In a recent security breach, AnyDesk, an enterprise remote software platform used by major firms such as Raytheon and Samsung, confirmed that hackers gained unauthorized access to its production systems. The breach exposed a large amount of source code and code signing certificates. AnyDesk detected compromised systems during a security audit and promptly constructed a plan of remediation and response. The company has revoked or replaced the necessary security-related certificates and systems, and is developing replacement code signing certificates. AnyDesk also made the decision to revoke passwords to its web portal and has advised customers to change their credentials to mitigate further risk. The breach occurred sometime before a four-day outage starting on January 29, when the ability to log in to the AnyDesk client was disabled. Currently, AnyDesk states that there is “no evidence that any end-user devices have been affected” and that the situation is under control
Get the scoop on AnyDesk’s security breach affecting big companies
Latest from Blog
Prioritize agility for post-quantum standards, say US officials
TLDR: Key Points: The National Institute of Standards and Technology has released encryption standards to protect against future quantum attacks, leading to new work for government and industry. Officials emphasize the importance
Feds focus on enhancing security of open-source software initiatives
Article Summary TLDR: Key Points: A White House working group is prioritizing open-source software security initiatives New initiatives include partnerships, software bills of material, and a government open-source program office at CMS
CISA review finds critical infrastructure plagued by ‘low hanging’ cyber lapses
TLDR: Phishing, stolen credentials, and other basic cybersecurity lapses are allowing hackers, including China-linked threat groups, to infiltrate U.S. critical infrastructure networks. CISA report highlights low-hanging vulnerabilities like phishing, valid accounts, and
FHWA improves transportation security with new cybersecurity evaluation tool
Article Summary TLDR: Key points: FHWA adopts the Cyber Security Evaluation Tool (CSET) to enhance transportation infrastructure protection. The CSET is a voluntary tool designed to help transportation authorities identify, detect, protect
Guardians securing digital front for remote troops with precision
TLDR: The 3rd Infantry Division conducted the Army’s first long-range, fully remote cybersecurity operation at the division level while the 1st Armored Brigade Combat Team was at Fort Irwin, California. The remote
Microsoft’s Licensing: A Security Threat to the Nation
TLDR: Microsoft’s licensing practices pose a threat to national security, as they have a cozy relationship with China. Government agencies are locked into using Microsoft products, making them vulnerable to security breaches.
Hackers can steal keystrokes from Apple Vision Pro with GAZEsploit
TLDR: New GAZEploit Attack Lets Hackers Capture Keystrokes from Apple Vision Pro A vulnerability known as GAZEploit allows hackers to capture keystrokes from Apple Vision Pro’s virtual keyboards by analyzing eye movements.
Janet L Rathod is the new CISO at Johns Hopkins
TLDR: Janet L. Rathod named chief information security officer at Johns Hopkins, bringing over two decades of experience in cybersecurity. Rathod has previously worked at Citigroup, Capital One, and the FBI, and
Apple Vision Pro Vulnerability Exposes Virtual Keyboard Inputs to Attackers
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers TLDR: Security flaw in Apple’s Vision Pro mixed reality headset allowed attackers to infer data entered on the virtual keyboard Attack dubbed
Breaking: Adobe Reader Zero-Day, Mobi TLD Hijack, WhatsApp Exploit News
TLDR: A possible zero-day vulnerability was discovered in Adobe Reader. Researchers were able to hijack the .mobi TLD by spending $20. WhatsApp’s View Once feature was exploited in the wild. SecurityWeek’s cybersecurity