#FactCheck - Stunning 'Mount Kailash' Video Exposed as AI-Generated Illusion!

Executive Summary:

Recently PAN-OS software of Palo Alto Networks was discovered with the critical vulnerability CVE-2024-3400. It is the software used to power all their networks in the next generation firewalls. This  vulnerability is a common injection vulnerability which provides access to unauthenticated attackers to execute random code having root privileges on the attacked system. This  has been exploited actively by threat actors,  leaving many organizations at risk for severe cyberattacks. This report helps to understand the exploitation, detection, mitigations and recommendations for this vulnerability.

‍

‍

Understanding The CVE-2024-3400 Vulnerability:

CVE-2024-3400 impacts the particular version of PAN-OS and a certain configuration susceptible to this kind of a security issue. It is a command injection, which exists in the GlobalProtect module of the PAN-OS software. The vulnerability can be exploited by an unauthorized user to run any code on the firewall having root privileges.  This targets Active Directory database (ntds.dit), important data (DPAPI), and Windows event logs (Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx) and also login data, cookies, and local state data for Chrome and Microsoft Edge from specific targets leading attackers to capture the browser master key and steal sensitive information of the organization.

The CVE-2024-3400 has been provided with a critical severity rating of 10.0. The following two weaknesses make this CVE  highly severe:

1. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') 
2. CWE-20: Improper Input Validation.

‍

Impacted Products:

The affected version of PAN-OS by CVE-2024-3400 are-

Only the versions 10.2, 11.0, and 11.1, setup with GlobalProtect Gateway or GlobalProtect Portal are exploited by this vulnerability. Whereas the Cloud NGFW, Panorama appliances and Prisma Access are not affected.

Detecting Potential Exploitation: 

Palo Alto Networks has confirmed that they are aware of the exploitation of this particular vulnerability by threat actors. In a recent publication they have given acknowledgement to Volexity for identifying the vulnerability.  There is an increasing number of organizations that face severe and immediate risk by this exploitation. Third parties also have released the proof of concept for the vulnerability.

The suggestions were provided by Palo Alto Networks to detect this critical vulnerability. To detect this vulnerability, the following command shall be run on the command-line interface of PAN-OS device: 

grep pattern "failed to unmarshal session(.\+.\/" mp-log gpsvc.log*

This command looks through device logs for specific entries related to vulnerability. 

These log entries should contain a long, random-looking code called a GUID (Globally Unique Identifier) between the words "session(" and ")". If an attacker has tried to exploit the vulnerability, this section might contain a file path or malicious code instead of a GUID.

Presence of such entries in your logs, could be a sign of a potential attack to hack  your device which may look like:

• failed to unmarshal session(../../some/path)

A normal, harmless log entry would look like this:

• failed to unmarshal session(01234567-89ab-cdef-1234-567890abcdef)

Further investigations and actions shall be needed to secure the system in case the GUID entries were not found and suspicious.

Mitigation and Recommendations:

Mitigation of the risks posed by the critical CVE-2024-3400 vulnerability, can be accomplished by the following recommended steps:

• Immediately update Software:   This vulnerability is fixed in software releases namely PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all higher versions. Updating software to these versions will protect your systems fully against potential exploitation.
• Leverage Hotfixes: Palo Alto Networks has released hotfixes for commonly deployed maintenance releases of PAN-OS 10.2, 11.0, and 11.1 for the users who cannot upgrade to the latest versions immediately. These hotfixes do provide a temporary solution while you prepare for the full upgrade.
• Enable Threat Prevention:  Incase of available Threat Prevention subscription, enable Threat IDs 95187, 95189, and 95191 to block attacks targeting the CVE-2024-3400 vulnerability. These Threat IDs are available in Applications and Threats content version 8836-8695 and later.
• Apply Vulnerability Protection: Ensure that vulnerability protection has been applied in the GlobalProtect interface to prevent the exploitation on the device. It can be implemented using these instructions. 
• Monitor Advisory Updates: Regularly checking for  the updates to the official advisory of Palo Alto Networks. This helps to stay up to date of the new releases of the guidance and threat prevention IDs of CVE-2024-3400.
• Disable Device Telemetry – Optional:  It is suggested to disable the device telemetry as an additional  precautionary measure.
• Remediation: If there is an active exploitation observed, follow the steps mentioned in this Knowledge Base article by Palo Alto Networks. 

