Tag Archive for: Giant

Remote access giant AnyDesk resets passwords and revokes certificates after hack


Remote desktop software provider AnyDesk confirmed late Friday that a cyberattack allowed hackers to gain access to the company’s production systems, putting the company in lockdown for almost a week.

AnyDesk’s software is used by millions of IT professionals to quickly and remotely connect to their clients’ devices, often to help with technical issues. On its website, AnyDesk claims to have more than 170,000 customers, including Comcast, LG, Samsung and Thales.

The software is also a popular tool among threat actors and ransomware gangs, which have long used the software for gaining and maintaining access to a victim’s computer and data. U.S. cybersecurity agency CISA said in January that hackers had compromised federal agencies using legitimate remote desktop software, including AnyDesk.

News of the suspected breach began to spread last Monday when AnyDesk announced it had swapped its code-signing certificates, which companies use to prevent hackers from tampering with their code. Following a days-long outage, AnyDesk confirmed in a statement late on Friday that the company had “found evidence of compromised production systems.”

AnyDesk said that as part of its incident response, the company had revoked all security-related certificates, remediated or replaced systems where necessary and invalidated all passwords to AnyDesk’s customer web portal.

“We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” the company added Friday.

AnyDesk said the incident is not related to ransomware but did not disclose the specific nature of the cyberattack.

AnyDesk spokesperson Matthew Caldwell did not respond to an email from TechCrunch. CrowdStrike, which is working with AnyDesk to remediate the cyberattack, declined to answer TechCrunch’s questions when reached Monday.

AnyDesk did not respond to questions asking if any customer data was accessed, though the company said in its statement that there is “no evidence that any end-user systems have been affected.”

“We can confirm that the situation is under control and it is safe to use AnyDesk,” AnyDesk said. “Please ensure that you are using the…

Source…

Water services giant Veolia says ransomware attack impacted its North American backend systems – TEISS



Water services giant Veolia says ransomware attack impacted its North American backend systems  TEISS

Source…

185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone 


Car parts giant AutoZone, which has over 7,000 stores across the Americas, is informing nearly 185,000 individuals that their personal information was compromised as a result of the massive MOVEit hacking campaign.

AutoZone revealed that cybercriminals have stolen information, including social security numbers, after exploiting a vulnerability in the MOVEit Transfer managed file transfer application. However, the company is not aware of instances where the exposed information has been used for fraud.

Nevertheless, impacted customers are being offered free credit monitoring and identity protection services. 

In response to the breach, the MOVEit application was temporarily disabled by AutoZone, the vulnerability was patched, and the affected system was rebuilt.

AutoZone pointed out that it is one of the more than two thousand organizations impacted by the MOVEit hack. However, the company determined that the exploitation of the MOVEit vulnerability resulted in data exfiltration only on August 15, more than two months after news of widespread exploitation broke.

Starting in late May and possibly earlier, the Cl0p ransomware group exploited a MOVEit software vulnerability tracked as CVE-2023-34362 to steal data from many organizations that had been using the application to transfer files. 

According to cybersecurity firm Emsisoft, the number of impacted organizations — both directly and indirectly — reached 2,620 as of November 21, with more than 77 million individuals being affected.

The list of victims includes hundreds of US schools, the state of Maine, the US Department of Energy, and energy giants Siemens Energy, Schneider Electric, and Shell

Related: SEC Investigating Progress Software Over MOVEit Hack

Advertisement. Scroll to continue reading.

Related: 10 Million Likely Impacted by Data Breach at French Unemployment Agency

Related: Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw

Source…

Hackers hit Wall Street arm of Chinese banking giant ICBC


A U.S. subsidiary of China’s biggest bank was hacked this week, threatening a temporary logjam for some trades in the Treasury bond market.

ICBC Financial Services, a New York-based entity owned by the Industrial and Commercial Bank of China, was the victim of a ransomware attack on Wednesday. The unit largely focuses on clearing, which means ensuring that transactions previously agreed by traders go through, and on lending and borrowing through repurchase agreements—a form of collateralized funding that forms a vital part of the financial system. 

CYBERATTACK OF MAJOR MORTGAGE SERVICER LEAVES CUSTOMERS WITHOUT ONLINE PAYMENT OPTION

The company was forced to disconnect and isolate some of its I.T. systems after the attack. But it said it was able to clear all trades involving U.S. Treasurys that were executed on Wednesday, and repo financing that took place on Thursday.

The incident shines a spotlight on the financial connections between China and the U.S., which persist despite political tensions and economic rivalry between the two countries. Chinese institutions hold more than $800 billion of Treasury bonds, even after a yearslong reduction in their holdings, and the country’s biggest banks are active in the U.S. government-bond market.

BOEING LOOKING INTO HACKING GANG’S RANSOMWARE THREAT

ICBC Financial Services forms part of the plumbing of the U.S. Treasury market as a member of the government-securities division of the Fixed Income Clearing Corporation. The FICC clears all trades in government bonds among members, which include household names such as Goldman Sachs and JPMorgan Chase, as well as smaller interdealer brokers.

Source…