Wednesday , April 2 2025
Anydesk

AnyDesk confirms breach: Release late Friday advisory

AnyDesk, a German remote access software company, has confirmed that their production systems were compromised in a security incident. They have 170,000 customers worldwide, including Comcast and Thales.

The company’s client logins were not working for three days. During this time, the company informed the customers about unexpected maintenance. According to the changelog, the company cancelled a code signing certificate on January 29th.That suggests its previous code signing certificate was compromised.

Check Point said BreachForum post old data

Israeli cybersecurity firm Check Point has responded to a hacker who claimed to have stolen valuable information from its systems....
Read More
Check Point said BreachForum post old data

Apple Warns of 3 Zero Day Vulns Actively Exploited

Apple has issued an urgent security advisory about 3 critical zero-day vulnerabilities—CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085—that are being actively exploited in...
Read More
Apple Warns of 3 Zero Day Vulns Actively Exploited

24,000 unique IP attempted to access Palo Alto GlobalProtect portals

GreyNoise has detected a sharp increase in login scanning aimed at Palo Alto Networks PAN-OS GlobalProtect portals. In the past...
Read More
24,000 unique IP attempted to access Palo Alto GlobalProtect portals

CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw

Canon has announced a critical security vulnerability, CVE-2025-1268, in printer drivers for its production printers, multifunction printers, and laser printers....
Read More
CVE-2025-1268  Patch urgently! Canon Fixes Critical Printer Driver Flaw

Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

RamiGPT is an AI security tool that targets root accounts. Using PwnTools and OpwnAI, it quickly navigated privilege escalation scenarios...
Read More
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

Australian fintech database exposed in 27000 records

Cybersecurity researcher Jeremiah Fowler recently revealed a sensitive data exposure involving the Australian fintech company Vroom by YouX, previously known...
Read More
Australian fintech database exposed in 27000 records

Over 200 Million Info Leaked Online Allegedly Belonging to X

Safety Detectives' Cybersecurity Team found a forum post where a threat actor shared a .CSV file with over 200 million...
Read More
Over 200 Million Info Leaked Online Allegedly Belonging to X

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

Now on Friday, February 2, AnyDesk reported: “Following indications of an incident on some of our systems we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike…”

AnyDesk hacked: No ransomware, no details:

The incident wasn’t caused by ransomware, according to AnyDesk, a company established in 2014 with customers in 190 countries. They also stated that they have no evidence of end-user devices being affected.

“We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate” it added, in a distinctly detail-thin report.

Code-signing certificates, provided by a trusted third party like a certificate authority, contain software information. When the software is installed, the Operating System verifies the signature using the certificate to ensure it has not been altered. If the signature is invalid, it can be used to sign malware, making systems believe it is from a reliable source.

The company did not clearly say that its certificate was stolen. However, a security researcher named Florian Roth quickly made a YARA rule to find binaries that were signed with a possibly compromised certificate from AnyDesk. He found over 2300+ binaries signed with that certificate.

AnyDesk said: “We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly…

“Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices.
“As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere,” it added in its update.

AnyDesk did not provide any additional details or Indicators of Compromise and released the advisory at 11pm German time.

Security professional Jake Williams noted on X: “This is a strategic move considering they had taken systems offline several days ago. Transparent companies do not engage in such tactics.

He added: “Threat hunt in your environment anywhere you had AnyDesk installed for anomalous activity over at least the last 30 days. When the intrusion vector isn’t being shared, you have to presume they don’t yet know. Even if they know, it’s usually a leap to say what was accessed. Think about it: do you think a threat actor jumped onto one machine and pulled a code signing cert and that’s it? No? Oh, okay. Consider disabling AnyDesk in your environment, either by disabling the agent through GPO or blocking at a network level until more is known. I don’t have any inside knowledge on this particular incident. But I’ve worked plenty of incidents in my day and the reporting on this one stinks to high heaven.”

Check Also

million

Oracle refutes breach after hacker claims 6 million data theft

A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud …

Leave a Reply

Your email address will not be published. Required fields are marked *