03. 02. 2024 Massimo Giaimo SOCnews

SOC News | Feb 04 – AnyDesk Compromise

Starting February 1st, rumors regarding a possible compromise of AnyDesk began to circulate online.

These rumors became more insistent as the contents of the January 29 Release Notes were noted.

What initially appeared to be just normal maintenance activity on Anydesk’s infrastructure was later revealed to actually be a compromise.

AnyDesk has in fact made the situation official in a communication published on February 2 on its institutional website. As specified in the communication, the compromise concerned production servers and the consequence was the need to generate new certificates with which to sign AnyDesk executables.

How to react to this compromise?

As indicated by AnyDesk, it is essential to install the latest available version of the software, signed with the new certificates.
From a detection point of view, it’s also important to check whether any compromised versions of AnyDesk may be running in your environments. To do this, you can use the Yara rule made available by Florian Roth, which has already detected a compromised version on VirusTotal.

Further information is available on Bleeping Computer.

Massimo Giaimo

Massimo Giaimo

Team Leader Cyber Security at Würth Phoenix and Threat Intelligence Team Leader at Würth Group

Author

Massimo Giaimo

Team Leader Cyber Security at Würth Phoenix and Threat Intelligence Team Leader at Würth Group

Latest posts by Massimo Giaimo

01. 11. 2024 Threat Intelligence
Our Contribution to Mitre Att@ck
10. 09. 2024 Blue Team, SEC4U, SOCnews
SOC News | September 10 – New RaaS Group BloodForge
21. 03. 2024 SOCnews
SOC News | Mar 21 – IABs and Bulk Sales
20. 02. 2024 SOCnews
SOC News | Feb 20 – Lockbit Infrastructure Seizure
09. 02. 2024 SOCnews
SOC News | Feb 07 – FortiOS Critical Vulnerabilities
See All

Related Content

Tags: ,

30. 06. 2024 SOCnews

SOC News | June 30 – TeamViewer Victim of a Security Breach

TeamViewer, the popular remote access software developed by the company of the same name, discovered an irregularity in its internal IT environment on 26 June. They disclosed the potential breach in a statement the following day, stating that they had Read More
24. 05. 2024 SOCnews

SOC News | May 24 – Patch This Veeam Critical Vulnerability Now

On May 21, Veeam published details about four different vulnerabilities detected in their product Veeam Backup Enterprise Manager (VBEM). One of them is critical and allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface Read More
16. 05. 2024 SOCnews

SOC News | May 16 – Data stolen from SYNLAB published on the Dark Web

SYNLAB, European leader in medical diagnostic services, was the victim of a cyber attack last April. The compromised infrastructure is the one that runs Italians clinics only, other countries were not affected. In early May, ransomware group BlackBasta claimed responsibility Read More
30. 04. 2024 SOCnews

SOC News | Apr 30 – New Cyber Attacker Groups Detected

During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim Read More
26. 04. 2024 SOCnews

SOC News | Apr 26 – ArcaneDoor: A New Espionage Campaign

Cisco Talos identified a previously unknown state-sponsored actor behind ArcaneDoor, a sophisticated cyber espionage campaign targeting the perimeter network devices of several vendors. This actor is now tracked as UAT4356 by Talos and STORM-1849 by the Microsoft Threat Intelligence Center. The Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive