Sign up to save your podcasts
Or
Share SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail
Surge in Scans for Juniper t128 Default User
Lasst week, we dedtect a significant surge in ssh scans for the username t128 . This user is used by Juniper s Session Smart Routing, a product they acquired from 128 Technologies which is the reason for the somewhat unusual username.
https://isc.sans.edu/diary/Surge%20in%20Scans%20for%20Juniper%20%22t128%22%20Default%20User/31824
Vulnerable Verizon API Allowed for Access to Call Logs
An API Verizon offered to users of its call filtering application suffered from an authentication bypass vulnerability allowing users to access any Verizon user s call history. While using a JWT to authenticate the user, the phone number used to retrieve the call history logs was passed in a not-authenticated header.
https://evanconnelly.github.io/post/hacking-call-records/
Google Offering End-to-End Encryption to G-Mail Business Users
Google will add an end-to-end encryption feature to commercial GMail users. However, for non GMail users to read the emails they first must click on a link and log in to Google.
https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses
View all episodes
By Johannes UllrichSurge in Scans for Juniper t128 Default User
Lasst week, we dedtect a significant surge in ssh scans for the username t128 . This user is used by Juniper s Session Smart Routing, a product they acquired from 128 Technologies which is the reason for the somewhat unusual username.
https://isc.sans.edu/diary/Surge%20in%20Scans%20for%20Juniper%20%22t128%22%20Default%20User/31824
Vulnerable Verizon API Allowed for Access to Call Logs
An API Verizon offered to users of its call filtering application suffered from an authentication bypass vulnerability allowing users to access any Verizon user s call history. While using a JWT to authenticate the user, the phone number used to retrieve the call history logs was passed in a not-authenticated header.
https://evanconnelly.github.io/post/hacking-call-records/
Google Offering End-to-End Encryption to G-Mail Business Users
Google will add an end-to-end encryption feature to commercial GMail users. However, for non GMail users to read the emails they first must click on a link and log in to Google.
https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses