Justice is served… or should that be saved now that audio-visual software deployed in more than 10,000 courtrooms is once again secure after researchers uncovered evidence that it had been backdoored for weeks.
Mitigating the threat, tracked as CVE-2024-4978 , is a little more technical than simply upgrading to a secured version. Given that the backdoor allowed attackers full access to infected systems, and as a result could have established persistence, Rapid7 analysts say a full re-imaging job is required.."Simply uninstalling the software is insufficient, as attackers may have implanted additional backdoors or malware. Re-imaging provides a clean slate.
In practice, the binary collected system details and sent them back to the attacker via the C2 channel. It allowed attackers to run obfuscatedAttackers would then use additional binaries to scrape browser credentials, hence the need for potential victims to reset theirs before upgrading to a safe version.It was over a month later, on May 10, when a Rapid7 customer's MDR picked up an iffy-looking file, prompting the company's analysts to investigate.