Featured Story
Software Firm AnyDesk Disclosed a Security Breach
Remote desktop software company AnyDesk announced a breach affecting its production systems. Discovered during a security audit, the incident prompted revocation of certificates and full system remediation. While the company hasn’t confirmed a data breach, users were advised to reset passwords, especially if reused elsewhere.
According to Resecurity, credentials tied to AnyDesk accounts have surfaced for sale on dark web marketplaces, raising concerns of potential data compromise.
Change your AnyDesk password immediately. Enable MFA and use the whitelisting feature to limit access. Monitor accounts for suspicious activity and alert your SOC team if you see unexpected login behavior or password resets.
Other Highlights
Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover
JetBrains disclosed CVE-2024-23917, a critical vulnerability in TeamCity On-Premises CI/CD software that could allow unauthenticated remote access and administrative control. The issue affects versions from 2017.1 to 2023.11.2 and is patched in version 2023.11.3.
This is a high-severity vulnerability for CI/CD pipelines. Update to version 2023.11.3 immediately. If you’re unable to do so, JetBrains has provided a patch plugin. We can help validate patching and assess exposure risk.
‘Ov3r_Stealer’ Malware Spreads Through Facebook to Steal Crates of Info
Trustwave researchers have identified a new malware, “Ov3r_Stealer”, spreading through Facebook job ads and compromised accounts. It steals a broad range of data — including passwords, crypto wallets, cookies, documents, and more — and sends the stolen data to a Telegram channel.
Though still under development, Ov3r_Stealer is a growing threat. Raise awareness about suspicious social media ads. Conduct regular threat hunting and consult IoCs from Trustwave’s report to check for signs of compromise.
Getting a Refund? Beware of SMS Fraud
Smishing attacks targeting Belgian citizens via CSAM refund scams are on the rise. Messages trick users into entering banking information through fraudulent links, claiming it’s required to receive a refund.
Never click links or download files from suspicious SMS messages. If affected, report to your bank, local police, and Safeonweb. Forward scam messages to:
– verdacht@safeonweb.be
– suspect@safeonweb.be
– suspicious@safeonweb.be
Contact our SOC team if you suspect phishing or fraud targeting your organization or staff.