Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises

In a SolarWinds-like attack, compromised, digitally signed versions of 3CX DesktopApp are landing on user systems via the vendor's update mechanism. [TechWeb]( Follow Dark Reading: [RSS]( March 31, 2023 LATEST SECURITY NEWS & COMMENTARY [Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises]( In a SolarWinds-like attack, compromised, digitally signed versions of 3CX DesktopApp are landing on user systems via the vendor's update mechanism. [Organizations Consider Self-Insurance to Manage Risk]( Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance. [BEC Fraudsters Expand to Snatch Real-World Goods in Commodities Twist]( Business email compromise scams are moving beyond just stealing cash, with some threat actors fooling companies into sending goods and materials on credit, and then skipping out on payment. [Stop Blaming the End User for Security Risk]( Don't count on securing end users for system security. Instead, focus on better securing the systems — make them closed by default and build with a security-first approach. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest]( In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest. [7 Women Leading the Charge in Cybersecurity Research & Analysis]( From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands. [Using Observability to Power a Smarter Cybersecurity Strategy]( With an infrastructure for observability, security teams can make better decisions about access and identity-based threats. [MORE]( EDITORS' CHOICE [Top Tech Talent Warns of AI's Threat to Human Existence in Open Letter]( Elon Musk, Steve Wozniak, and Andrew Yang are among more than 1,000 tech leaders asking for time to establish human safety parameters around AI. LATEST FROM THE EDGE [Organizations Consider Self-Insurance to Manage Risk]( Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance. LATEST FROM DR TECHNOLOGY [CISA Releases Hunt Tool for Microsoft's Cloud Services]( CISA released the hunt and response tool to help defenders extract cloud artifacts without performing additional analytics. WEBINARS - [How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint]( Adversaries are moving faster than ever, with modern attacks coming from all fronts across network, endpoint, and other domains. In 2022, the average breakout time declined from 98 minutes to 84 minutes, highlighting the imperative for IT and security teams to act quickly ... - [Ten Emerging Vulnerabilities Every Enterprise Should Know]( Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest - and potentially most impactful - vulnerabilities ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Evaluator's Guide for Managed Detection and Response (MDR) Services]( - [The Relationship Between Security Maturity and Business Enablement]( - [IT/OT Security Platform Navigator 2022]( - [Top Three Considerations To Build, Deploy, and Run Your Application Journey]( - [Cloud Journey Adoption Stage: Securing Hybrid and Multi-cloud Environments]( - [Cloud Journey Consideration Stage: 2022 Cloud Security Report]( - [Top 5 ASM Use Cases Every Security Team Must Embrace Now]( [View More White Papers >>]( FEATURED REPORTS - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [DataDome Closes $42M in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud]( [Socura Launches Managed SASE (MSASE) Service]( [Bitwarden Announces Secrets Management With a Combination of Open Source, End-to-End Encryption, and Ease of Use]( [CyberSecure Announces Strategic Alliance]( [Lightspin Launches Remediation Hub to Identify and Fix Cloud Security Threats]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)