#FactCheck - Viral Video of US President Biden Dozing Off during Television Interview is Digitally Manipulated and Inauthentic

Introduction

Social media platforms serve as an ideal breeding ground for cybercrime. A new fraud called ‘WhatsApp Pink’ has emerged, promising new features and an improved UI. Several law enforcement and government agencies have already issued severe caution against the program, which is used to hack mobile phones and steal personal information.

What is a pink WhatsApp Scam?

WhatsApp is on a roll with new features, but the messaging app is also experiencing an increase in a new type of scam. The WhatsApp Pink scam, as it is known, is gaining steam. Police and government organisations in several states, including Mumbai, Kerala, and Karnataka, have warned about the scam. A North Region cybercrime wing tweet warned, “WHATSAPP PINK – A Red Alert for Android Users.” The government’s cybersecurity organisations have warned about the rise in pink WhatsApp scams.

Scammers and hackers target WhatsApp users with fake messages via the network in this scam. According to reports, the message contains a link directing users to download WhatsApp Pink, a bogus messaging program. According to sources, scammers are targeting many people with the promise that the next version will have a better interface and additional features.

The application also steals critical financial information such as OTP, bank account information, and contact information. When people open the link, harmful software is installed on their mobile phones, and scammers get access to the phones. The user may even lose access to their phone by downloading the app.

According to the advisory

The news about ‘New Pink Look WhatsApp with extra features’ recently circulating among WhatsApp users is a hoax that can lead to hacking of your mobile through malicious software.” It is uncommon for fraudsters to devise new tricks and methods to entice naive consumers into falling into their trap and committing cyber fraud. It is the users’ responsibility to be Aware, Alert, and Attentive to these types of frauds in order to be safe and secure in the digital world.”

The link that is present in the message, according to a notice from the police, is a phishing effort. By clicking the link, the user runs the risk of having their device compromised, which might allow scammers to steal their device information or use it without their permission.

Users run the possibility of suffering negative outcomes if they click the Pink WhatsApp link, as the Mumbai Police have warned. These dangers include financial loss, identity theft, spam attacks, unauthorised access to contact information and saved images, and even total loss of control over mobile devices.

Guidelines against the Scam

• If a user has installed the fake WhatsApp, the authorities have instructed that they uninstall it immediately by going into the mobile settings, selecting WhatsApp with the pink logo in Apps, and then uninstalling it.
• Users have been advised to exercise caution when clicking links from untrustworthy websites unless they have previously verified their legitimacy. Users are advised to only download and update software from reliable sites such as the official Google Play Store, the iOS App Store, and so on.
• individuals using the site have been told not to send any links or communications to other persons until they have received proper authentication or verification.
• To avoid misuse, users are advised not to disclose any personal or financial information, including passwords, login information, and credit or debit card information, to anybody online. Furthermore, in order to defend themselves against fraud attempts, users are encouraged to stay up to date on the most recent news and changes in order to be informed and careful about cybercriminal activities.

Why do Scammer target WhatsApp

WhatsApp is the world’s most popular messaging service; it can reach out to considerably more prospective victims than it could with another tool. A scammer’s victims are almost certainly using WhatsApp. If all their victims are in one app, the criminal can easily handle their activities.

Conclusion

WhatsApp users may reduce their chances of being victims of the pink WhatsApp scam significantly by following the guidelines issued by the advisory. WhatsApp has become the primary target for scams, as there is a large number of the population using WhatsApp so it will be easy for the Scammer to steal critical personal information and target another victim through WhatsApp. The pink WhatsApp Scam is exactly like it.

Executive Summary:

Recently PAN-OS software of Palo Alto Networks was discovered with the critical vulnerability CVE-2024-3400. It is the software used to power all their networks in the next generation firewalls. This  vulnerability is a common injection vulnerability which provides access to unauthenticated attackers to execute random code having root privileges on the attacked system. This  has been exploited actively by threat actors,  leaving many organizations at risk for severe cyberattacks. This report helps to understand the exploitation, detection, mitigations and recommendations for this vulnerability.

‍

‍

Understanding The CVE-2024-3400 Vulnerability:

CVE-2024-3400 impacts the particular version of PAN-OS and a certain configuration susceptible to this kind of a security issue. It is a command injection, which exists in the GlobalProtect module of the PAN-OS software. The vulnerability can be exploited by an unauthorized user to run any code on the firewall having root privileges.  This targets Active Directory database (ntds.dit), important data (DPAPI), and Windows event logs (Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx) and also login data, cookies, and local state data for Chrome and Microsoft Edge from specific targets leading attackers to capture the browser master key and steal sensitive information of the organization.

