2024-2-3 08:13:23 Author: www.tenable.com(查看原文) 阅读量:12 收藏
Frequently asked questions relating to a security incident at AnyDesk that was publicly disclosed on February 2.
Background
The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding a security incident at AnyDesk.
FAQ
What is the incident being reported at AnyDesk?
Since February 1, reports began circulating on social media about a possible breach at AnyDesk Software GmbH, makers of a remote desktop application called AnyDesk. In a post on its website on February 2, AnyDesk confirmed that it had conducted a security audit following “indications of an incident” affecting “some” of its systems, which led to the discovery of a compromise of its production systems.
When did this incident occur?
No specific time frame for the incident was shared in AnyDesk’s post. However, AnyDesk announced it would be undergoing a 48-hour maintenance period on January 30 on its X (formerly known as Twitter) account.
my.anydesk II is currently undergoing maintenance, which is expected to last for the next 48 hours or less. You can still access and use your account normally. Logging in to the AnyDesk client will be restored once the maintenance is complete. We apologize for any inconvenience…
— AnyDesk Software (@anydesk) January 30, 2024
What exactly happened during this incident?
AnyDesk did not share any specifics in its post about what information may have been exposed during the attack, only noting that they found evidence of “compromised production systems.” However, sources have told BleepingComputer that threat actors “accessed source code and code signing certificates” during the incident. According to AnyDesk, the security event they experienced was “not related to ransomware.”
As of February 2, much of this information is still preliminary and we expect more information to come to light in the coming days.
Did AnyDesk revoke the compromised code signing certificates?
Yes, AnyDesk released a new version of its Windows application on January 29 that includes a new code signing certificate. However, AnyDesk says they plan to revoke “the previous code signing certificate for our binaries shortly” though it is unclear if other versions of AnyDesk will be updated soon.
Is this a supply chain compromise?
Based on the limited information available as of February 2, there are no indications that a supply chain incident has occurred. While code signing certificates were "accessed," existing AnyDesk binaries do not appear to have been tampered with as far as we know.
What else has AnyDesk done in response to this incident?
AnyDesk says they revoked security-related certificates, revoked passwords to their web portal and are recommending customers reset any passwords that they may have reused for their AnyDesk portal.
Solution
As of February 2, AnyDesk has only released one new version of AnyDesk for Windows that includes a new code signing certificate. Here is the list of AnyDesk software versions as of February 2.
| AnyDesk Solution | Version | Last Updated |
|---|---|---|
| Windows | 8.0.8 | January 29, 2024 |
| macOS | 7.3.0 | November 21, 2023 |
| Android | 7.1.0 | November 6, 2023 |
| iOS | 7.1.0 | December 13, 2023 |
| tvOS | Unknown | Unknown |
| Linux | 6.3.0 | August 10, 2023 |
| FreeBSD | 6.1.0 | January 28, 2021 |
| Raspberry Pi | 6.3.0 | August 10, 2023 |
| On-Premises Solution | 2.1.3 | December 4, 2023 |
We do not have definitive confirmation that other versions of AnyDesk will be updated with new code signing certificates, but we are listing the versions above for informational purposes. If the versions change, we will update the table above.
Identifying affected systems
Tenable is releasing an AnyDesk local detection plugin and a vulnerable version check plugin for Windows. We will update this blog with information about additional coverage.
Get more information
- AnyDesk Incident Response 2-2-2024
- BleepingComputer: AnyDesk says hackers breached its production servers, resets passwords
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Satnam Narang
Satnam joined Tenable in 2018. He has over 15 years experience in the industry (M86 Security and Symantec). He contributed to the Anti-Phishing Working Group, helped develop a Social Networking Guide for the National Cyber Security Alliance, uncovered a huge spam botnet on Twitter and was the first to report on spam bots on Tinder. He's appeared on NBC Nightly News, Entertainment Tonight, Bloomberg West, and the Why Oh Why podcast.
Interests outside of work: Satnam writes poetry and makes hip-hop music. He enjoys live music, spending time with his three nieces, football and basketball, Bollywood movies and music and Grogu (Baby Yoda).
Related Articles
- Exposure Management
- Vulnerability Management
Cybersecurity News You Can Use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose Your Subscription Option:
Thank You
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose Your Subscription Option:
Thank You
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose Your Subscription Option:
Thank You
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Try Tenable Web App Scanning
Formerly Tenable.io Web Application Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Buy Tenable Web App Scanning
Formerly Tenable.io Web Application Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Try Tenable Lumin
Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.
Buy Tenable Lumin
Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.
Thank You
Thank you for your interest in Tenable Lumin. A representative will be in touch soon.
Request a demo of Tenable Security Center
Formerly Tenable.sc
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Request a demo of Tenable OT Security
Formerly Tenable.ot
Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.
Request a demo of Tenable Identity Exposure
Formerly Tenable.ad
Continuously detect and respond to Active Directory attacks. No agents. No privileges.
On-prem and in the cloud.
Request a Demo of Tenable Cloud Security
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
See
Tenable One
In Action
Exposure management for the modern attack surface.
See Tenable Attack Surface Management In Action
Formerly Tenable.asm
Know the exposure of every asset on any platform.
Thank You
Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.
Try Tenable Nessus Professional Free
FREE FOR 7 DAYS
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
NEW - Tenable Nessus Expert
Now Available
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro Trial.
Buy Tenable Nessus Professional
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Try Tenable Nessus Expert Free
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Buy Tenable Nessus Expert
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements
Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.
如有侵权请联系:admin#unsafe.sh