TeamViewer Confirms Network Breach, Accidental Microsoft Leak: Your Cybersecurity Roundup

Cybersecurity news banner with network breach headline

TeamViewer Confirms Corporate Network Breach by Russian State Hackers

TeamViewer, a leading global provider of remote access and control software, has confirmed a targeted cyberattack on its internal corporate IT environment, attributed to the notorious Russian state-sponsored hacking group APT29, also known as Midnight Blizzard.

The breach, initially detected on June 26, 2024, involved the compromise of an employee account, granting the attackers access to employee directory data, including names, contact information, and encrypted passwords. However, TeamViewer assures that the incident was swiftly contained and did not extend to its product environment, the TeamViewer connectivity platform, or any customer data.

This attack follows a pattern of APT29 targeting tech companies, notably Microsoft and Hewlett Packard Enterprise, to gain access to sensitive information and potentially exploit supply chains. The group is known for its advanced espionage capabilities and persistent efforts to remain under the radar while carrying out bold operations.

TeamViewer has taken immediate action to address the incident, collaborating with Microsoft and cybersecurity experts to investigate and remediate the breach. The company has also informed relevant authorities and is working to strengthen its internal security measures to prevent future attacks.

Accidental Microsoft Leak Exposes PlayReady DRM Code, Raises Concerns for Streaming Services

A Microsoft engineer inadvertently leaked internal code related to PlayReady, the company’s digital rights management system for media files, on a public forum. This 4GB leak could potentially allow for the reverse engineering or cracking of PlayReady’s encryption, output protection, and DRM features, potentially impacting major streaming services like Netflix and HBO Max. 

The leaked code was discovered in a file attached to a post about an Apple TV service crash. Researchers were able to build the Windows PlayReady DLL library from the leaked code, and they also identified vulnerabilities in PlayReady’s Protected Media Path components. These vulnerabilities could potentially allow attackers to decrypt high-definition movies and access content keys on Windows 10 and 11 systems.

Microsoft removed the forum post after being notified of the leak, but the incident raises serious concerns about the security of PlayReady and the potential impact on the video streaming industry. 

Google Chrome to Sever Ties with Entrust Certificates Due to Repeated Security Lapses

Google has announced a significant decision to distrust certificates issued by Entrust, a major certificate authority, in its Chrome browser starting November 1, 2024. This move comes after years of documented concerns regarding Entrust’s compliance failures and inadequate response to security incidents.

The decision highlights the critical role certificate authorities play in maintaining the security and integrity of the internet. Entrust’s perceived inability to uphold the high standards expected of a trusted CA has eroded confidence in its ability to safeguard encrypted connections between browsers and websites.

Google’s Chrome security team emphasised a pattern of concerning behaviour from Entrust, including a failure to fulfil commitments made in policy and in response to publicly disclosed incidents. This pattern, they argue, poses risks to the broader internet ecosystem and necessitates the removal of default trust in Entrust certificates.

While this change will primarily affect Chrome users on Windows, macOS, ChromeOS, Android, and Linux, those on iOS and iPadOS will remain unaffected due to Apple’s specific policies. Users accessing websites with Entrust certificates will encounter a warning message indicating an insecure connection.

Website operators relying on Entrust certificates are strongly advised to transition to a different publicly-trusted certificate authority before the November 1st deadline to avoid potential disruptions and maintain secure user connections.