Security News > 2023 > March
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.
Valve announced that its Steam online game platform will officially drop support for the Windows 7, Windows 8, and Windows 8.1 platforms starting January 1st, 2024. Once it reaches the end-of-support date, the Steam Client software will stop working on these out-of-support Windows versions, with Valve recommending users to upgrade to a more recent Windows version to continue playing their games via Steam.
The SafeMoon token liquidity pool lost $8.9 million after a hacker exploited a newly created 'burn' smart contract function that artificially inflated the price, allowing the actors to sell SafeMoon at a much higher price. SafeMoon's CEO, John Karony, stated that the attack occurred on Tuesday, March 28, affecting the SFM:BNB liquidity pool but not the platform's exchange.
Microsoft's at-times-glitchy Defender service is again causing headaches for IT admins by flagging legitimate URLs as malicious. One Register reader told us: "Our organization has received hundreds of malicious URL alerts from Office 365 for zoom.us links. These false positives take us a long time to investigate. Microsoft finally admitted that this is affecting hundreds of accounts and tenants worldwide."
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage devices against a high-severity Sudo privilege escalation vulnerability. The vulnerability also affects the QTS, QuTS hero, QuTScloud, and QVP NAS operating systems, as QNAP revealed in a security advisory published on Wednesday.
Microsoft Defender is mistakenly flagging legitimate links as malicious, and some customers have already received dozens of alert emails since the issues began over five hours ago. "We're investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. Additionally, some of the alerts are not showing content as expected," Microsoft said.
In a preprint paper, "One Protocol to Rule Them All? On Securing Interoperable Messaging," University of Cambridge doctoral candidate Jenny Blessing and security engineering professor Ross Anderson observe that the DMA is now law in Europe and messaging gatekeepers will need to comply, though it won't be easy. "Designing a system capable of securely encrypting and decrypting messages and associated data across different service providers raises many thorny questions and practical implementation compromises," they say in their paper.
Over a thousand people, including professors and AI developers, have co-signed an open letter to all artificial intelligence labs, calling them to pause the development and training of AI systems more powerful than GPT-4 for at least six months. The letter is signed by those in the field of AI development and technology, including Elon Musk, co-founder of OpenAI, Yoshua Bengio, a prominent AI professor and founder of Mila, Steve Wozniak, cofounder of Apple, Emad Mostraque, CEO of Stability AI, Stuart Russell, a pioneer in AI research, and Gary Marcus, founder of Geometric Intelligence.
Nexus malware is an Android banking trojan promoted via a malware-as-a-service model. In an underground cybercrime forum ad, the malware project is described as "Very new" and "Under continuous development." More messages from the Nexus author in one forum thread indicate the malware code has been created from scratch.