Vulnerability Management, Critical Infrastructure Security, Supply chain

Supply chain attack hits courtroom recording platform

Source PC website developer. Real software development code. JavaScript code in text editor. Computer interface. Abstract technology background. Java Software engineer concept.

Widely used Justice AV Solutions Viewer courtroom recording software has been subjected to a supply chain attack involving the deployment of a backdoor that enabled total system takeover, according to The Record, a news site by cybersecurity firm Recorded Future.

Attackers have leveraged the vulnerability, tracked as CVE-2024-4978, to compromise all versions of JAVS Viewer 8.3.7 downloaded from the vendor's site that had been signed by Vanguard Tech Limited with malware that would facilitate data exfiltration to a controlled command-and-control server, a report from Rapid7 revealed.

Such findings, which come more than a month after the issue was initially disclosed by a threat intelligence researcher on X, formerly Twitter, should prompt impacted organizations to reimage all endpoints with the software, as well as conduct a thorough reset of credentials, noted Rapid7.

Meanwhile, JAVS has already removed all affected versions of the software and audited its systems while emphasizing that none of its source code, certificates, and systems were affected by the incident.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.