The CVE-2024-3400 has been provided with a critical severity rating of 10.0. The following two weaknesses make this CVE  highly severe:

1. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') 
2. CWE-20: Improper Input Validation.

‍

Impacted Products:

The affected version of PAN-OS by CVE-2024-3400 are-

Only the versions 10.2, 11.0, and 11.1, setup with GlobalProtect Gateway or GlobalProtect Portal are exploited by this vulnerability. Whereas the Cloud NGFW, Panorama appliances and Prisma Access are not affected.

Detecting Potential Exploitation: 

Palo Alto Networks has confirmed that they are aware of the exploitation of this particular vulnerability by threat actors. In a recent publication they have given acknowledgement to Volexity for identifying the vulnerability.  There is an increasing number of organizations that face severe and immediate risk by this exploitation. Third parties also have released the proof of concept for the vulnerability.

The suggestions were provided by Palo Alto Networks to detect this critical vulnerability. To detect this vulnerability, the following command shall be run on the command-line interface of PAN-OS device: 

grep pattern "failed to unmarshal session(.\+.\/" mp-log gpsvc.log*

This command looks through device logs for specific entries related to vulnerability. 

These log entries should contain a long, random-looking code called a GUID (Globally Unique Identifier) between the words "session(" and ")". If an attacker has tried to exploit the vulnerability, this section might contain a file path or malicious code instead of a GUID.

Presence of such entries in your logs, could be a sign of a potential attack to hack  your device which may look like:

• failed to unmarshal session(../../some/path)

A normal, harmless log entry would look like this:

• failed to unmarshal session(01234567-89ab-cdef-1234-567890abcdef)

Further investigations and actions shall be needed to secure the system in case the GUID entries were not found and suspicious.

Mitigation and Recommendations:

Mitigation of the risks posed by the critical CVE-2024-3400 vulnerability, can be accomplished by the following recommended steps:

• Immediately update Software:   This vulnerability is fixed in software releases namely PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all higher versions. Updating software to these versions will protect your systems fully against potential exploitation.
• Leverage Hotfixes: Palo Alto Networks has released hotfixes for commonly deployed maintenance releases of PAN-OS 10.2, 11.0, and 11.1 for the users who cannot upgrade to the latest versions immediately. These hotfixes do provide a temporary solution while you prepare for the full upgrade.
• Enable Threat Prevention:  Incase of available Threat Prevention subscription, enable Threat IDs 95187, 95189, and 95191 to block attacks targeting the CVE-2024-3400 vulnerability. These Threat IDs are available in Applications and Threats content version 8836-8695 and later.
• Apply Vulnerability Protection: Ensure that vulnerability protection has been applied in the GlobalProtect interface to prevent the exploitation on the device. It can be implemented using these instructions. 
• Monitor Advisory Updates: Regularly checking for  the updates to the official advisory of Palo Alto Networks. This helps to stay up to date of the new releases of the guidance and threat prevention IDs of CVE-2024-3400.
• Disable Device Telemetry – Optional:  It is suggested to disable the device telemetry as an additional  precautionary measure.
• Remediation: If there is an active exploitation observed, follow the steps mentioned in this Knowledge Base article by Palo Alto Networks. 

Implementation of the above mitigation measures and recommendations would be in a position to greatly reduce the risk of exploitation you might face from a cyber attack targeting the CVE-2024-3400 vulnerability in Palo Alto Networks' PAN-OS software.

Conclusion: 

The immediate response should be taken against the offensive use of the critical CVE-2024-3400 vulnerability found in the PAN-OS platform of Palo Alto Networks.  Organizations should actively respond by implementing the suggested mitigation measures such as upgrading to the patched versions, enabling threat prevention and applying vulnerability protection to immediately protect from this vulnerability. Regular monitoring, implementing security defense mechanisms and security audits are the necessary measures that help to combat emerging threats and save critical resources.

‍

Introduction

A recent massive scam has been uncovered in the Indian state of Gujarat, where the Criminal Investigation Department (CID) has blacklisted 30,000 SIM cards that were used for illegal activities. The scam has created a huge uproar in the state, and its implications are significant. In this blog, we will discuss the details of the Gujarat scam and its impact on the state.

What is sim card fraud?

Sim card fraud occurs when someone uses a fake or cloned sim card to impersonate someone else. This allows the fraudster to gain access to sensitive information or conduct transactions on behalf of the victim. The use of fraudulent sim cards has become increasingly common in recent years, with scammers targeting individuals and businesses around the world.

