Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 03-Feb-2024 03:27:50 JST Kevin Beaumont

AnyDesk may have been owned.
They just had a several day authentication outage they describe as “planned maintenance” (it wasn’t planned) and have now reemerged with a new client, with this in the update notes:
In conversation Saturday, 03-Feb-2024 03:27:50 JST from cyberplace.social permalink
Attachments
1. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/111/863/297/110/918/086/original/5963748df6b3c913.jpeg
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 03-Feb-2024 03:35:46 JST Kevin Beaumont
  in reply to
  
  Waiting for the Friday 11pm blog dump announcing cyber incident
  In conversation Saturday, 03-Feb-2024 03:35:46 JST permalink
  Attachments
  1. Hurry Up GIF
- Embed this notice
  Jeremy Mill :oh_no_bubble: :verified: (livinginsyn@infosec.exchange)'s status on Saturday, 03-Feb-2024 05:18:08 JST Jeremy Mill :oh_no_bubble: :verified:
  in reply to
  
  @GossiTheDog Malware signed by their key: https://www.virustotal.com/gui/file/ac71f9ab4ccb920a493508b0e0577b31fe547aa07e914f58f1def47d08ebcf7d/behavior
  In conversation Saturday, 03-Feb-2024 05:18:08 JST permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    VirusTotal
    
    VirusTotal
- Embed this notice
  Jeremy Mill :oh_no_bubble: :verified: (livinginsyn@infosec.exchange)'s status on Saturday, 03-Feb-2024 06:04:40 JST Jeremy Mill :oh_no_bubble: :verified:
  
  @GossiTheDog 🤦♂️ Well, that'll teach me, sorry
  
  In conversation Saturday, 03-Feb-2024 06:04:40 JST permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 03-Feb-2024 06:19:14 JST Kevin Beaumont
  in reply to
  
  If anybody wants a VirusTotal search for _valid_ signed AnyDesk binaries:
  signature:"philandro Software GmbH" signature:9CD1DDB78ED05282353B20CDFE8FA0A4FB6C1ECE entity:file tag:signed NOT tag:invalid-signature
  I don't see any which are triggering suspect AV or behavioural triggers, going back to beginning of January.
  In conversation Saturday, 03-Feb-2024 06:19:14 JST permalink
  Attachments
  1. Untitled attachment
    https://cyberplace.social/system/media_attachments/files/111/863/970/583/272/235/original/ab7e597d5bc51d71.png
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 03-Feb-2024 07:32:48 JST Kevin Beaumont
  in reply to
  
  There we go, 10pm on the dot UK time on Friday.... again.
  AnyDesk breached, Crowdstrike in doing IR.
  https://anydesk.com/en/public-statement
  
  In conversation Saturday, 03-Feb-2024 07:32:48 JST permalink
- Embed this notice
  Marcus Nogueira (mrcsno@infosec.exchange)'s status on Saturday, 03-Feb-2024 07:35:28 JST Marcus Nogueira
  in reply to
  
  @GossiTheDog Again? Are they getting targeted every Friday?
  
  In conversation Saturday, 03-Feb-2024 07:35:28 JST permalink
- Embed this notice
  chort ↙️↙️↙️ (chort@infosec.exchange)'s status on Saturday, 03-Feb-2024 08:20:38 JST chort ↙️↙️↙️
  in reply to
  
  @GossiTheDog LOL, production thoroughly owned, code signing certificate presumed stolen, TLS certificates presumed stolen, login portal passwords presumed stolen, but "the situation is under control and it is safe to use AnyDesk."
  Riiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiight.
  
  In conversation Saturday, 03-Feb-2024 08:20:38 JST permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 05-Feb-2024 06:25:19 JST Kevin Beaumont
  in reply to
  
  If you see stories about lots of AnyDesk creds being leaked - it’s completely unrelated this incident. They’re from info stealers and have existed for years. #threatintel
  
  In conversation Monday, 05-Feb-2024 06:25:19 JST permalink

Public

Conversation

Notices

Feeds