Hacker News new | past | comments | ask | show | jobs | submit login
AnyDesk Incident Response 2-2-2024 (anydesk.com)
29 points by matbilodeau 7 months ago | hide | past | favorite | 11 comments



The ramifications of this breach are profound. Cybercriminals who gained access to the AnyDesk portal could glean valuable information about customers, including license keys, active connections, session durations, contact information, email addresses, and the number of managed remote access hosts, all with their online/offline status and IDs. Such details open up a plethora of malicious possibilities.

In light of this breach, AnyDesk customers must take proactive steps to protect their accounts and data. Password changes alone are insufficient. AnyDesk offers a whitelist feature, enabling users to specify who can connect to their devices, adding an extra layer of security. Multi-factor authentication (MFA) is strongly recommended to enhance account protection. Organizations should also monitor for any unexpected password and MFA changes, suspicious sessions, and emails referencing AnyDesk accounts from unknown sources.

https://securityonline.info/anydesk-breach-2024-dark-web-sal...


Are there any good alternatives these days for occasional remote management of a Win10 machine from a Linux desktop? I do occasional support for a club, and it's helpful to not have to go there.

Used to use logMeIn. Then TeamViewer (but they got popped too). Then AnyDesk. Contemplating I might need to just TailScale and use RDP, but I need to be able to do it with no interaction at the remote end.


MeshCentral if you’re able to host the service on your own hardware.


TacticalRMM was super useful for me in a very similar context.


I've had good experiences with rustdesk.


Page 1 of the IR playbook, announce it Friday evening.


When did this start?

I noticed Microsoft seems to always do this. Is this common practice for everyone now?


just f the rest of us blue teamers right. can;t even have a fing quiet saturday. week after week after week.

and holier than thou it people call us incompetant just because we won;t allow a half dozen unmonitorable open source solutions hacked together as an alternative to using vendor crap. :)


If you (blue team) are getting in the way of IT operations, you probably are due some criticism.

Security teams should be enablers, and work to find ways to add monitoring - not just “the no department”.


Yeah ideally, is just we never have enough time and resources to do this right because we're always pulled into firefighting previous insecurity decisions.

That and never having weekends because we can't go one week without yet another CVE

Yeah I'm just frustrated I'm not anywhere near the ideal as I want to be





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: