#VoIP-Anbieter #3CX: Die doppelte Supply-Chain-Attacke | Security https://www.heise.de/news/VoIP-Anbieter-3CX-Die-doppelte-Supply-Chain-Attacke-8974948.html #SupplyChainAttack

DOPPELTE Supply Chain Attacke!? Wie #3CX gehackt wurde.

#HackerNews

https://piped.sp-codes.de/watch?v=do9K0T7xk8g

3CX è stata hackerata da un doppio attacco alla supply chain

Ne avevamo parlato qualche tempo fa di questo #incidente #informatico. Ma da un’indagine più #approfondita che ha colpito la #3CX il mese scorso, è stato rilevato che l’incidente è stato causato da un’altra compromissione della catena di #approvvigionamento.

3CX è uno sviluppatore di soluzioni VoIP il cui #sistema telefonico 3CX è utilizzato da più di 600.000 aziende in tutto il mondo, con più di 12.000.000 di utenti giornalieri.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/3cx-e-stata-hackerata-con-un-doppio-attacco-alla-supply-chain/

#3CX Attackers Also Compromised Critical Infrastructure Firms #cybersecurity https://www.infosecurity-magazine.com/news/3cx-hackers-compromised-critical/

#NorthKorean hackers demonstrate new levels of sophistication with the recent supply chain attack targeting #3CX. Researchers have revealed that it's the first time a software supply chain attack has led to another attack.

https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html

#cybersecurity #InfoSec

🔓 #3CX hit by a groundbreaking double #SupplyChainAttack! 😲 North Korean hackers target #Crypto businesses via a compromised employee's PC. Stay vigilant and protect your systems! 💻🛡️ #CyberSecurity #VoIP #Malware #GopuramBackdoor https://www.cyber-consult.org/3cx-voip-provider-hit-by-unprecedented-double-supply-chain-attack-north-korean-group-targets-crypto-businesses/

3CX Breach Was a Double Supply Chain Compromise https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/ #doublesupplychainbreach #Marc-EtienneM.Leveille #TradingTechnologies #Ne'er-Do-WellNews #ClearSkySecurity #ALittleSunshine #ElasticSecurity #LatestWarnings #TheComingStorm #ICONICSTEALER #DiamondSleet #KasperskyLab #PeterKalnai #supplychain #kimzetter #microsoft #Mandiant #X_Trader #zeroday #macOS #ESET #ZINC #3CX

#VoIP-Software von #3CX: Erste Analyse-Ergebnisse | Security https://www.heise.de/news/3CX-Erste-Analyse-Ergebnisse-nach-dem-Einbruch-8962595.html #Malware #CyberCrime

This week's episode of Talos Takes has the latest advice from Talos Incident Response on how to prepare for #supplychain cyber attacks. We're here to lend a helping hand to put together everything from a software bill of goods to tabletop exercises to help your organization prepare for the next time a #3CX or #Log4j happens https://www.buzzsprout.com/2018149/12649912

Another day, another compromised company. Credit to Affinity, they admitted it & clear how it happened etc. Other companies,lookong at you #3cx could learn something!

Unfortunately we have become aware that personal data relating to users of the Affinity Forums (https://forum.affinity.serif.com/) may have been accessed from outside the company following a cyber attack on 6 April 2023. It appears that an administrator’s account was compromised, allowing access to our forum members list.

#databreaches

「北朝鮮のハッカーが 3CX サプライ チェーン攻撃の首謀者であることが判明 」： The Hackernews

クラウドPBX（電話）の3CX のネットワークに侵入されたことが発端。広く使われるアプリのベンダーは気を引き締めなくては。

https://thehackernews.com/2023/04/lazarus-sub-group-labyrinth-chollima.html

# prattohome # TheHackernews #3CX #サプライチェーン攻撃

Hacked videoconferencing firm 3CX says North Korea behind massive intrusion.

https://www.nknews.org/pro/hacked-videoconferencing-firm-3cx-says-north-korea-behind-massive-intrusion/ #dprk #northkorea #cybersecurity #infosec #3CX

Man ya'll keep posting scripts to decrypt the URLs in the icons in the #3CX attack but don't post the icons! Where can I get the original icons? Anyone have any clue?

S3 Ep129: When spyware arrives from someone you trust - Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Ba... https://nakedsecurity.sophos.com/2023/04/06/s3-ep129-when-spyware-arrives-from-someone-you-trust/ #nakedsecuritypodcast #worldbackupday #supplychain #dataloss #malware #podcast #privacy #wi-fi #3cx

#3cx #Malware #Analyse https://youtu.be/jCXIKHCpvn8

Unterwanderte #VoIP-Software Softphone von #3CX kann auch #Backdoor installieren | heise online https://www.heise.de/news/Unterwanderte-3CX-VoIP-Software-kann-auch-Backdoor-installieren-8516337.html #Malware #CyberCrime #Lazarus #NorthKorea

NCSC advice following a security issue in the #3cx DesktopApp.

You may have seen reports that threat actors are actively exploiting a severe security issue in the 3CX DesktopApp.

Affected versions are:

18.12.407 and 18.12.416 for Windows platforms

18.11.1213, 18.12.402, 18.12.407 and 18.12.416 for MacOS

This correlates to Update 7 for Windows, and Updates 6 and 7 for MacOS.

The vendor 3CX has published a security alert which advises customers running affected versions to uninstall the software and use the browser-based web app (PWA) until a new version is available. Full instructions are provided.

The NCSC strongly advises all organisations running this software to consult the vendor advisory and take the recommended actions in it.

https://www.ncsc.gov.uk/news/3cx-desktopapp-security-issue

#security #vulnerabilty #exploit

Other Shoe Drops in 3CX Client Breach #3CX
https://www.voip-info.org/forum/threads/3cx-client-backdoor-part-2.27036/#post-171010

Need a quick check for #3cx compromise... Use this database... https://github.com/Sanesecurity/bad3cx

Looks like #3cxpocalypse MAY actually be #3cx rainstorm … with much less damage than expected.

“Kaspersky has now found that the #hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines—at least as far as @Kaspersky could observe so far—and that they seemed to be focusing on #cryptocurrency firms with “surgical precision.””

https://www.wired.com/story/3cx-supply-chain-attack-north-korea-cryptocurrency-targets/