Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Pieces of the 3CX supply chain compromise puzzle are starting to fall into place, though we’re still far away from seeing the complete picture. In the meantime, we now also know that: The source of the 3CX breach was a compromised installer for X_TRADER, an old software package for futures-trading provided by Trading Technologies The […]
Continue Reading3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting cryptocurrency companies. They discovered that: The attackers infected targeted 3CX systems with TAXHAUL (aka “TxRLoader”) malware, which decrypts and executes shellcode containee in a file with a name and […]
Continue ReadingFive days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software’s manufacturer is yet to confirm how the Windows and macOS desktop apps (based on the Electron software framework) have been compromised by the attackers. 3CX has called in outside experts “On March 29th, 3CX received reports […]
Continue ReadingSuspected state-sponsored threat actors have trojanized the official Windows desktop app of the widely used 3CX softphone solution, a number of cybersecurity companies began warning on Wednesday. What is 3CX? 3CX is Voice over Internet Protocol (VoIP) private automatic branch exchange (PABX) software that provides video conferencing and live chat capabilities. 3CX offers a Windows, […]
Continue ReadingDefense contractors hold information that’s vital to national security and will soon be required to meet Cybersecurity Maturity Model Certification (CMMC) compliance to keep those secrets safe. Nation-state hackers are actively and specifically targeting these contractors with sophisticated cyberattack campaigns. A shocking 87% of contractors have a sub-70 Supplier Performance Risk System (SPRS) score, the […]
Continue ReadingFishPig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, has announced that its paid software offerings have been injected with malware after its distribution server was compromised. How the attackers compromised the FishPig extensions Sansec researchers said that the FishPig distribution server was compromised on or before August 19th. “Any Magento […]
Continue ReadingAs cyber attackers increasingly look to capitalize on accelerating digitalization that has seen many enterprises significantly increase their reliance on cloud-based solutions and services as well as third-party service providers, software supply chain risk has become a major concern of organizations. Seventy-nine percent of security professionals responding to a recent survey conducted by the Neustar […]
Continue ReadingPyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that some maintainers of legitimate projects have been compromised, and malware published as the latest release for those projects. These releases have been removed from PyPI and the maintainer accounts have been temporarily […]
Continue ReadingOrganizations are struggling to sufficiently secure new cloud environments implemented during the pandemic, while maintaining legacy equipment and trying to adapt their overall security strategy to the evolving landscape, according to a Proofpoint study released in collaboration with The Cloud Security Alliance (CSA) reveals. “In the wake of COVID-19, organizations substantially accelerated their digital transformation […]
Continue ReadingSupply chain attacks are on the rise, and many organizations seem unsure on how to respond to the threat, but I’m here to tell you that there are several steps you can take to minimize your risk of being involved in a supply chain breach. These are the top five areas to consider: Carry out […]
Continue Reading