AnyDesk hack and iPhone patched kernel flaw
Hackers breach AnyDesk production servers to steal private code, CISA warns of active exploitation of patched iPhone kernel flaw and Interpol Synergia operation. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. AnyDesk says hackers breached its production servers, mandates password reset
AnyDesk recently confirmed it was hit by a data breach, leading to unauthorized access to its production systems. The remote access solution spotted the hack after noticing unusual activity on its servers. A subsequent security audit revealed hackers managed to steal private code signing keys and source code during the attack. Despite the compromise, AnyDesk assures users that no ransomware was involved and that the software remains safe to use.
2. CISA warns of hackers exploiting patched Apple kernel flaw in new attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a high-severity vulnerability affecting Apple's operating systems. Tracked as CVE-2022-48618, the flaw resides in the kernel component of these systems and might enable attackers to bypass Pointer Authentication. While Apple released critical updates to address the issue in December 2022, users weren’t aware of the flaw and its implications until January 2024.
3. Interpol takes down 1,300 malicious servers in global Synergia operation
Interpol recently shared that its 'Synergia' operation dismantled more than 1,300 servers used for ransomware and malware attacks. In collaboration with 60 law enforcement agencies from 55 countries, the operation also led to the arrest of 31 suspects and the identification of 70 more. Interpol highlighted this achievement as a critical step towards securing the digital space.
4. Nation-state hacker breaches Cloudflare using stolen Okta credentials
Last week, Cloudflare announced a breach where a state-sponsored hacker exploited credentials from last year’s Okta hack to infiltrate its systems. The attacker accessed internal resources but failed to compromise customer data or Cloudflare's core network. In response, the company has rotated more than 5,000 credentials, tightened security measures, and, with CrowdStrike's help, confirmed no further system breaches.
5. PurpleFox malware infects more than 2,000 computers across Ukraine
The Computer Emergency Response Team in Ukraine (CERT-UA) has issued a warning on a PurpleFox malware outbreak, impacting at least 2,000 computers. First seen in 2018, PurpleFox spreads via misleading installers, enabling hackers to drop additional malware, gain remote access, and conduct DDoS attacks. Recently, it masqueraded as a Telegram app to track unknowing victims. CERT-UA advises checking for unusual registry entries, network connections to high ports, and random-named folders for signs of infection.
See Infosec IQ in action