Security News

Week in review: Fake ChatGPT desktop client steals data, Patch Tuesday forecast
2023-05-07 08:00

Apple starts delivering smaller security updatesThe security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Fake ChatGPT desktop client steals Chrome login dataResearchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that's capable of copying saved credentials from the Google Chrome login data folder.

Fake ChatGPT desktop client steals Chrome login data
2023-05-02 08:37

Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that's capable of copying saved credentials from the Google Chrome login data folder. ChatGPT has not released an official desktop client, but this bogus version looks remarkably similar to what one would expect.

3CX customers targeted via trojanized desktop app
2023-03-30 10:27

Suspected state-sponsored threat actors have trojanized the official Windows desktop app of the widely used 3CX softphone solution, a number of cybersecurity companies began warning on Wednesday. 3CX offers a Windows, macOS, Linux, Android and iOS version of the app, a Chrome extension, and the PWA version so the software can be also used via any browser.

3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way!
2023-03-30 06:31

3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers."The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL," SentinelOne researchers said.

Hackers compromise 3CX desktop app in a supply chain attack
2023-03-29 22:46

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.

Cybersecurity firms warn of 3CX desktop app supply chain attack
2023-03-29 22:46

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware
2023-03-09 14:54

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.

Citrix fixes severe flaws in Workspace, Virtual Apps and Desktops
2023-02-15 18:38

Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products. Citrix products are widely used by organizations worldwide, so it's critical to apply the available security updates to prevent intruders from having an easy way to escalate their privileges on breached systems.

Hackers Targeting U.S. and German Firms Monitor Victims' Desktops with Screenshotter
2023-02-13 07:44

A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. The attachments range from macro-laced Microsoft Publisher files to PDFs with URLs pointing to JavaScript files.

Microsoft 365 trial offer blocks access to Windows 10 desktops
2023-02-02 23:44

Windows 10 users are reportedly being blocked from accessing their desktops by full-screen trial offers for the Microsoft 365 productivity suite. They are displayed during the Windows Out of Box Experience before loading the Windows desktop.