Collaborate Disseminate
As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? The open-source XZ Utils compression utility has been backdoored by a skille… Continue reading XZ Utils backdoor: Detection tools, scripts, rules
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” R… Continue reading Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022, accordin… Continue reading Organizations prefer a combination of AI and human analysts to monitor their digital supply chain
State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has ou… Continue reading North Korean hackers are targeting software developers and impersonating IT workers
Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over accounts of 27 cloud customers, all in the crypto industry. According to a CoinDes… Continue reading Attackers hit software firm Retool to get to crypto companies and assets
The number of successful ransomware attacks and data breach attempts fell by 30% over the last year, the number of reported security incident types at organizations increased, according to the 2023 Cybersecurity Perspectives Survey by Scale. Security i… Continue reading Exploring the macro shifts in enterprise security
Pieces of the 3CX supply chain compromise puzzle are starting to fall into place, though we’re still far away from seeing the complete picture. In the meantime, we now also know that: The source of the 3CX breach was a compromised installer for X… Continue reading 3CX breach linked to previous supply chain compromise
3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting cryptocurrency companies. They discovered that: The attackers infected targe… Continue reading 3CX compromise: More details about the breach, new PWA app released
Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software’s manufacturer is yet to confirm how the Windows and macOS desktop apps (based on the Electron software framework) have be… Continue reading 3CX supply chain attack: What do we know?
Suspected state-sponsored threat actors have trojanized the official Windows desktop app of the widely used 3CX softphone solution, a number of cybersecurity companies began warning on Wednesday. What is 3CX? 3CX is Voice over Internet Protocol (VoIP) … Continue reading 3CX customers targeted via trojanized desktop app