CRN

3CX VoIP App Compromised By Supply Chain Attack: Security Researchers

The desktop app from 3CX has been affected in the attack, which is being used by the threat actor to target 3CX customers, according to researchers from several cybersecurity vendors. A desktop ...
Dark Reading

3CX Supply Chain Attack Tied to Financial Trading App Breach

Turns out 3CX was not the original target in a recent supply chain compromise affecting customers of the video conferencing software maker: The attack came via a prior supply chain compromise ...
PC Magazine

Uninstall Now: Hackers Hijack 3CX Desktop App to Deliver Malware

In response, 3CX CEO Nick Galea is urging users to uninstall the affected software, which includes versions 18.12.407 and 18.12.416 of the Windows app. The company is working on an update to fully ...
PC Magazine

3CX Supply Chain Attack Traced to Employee Who Installed Malicious App

The supply chain attack on the 3CX voice-calling app has been traced back to a company employee installing a legitimate, but malware -laden program, onto their personal computer. The findings come ...
CRN

Hackers May Still Have Access To 3CX Supply Chain: Huntress Researcher

While communications app maker 3CX has acknowledged it is responding to the compromise of its Windows VoIP app, Huntress’ John Hammond said it’s unclear if attackers may still be able to ‘poison ...
Dark Reading

Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises

Security researchers are sounding the alarm on what may well be another major SolarWinds or Kaseya-like supply chain attack, this time involving Windows and Mac versions of a widely used video ...
Ars Technica

3CX knew its app was flagged as malicious, but took no action for 7 days

There is so much wrong here. 3CX should not have blown this off as it got bigger, they should have looked into it. People using SentinelOne should have contacted them to find out what was going on.