GeoVision

GeoVision, a provider of surveillance and security equipment, has been the target of a cyberattack where a zero-day vulnerability identified as CVE-2024-11120 was exploited in their end-of-life devices. This pre-auth command injection flaw allowed attackers to remotely execute arbitrary commands on the devices. As a result, around 17,000 devices, primarily in the United States, have been compromised to carry out DDoS and cryptomining operations. The economic implications of this attack have yet to be fully realized, but with such a large number of devices affected, there is a risk of significant business disruption and potential long-term reputation damage.

Source: https://securityaffairs.com/171067/malware/ddos-botnet-exploits-geovision-zero-day.html

TPRM report: https://www.rankiteo.com/company/targeted-geovision-llc

"id": "tar000111824",
"linkid": "targeted-geovision-llc",
"type": "Vulnerability",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'Surveillance and Security',
                        'location': 'Primarily United States',
                        'name': 'GeoVision',
                        'type': 'Provider of surveillance and security '
                                'equipment'}],
 'attack_vector': 'Command Injection',
 'description': 'GeoVision, a provider of surveillance and security equipment, '
                'has been the target of a cyberattack where a zero-day '
                'vulnerability identified as CVE-2024-11120 was exploited in '
                'their end-of-life devices. This pre-auth command injection '
                'flaw allowed attackers to remotely execute arbitrary commands '
                'on the devices. As a result, around 17,000 devices, primarily '
                'in the United States, have been compromised to carry out DDoS '
                'and cryptomining operations. The economic implications of '
                'this attack have yet to be fully realized, but with such a '
                'large number of devices affected, there is a risk of '
                'significant business disruption and potential long-term '
                'reputation damage.',
 'impact': {'brand_reputation_impact': 'Potential long-term reputation damage',
            'operational_impact': 'Significant business disruption and '
                                  'potential long-term reputation damage',
            'systems_affected': '17,000 devices'},
 'motivation': ['DDoS', 'Cryptomining'],
 'title': 'GeoVision Cyberattack',
 'type': 'Cyberattack',
 'vulnerability_exploited': 'CVE-2024-11120'}

GeoVision

The Apache Software Foundation: Critical Apache bRPC Framework Vulnerability Let Attackers Crash the Server

Truffle Security Co.: Public GitLab repositories exposed more than 17,000 secrets

OpenJS Foundation: Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk