News Heading - 1

AnyDesk Resets Passwords and Revokes Certificates Following Cyber Security Incident

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

The start of February witnessed a popular remote access software provider, AnyDesk, disclose a security breach incident which compromised its production systems. By stealing source code and private code signing keys, the unknown hackers were able to access the internal system.

In a public statement, the German-based developer revealed that the incident was discovered during a security audit, triggered by suspicious activity on some of its systems. Upon discovery, the company immediately deployed remediation measures, along with a response plan involving cybersecurity expert CrowdStrike. It also revoked access to its online portal using existing login credentials.

“We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” the statement said .

Although AnyDesk did not disclose details of the attack, it said that the incident was not ransomware related, and no evidence of any end-user device compromise was found.

‘’Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices,’’ AnyDesk assured users.

Nevertheless, as a precautionary measure, it revoked all passwords to its web portal, my.anydesk.com, and recommended users to change their passwords if used elsewhere. AnyDesk assured its customers that its application was safe to use; however, it urged them to use the latest version with the new code signing certificate.

Shortly after AnyDesk’s statement, cybersecurity firm Resecurity reported that multiple threat actors were selling the hacked user login credentials on dark web forums. One of these actors, going by the alias, “Jobaaaaa,” was offering to sell over 18,000 AnyDesk customer credentials for $15,000 in cryptocurrency.

At the time of writing, AnyDesk has restored all user access, and assured continuous monitoring of its systems to prevent any interruptions in its operations.

News Heading - 2

Viamedis Data Breach Puts Millions at Fraud Risk

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Millions of insurance policyholders and healthcare professionals are at risk of fraud after French healthcare services provider, Viamedis, suffered a data breach incident.

According to the firm’s ongoing investigation, the incident was not ransomware, rather an employee targeted phishing attack, which allowed the unidentified hacker to breach its system.

Although the company did not disclose the number of impacted individuals, it is believed that around 20 million insured individuals avail its services. The compromised data includes sensitive information like an individuals’ name, date of birth, marital status, social security number, name of insurance provider, and guarantees available to third-party payers.

The exposed data did not include banking information, postal address, phone numbers, email addresses. As for health data, ‘’only less than 50 beneficiary invoices have been breached and only concerns information on medical transport (taxi, ambulance),’’ the announcement revealed.

In addition to preparing a separate notification detailing the type of data exposed, the company has also established a separate information system for healthcare professionals.

In terms of impact on service delivery, Viamedis said that due to the temporary discontinuation of its platform, among health professionals, only opticians and audioprosthetists would be affected. However, ‘’beneficiaries will be able to continue to use their carte vitale and their third-party payment card’’ as usual, it continued.

Viamedis has filed a complaint with the public prosecutor and informed that affected healthcare companies. It has also notified the relevant regulatory authorities, including CNIL and ANSSI.

The incident notification was posted on LinkedIn, as its website continues to remain offline. Viamedis is a third-party payment provider for 84 complementary health insurance companies, and some of the organizations using its services include Carte Blanche Partenaires, Itelis, Kalixia, and Santéclair, among others.

In a separate incident, Almerys , another French third-party health payment processor faced a similar data breach attack.