Categories
News

With this cunning backdoor installer, hackers can take complete control of courtroom equipment.

📷 Shutterstock / Kanoktuch

Experts have alerted us to a malware-contaminated software update that records court sessions, giving persistent access to as-yet-unidentified threat actors.

Rapid7, cybersecurity researchers, found and notified the programme developers of the issue. Although the infection has now been eradicated, it is still unclear how the supply chain attack has affected things.

The application in question is known as JAVS Viewer 8, and it is a component of the JAVS Suite 8, a collection of software tools that courts use to record, play back, and organise audio and video from legal proceedings. Over 10,000 courtrooms in the US and other countries are utilising the software, according to its creators, Justice AV Solutions.

Not a single witness

According to Rapid7, an upgraded version of JAVS Viewer 8 was recently hosted on the javs.com website. It also included a backdoor that gave its makers continuous access to compromised machines. The version that was tainted, identified as 8.3.7, was removed from the website prior to April 1, 2024.

In their research, Rapid7 stated that “users who have version 8.3.7 of the JAVS Viewer executable installed are at high risk and should take immediate action.” “A backdoored installer in this version gives attackers complete control over impacted systems.”

At least 38 endpoints were contaminated, according to Ars Technica, and cleaning the gadget requires some work.

As a result of the discoveries, JAVS said that it has removed the malware: The business released a statement saying, “We removed every version of Viewer 8.3.7 from the JAVS website, reset all passwords, and carried out a thorough internal audit of all JAVS systems.” “We verified that every file that is now accessible on the JAVS.com website is authentic and virus-free. We also confirmed that this issue did not compromise any systems, certificates, JAVS Source code, or other software releases.

Categories
News

Good luck keeping the past hidden now—a significant database breach exposed the criminal records of millions of Americans online.

📷  Sora Shimazaki / Pexels

There is bad news for Americans who want to get behind their unlawful pasts: sensitive data on millions of convicted offenders has been leaked, according to researchers.

In a blog post, Malwarebytes describes how a group of hackers exposed a database believed to have 70 million rows of data, which included the criminal histories of millions of Americans.

We can infer that Malwarebytes’ researchers did not have direct access to this database based on the language used in the statement. Nevertheless, it was said to include details such as full names, birth dates, postal addresses, known aliases, dates of arrest, dates of conviction, sentences, and more.

Developing a new leak site

The database, which contains information created between 2020 and 2024, is relatively new. A single felony is represented by each row; it is not a list of all the crimes a person may have committed.

EquationCorp and USDoD, two well-known cybercriminals, released the data.

The researchers claim that the latter is a “high-profile player” in the world of data leaks and that Connor Fitzpatrick, also known as Pompompurin, is intimately connected to him.

In case you missed it, Pompompurin was the proprietor and chief administrator of BreachForums, which is the most well-known underground site worldwide for exchanging malware, stolen and leaked data, and other pirated files. Fitzpatrick was recently taken into custody and the forum dismantled.

According to Malwarebytes, USDoD intends to create a new leak forum like BreachForums, and making this data public may be a publicity gimmick to generate interest in the new website.

It is currently unknown when, how, or from whom the hackers obtained this material.
Regardless, our American readers who have a criminal record ought to be cautious about the emails they receive, particularly if they cite prior convictions, provide attachments or links, or require immediate action. The database will probably be used by hackers for social engineering and phishing scams.

Categories
News

Google Discovers Active Attack on May’s Fourth Chrome Zero-Day: Update Immediately

In response to a high-severity security vulnerability in its Chrome browser that it said has been used in the wild, Google released updates for the browser on Thursday.

The vulnerability, which has been assigned the CVE identifier CVE-2024-5274, is related to a type misunderstanding fault in the WebAssembly and JavaScript V8 engines. On May 20, 2024, Brendon Tiszka of Chrome Security and Clément Lecigne of Google’s Threat Analysis Group reported it.

Type confusion vulnerabilities happen when a programme tries to use a resource that isn’t compatible with its kind. Because it gives threat actors the ability to run arbitrary code, do out-of-bounds memory access, and cause a crash, it may have dangerous repercussions.

With the development, Google has now fixed four zero-day vulnerabilities this month, following CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.

Although it could not provide further technical information regarding the vulnerability, the tech giant did admit that it “is aware that an exploit for CVE-2024-5274 exists in the wild.” It is unclear whether the flaw is a workaround for CVE-2024-4947, a V8 type confusion fault.

Since the beginning of the year, Google has fixed eight zero-day vulnerabilities in Chrome with the most recent patch.

To reduce possible risks, users are advised to update to Chrome versions 125.0.6422.112/.113 for Windows and macOS and 125.0.6422.112 for Linux.

It’s also recommended that users of Chromium-based browsers like Vivaldi, Microsoft Edge, Brave, Opera, and Opera update the changes as soon as they become available.