S3 Ep129: When spyware arrives from someone you trust
Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days… listen now!
supply chain
3CX Supply chain attack allowed targeting cryptocurrency companies
Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular […]
The post 3CX Supply chain attack allowed targeting cryptocurrency companies appeared first on Security Affairs.
North Korea Hacking Cryptocurrency Sites with 3CX Exploit
News:
Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.”
Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3CX installer software that’s used by 600,000 organizations worldwide, according to the vendor. Despite the potentially massive breadth of that attack, which SentinelOne dubbed “Smooth Operator,” Kaspersky has now found that the hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines—at least as far as Kaspersky could observe so far—and that they seemed to be focusing on cryptocurrency firms with “surgical precision.”…
Europe, North America Most Impacted by 3CX Supply Chain Hack
Europe, the United States and Australia seem to be the most impacted by the 3CX supply chain hack, according to data from two cybersecurity firms.
The post Europe, North America Most Impacted by 3CX Supply Chain Hack appeared first on SecurityWeek.
Taking defense sourcing abroad: How to successfully harness international partners
“For the first time in the recent past US and allied policymakers and industry appear truly aligned on the need to look beyond established domestic supply chains to cross-border sourcing and collaboration,” writes Aleksandar Jovovic of Oliv…
Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
Several cybersecurity companies have published blog posts, advisories and tools to help organizations that may have been hit by the 3CX supply chain attack.
The post Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months appe…
3CX voice and video conferencing software victim of a supply chain attack
Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular software as […]
The post 3CX voice and video conferencing software victim of a supply chain attack appeared first on Security Affairs.
Popular PABX platform, 3CX Desktop App suffers supply chain attack
By Deeba Ahmed
According to cybersecurity researchers, a nation-state actor, LABYRINTH CHOLLIMA, is suspected to be behind the multi-stage attack on 3CXDesktopApp.
This is a post from HackRead.com Read the original post: Popular PABX platform, 3CX Desk…
3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
3CX confirms investigating a security breach as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack.
The post 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component appeared…
Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
CrowdStrike threat intelligence team warns about unexpected malicious activity from a legitimate, signed version of the 3CXDesktopApp.
The post Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App appeared first on SecurityWeek.