AnyDesk confirmed last week that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. It has been reported that source code and private code signing keys were stolen during the attack. (The Hacker News)
| “AnyDesk is a very popular and legitimate RMM tool that is commonly used by threat actors to establish persistence and perform nefarious activity. It should be concerning that credentials were obtained maliciously in that it poses a significant risk for entities that utilize AnyDesk on a daily basis. Using pre-existing AnyDesk instances creates less noise on a victim’s network and allows threat actors to covertly perform activities that may go unnoticed. In these situations, it is critical to follow the published recommendations such as performing updates/upgrades and forcing a password reset, as well as enforcing MFA for all users..” – Roman Weathermon, Tier 3 Cybersecurity Analyst at Ingalls Information Security |
The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered. (Cybernews)
A finance employee at an unnamed major multinational corporation has been fooled into transferring $200 million Hong Kong dollars (around $25.6 million) to scammers using deepfake technology to impersonate his colleagues. The AI-created simulacra of the man's fellow workers included a deepfake of the company's Chief Financial Officer (CFO), and Hong Kong police say the scam took place via a video conference call (as reported by CNN). (PC Gamer)
GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. (The Hacker News)
The cybersecurity researchers at Huntress have issued a warning about a recent surge in cyber attacks, highlighting a new strategy employed by cybercriminals who are exploiting TeamViewer to deploy LockBit ransomware. (Hackread)
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network. Researchers say in a report that the new malware “has only been used in a limited fashion” and it was a ransomware affiliate’s fallback when defense mechanisms blocked LockBit. (BleepingComputer)
Cisco Unified Communications customers are urged to patch this high-severity vulnerability or mitigate its risk. Cisco fixed a critical flaw this week that affects multiple Unified Communications and Contact Center Solutions products and could be exploited remotely by unauthenticated attackers to execute arbitrary code on impacted devices. Medium severity vulnerabilities have also been patched in Cisco Small Business Series Switches and Cisco Unity Connection. (CSO)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. (The Hacker News)
The U.S. National Security Agency is buying vast amounts of commercially available web browsing data on Americans without a warrant, according to the agency’s outgoing director. (TechCrunch)