Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CrowdStrike announced on 3/29/2023 that an active intrusion campaign was targeting 3CX customers utilizing a legitimate, signed binary, 3CXDesktopApp (CISA link). As the investigations and public information came out publicly from vendors all across the spectrum, C3X customers of all sizes began investigating their fleet for signs of compromise. These campaigns are often referred to as supply chain compromises, or MITRE ATT&CK T1195.

In a world with increased regulation, uncertainty in the banking business due to the climate or unforced errors, and liquidity concerns, the capability for risk management departments, auditors, and compliance departments to have timely access to reports and data that drive their decisions becomes more important than ever. Saying that you have enough data points is like saying you have enough security.

When it comes to cyberattacks, the human dimension of the cybersecurity environment is a complex vulnerability. Without awareness, any employee, contractor or user is the most unprotected asset. A person who can be easily exploited with a social engineering attack. Because of inherent human characteristics — ignorance, fear, misplaced trust — people are by nature very susceptible to being manipulated to let down their guard.

By Dallas Young Sr. Technical Marketing Manager, Torq According to researchers, the 3CX Voice over Internet Protocol (VoIP) desktop program for Windows and MacOS, which boasts over 600,000 customers and 12m daily users, has been compromised by a DLL sideloading attack and used in several supply chain attacks. 3CX is a private branch exchange (PBX) system, a private telephone network used within a company or organization.

‍ This month, we're excited to bring you some long-awaited enhancements to folder/document/project creation, co-editing for users who may not have full folder permissions, saved search filters, and co-editing on Desktop App Core.

I have been watching Secureworks for a long time—ever since Dell bought the company back in February of 2011. The company’s reputation as a leader in managed security services was well-known, and this purchase represented one of the first big bets by Dell in the cybersecurity space. Secureworks could analyze and remediate the ever-evolving threat landscape for Dell customers.

Currently, there are a series of data leaks going on in the Netherlands. Blauw, a prominent market research firm in the Netherlands, reported a data leak earlier this week. Blauw offers qualitative market research for companies and events, and works with many big Dutch brands. The current leak of customer data has already resulted in personal data exposure for a substantial number of Dutch consumers.

Finding the perfect cybersecurity solution can be difficult considering the numerous factors that must be taken into account, such as the industry your organization works in, the number of vendors that are managed, the approved budget to find an adequate security solution, or the specific use cases for your organization.

We are in the age of advanced cybersecurity threats. Researchers are constantly on the lookout for new and innovative ways to protect against cyber-attacks. Recent studies have indicated that spider webs may be the next big thing. While spider webs might seem like an unlikely candidate, breakthrough research has shown that spider webs have the potential to revolutionize attack surface management.

The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI that imitates the voice of a "family member in distress". They started out with: "You get a call. There's a panicked voice on the line. It's your grandson. He says he's in deep trouble — he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You've heard about grandparent scams. But darn, it sounds just like him.