Hackers Breach 3CX Using Sneaky Matryoshka Doll-Style Supply Chain Tactic

The Hacker News Daily Updates [Newsletter]( [cover]( [Unidirectional Security for Power Generation: Advanced Solutions]( Dramatically improve your security with Waterfall's Unidirectional Gateways and learn why they are essential to modern security programs for power generating utilities. [Download Now]( Sponsored LATEST NEWS Apr 21, 2023 [14 Kubernetes and Cloud Security Challenges and How to Solve Them]( Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX]( The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products]( Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases]( A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers' PostgreSQL databases and the ability to perform a supply ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Beyond Traditional Security: NDR's Pivotal Role in Safeguarding OT Networks]( Why is Visibility into OT Environments Crucial? The significance of Operational Technology (OT) for businesses is undeniable as the OT sector flourishes alongside the already thriving IT sector. OT includes industrial control systems, manufacturing equipment, and devices that oversee and manage industrial environments and critical infrastructures. In recent years, adversaries have recognized ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job]( The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today. The findings are crucial, not least because it marks the first publicly documented example of ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks]( Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them]( In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [Unidirectional Security for Power Generation: Advanced Solutions]( Dramatically improve your security with Waterfall's Unidirectional Gateways and learn why they are essential to modern security programs for power generating utilities. [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India