Juniper Networks Issues Critical Patch for Router Vulnerability, CVE-2024-2973
Juniper Networks Issues Patches for Router Vulnerability
[caption id="attachment_79708" align="alignnone" width="1105"]![Router Vulnerability](https://thecyberexpress.com/wp-content/uploads/Router-Vulnerability.webp)
As Artificial Intelligence (AI) continues to transform industries worldwide, tech enthusiasts must equip themselves with the right skillsets to stay relevant and competitive. The swift evolution of AI technologies is altering job roles, opening up new career opportunities, and establishing benchmarks for the future of employment. Whether you're a budding developer or an experienced IT professional, mastering these key skills will enable you to excel in an AI-dominated environment.
The AI era presents both challenges and opportunities for tech enthusiasts. By developing these essential skills, you can future-proof your career. Embrace the continuous learning journey, stay curious, and keep adapting to the advancements in AI and related technologies.
Google's Chrome browser is making a significant security move by distrusting certificates issued by Entrust, a prominent Certificate Authority (CA), beginning late 2024. This decision throws a wrench into the operations of numerous websites including those of major organizations like Bank of America, ESPN, and IRS.GOV, among others.
Digital certificates (SSL/TLS) play a vital role in ensuring secure connections between users and websites. These certificates issued by trusted CAs act as a security seal - more like a blue tick for websites - and helps users gauge the legitimacy of the website. It also ensures an encrypted communication to prevent data breaches.
However, Chrome is removing Entrust from its list of trusted CAs due to a concerning pattern of "compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress" over the past six years. Entrust's repeated shortcomings in upholding security standards have led Google to lose confidence in their ability to act as a reliable CA.
"It is our opinion that Chrome’s continued trust in Entrust is no longer justified." - Google Chrome
This move also extends to AffirmTrust, a lesser-known provider acquired by Entrust. While these certificates account for only a small fraction (0.1%) compared to Let's Encrypt (49.7%), the impact is still significant considering organizations like Bank of America, BookMyShow, ESPN and even government websites like IRS.gov, which have high internet traffic volumes, are also certified by Entrust.
[caption id="attachment_79569" align="aligncenter" width="1024"]Starting November 1, 2024, Chrome users encountering websites with distrusted Entrust certificates will be met with a full-page warning proclaiming the site as "not secure."
[caption id="attachment_79563" align="aligncenter" width="1024"]This warning only applies to certificates issued after October 31, 2024, providing a grace period for websites with existing Entrust certificates. However, as certificates have lifespans, website owners must transition to a different CA before expiration. Considering its market share Let's Encrypt, a free and trusted option, comes highly recommended.
This shift is crucial for maintaining a secure web environment. When a CA fails to meet expectations, it jeopardizes the entire internet ecosystem. Chrome's decision prioritizes user protection by eliminating trust in potentially compromised certificates.
Website owners using impacted Entrust certificates should act swiftly to switch to a different CA. The Chrome Certificate Viewer can be used to identify certificates issued by Entrust. While this may seem inconvenient, it's necessary to ensure continued user access without security warnings.
Large organizations managing internal networks have some leeway. Chrome allows enterprises to bypass these changes by installing the affected certificates as trusted on their local networks. This ensures internal websites using these certificates function normally.
Further context emerges from discussions on Mozilla's Bug Tracker (Bug 1890685). It reveals a critical issue – Entrust's failure to revoke a specific set of Extended Validation (EV) TLS certificates issued between March 18 and 21, 2024. This violated their own Certification Practice Statement (CPS).
Entrust opted against revoking the certificates, citing potential customer confusion and denying any security risks. However, this decision sparked outrage. Critics emphasized the importance of proper revocation procedures to uphold trust in the CA system. Entrust's prioritization of customer convenience over security raised concerns about their commitment to strict adherence to security best practices.
A detailed post on Google Groups by Mike Shaver sheds further light on the situation. Shaver expresses doubt in Entrust's ability to comply with WebPKI and Mozilla Root Store Program (MRSP) requirements. Despite attempts to address these concerns, Entrust's handling of certificate revocation, operational accountability, and transparency remain under scrutiny.
Shaver points out Entrust's tendency to prioritize customer convenience over strict adherence to security standards. He also criticizes the lack of detailed information regarding organizational changes and Entrust's failure to meet Mozilla's incident response requirements. Until Entrust demonstrates substantial improvements and transparency, continued trust in their certificates poses a significant risk to the overall web PKI and the security of internet users.
