Critical Security Update: July 5, 2024 (TeamViewer, D-Link, Affirm, and Authy)
Critical Security Update
TeamViewer, D-Link, Affirm, and Authy
Risk 1: Low
Issue: Authy, a popular multi-factor authentication tool, recently had a breach that exposed the telephone numbers associated to its account holders. This is a huge risk to any account holder as that number can be linked to authentication methods.
Resolution: Anybody using Authy should immediately disable authentication through telephone call or SMS/text message. Authy will be sending out additional steps, but disabling these authentication methods is a critical first step in the interim.
Risk 2: High
Issue: Affirm recently acknowledged that credit card and credit card holder data was released during a breach at Evolve Bank & Trust, a third party connected to their services. The cardholder data has already been located on the Dark Web. These institutions also have historical connectivity to Relay, a financial service used heavily within the financial services industry.
Resolution: Users should reach out to Affirm, Evolve, Wise, or Bilt to determine next steps. Due to the timeliness of the breach, no details have been released publicly yet or restorative actions.
Risk 3: Medium
Issue: D-Link, a popular retail router manufacturer, has fallen victim to a large exploit connected to their router firmware allowing malicious users to gain access to and reset the router’s password.
Resolution: A fix has been deployed. Any D-Link user should immediately apply the updated firmware.
As a side note, this is now multiple vulnerabilities connected to D-Link, hardware that is typically designed for retail or home use. It is suggested that D-Link owners consider switching to an enterprise-level device.
Risk 4: High
Issue: TeamViewer, a popular screen-sharing and remote access service, was recently breached. TeamViewer has stated a malicious group in Russia was responsible. They also claim that no data or customer information was stolen.
Resolution: Users should immediately change their passwords and ensure that multi-factor authentication is enabled.
Announced Data Breaches
Ethereum Mailing List
HealthEquity
Authy
Formula 1
Patelco (Credit Union)
Evolve Bank & Trust
Prudential Financial
Infosys McCamish Systems
Agropur
TeamViewer
Ticketmaster
Polyfill