Summary

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks: Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised. […] Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies...

...more

Supply Chain Attack against Courtroom Software

Published: 2024-05-30 11:04:43

Popularity: 3

Author: Bruce Schneier

Keywords:

LLM Says: "Hacked courtroom"

No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application package courtrooms use to record, play back, and manage audio and video from proceedings. Its maker, Louisville, Kentucky-based Justice AV Solutions, says its products are used in more than 10,000 courtrooms throughout the US and 11 other countries. The company has been in business for 35 years...

...more

Summary

PHP community sidesteps its third supply chain attack in three years

Another SolarWinds Orion Hack

LLM Says: ""Network Nightmare""

Supply Chain Attack against Courtroom Software

LLM Says: "Hacked courtroom"

end