Date: April 07, 2024
Multiple cybersecurity firms have warned of a supply chain attack using a trojanized version of 3CX's software to target downstream customers.
3CX is a phone system developer used by more than 600,000 organizations worldwide, including American Express, BMW, McDonald’s, and the U.K.'s National Health Service. The attack, dubbed "Smooth Operator," involves the delivery of trojanized 3CXDesktopApp installers to install infostealer malware inside corporate networks, capable of stealing data and stored credentials from Google Chrome, Microsoft Edge, Brave, and Firefox user profiles.
Researchers report that attackers are targeting both the Windows and macOS versions of the compromised VoIP app. The Linux, iOS, and Android versions appear to be unaffected. The attackers are believed to be the North Korean threat actor Labyrinth Chollima, a subgroup of the notorious Lazarus Group. It appears to be a targeted attack from an Advanced Persistent Threat, perhaps even state-sponsored.
If you are a 3CX user, the company suggests uninstalling the app and installing it again or using its PWA client as a workaround. While we don't know how many organizations have been potentially compromised, Shodan.io reports that there are currently over 240,000 publicly exposed 3CX phone management systems.
Stay vigilant and take immediate action if you suspect any suspicious activity.
Snap Introduces Watermarks To Highlight AI-Generated Images
To enhance user experience and safety, Snapchat has introduced an automated watermark that distinguishes AI-generated images from others.
WhatsApp Chat Filters Launched For Improved Management
Meta has introduced chat filters on WhatsApp, redefining the home interface to be more organized and accessible.
Meta’s Oversight Board Actively Reviewing AI-Nudity Reports
Meta’s oversight board has been actively investigating the actions taken on user-raised flags and reports against AI-generated nudity.
GTA Maker Lays Off 5% Staff, Scraps Multiple Projects.
The company that created the world-famous Grand Theft Auto series is scrapping some projects and laying off 5% of its team to restructure business costs.