Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises

Categorieën: Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines Leeftijd: 14 t/m 18 jaar 19 t/m 30 jaar 31 t/m 64 jaar

Laden...

1 jaar geleden

Html
Tekst

In a SolarWinds-like attack, compromised, digitally signed versions of 3CX DesktopApp are landing on user systems via the vendor's update mechanism.

Follow Dark Reading:

March 31, 2023

LATEST SECURITY NEWS & COMMENTARY

Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises In a SolarWinds-like attack, compromised, digitally signed versions of 3CX DesktopApp are landing on user systems via the vendor's update mechanism. Organizations Consider Self-Insurance to Manage Risk Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance. BEC Fraudsters Expand to Snatch Real-World Goods in Commodities Twist Business email compromise scams are moving beyond just stealing cash, with some threat actors fooling companies into sending goods and materials on credit, and then skipping out on payment. Stop Blaming the End User for Security Risk Don't count on securing end users for system security. Instead, focus on better securing the systems — make them closed by default and build with a security-first approach. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest. 7 Women Leading the Charge in Cybersecurity Research & Analysis From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands. Using Observability to Power a Smarter Cybersecurity Strategy With an infrastructure for observability, security teams can make better decisions about access and identity-based threats. MORE

EDITORS' CHOICE

Top Tech Talent Warns of AI's Threat to Human Existence in Open Letter Elon Musk, Steve Wozniak, and Andrew Yang are among more than 1,000 tech leaders asking for time to establish human safety parameters around AI. LATEST FROM THE EDGE
Organizations Consider Self-Insurance to Manage Risk Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance. LATEST FROM DR TECHNOLOGY
CISA Releases Hunt Tool for Microsoft's Cloud Services CISA released the hunt and response tool to help defenders extract cloud artifacts without performing additional analytics.

WEBINARS

How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint

Adversaries are moving faster than ever, with modern attacks coming from all fronts across network, endpoint, and other domains. In 2022, the average breakout time declined from 98 minutes to 84 minutes, highlighting the imperative for IT and security teams to act quickly ...

Ten Emerging Vulnerabilities Every Enterprise Should Know

Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest - and potentially most impactful - vulnerabilities ...

View More Dark Reading Webinars >>

WHITE PAPERS

Evaluator's Guide for Managed Detection and Response (MDR) Services The Relationship Between Security Maturity and Business Enablement IT/OT Security Platform Navigator 2022 Top Three Considerations To Build, Deploy, and Run Your Application Journey Cloud Journey Adoption Stage: Securing Hybrid and Multi-cloud Environments Cloud Journey Consideration Stage: 2022 Cloud Security Report Top 5 ASM Use Cases Every Security Team Must Embrace Now

View More White Papers >>

FEATURED REPORTS

The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ...

Shoring Up the Software Supply Chain Across Enterprise Applications

Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ...

10 Hot Talks From Black Hat USA 2022

Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

DataDome Closes $42M in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud Socura Launches Managed SASE (MSASE) Service Bitwarden Announces Secrets Management With a Combination of Open Source, End-to-End Encryption, and Ease of Use CyberSecure Announces Strategic Alliance Lightspin Launches Remediation Hub to Identify and Fix Cloud Security Threats MORE PRODUCTS & RELEASES

CURRENT ISSUE

The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Deel deze op

Laden...

Andere nieuwsbrieven van Informationweek.com

Beyond Washington, DC: The State of State-Based Data Privacy Laws Informationweek.com
5 uren geleden
Faux ChatGPT, Claude API Packages Deliver JarkaStealer Informationweek.com
7 uren geleden
Final Chance: Urgent Invite for December 3rd Informationweek.com
8 uren geleden

Meer nieuwsbrieven van Informationweek.com

Laden...

Gerelateerde nieuwsbrieven

Bekijk andere categorieën

Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines