3CX Breach Was a Double Supply Chain Compromise

Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Read more

A week in security (March 27 – April 2)

Categories: News

Tags: Lock and Code

Tags: Anna Pobletts

Tags: ChatGPT

Tags: World Backup Day

Tags: GitHub

Tags: accidental breach

Tags: DDoS service

Tags: Instagram scammer

Tags: top cyber threats of 2023

Tags: 3CX

Tags: BingBang

Tags: Apple

Tags: EE phing

Tags: phishing

Tags: ransomware

The most interesting security related news from the week of March 27 to April 2.

(Read more…)

The post A week in security (March 27 – April 2) appeared first on Malwarebytes Labs.

Read more

3CX Desktop Attack: Sophos Customer Information

Credit to Author: Editor| Date: Thu, 30 Mar 2023 08:44:21 +0000

Overview Sophos X-Ops is tracking an attack against the 3CX Desktop application, possibly undertaken by a nation-state-related group. The affected software is 3CX – a legitimate software-based PBX phone system available on Windows, Linux, Android, and iOS. The application has been abused by the threat actor to add an installer that communicates with various command-and-control […]

Read more