Dark Reading

3CX Breach Widens as Cyberattackers Drop Second-Stage Backdoor

The threat actor — believed to be the Lazarus Group — that recently compromised 3CX's VoIP desktop application to distribute information-stealing software to the company's customers has also dropped a ...
Dark Reading

Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises

Security researchers are sounding the alarm on what may well be another major SolarWinds or Kaseya-like supply chain attack, this time involving Windows and Mac versions of a widely used video ...
WeLiveSecurity

Linux malware strengthens links between Lazarus and the 3CX supply-chain attack

ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering ...
CRN

3CX Supply Chain Attack: Big Questions Remain

Of the many unanswered questions about the widely felt compromise, the impact on 3CX’s end customers will be a major one to watch, according to security researchers. Days after the supply chain ...