News

AnyDesk hack and iPhone patched kernel flaw

Dan Virgillito
February 5, 2024 by
Dan Virgillito

Hackers breach AnyDesk production servers to steal private code, CISA warns of active exploitation of patched iPhone kernel flaw and Interpol Synergia operation. Catch all this and more in this week’s edition of Cybersecurity Weekly.

Top Security Awareness Posters

Top Security Awareness Posters

Download our collection of free posters and use them to keep security at the forefront of your employees' minds.

1. AnyDesk says hackers breached its production servers, mandates password reset

AnyDesk recently confirmed it was hit by a data breach, leading to unauthorized access to its production systems. The remote access solution spotted the hack after noticing unusual activity on its servers. A subsequent security audit revealed hackers managed to steal private code signing keys and source code during the attack. Despite the compromise, AnyDesk assures users that no ransomware was involved and that the software remains safe to use.

Read more »

2. CISA warns of hackers exploiting patched Apple kernel flaw in new attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a high-severity vulnerability affecting Apple's operating systems. Tracked as CVE-2022-48618, the flaw resides in the kernel component of these systems and might enable attackers to bypass Pointer Authentication. While Apple released critical updates to address the issue in December 2022, users weren’t aware of the flaw and its implications until January 2024.

Read more »

3. Interpol takes down 1,300 malicious servers in global Synergia operation

Interpol recently shared that its 'Synergia' operation dismantled more than 1,300 servers used for ransomware and malware attacks. In collaboration with 60 law enforcement agencies from 55 countries, the operation also led to the arrest of 31 suspects and the identification of 70 more. Interpol highlighted this achievement as a critical step towards securing the digital space.

Read more »

4. Nation-state hacker breaches Cloudflare using stolen Okta credentials

Last week, Cloudflare announced a breach where a state-sponsored hacker exploited credentials from last year’s Okta hack to infiltrate its systems. The attacker accessed internal resources but failed to compromise customer data or Cloudflare's core network. In response, the company has rotated more than 5,000 credentials, tightened security measures, and, with CrowdStrike's help, confirmed no further system breaches.

Read more »

5. PurpleFox malware infects more than 2,000 computers across Ukraine

 The Computer Emergency Response Team in Ukraine (CERT-UA) has issued a warning on a PurpleFox malware outbreak, impacting at least 2,000 computers. First seen in 2018, PurpleFox spreads via misleading installers, enabling hackers to drop additional malware, gain remote access, and conduct DDoS attacks. Recently, it masqueraded as a Telegram app to track unknowing victims. CERT-UA advises checking for unusual registry entries, network connections to high ports, and random-named folders for signs of infection.

Read more »

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.