[German]After I had been researching on the "suspected case" of the AnyDesk hack for a week, which was confirmed as a "successful cyberattack" on Friday, February 2, 2024, the BSI finally published a notification with TLP:CLEAR on February 5, 2024. The threat level is classified as "2 / Yellow" – as of January 29, 2024, this was still classified as TLP:Amber-Strict. Here is a brief summary of what the BSI is telling its readers.
[German]I've been working on the "suspected case" of the AnyDesk hack since a week, which was confirmed as a "successful cyberattack" on Friday, February 2, 2024. At the weekend, I wrote up my findings in four articles (see links at the end of the article). I would now like to add a few more thoughts and tips for readers as a kind of follow-up.
[German]With regard to the AnyDesk hack, I am currently being constantly overtaken by reality. The credentials of AnyDesk customer accounts are already being offered for sale in the internet. Here is the new development, I would like to take this opportunity to thank the reader for pointing this out. Addendum: The data set is from an old breach.
[German]Following confirmation that the provider of remote maintenance software, AnyDesk, was the victim of a hack that also affected production systems, I have prepared some information in Part 1 and Part 2 of my series of articles (AnyDesk confirmed, they have been hacked in January 2024, Production systems affected – Part 1). In Part 3, I address topics that were brought to my attention by readers. It deals with unauthorized access attempts and sudden communication of the client with foreign URLs. Although I now classify these as "false alarms", the discussion may help some readers with their interpretation. And there is probably a first malware find. Below is a summary of these points.
[German]I'm posting an issue that has been annoying iOS 17.x users for months when they use shared calendars. Created entries are displayed as invitations, but they can no longer be edited or accepted. Users have been complaining about this for over 3 months, but to my knowledge the issue has not yet been resolved.
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
[German]In my blog post AnyDesk confirmed, they have been hacked in January 2024, Production systems affected – Part 1 I compiled the information officially published by AnyDesk and a brief history. However, I've been working on this topic for a few days now and in the meantime I've received a few tidbits of information that have led to further insights, questions and speculation. Below is a compilation of these points.
[German]My fears have been confirmed. The days-long "maintenance" of the AnyDesk websites is the result of a cyber attack. AnyDesk's production systems have been hacked. All AnyDesk software must be considered compromised. After the German CERT (BSI) sent out a confidential warning to users of critical infrastructures, I have received finally the incident report from AnyDesk. Below I have put together all the information I now have in one article.
[German]Are the developers of Windows 11 working on an implementation of the sudo command familiar from Linux? At least there is an option to enable sudo in the developer settings of the new Windows 11 Insider Preview builds. Whether the sudo implementation known from Linux and macOS will make it to users, however, remains to be seen.
[German]US company Cloudflare, which provides a CDN, security services and DNS services, was hacked in November 2023. The attackers were able to access an Atlassian server using an authentication token and gain access to the Confluence wiki, the Jira bug database and the Bitbucket source code management system. It is assumed that it is state hackers who are responsible for the attack.
[German]Security issues in Ivanti products are ongoing. In January 2024, the provider had to disclose two new security vulnerabilities in Ivanti Connect Secure. These are CVE-2024-21888 (privilege escalation to admin) and CVE-2024-21893 (SSRF to access "restricted resources"). So far, there have only been mitigation measures – but Ivanti released security updates a few hours ago.
MVP:
2013 – 2016
WIMVP:
2017 – 2020
