Thursday , June 5 2025
Anydesk

AnyDesk confirms breach: Release late Friday advisory

AnyDesk, a German remote access software company, has confirmed that their production systems were compromised in a security incident. They have 170,000 customers worldwide, including Comcast and Thales.

The company’s client logins were not working for three days. During this time, the company informed the customers about unexpected maintenance. According to the changelog, the company cancelled a code signing certificate on January 29th.That suggests its previous code signing certificate was compromised.

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Now on Friday, February 2, AnyDesk reported: “Following indications of an incident on some of our systems we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike…”

AnyDesk hacked: No ransomware, no details:

The incident wasn’t caused by ransomware, according to AnyDesk, a company established in 2014 with customers in 190 countries. They also stated that they have no evidence of end-user devices being affected.

“We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate” it added, in a distinctly detail-thin report.

Code-signing certificates, provided by a trusted third party like a certificate authority, contain software information. When the software is installed, the Operating System verifies the signature using the certificate to ensure it has not been altered. If the signature is invalid, it can be used to sign malware, making systems believe it is from a reliable source.

The company did not clearly say that its certificate was stolen. However, a security researcher named Florian Roth quickly made a YARA rule to find binaries that were signed with a possibly compromised certificate from AnyDesk. He found over 2300+ binaries signed with that certificate.

AnyDesk said: “We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly…

“Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices.
“As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere,” it added in its update.

AnyDesk did not provide any additional details or Indicators of Compromise and released the advisory at 11pm German time.

Security professional Jake Williams noted on X: “This is a strategic move considering they had taken systems offline several days ago. Transparent companies do not engage in such tactics.

He added: “Threat hunt in your environment anywhere you had AnyDesk installed for anomalous activity over at least the last 30 days. When the intrusion vector isn’t being shared, you have to presume they don’t yet know. Even if they know, it’s usually a leap to say what was accessed. Think about it: do you think a threat actor jumped onto one machine and pulled a code signing cert and that’s it? No? Oh, okay. Consider disabling AnyDesk in your environment, either by disabling the agent through GPO or blocking at a network level until more is known. I don’t have any inside knowledge on this particular incident. But I’ve worked plenty of incidents in my day and the reporting on this one stinks to high heaven.”

Check Also

Ticket

Ticket resaler exposed ​​520,054 records size of 200 GB

Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database with 520,054 records from an event ticket …

Leave a Reply

Your email address will not be published. Required fields are marked *