all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users

Add to bookmarks
March 31, 2023, 12:30 p.m. | Roy Blit

Legit Security Blog www.legitsecurity.com




On March 29th, 2023, it was published that 3CX, the international VoIP IPBX software, was under an ongoing software supply chain attack. The attackers had trojanized the 3CX communication installer software, reportedly used by over 12 million users daily. Several endpoint security vendors, such as SentinelOne and CrowdStrike, identified this attack. Some reports link this attack to the notorious Lazarus group, the cybercrime group linked to the government of North Korea, as part of their wide activity targeting. …

3cx 3cxdesktopapp appsec attack attackers call communication crowdstrike cybercrime daily endpoint endpoint security enterprise explainers government installer international korea lazarus lazarus group link march north north korea reports routing security sentinelone software software supply chain software supply chain attack supply supply chain supply chain attack targeting threats under vendors voip

Visit resource

More from www.legitsecurity.com / Legit Security Blog

Dependency Confusion Vulnerability Found in an Archived Apache Project 2 days, 19 hours ago | www.legitsecurity.com
apache appsec best practices dependency +10
The Role of ASPM in Enhancing Software Supply Chain Security 6 days, 14 hours ago | www.legitsecurity.com
appsec aspm best practices critical +14
How to Reduce the Risk of Using External AI Models in Your SDLC 1 week, 5 days ago | www.legitsecurity.com
address ai models appsec best practices +5
Securing the Software Supply Chain: Risk Management Tips 3 weeks, 2 days ago | www.legitsecurity.com
appsec best practices can explainers +15
What You Need to Know About the XZ Utils Backdoor 3 weeks, 4 days ago | www.legitsecurity.com
announcement appsec backdoor legit +3
How to Get the Most From Your Secrets Scanning 4 weeks, 2 days ago | www.legitsecurity.com
amp appsec best practices code +17
Microsoft Under Attack by Russian Cyberattackers 1 month, 1 week ago | www.legitsecurity.com
appsec attack attackers best practices +11
Don't Miss These Emerging Trends in Cloud Application Security 1 month, 1 week ago | www.legitsecurity.com
application application security appsec best practices +9
Using AI to Reduce False Positives in Secrets Scanners 1 month, 1 week ago | www.legitsecurity.com
appsec best practices false positives legit +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Systems Security Officer (ISSO) (Remote within HR Virginia area)

@ OneZero Solutions | Portsmouth, VA, USA
View on infosec-jobs.com

Security Analyst

@ UNDP | Tripoli (LBY), Libya
View on infosec-jobs.com

Senior Incident Response Consultant

@ Google | United Kingdom
View on infosec-jobs.com

Product Manager II, Threat Intelligence, Google Cloud

@ Google | Austin, TX, USA; Reston, VA, USA
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com
View more jobs