Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/20/2019
05:30 PM
50%
50%

TeamViewer Admits Breach from 2016

The company says it stopped the attack launched by a Chinese hacking group.

TeamViewer, a German software company specializing in remote access and desktop sharing software, announced that it suffered an attack, presumably from a Chinese hacking group, in 2016. According to the company, the attack was discovered and stopped at the time, with no evidence of damage or compromise found.

The attackers used Winnti, a backdoor Trojan known to have been developed and used by groups located in China. Now used by multiple Chinese hacking groups, the software is considered a reliable indicator that the attack originated within China.

Prior to the Winnti attack, TeamViewer saw a campaign of attacks against user accounts among its customers. The German publication Der Spiegel reported that the Winnti campaign was active inside TeamViewer since 2014, a claim that, in an email message to Dark Reading, TeamViewer said was possible, though they said that the attack didn’t become active until 2016, at which point they stopped the activity before any damage occurred.

Read more here.

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
0%
100%
RetiredUser,
User Rank: Ninja
5/22/2019 | 3:33:47 AM
Re: Clarification-No Breach
Personally I consider at the lowest level unauthorized access a "breach" but you're right that in this case, what we typically call a breach - exposure of data, infestation - doesn't seem to have occurred.  Perhaps the breach spin is good, however, as it raises awareness of a weak network and security policy that likely encouraged a quick change in security processes by TeamViewer.  It also raises awareness - in security there is no "old news" as some readers may mistake this to be; any company that may have trojans or other compromising code hidden in its products needs to step up and convince us otherwise.  The question here is have they convinced us?  
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/21/2019 | 2:17:06 PM
Clarification-No Breach
From the Read More: " found no evidence that customer data or other sensitive information had been stolen".... As such it would be a security incident and not a breach. Still alarming but not as detrimental to brand reputation based on how the company dealt with that incident. 
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
5/21/2019 | 1:25:11 PM
Suspect indeed
For the past two years, our department has waged a campaign against Teamviewer because it was judged in-secure and now this article verifies our actions.  Remove it from all endpoints and systems. 
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17545
PUBLISHED: 2019-10-14
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2019-17546
PUBLISHED: 2019-10-14
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
CVE-2019-17547
PUBLISHED: 2019-10-14
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVE-2019-17501
PUBLISHED: 2019-10-14
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen).
CVE-2019-17539
PUBLISHED: 2019-10-14
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.