But this is not the end of it. In fact it is just the tip of the ice berg. Shaver's comments in the forum are in response to a host of compliance incidents between March and May related to Entrust. Ben Wilson summarized these recent incidents in a dedicated wiki page.
"In brief, these incidents arose out of certificate mis-issuance due to a misunderstanding of the EV Guidelines, followed by numerous mistakes in incident handling including a deliberate decision to continue mis-issuance," Wilson said.
This is a very serious shortcoming on Entrust's behalf considering the stringent norms and root store requirements, he added.
However, Chrome's decision to distrust Entrust certificates sends a strong message – prioritizing user safety requires holding CAs accountable for upholding the highest security standards.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
"Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our Corporate IT environment. Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard. Based on current findings of the investigation, the attack was contained within the Corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data." - TeamViewerThe company that provides enterprise solutions for remote access, reassured its customers that it follows best-practices in its overall system architecture and thus, has segmented the Corporate IT, the production environment, and the TeamViewer connectivity platform.
"This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our ‘defense in-depth’ approach." - TeamViewerDespite ongoing investigations, the company remains focused on safeguarding system integrity and ensuring transparency in its communication regarding the incident.
Crypto scammers hijacking social media accounts of popular brands and celebrities on platforms like YouTube and X is not a novel thing. But what transpired on Thursday could very well be a snippet of things to come as we move towards the Age of AI.
Crypto scammers first took over the YouTube account of Channel 7 News and modified it in a way that it masqueraded the official Tesla channel.
[caption id="attachment_79292" align="aligncenter" width="300"]After making aesthetic changes to the YouTube account, the crypto scammers replaced the videos in the channel with a deepfake live stream of Tesla chief Elon Musk. The AI-generated Musk was seen encouraging viewers to scan a QR code and invest in cryptocurrency.
[caption id="attachment_79296" align="aligncenter" width="600"]"This is an opportunity that cannot be missed." - Elon Musk Deepfake
The deepfake video was made in a way that Musk's AI version even interacted with the audience, where he continued to say that twice as much would return to investors' wallets.
The Channel 7 News has several region- and programming-specific YouTube channels, and most of them seemed to be hijacked at present, with all of them running the same deepfake live stream on loop. The page is no longer accessible via direct links from the company website, but as pointed by a Reddit user, if you go to the YouTube channel via the platform's search, it still displays the changes made by crypto scammers, which is a Tesla logo as seen in the images above."The whole deepfake supply chain should be held accountable, just as they are for malware and child pornography." - The Open LetterLegal experts and technologists have also previously urged the U.S. Congress to regulate the use of deepfake technologies and provide new protections particularly for women and minority communities against the use of digitally manipulated media. Experts warned that the deceptive content is already affecting national security, personal privacy and public trust.
“By confiscating such large amounts of money, and disrupting the networks behind them, we not only safeguard our communities but also deal a significant blow to the transnational organized crime groups that pose such a serious threat to global security.” - Director of Interpol’s Financial Crime and Anti-Corruption Centre (IFCACC), Dr Isaac Kehinde Oginni
“No country is immune to this type of crime, and combating it requires very strong international cooperation.” - Dr Isaac Kehinde Oginni
“We’re improving the model’s ability to detect and refuse certain content. We’re also working on enhancing the user experience and scaling our infrastructure to support millions of users while maintaining real-time responses.” - OpenAIThe stalling of the rollout comes a month after OpenAI announced a new safety and security committee that would oversee issues related to the company’s future projects and operations. It is unclear if this postponement was suggested by the committee or by internal stakeholders.
“On September 11, 2023, Sam spoke with Ms. Johansson and her team to discuss her potential involvement as a sixth voice actor for ChatGPT, along with the other five voices, including Sky. She politely declined the opportunity one week later through her agent.” - OpenAIAltman took a last chance of onboarding the Hollywood star this May, when he again contacted her team to inform the launch of GPT-4o and asked if she might reconsider joining as a future additional voice in ChatGPT. But instead, with the demo version of Sky airing through, Johannson threatened to sue the company for “stealing” her voice. Owing to the pressure from her lawyers, OpenAI removed the Sky voice sample since May 19.
