One Line
Tenable team addresses breach of AnyDesk, releases new Windows version with updated certificates and advises password resets, while developing detection plugins and enhancing security measures with ongoing updates.
Slides
Slide Presentation (4 slides)
Key Points
- AnyDesk experienced a security incident involving a compromise of its production systems.
- Threat actors accessed source code and code signing certificates during the incident.
- AnyDesk released a new version of its Windows application with an updated code signing certificate.
- Security measures taken by AnyDesk included revoking security-related certificates and resetting passwords for their web portal.
- Tenable developed detection plugins for AnyDesk and continues to monitor the situation.
Summaries
40 word summary
Tenable team addressed FAQs on AnyDesk breach, confirming source code and certificates breach on February 2. New Windows version released with updated certificates, password resets advised. Detection plugins developed, ongoing updates available for various platforms. Both companies enhancing security measures.
56 word summary
The Tenable Security Response Team addressed FAQs about a security incident at AnyDesk, confirming a breach on February 2 involving source code and certificates access. AnyDesk released a new Windows version with updated certificates and advised password resets. Tenable developed detection plugins, ongoing updates are available for various platforms, and both companies are enhancing security measures.
109 word summary
The Tenable Security Response Team addressed FAQs about a security incident at AnyDesk. AnyDesk confirmed a breach on February 2, involving a compromise of production systems around January 30. The attack accessed source code and certificates, but was not ransomware-related. AnyDesk released a new Windows version with updated certificates and plans to revoke compromised certificates. No supply chain compromise is indicated. AnyDesk advised password resets and Tenable developed detection plugins. Updates are ongoing, with versions for various platforms available. Tenable continues to monitor the situation and users can refer to BleepingComputer for more information. Both companies are working to enhance security measures and urge vigilance in following recommended practices.
404 word summary
The Tenable Security Response Team has provided answers to frequently asked questions (FAQ) regarding a security incident at AnyDesk. Reports emerged on February 1 about a potential breach at AnyDesk Software GmbH, the developers of the remote desktop application AnyDesk. AnyDesk confirmed a security audit on February 2, revealing a compromise of its production systems. The incident occurred around January 30, as indicated by a 48-hour maintenance period announced on AnyDesk's social media.
Details about the specific information exposed during the attack were not disclosed by AnyDesk in their post. However, sources mentioned that threat actors accessed source code and code signing certificates. AnyDesk clarified that the security event was not ransomware-related. As of February 2, the information available remains preliminary, with more details expected to surface in the following days.
Following the incident, AnyDesk released a new version of its Windows application on January 29 with a new code signing certificate. They also plan to revoke the compromised code signing certificate for their binaries, although it is uncertain if other versions of AnyDesk will be updated as well. There is currently no indication of a supply chain compromise in connection with this incident.
In response to the security breach, AnyDesk took measures such as revoking security-related certificates, resetting passwords for their web portal, and advising customers to reset any reused passwords for their AnyDesk portal. Tenable has developed an AnyDesk local detection plugin and a vulnerable version check plugin for Windows, with plans to expand coverage in the future.
As of February 2, only one new version of AnyDesk for Windows has been released with an updated code signing certificate. The list of AnyDesk software versions as of February 2 includes versions for Windows, macOS, Android, iOS, Linux, FreeBSD, Raspberry Pi, and an On-Premises Solution. Tenable will update the table with new versions if they become available.
The Tenable Security Response Team continues to monitor the situation and will provide updates as more information becomes available. For additional information on the AnyDesk incident response, users can refer to BleepingComputer's coverage. To stay informed about cybersecurity incidents and best practices, individuals can join Tenable's Security Response Team on the Tenable Community platform.
In summary, the security incident at AnyDesk has prompted responses from both AnyDesk and Tenable to address the breach and enhance security measures. Users are encouraged to stay vigilant and follow recommended security practices to mitigate potential risks associated with the incident.