A swift fix for a serious router bug.

Juniper issues an emergency patch for its routers. A compromised helpdesk portal sends out phishing emails. Prudential updates the victim count in their February data breach. Rapid7 finds trojanized software installers in apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high WiFi network. Florida Man's Violent Bid for Bitcoin Ends Behind Bars. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). A scholarship scammer gets a one-way ticket home.

Today is Monday July 1st, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Juniper issues an emergency patch for its routers. 

Juniper Networks issued emergency patches for a critical vulnerability (CVE-2024-2973) affecting its routers, urging users to apply them immediately. The authentication bypass flaw scored a perfect 10 on both CVSS 3.1 and CVSS 4 systems, highlighting its severity. This bug allows attackers to bypass authentication and take full control of affected devices, particularly in high-availability redundant configurations. Impacted products include the Session Smart Router, Session Smart Conductor management platform, and WAN Assurance Routers. Although no exploits have been reported, Juniper’s urgent patch release indicates serious concern. Upgrading Conductor nodes automatically applies security fixes to connected routers, though individual router upgrades are still recommended. Juniper says the fixes are non-disruptive to production traffic.

A compromised helpdesk portal sends out phishing emails. 

Mercku, a Canadian router manufacturer, has a compromised helpdesk portal sending MetaMask phishing emails in response to support tickets, BleepingComputer reports. When users submit support requests, they receive phishing emails titled "Metamask: Mandatory Metamask Account Update Required." The email falsely instructs users to update their MetaMask account within 24 hours to avoid losing access. The phishing link uses deceptive URL formatting to appear legitimate but redirects users to a malicious site. BleepingComputer contacted Mercku about the issue, and is advising users to avoid the support portal and ignore related emails. MetaMask, a popular cryptocurrency wallet, often attracts phishing attempts.

Prudential updates the victim count in their February data breach. 

A February 2024 data breach at Prudential Financial has compromised the personal information of over 2.5 million individuals, the company revealed in an updated notification. Initially disclosed in February, Prudential first reported that 36,000 individuals might be affected. The compromised data includes names, addresses, driver’s license numbers, and non-driver ID card numbers. Prudential discovered the breach on February 5 and launched an investigation with external experts. A class action lawsuit was filed in June, and the Alphv/BlackCat ransomware group claimed responsibility. Prudential is offering two years of free credit monitoring to those affected.

Rapid7 finds trojanized software installers in apps from a popular developer in India. 

On June 18, 2024, Rapid7 investigated suspicious activity linked to Notezilla, RecentX, and Copywhiz installers from Conceptworld, a software supplier based in India.  These installers were found trojanized, embedding information-stealing malware. Rapid7 disclosed the issue to Conceptworld on June 24, which promptly removed the malicious installers and replaced them with legitimate versions. The malware targeted browser credentials, crypto wallets, and logged keystrokes, persisting via a scheduled task. Affected users should check for signs of compromise and consider re-imaging their systems. The malicious installers have been distributed since early June 2024, while the malware family, dubbed dllFake, has been active since January 2024. Rapid7 advises verifying software integrity and checking for infection indicators like hidden tasks and unusual network connections.

Australian authorities arrest a man for running a fake mile-high WiFi network. 

Australia’s Federal Police (AFP) charged a man for running fake Wi-Fi networks on a commercial flight to harvest fliers’ credentials. Flight crew members reported a suspicious Wi-Fi network during a domestic flight, leading to the man’s arrest. He was found with a portable wireless access device, laptop, and phone. A search of his home revealed more evidence. The suspect allegedly created Wi-Fi hotspots with SSIDs similar to airline networks, tricking users into providing email and social media credentials. The AFP charged him with unauthorized access and dishonest dealings. No evidence suggests he used the data, but charges imply intent. The AFP advises using VPNs and avoiding sensitive apps on public Wi-Fi. The accused was released on bail with internet restrictions.

Florida Man's Violent Bid for Bitcoin Ends Behind Bars. 

The U.S. Justice Department has convicted Remy Ra St. Felix, a 24-year-old from Florida, for leading a violent gang targeting cryptocurrency holders. The gang's primary strategy involved home invasions and physical coercion to steal victims' crypto assets. Their most notorious crime involved breaking into the home of an elderly couple in North Carolina, where they physically assaulted the victims and forced them to transfer over $150,000 in bitcoin and ether.

The gang, consisting of over a dozen members, executed a series of brutal attacks across four states—Florida, Texas, North Carolina, and New York. Their tactics included armed robberies, death threats, beatings, torture, and even kidnapping. Despite their extreme measures, their success was limited. They managed to extort significant sums only in a few instances, with the six-figure theft from the North Carolina couple being their most notable haul.

Court documents reveal the gang's formation in 2021, orchestrated primarily via Telegram. Their operations included dressing as construction workers to deceive victims and conditioning targets with frequent pizza deliveries. One of their attacks in Texas involved binding a family with zip ties, hitting them, and using hot irons and other torture methods. Another failed attempt involved a break-in at a home they mistakenly thought was occupied, only to find it was an empty rental property.

St. Felix and his gang continued planning further attacks until St. Felix’s arrest in July 2023 in New York, where he was found with an AK-style rifle and zip ties in his vehicle. Cell tower records, bank transactions, and Google cloud storage records helped identify St. Felix as the ringleader. Cryptocurrency tracing efforts revealed attempts to obfuscate stolen funds using crypto exchanges but ultimately linked the transactions back to him.

The risk-reward balance for such violent crimes proved unfavorable for St. Felix and his crew. They face severe legal consequences, with St. Felix potentially serving a life sentence. The case underscores the growing threat of physical crypto theft and the importance of robust security measures for crypto holders. Security experts advise maintaining privacy, adding technical hurdles to transferring large sums, and being cautious with personal information to mitigate the risk of such attacks.

A tip of the hat to the DOJ and FBI in rounding up these crooks. Looks like they’ll be trading in their crypto wallets for prison jumpsuits.

 

Next up, I’m joined byN2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). 

You can find links to Rick’s full episode and accompanying essay in the show notes. Also, if you are not an N2K CyberWire Pro subscriber, you can still catch the first half of the episode as a preview by checking out the link in the show notes. 

 

A scholarship scammer gets a one-way ticket home. 

Aryan Anand, a 19-year-old Indian student, scammed his way into a scholarship at Lehigh University. Anand fabricated numerous documents, including a fake death certificate for his father, to bolster his application for admission and financial aid at Lehigh. He created a phony school domain and email addresses, posing as his school principal to add credibility to his forged Class 12 transcripts. Using ChatGPT, he crafted compelling admission essays and even managed to pass exams

Anand’s scheme unraveled after he bragged about his exploits on Reddit under an alias. His post, titled “I have built my life and career on lies and fraud,” caught the eye of a vigilant moderator. The moderator's investigation revealed Anand's real identity and led to his expulsion and arrest. Lehigh University and authorities took swift action, resulting in Anand's deportation. One Redditor summed it up: “My man was an absolute genius, a dumbass, a foreshadower all at the same time.” 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.