“The voice of Sky is not Scarlett Johansson's, and it was never intended to resemble hers. We cast the voice actor behind Sky’s voice before any outreach to Ms. Johansson. Out of respect for Ms. Johansson, we have paused using Sky’s voice in our products. We are sorry to Ms. Johansson that we didn’t communicate better.” – Sam AltmanAlthough the issue seems to have resolved for the time being, this duel between Johannson and Altman brought to the fore the ethical considerations surrounding deepfakes and synthetic media.
"There are many risks associated with allowing an unknown foreign entity to manage and serve JavaScript within your web application. They can quietly observe user traffic, and if malicious intent were taken, they can potentially steal usernames, passwords and credit card information directly as users enter the information in the web browser."CloudFlare had also published its findings and recommendations in response to concerns over the compromise of domains. The company stated in a blog article:
The concerns are that any website embedding a link to the original polyfill.io domain, will now be relying on Funnull to maintain and secure the underlying project to avoid the risk of a supply chain attack. Such an attack would occur if the underlying third party is compromised or alters the code being served to end users in nefarious ways, causing, by consequence, all websites using the tool to be compromised."This incident serves as a stark reminder of the security implications of relying on external code libraries/third-party scripts and the importance of vigilance in maintaining website integrity, plus the potential malicious takeover of massively deployed projects. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
A U.S. grand jury has indicted a Russian citizen, Amin Timovich Stigal, for allegedly conspiring with Russia's military intelligence agency (GRU) to launch cyberattacks crippling Ukrainian government systems and data ahead of Russia's full-scale invasion in February 2022.
The indictment, unsealed yesterday in Maryland, sheds light on a coordinated effort to disrupt critical Ukrainian infrastructure and sow panic among the population.
“As alleged, the defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyberattacks targeting the Ukrainian government and later targeting its allies, including the United States.” - Attorney General Merrick B. Garland
Stigal, 22, who remains at large, was charged for his alleged role in using a deceptive malware strain called "WhisperGate" to infiltrate dozens of Ukrainian government networks, including ministries, state services, and critical infrastructure entities. Disguised as ransomware, WhisperGate reportedly went beyond data encryption, aiming for complete destruction of targeted systems and data.
The attacks coincided with the defacement of Ukrainian websites displaying threatening messages designed to intimidate the public. Sensitive data, including patient health records, was exfiltrated and offered for sale online, further amplifying the chaos.
But the malicious campaign wasn't limited to cyberattacks targeting Ukraine. The indictment broadens the scope beyond Ukraine, revealing attempts to probe U.S. government networks in Maryland using similar tactics.
“These GRU actors are known to have targeted U.S. critical infrastructure. During these malicious cyber activities, GRU actors launched efforts to scan for vulnerabilities, map networks, and identify potential website vulnerabilities in U.S.-based critical infrastructure – particularly the energy, government, and aerospace sectors.” - Rewards for Justice
The scope of the malicious campaign highlights the potential wide-ranging objectives of the GRU cyber campaign and the ongoing threat posed by nation-state actors.
The Justice Department emphasized its commitment to holding accountable those responsible for Russia's malicious cyber activity. The indictment carries a maximum sentence of five years, but international cooperation remains crucial to apprehend Stigal.
The U.S. Department of State's Rewards for Justice program is offering a significant reward – up to $10 million – for information leading to Stigal's capture or the disruption of his cyber operations. This substantial reward underscores the seriousness of the charges and the international effort to dismantle Russia's cyber warfare apparatus.
This case serves as a stark reminder of the evolving cyber threat landscape. The destructive capabilities of malware like WhisperGate, coupled with the targeting of critical infrastructure necessitates vigilance and collaboration between governments and security professionals to defend against nation-state cyberattacks.
“Malicious cyber actors who attack our allies should know that we will pursue them to the full extent of the law,” said Erek L. Barron, U.S. Attorney for the District of Maryland. “Cyber intrusion schemes such as the one alleged threaten our national security, and we will use all the technologies and investigative measures at our disposal to disrupt and track down these cybercriminals.”
WhisperGate is a destructive malware that is seemingly designed like a ransomware, but it is not. Unlike ransomware, which encrypts data and demands a ransom for decryption, WhisperGate aimed to completely destroy data, rendering the infected systems inoperable. It first targeted Ukrainian organizations in January 2022 and ever since continues to remain on the list of top malware variants used to target Kyiv.
Key Points on WhisperGate: