Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

splunk

Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise

Mar 31, 2023 By Splunk Threat Research Team In Splunk
CrowdStrike announced on 3/29/2023 that an active intrusion campaign was targeting 3CX customers utilizing a legitimate, signed binary, 3CXDesktopApp (CISA link). As the investigations and public information came out publicly from vendors all across the spectrum, C3X customers of all sizes began investigating their fleet for signs of compromise. These campaigns are often referred to as supply chain compromises, or MITRE ATT&CK T1195.
Read Post
Torq

How Torq Remediates the 3CX Supply Chain Attack

Mar 31, 2023 By Torq In Torq

By Dallas Young Sr. Technical Marketing Manager, Torq According to researchers, the 3CX Voice over Internet Protocol (VoIP) desktop program for Windows and MacOS, which boasts over 600,000 customers and 12m daily users, has been compromised by a DLL sideloading attack and used in several supply chain attacks. 3CX is a private branch exchange (PBX) system, a private telephone network used within a company or organization.

Read Post
cyberint

What You Need to Know About the 3CX Supply Chain Attack

Mar 30, 2023 By Shmuel Gihon In Cyberint
A supply chain attack that targets customers of the 3CX Voice Over Internet Protocol (VoIP) desktop client has been discovered. Threat actors have created a digitally signed and malicious version of the software, which is being used to target both Windows and macOS users of the app. The threat actors are deploying second-stage payloads and are believed to be linked to a North Korean state-backed hacking group, , although this attribution has not been confirmed.
Read Post
Snyk

Securing the web (forward)

Mar 27, 2023 By Daniel Appelquist In Snyk

We have grown to expect a reasonable level of privacy and security when we use services on the web and web-based applications. That’s because these services deal with every aspect of our daily lives — from money and finances, to how we interact with government services, to our education or the education of our children, to communicating with friends and family, to healthcare, to simply buying food to eat.

Read Post
Snyk

PulseMeter Report: Software supply chains

Mar 21, 2023 By Erin Cullen In Snyk

The not-so-distant memories of security events like Log4Shell and the SolarWinds attack keep software supply chain attacks front of mind for developers. There are things organizations can do to detect and deter malicious supply chain attacks, including the recently mandated (as per the U.S. federal government) software bill of materials (SBOM).

Read Post

Coffee with Jim - Securing Against Supply Chain Cyber Attacks

Mar 15, 2023 By Razorthorn In Razorthorn
Following the ransomware attack on US IT firm Kaseya, join us for a chat about the ever-increasing need to secure ourselves successfully against not only direct ransomware attacks, but those that affect us through our supply chains. An estimated 200+ firms have been crippled by the attack on Kaseya, simply because they use Kaseya’s software. The implication of this is that it can feasibly happen to any aspect of your supply chain, so if cyber security is not high on your board’s list of priorities, it really should be. How could the attack on Kaseya, and other supply chain attacks, have been avoided? How can you reduce the probability of it happening to your own organisation? And crucially, how can you make the solution cost effective?
View Video
ssl2buy

Building a Secure Future: Strategies for Managing Cybersecurity in the Supply Chain

Mar 14, 2023 By Cyber Security Journal In SSL2BUY

According to recent research, 68% of computer applications use open-source software libraries without the knowledge of the company. Another study by Argon Security shows that the supply chain attacks have grown up to 300% in 2021 compared to 2020.

Read Post
splunk

Supply Chain Attacks: What You Need to Know

Mar 10, 2023 By Guest In Splunk
Every day, thousands of companies download updates to their software. With a click of a button, they can walk away and return the next morning with everything reorganized and in order. While a staple of modern life, this action is no longer completely harmless. It is now one of many attacks that bad actors use to access systems and execute supply chain attacks.
Read Post
alienvault

Third party Cybersecurity risks in securing the supply chain

Mar 1, 2023 By Co-authored by AT&T and Palo Alto Networks In AT&T Cybersecurity

Some of the biggest prevailing challenges in the cybersecurity world over the last year have been those revolving around securing the software supply chain across the enterprise. The software that enterprises build for internal use and external consumption by their customers is increasingly made up of third-party components and code that can put applications at risk if they aren't properly secured.

Read Post
Subscribe to Supply Chain

Copyright © 2024 OpsMatters™. All rights reserved.