Difference between revisions of "DBSA:2016-06021"

From Digibase Knowledge Base
Jump to: navigation, search
(Created page with "{{DBSAHEAD | TITLE=Teamviewer Compromise | KEYWORDS=teamviewer, remote administration, service compromise }} '''DBSA ID:''' {{PAGENAME}} '''Regarding:''' Teamviewer Compromi...")
 
Line 38: Line 38:
  
 
==Mitigation/Solution==
 
==Mitigation/Solution==
Users who are affected are advised to immediately disable and uninstall the software and to monitor their financial state and to advise Paypal or other financial institution connected to Teamviewer to require seperate authorization for questionable transactions. Users are further advised to treat all emails they receive with suspicion and to only log in to services using known good links.
+
Users who are affected are advised to immediately disable and uninstall the software and to monitor their financial state and to advise Paypal or other financial institution connected to Teamviewer to require seperate authorization for questionable transactions. Users are further advised to treat all emails they receive with suspicion and to only log in to services using known good links. Users who are unable to remove or disable the software are advised to forward this advisory to their System Administrator.
  
 
Users are further advised as soon as they can connect to the service, to change all passwords immediately, then again at 2 weeks after.
 
Users are further advised as soon as they can connect to the service, to change all passwords immediately, then again at 2 weeks after.
  
 
Users who are in use of the decentralized, traditional Teamviewer may wish to disable or uninstall the software to be safe.
 
Users who are in use of the decentralized, traditional Teamviewer may wish to disable or uninstall the software to be safe.
 +
  
 
==References==
 
==References==

Revision as of 01:40, 2 June 2016

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Teamviewer Compromise

Keywords: teamviewer, remote administration, service compromise

DBSA ID: 2016-06021

Regarding: Teamviewer Compromise

Writeup: Kradorex Xeron (talk) 01:33, 2 June 2016 (EDT)

Date: 2016 06 02

Last Modified: 20160602014007 by Kradorex Xeron

Who should take note: Teamviewer Users, Systems Administrators, Remote Support Personnel

Classification

Priority: HIGH

Rationale: Action must be taken immediately to isolate oneself from the incident.

Severity: HIGH

Rationale: Financial and user system security is at risk.

Spread of Issue: MULTI-PLATFORM HIGH

Rationale: Teamviewer is a popular software package deployed by numerous individuals, families and organizations to manage user systems remotely.

Description

Teamspeak is a software package for remote system management to enable system administrators, support personnel and helpers to remotely operate computer systems to ease management of the same. Teamviewer offers a centralized mechanism of their software that is managed by their servers to enable their users to manage multiple systems through a central portal. On 1 June 2016, it was detected that the Teamviewer central service infrastructure was taken offline followed by reports of customer paypal accounts having their funds stolen and other reports of systems being compromised running the software.

It is suspected that usernames, passwords, email addresses, customer financial details, system information have been compromised despite the vendor's indication.

Users and organizations who use Teamviewer seperate from this infrastructure and are not signed up with the vendor's centralized service do not appear to be affected at this time.

Mitigation/Solution

Users who are affected are advised to immediately disable and uninstall the software and to monitor their financial state and to advise Paypal or other financial institution connected to Teamviewer to require seperate authorization for questionable transactions. Users are further advised to treat all emails they receive with suspicion and to only log in to services using known good links. Users who are unable to remove or disable the software are advised to forward this advisory to their System Administrator.

Users are further advised as soon as they can connect to the service, to change all passwords immediately, then again at 2 weeks after.

Users who are in use of the decentralized, traditional Teamviewer may wish to disable or uninstall the software to be safe.


References