The Gujarat Scam: The Gujarat scam involves the use of SIM cards for illegal activities such as extortion, blackmail, and cybercrime. The CID has identified that the SIM cards were obtained using fake documents and were used for illegal activities.  The scam has been happening for a while, involving several individuals, including businessmen, politicians, and government officials.

The CID has conducted raids across the state and has arrested several individuals involved in the scam. They have also seized a significant amount of cash, mobile phones, and other electronic devices used for illegal activities. The investigation is ongoing, and more arrests are expected in the coming days.

The Gujarat scam is not an isolated incident, as similar scams have been reported in other parts of the country. The Telecom Regulatory Authority of India (TRAI) has also reported that several telecom operators are not following the regulations and are not verifying the authenticity of documents used to obtain SIM cards.

Impact on the State: The Gujarat scam has caused significant damage to the state’s reputation, and it has also affected the economy. The scam has highlighted the lack of regulation in the telecom industry, and it has exposed the loopholes in the system that criminals are exploiting.

The blacklisting of 30,000 SIM cards will affect several individuals who may have obtained them legally but were unaware of their use for illegal activities. The blacklisting may also impact businesses that rely on mobile phones for their operations.

The scam has also raised concerns about personal information and data safety. With the use of fake documents to obtain SIM cards, it is evident that personal information is not secure and can be easily misused. The government needs to take steps to ensure that personal information is protected and that the telecom industry is regulated to prevent such scams from happening in the future.

Steps Taken by the Government: The Gujarat scam has prompted the government to take action to prevent such incidents from happening in the future. The government has announced that it will implement stricter regulations in the telecom industry to prevent the misuse of SIM cards. The government has also announced that it will introduce a system to verify the authenticity of documents used to obtain SIM cards.

The government has also urged citizens to be vigilant and report any suspicious activity related to the misuse of SIM cards. The government has assured citizens that it will take strict action against those involved in the scam and that it will ensure the safety of personal information and data.

The TRAI has also taken steps to address the issue. It has directed telecom operators to verify the authenticity of documents used to obtain SIM cards and to follow the regulations. The TRAI has also introduced a new system to identify and deactivate inactive SIM cards.

Here are some key takeaways from the Gujarat Sim scam: These takeaways should be kept in mind to prevent such incidents from happening in the future and to ensure the safety of citizens and businesses.

Need for Stricter Regulations: The Gujarat Sim scam has highlighted the need for stricter regulations in the telecom industry. The government needs to ensure that telecom operators follow the regulations and verify the authenticity of documents used to obtain SIM cards. This will help prevent the misuse of SIM cards and illegal activities.

Importance of Personal Information Security: The scam has raised concerns about personal information and data safety. It is important to ensure that personal information is protected and that the telecom industry is regulated to prevent such scams from happening in the future.

Impact on Reputation and Economy: The Gujarat scam has caused significant damage to the state’s reputation, and it has also affected the economy. The blacklisting of 30,000 SIM cards will impact several individuals who may have obtained them legally but were unaware of their use for illegal activities. The scam has also raised concerns about the safety of businesses that rely on mobile phones for their operations.

Need for Vigilance: The government has urged citizens to be vigilant and report any suspicious activity related to the misuse of SIM cards. It is important for citizens to be aware of the regulations and to report any illegal activities to prevent such incidents from happening in the future.

Strong Action Against Criminals: The blacklisting of 30,000 SIM cards and the arrests made by the CID sends a strong message to those involved in illegal activities that they will not be spared. It is important for the government to take strict action against those involved in the scam to deter others from engaging in such activities.

Conclusion

The Gujarat scam has exposed vulnerabilities in the telecom industry and highlighted the need for stricter regulations to prevent such incidents from happening in the future. The blacklisting of 30,000 SIM cards has sent a strong message to those involved in illegal activities that they will not be spared. The government’s efforts to implement stricter regulations and ensure the safety of personal information and data are commendable. It is now up to the citizens to be vigilant and report any suspicious activity to prevent such incidents from happening in the future.

The telecom industry plays a vital role in the country’s development, and it is important to ensure that it is regulated to prevent the misuse of its services. Overall, the Gujarat Sim scam has highlighted the need for stricter regulations, personal information security, vigilance, and strong action against criminals.

Reference:

https://timesofindia.indiatimes.com/city/ahmedabad/pre-activated-sim-cards-behind-phone-scamming/articleshow/98261346.cms

https://timesofindia.indiatimes.com/city/ahmedabad/cid-blacklists-30000-sim-cards-used-to-con-1-27-lakh-gujaratis-of-rs-815-crore/articleshow/98259398.cms