Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 6 – 2024

Publication date

09.02.2024

Featured Story

Software Firm AnyDesk Disclosed a Security Breach

AnyDesk breach

Remote desktop software company AnyDesk announced a breach affecting its production systems. Discovered during a security audit, the incident prompted revocation of certificates and full system remediation. While the company hasn’t confirmed a data breach, users were advised to reset passwords, especially if reused elsewhere.

According to Resecurity, credentials tied to AnyDesk accounts have surfaced for sale on dark web marketplaces, raising concerns of potential data compromise.

Analysis from our SOC team:
Change your AnyDesk password immediately. Enable MFA and use the whitelisting feature to limit access. Monitor accounts for suspicious activity and alert your SOC team if you see unexpected login behavior or password resets.

Other Highlights

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover

JetBrains disclosed CVE-2024-23917, a critical vulnerability in TeamCity On-Premises CI/CD software that could allow unauthenticated remote access and administrative control. The issue affects versions from 2017.1 to 2023.11.2 and is patched in version 2023.11.3.

Analysis from our SOC team:
This is a high-severity vulnerability for CI/CD pipelines. Update to version 2023.11.3 immediately. If you’re unable to do so, JetBrains has provided a patch plugin. We can help validate patching and assess exposure risk.

‘Ov3r_Stealer’ Malware Spreads Through Facebook to Steal Crates of Info

Trustwave researchers have identified a new malware, “Ov3r_Stealer”, spreading through Facebook job ads and compromised accounts. It steals a broad range of data — including passwords, crypto wallets, cookies, documents, and more — and sends the stolen data to a Telegram channel.

Analysis from our SOC team:
Though still under development, Ov3r_Stealer is a growing threat. Raise awareness about suspicious social media ads. Conduct regular threat hunting and consult IoCs from Trustwave’s report to check for signs of compromise.

Getting a Refund? Beware of SMS Fraud

Smishing attacks targeting Belgian citizens via CSAM refund scams are on the rise. Messages trick users into entering banking information through fraudulent links, claiming it’s required to receive a refund.

Analysis from our SOC team:
Never click links or download files from suspicious SMS messages. If affected, report to your bank, local police, and Safeonweb. Forward scam messages to:
verdacht@safeonweb.be
suspect@safeonweb.be
suspicious@safeonweb.be

Contact our SOC team if you suspect phishing or fraud targeting your organization or staff.


Need help assessing your exposure, patching priorities, or response readiness? Contact our SOC team today.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?