Podcast Detail

SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9392.mp3

previous
Podcast Logo
Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail
00:00

Surge in Scans for Juniper “t128” Default User
Lasst week, we dedtect a significant surge in ssh scans for the username “t128”. This user is used by Juniper’s Session Smart Routing, a product they acquired from “128 Technologies” which is the reason for the somewhat unusual username.
https://isc.sans.edu/diary/Surge%20in%20Scans%20for%20Juniper%20%22t128%22%20Default%20User/31824

Vulnerable Verizon API Allowed for Access to Call Logs
An API Verizon offered to users of its call filtering application suffered from an authentication bypass vulnerability allowing users to access any Verizon user’s call history. While using a JWT to authenticate the user, the phone number used to retrieve the call history logs was passed in a not-authenticated header.
https://evanconnelly.github.io/post/hacking-call-records/

Google Offering End-to-End Encryption to G-Mail Business Users
Google will add an end-to-end encryption feature to commercial GMail users. However, for non GMail users to read the emails they first must click on a link and log in to Google.
https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses

no transcript found