SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail
6 snips
Apr 3, 2025 A surge in scans targeting the Juniper username 't128' raises concerns about potential vulnerabilities. Verizon's API flaw allowed unauthorized access to users' call logs, exposing serious privacy issues. Additionally, Google introduces end-to-end encryption for Gmail's business users, but with a caveat: non-Gmail recipients must jump through hoops to read encrypted messages, prompting debates about user security and phishing risks.
AI Snips
Chapters
Transcript
Episode notes
Juniper Security Check
- Check Juniper devices for the default "t128" username and "128 t routes" password combination.
- Add this combination to internal SSH scans to prevent unauthorized access.
Verizon API Vulnerability
- Verizon's API had a vulnerability that allowed access to call logs via an unauthenticated header.
- This classic vulnerability highlights the risk of relying on non-digitally signed data.
Call History Leaks
- Leaked call histories are a recurring problem with providers like Verizon, often due to web interface vulnerabilities.
- Be cautious about trusting phone numbers and SMS messages to remain private.