Security News
A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "Opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.
Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. In the interim, it's urging its customers of self-hosted and on-premise versions of the software to update to version 18.12.422.
OSC&R is an open framework for understanding and evaluating software supply chain security threats. Spearheaded by OX Security, OSC&R is a MITRE-like framework designed to provide a common language and structure for understanding and analyzing the tactics, techniques, and procedures used by adversaries to compromise the security of software supply chains.
NCC Group's Global Threat Intelligence team, in its monthly cybersecurity Threat Pulse, noted there were 240 ransomware attacks in February 2023 - a 45% increase from the record-high number of attacks in January. The NCC Group also reported that ransomware LockBit 3.0 was the leading arrowhead, with the eponymous threat group having launched 129, or 54%, of ransomware salvos last month, including an attack on the U.K.'s Royal Mail.
Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX - and the vendor's boss is advising users to switch to the progressive web app until the 3CX desktop client is updated. Its customers are said to include the NHS in the UK, American Express, Coca Cola, and MIT. It still sells VoIP systems, and it's exactly those that appear to have fallen victim to a supply chain attack.
3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers."The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL," SentinelOne researchers said.
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.
Cloudflare research showed a "Massive spike" in application layer DDoS attacks in Q1 2022, while network layer attacks also jumped substantially. The DDoS attacks themselves are getting bigger, says Klaus Darilion, head of operations of the anycast service RcodeZero DNS, because the internet itself is getting bigger and attackers have more bandwidth to play with.
Happy belated Patch Tuesday from Cupertino: Apple has issued security updates for almost every piece of code it slings - including a fix for a vulnerability in older iOS devices the iGiant believes is under attack right now. The US government's Cybersecurity and Infrastructure Security Agency logged the WebKit type confusion flaw in its Known Exploited Vulnerabilities Catalog on February 14, a day after Apple patched the issue in macOS Ventura, Safari 16 on macOSes Big Sur and Monterey, and iOS 16.