Implementation of the above mitigation measures and recommendations would be in a position to greatly reduce the risk of exploitation you might face from a cyber attack targeting the CVE-2024-3400 vulnerability in Palo Alto Networks' PAN-OS software.

Conclusion: 

The immediate response should be taken against the offensive use of the critical CVE-2024-3400 vulnerability found in the PAN-OS platform of Palo Alto Networks.  Organizations should actively respond by implementing the suggested mitigation measures such as upgrading to the patched versions, enabling threat prevention and applying vulnerability protection to immediately protect from this vulnerability. Regular monitoring, implementing security defense mechanisms and security audits are the necessary measures that help to combat emerging threats and save critical resources.

‍

Introduction

Emerging technologies in the digital era have made their inroads in manifold domains and locations, including the “Aviation industry”. A 2022 Cranfield University and Inmarsat report has made the point for digitalization powering a reviving age for the aviation industry. Several airport authorities are presently mobilizing power of emerging technologies such as Artificial Intelligence (AI) across the airport bedrock to provide travelers with a plain sailing and expeditious air travel experience.

The Perils of Juice-Jacking

Today, Universal Serial Bus (USB) charging ports are ubiquitous and a convenient way for travelers to keep their devices powered up. In their busy, mundane lives, people use the public charging facility while travelling. However, cybersecurity experts have warned that charging in public areas could wipe off data from an electronic device or install malware, and they have urged people to stay away from USB charging ports at airports and other public areas. This leads to the possibility that fraudsters may manipulate susceptible users via juice jacking.

Investigative journalist Brian Krebs in 2011 coined the term "Juice Jacking". It isa form of cyber attack where a public USB charging port is fiddled with and infected using hardware and software changes to pocket data or install malware on devices connected to it. The term “juice jacking” is a slang representation for electric power or energy, and “hijacking” indicates an unauthorized key toa device.

While the preliminary purpose of juice jacking is usually to pilfer sensitive information from corresponding devices, such as passwords and payment card details, attackers can exploit this stolen information to attain unauthorized to your financial accounts. If the adversary attacker installs malware in the electronic device during the juice jacking strategy, the attacker may further observe the individual's movements even after one has disconnected the device from the USB port. However, the hazards of Juice Jacking include malware infection, data heist, economic loss and damage to the reputation of an individual.

RedFlags from Agencies

In2023, the Federal Bureau of Investigation (FBI) forewarned travelers against using charging stations in public zones such as hotels, airports, and shopping malls due to malicious actors attempting to use the public USB to introduce monitoring software and malware into devices. The U.S. Federal Communications Commission (FCC) has also administered a new advisory regarding “juice jacking "and its possibility of launching a hushed cyber attack against a mobile gadget while one is charging the phone with a USB cord. Similarly, according to new research from International Business Machines (IBM) Security, many nation-state hackers are currently training their eyes on travelers.

RBI Advisory

Recently in 2024, The Reserve Bank of India (RBI) has likewise administered a warning statement to mobile phone users urging them against charging their devices using public ports. RBI has additionally accentuated the importance of safeguarding private and financial data while using mobile devices. Juice jacking is further cited as one of the scams in the RBI booklet on the modus operandi of financial fraudsters in the financial space.

Preventing juice jacking attacks

The routes to avoid Juice Jacking are to keep a tab on the USB devices, not use the public charging ports, update the phone software regularly, enable and utilize the software security measures of the device, use a USB pass-through device, a wall outlet, or a backup battery; never use unknown charging cables and use only the trusted security apps. It is further important to avoid using cables that are left behind by other travelers in any public space. Users can correspondingly turn off their devices before connecting to a wary charging port. Nevertheless, the absence of documented cases does not necessarily imply that users cannot be a target of such an attack and a warning is still recommended when securing personal gadgets with susceptible user data while using standard cables. Also, using a virtual private network (VPN) and assuring that devices have the updated security updates established can aid in mitigating the danger of cyber attacks. It is equally important to utilize the security features of your device, such as passcodes, fingerprints, or facial recognition, enabled to count as a supplementary layer of safeguard.

Conclusion

In the contemporary digital age, individuals, on the whole, need to be vigilant about “Cybersecurity hygiene” and avoid accessing susceptible data or conducting financial transactions on unsecured networks. Mobile phones or devices should run on the latest operating system, and antivirus software should be revamped to mitigate conceivable security susceptibilities.

References

• https://www.forbes.com/sites/suzannerowankelleher/2023/04/20/juice-jacking-malware-phone-airports-hotels/?sh=47adab7e82ed
• https://www.businessairportinternational.com/features/how-ai-is-improving-business-aviation-operations.html
• https://www.news18.com/business/juice-jacking-attack-scam-bank-frauds-india-8412037.html
• https://www.comparitech.com/blog/information-security/juice-jacking/
• https://blogs.blackberry.com/en/2023/04/juice-jacking-advisory
• https://www.thehindubusinessline.com/info-tech/juice-jacking-rbi-issues-warning-against-charging-mobile-phones-using-public-ports/article67895091.ece
• https://www.thehindu.com/sci-tech/technology/juice-jacking-how-hackers-target-smartphones-tethered-to-public-charging-points/article67026433.ece
• https://www.forbes.com/sites/suzannerowankelleher/2019/05/21/why-you-should-never-use-airport-usb-charging-stations/?sh=630f026a5955
• https://edition.cnn.com/2023/04/12/tech/fbi-public-charging-port-warning/index.html
• https://social-innovation.hitachi/en-in/knowledge-hub/hitachi-voice/digital-transformation/
• https://www.inmarsat.com/en/insights/aviation/2022/future-aviation-connectivity.html

Executive Summary:
‍

The ongoing conflict between Iran and the US-Israel has entered its 19th day. Meanwhile, a video is being widely shared on social media claiming that Iran is carrying out continuous drone attacks at Dubai International Airport. The clip shows visuals of massive fire and explosion However, research by the CyberPeace has found the claim to be misleading. Our research revealed that the video has been available on the internet since 2020. In reality, the footage shows a fire at a market in Ajman, UAE, and not explosions at Dubai Airport in 2026. Although there were recent reports of a fire near DXB (Dubai Airport) following a drone attack, this video is not related to that incident.

‍

Claim:

‍

On social media platform X (formerly Twitter), a user shared the viral video on March 17, 2026, writing:

“Dubai International Airport – Iran is dropping drones continuously.”

‍

Post link, archive link, and screenshot are given below:
‍

• https://x.com/i/birdwatch/t/2033797729860935707?source=6 
• https://ghostarchive.org/archive/A6jAv 

‍

‍

‍

Fact Check:

‍

To verify the viral claim, we extracted keyframes from the video and conducted a reverse image search using Google Lens. During the research, we found the same video on a YouTube channel, where it was uploaded on August 6, 2020. The caption read: “Ajman fruits and vegetables market caught in fire.”

• https://www.youtube.com/shorts/0wUIORMK5x8 

‍

‍

Based on this clue, it became clear that the viral video has no connection with the ongoing Iran-US-Israel conflict. In the next step, we searched using relevant keywords and found a report published on August 5, 2020, on the website of Gulf News, which contained visuals similar to the viral video.

• https://gulfnews.com/uae/watch-fire-breaks-out-in-ajman-market-1.73002373 

‍

‍

According to the Gulf News report, a major fire broke out at a public market in the new industrial area of Ajman at around 6:30 pm. The blaze was later brought under control by Ajman Civil Defence with assistance from teams in Dubai, Sharjah, and Umm Al Quwain.

‍

Conclusion:

‍

Our research found that the viral video has been online since 2020 and shows a fire at a market in Ajman, UAE. It is not related to any recent incident at Dubai Airport.

‍