May 24, 2024 at 04:31PM
Researchers at security firm Rapid7 discovered a backdoor in Justice AV Solutions (JAVS) audio-visual software used in over 10,000 courtrooms. The backdoor, suspected to be part of a supply chain attack, enabled attackers full system access. Rapid7 urges affected users to reinstall, reset credentials, and upgrade to a secure version to mitigate the threat. JAVS is working to address the issue and secure its software.
Key Takeaways from the Meeting Notes:
– Audio-visual software deployed in over 10,000 courtrooms faced a suspected supply chain attack, with researchers from Rapid7 uncovering a backdoor in Justice AV Solutions (JAVS) software, particularly JAVS Viewer v8.3.7.
– The threat, tracked as CVE-2024-4978 (8.7), requires affected systems to undergo a full re-imaging process, with a call to reimage any endpoints using the affected software and reset credentials for logged accounts during the installation period.
– The backdoor allowed attackers full access to infected systems, necessitating the resetting of credentials used in both local and remote accounts, as well as web browsers including sessions to thwart potential hijacks. Re-imaging should precede the installation of the latest safe version of the software (8.3.9 or later).
– Rapid7’s examination of the installer unveiled a binary named fffmpeg.exe, which provided remote access via a C2 server, facilitating the collection of system details and execution of obfuscated PowerShell scripts, designed to bypass anti-malware measures.
– The first signs of the issue appeared in early April with a threat intelligence researcher at S2W flagging malware on JAVS’s downloads page. Rapid7’s involvement commenced on May 10 after its MDR solution identified a suspicious file. Although the origin of the removal of the malware from the site and the appearance of a separate malicious installer is still unclear, JAVS states that its downloads page is now secure and advises users to verify digital signatures on JAVS software to ensure authenticity. JAVS also emphasized the importance of maintaining updated software, security patches, and employing robust security measures such as firewalls and malware protection.
– The number of affected users is currently unknown, and JAVS has been contacted for further information.
Please let me know if there is anything else you would like to add or modify in the takeaways.