Security News > 2023 > April > That 3CX supply chain attack keeps getting worse: Other vendors hit
In Brief We thought it was probably the case when the news came out, but now it's been confirmed: The X Trader supply chain attack behind the 3CX compromise last month wasn't confined to the telco developer.
For those unfamiliar with the incident, 3CX reported a supply chain attack that saw its 3CX DesktopApp compromised with a trojanized version of the X Trader futures trading app published by Trading Technologies.
It's still not immediately clear when or exactly where the supply chain attack started, but Symantec said it appears to be financially motivated and is targeting critical infrastructure targets.
As we noted in previous coverage of the 3CX attack, North Korea wouldn't be a surprise source.
Technical analysis of the malware by both Symantec and Mandiant found traces of VEILEDSIGNAL in the chain of attacks used to compromise installs of 3CX DesktopApp.
Google Chrome received important updates last week, including one that addressed a nasty bug - CVE-2023-2136, which is already under active attack.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/04/24/in_brief_security/
Related news
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-19 | CVE-2023-2136 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |