Widely used Justice AV Solutions Viewer courtroom recording software has been subjected to a supply chain attack involving the deployment of a backdoor that enabled total system takeover, according to The Record, a news site by cybersecurity firm Recorded Future.
Attackers have leveraged the vulnerability, tracked as CVE-2024-4978, to compromise all versions of JAVS Viewer 8.3.7 downloaded from the vendor's site that had been signed by Vanguard Tech Limited with malware that would facilitate data exfiltration to a controlled command-and-control server, a report from Rapid7 revealed.
Such findings, which come more than a month after the issue was initially disclosed by a threat intelligence researcher on X, formerly Twitter, should prompt impacted organizations to reimage all endpoints with the software, as well as conduct a thorough reset of credentials, noted Rapid7.
Meanwhile, JAVS has already removed all affected versions of the software and audited its systems while emphasizing that none of its source code, certificates, and systems were affected by the incident.