← Cybersecurity Today
Cybersecurity Today
Cybersecurity Today: Unauthorized Scans, Signal App Usage, AI Image Risks, and a Missing Professor
00:10:18
In this episode, host Jim Love discusses a rise in unauthorized network scans targeting Juniper and Palo Alto devices, raising concerns about espionage and botnet activities. The podcast also delves into the controversial use of the Signal app by...
Loading summary
Transcript1 lines
- [00:02]
Jim Love
There's a surge in unauthorized scans targeting Juniper and Palo Alto network devices. The Signal app was used extensively by Mike Waltz's team. ChatGPT images are a security risk and the case of the Disappeared professor this is Cybersecurity Today. I'm your host Jim Love. Security researchers have detected a significant increase in unauthorized scanning activities targeting devices from Juniper Networks and Palo Alto Networks. These activities may indicate attempts at espionage, botnet recruitment, or exploitation of unknown vulnerabilities. Johannes Ulrich from the SANS Institute reported a surge in scans between March 23 and March 28, focusing on the default credentials of Juniper's session smart networking products. Approximately 3,000 unique IP addresses participated, many associated with known botnet activities. These routers, part of Juniper's software software defined WAN portfolio, retain default usernames and passwords if they're not changed, making them susceptible if not properly configured. Simultaneously, gray noise observed mass probing directed at the login portals of Palo Alto Network's Pan OS Global Protect Remote access products. Nearly 24,000 unique IP addresses attempted logins over 30 days, peaking at 20,000 daily attempts around March 26. Most of this activity is deemed suspicious, with 154 IP addresses classified as malicious. These patterns resemble previous espionage campaigns targeting network devices, raising concerns about potential undisclosed vulnerabilities. Utilizing these products are advised to change default credentials, apply the latest security patches, and above all, monitor network traffic for any unusual activities. Recent reports reveal that the National Security Adviser Mike Walsh's team has extensively used the encrypted messaging app's signal to coordinate official work on sensitive international issues, prompting concerns about the security and the legality of such communications. Although only one of these conversations was reported in the press, according to anonymous sources reported in Politico, Waltz's team established at least 20 signaled group chats addressing topics including Ukraine, China, Gaza, Middle east policy, Africa, and Europe, and these groups often comprised high level officials and in some instances discussed sensitive information. The widespread use of Signal, a publicly available messaging platform, by the National Security Council has raised some questions about adherence to federal regulations designed to protect national security information and ensure proper record keeping. Veteran national security officials have expressed concern that such practices may violate protocols intended to safeguard sensitive data from foreign adversaries. NSC spokesperson Brian Hughes acknowledged that Signal is permitted on government devices and is among the approved methods for unclassified communication. He emphasized that its use is not primary and that users are expected to preserve records appropriately and not let Signal delete these conversations. Hughes also stated that both the current and previous administrations have utilized the app. However, he firmly denied any claims that classified information was shared via signal, asserting that such allegations are 100% untrue. But we know that's semantics, as we can see in the report published in the Atlantic. And according to every security expert of any credibility, if what was discussed was not classified, it should have been. But the Secretary of Defense can apparently classify or declassify information, so legally it was not classified, in which case it was just sloppy and could have gotten people killed. Despite the semantics or the assurances, take your pick. The revelation of Signals Extensive use by Walser's team has intensified scrutiny over the administration's communication practices, especially following incidents where sensitive information was inadvertently disclosed. Critics argue that reliance on encrypted apps like Signal without stringent oversight could compromise national security and violate federal record keeping laws. One thing that is even more frightening, and every security pro knows this signal might be encrypted. But if anyone gained access to one of the phones in the conversation, they could have access to an enormous amount of secret, if not classified information. And in one case it was a journalist who had that access. We know of cases where both law enforcement and the Russian government have gained access to private Signal conversations in this manner. And given that one of the people on the infamous Signal conversation that was published in the Atlantic was actually in Russia at the time, there's better than even money that their phone was compromised. Which makes this revelation that this was not the only conversation even more scary. OpenAI's recent release of an advanced image generation tool within ChatGPT has sparked some concerns among cybersecurity experts about its potential exploitation by scammers to produce fraudulent documents and deceptive advertisements. One of the key things that Sam Altman announced when they showed off the new image generation was that OpenAI was going to relax some of the rules around this to make it more fun and to spur creativity. And as I noted in an earlier story, I was able to create a picture of me playing guitar with Elvis, and then I could get me beating Donald Trump at golf. If he can cheat, so can I. But this has opened up another, darker side. The integration of image generation capabilities into ChatGPT has enabled users to create realistic images, but also fake receipts, employment offers, and promotional materials for cryptocurrency investments. In tests conducted by Axios, the tool was able to generate a counterfeit receipt from a coffee shop, complete with the company's logo, although it took some specific prompting. Additionally, it produced a fabricated employment agreement from Apple and a social media advertisement encouraging bitcoin investments, cybersecurity professionals are warning that such capabilities could be leveraged by malicious actors to craft fraudulent documents, potentially facilitating scams or unauthorized access to sensitive systems. Dorial Abrahams, a principal technologist at Fortor, noted that the tools designed to enhance user efficiency could also be misused to make fraudulent schemes appear more legitimate. While OpenAI has implemented safeguards to prevent the generation of certain sensitive documents, such as official identification cards, you can't get a driver's license produced by it. But testers found that with specific prompting, the tool could produce templates that might be adapted for deceptive purposes. OpenAI acknowledges the challenges and emphasizes its commitment to monitoring and refining the system to mitigate misuse. But as AI generated content becomes more prevalent, experts stress the importance of vigilance and the development of robust detection mechanisms to counteract potential fraudulent activities facilitated by such advanced tools. And finally, a mystery A prominent cybersecurity professor at Indiana University who was abruptly fired and disappeared from public view has not been detained or charged with any crime. Attorney Jason Covert confirmed to Reuters that Professor Zhu Feng Wang and his wife, Nianli Ma, have not been arrested and there are no pending criminal charges against them. The couple has been the subject of widespread speculation after the FBI and Homeland Security agents searched two homes linked to them on March 28th. The same day, Wang's employment at his university was terminated and his profile and his wife's were both deleted from the university website. Rumors quickly spread across the cyber security community, with some believing the couple had been detained. Colleagues and students expressed concern after being unable to reach them. Wang, who earned recognition as a leading expert in cybersecurity, has been a professor at the university since 2004. Ma was also employed at the university as a lead systems analyst and a programmer at the university's main library. A spokesperson for the FBI Indianapolis office confirmed agents conducted a court authorized operation, but declined to disclose the nature of the investigation. The Department of Homeland Security did not respond to requests for comment, but Wang has issued a statement through his lawyers, who said the couple is grateful for the support they've received from peers and the academic community. They look forward to clearing their names and resuming their successful careers at the conclusion of this investigation, he said. He declined to comment on their current location, but legal action is underway to uncover more details. On April 1, Stanford University researcher Rihanna Peffercorn filed a motion to unseal a federal warrant and affidavits used to authorize the searches. A judge has ordered the U.S. attorney's office to respond by April 17. Until then, or until the next notice from their attorney. The mystery continues. And that's our show for today. We won't be disappearing this weekend. We have our month in review panel with some new special guests. Hopefully you'll get a chance to listen in, but if not, we'll be back next week. And David Shipley will once again be sitting in on Monday. And I'll be back midweek. I'm your host, Jim Love. Thanks for listening.