devices, like your phones or your laptops, and I'm even talking about software modules, like the stuff we pull off the open source, and even modules that we write ourselves. So identity and access management gives us a way to first identify all of those things, and then management of it is to say, "Well, this thing has access to this other piece, and that's it." And the only way you can do that is with a robust identity and access management program, and the problem is that it's easier said than done, and it's really expensive. Yeah, well, and I think the degree to which the bat signal gets lit up whenever one of these companies who provides this has anything that looks like a security vulnerability. It's all hands on deck. It is all hands on deck, and the tool you go to first is to figure out what the bad things touched. So again, have to get identity and access management correct. So the bottom line to all of this is in order to pursue that zero trust journey, you have to have a way to accomplish those tasks, and that is the tactic that you need to think about. Yeah. When we talk about zero trust, do you think that we're past the hype bubble with it, where people have settled? For a while, it seemed to me like every other pitch I was getting for someone to come on the show, they wanted to talk about zero trust. It was hot, people had new offerings for it, people were interested in it. Have we settled into a more of a rational state of considering what it is and how to implement it? Well, you know, I'm a huge fan of the Gartner hype model, right, where it talks about new ideas go up to the peak of inflated expectations. And then we all get sick of the idea because it doesn't really, we don't really have a solution that does all the things we thought it was going to do. And so the idea plunges down to the trough of disillusionment, right? Yeah. Right? And that's what you're talking about. There was a point there when every security vendor says, "My security tool does zero trust, we can handle it all." And you know, when security professionals looked at those solutions, we said, "Hmm, maybe it does some of them, but not everything we need." And so we've been down in the trough, okay, for a while, to answer your question, I think we're just slowly coming out of it now. People are starting to think of it as not as a security feature for some tool you're going to buy, but it's more of a strategy. You know, it's a journey to better protect your enterprise. Yeah. All right. Well, it is the latest episode of CSO Perspectives, and the host is my N2K cyberwire colleague, Rick Howard. Rick, thanks so much for joining us. Thanks, Dave. [Music] Most of our listeners who deal with legacy privileged access management products know they tend to be expensive, difficult to deploy, and hard to use. Keeper security is the answer. Keeper's Zero Trust solution delivers password, secrets, and connection management in one easy-to-use platform. It's fast to deploy, agentless, clientless, and has no implementation fees. Plus, Keeper is FedRAMP authorized. That's why we trust Keeper to prevent breaches and gain full control over privileged users. Visit keeper.io/cyberwire to schedule a quick demo. That's keeper.io/cyberwire, and thanks to Keeper Security for supporting our podcast. This episode is brought to you by Shopify. Forget the frustration of picking commerce platforms when you switch your business to Shopify, the global commerce platform that supercharges you're selling, wherever you sell. With Shopify, you'll harness the same intuitive features, trusted apps, and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period at Shopify.com/tech, all lowercase, that's Shopify.com/tech. Please, please, please, please, please, please, please, please, please, please, please, please, please. Please, please, please, please, please, please, please, please, please, please. My man was an absolute genius, a dumbass, a foreshadower all at the same time. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast, your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com. We're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. You make use smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode was produced by Liz Stokes, our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpe is our publisher, and I'm Gabe Bitner. Thanks for listening. We'll see you back here, tomorrow. [music] This September 18th and 19th in Denver, a tight community of leading experts is gathering to tackle the toughest cybersecurity challenges we face. It's happening at MYs, the unique conference built by practitioners for practitioners. Brought to you by Mandiant, now part of Google Cloud, MYs features one-to-one access with industry experts and fresh insights into the topics that matter most, right now, to frontline practitioners. After early and save at mys.io/cyberwire, that's mys.io/cyberwire. [music] [MUSIC PLAYING] (gentle music)
