3CX Desktop App Compromised in Supply Chain Attack.
TL;DR Summary
VoIP/PBX software provider 3CX was aware that its desktop app was being flagged as malware but decided to take no action for a week when it learned it was on the receiving end of a massive supply chain attack. Users soon decided the detection was a false positive triggered by a glitch in the SentinelOne product. However, it would be another 24 hours before the world learned that SentinelOne was right and the people suspecting a false positive were wrong. The breakdown involving the disregarded detection by 3CX and its users should serve as a cautionary tale to both support teams and end users.
- 3CX knew its app was flagged as malicious, but took no action for 7 days Ars Technica
- There’s a new supply chain attack targeting customers of a phone system with 12 million users TechCrunch
- Hackers compromise 3CX desktop app in a supply chain attack BleepingComputer
- Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack Ars Technica
- SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack SentinelOne
Reading Insights
Total Reads
0
Unique Readers
1
Time Saved
3 min
vs 4 min read
Condensed
85%
700 → 104 words
Want the full story? Read the original article
Read on Ars Technica