Cyber Criminals compromise 3CX desktop app in a supply chain attack

A compromised and digitally signed version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is allegedly being exploited in an ongoing supply chain attack against the company's customers. 3CX is a major VoIP IPBX software development company with a vast customer base, including high-profile clients from various industries. This wide reach makes it an attractive target for threat actors seeking to compromise a large number of organizations. The 3CX Phone System is utilized by over 600,000 companies globally, with more than 12 million daily users. High-profile clients include American Express, Coca-Cola, McDonald's, BMW, Honda, AirFrance, NHS, Toyota, Mercedes-Benz, IKEA, and Holiday Inn. Security researchers from Critical Path Security, Sophos and CrowdStrike have issued alerts, stating that the attackers are targeting both Windows and macOS users of the compromised 3CX softphone application. Security researchers have raised concerns about attackers targeting both Windows and macOS users of the compromised 3CX…

0 Comments

Critical Path Security and The Children’s Haven – A Tradition of Bringing Change

Critical Path Security is a cybersecurity company based in the United States that provides a range of services to protect businesses and organizations from cyber threats. However, the company's commitment to making a difference goes beyond its core business. For the past few years, Critical Path Security has been actively involved in supporting The Children's Haven, a non-profit organization that provides shelter and support to foster and at-risk kids in the United States. The Children's Haven is a non-profit organization that provides a safe and nurturing environment for children who have experienced abuse, neglect, or abandonment. The organization's mission is to provide a supportive and stable environment for children in need and to help them heal from their past trauma. The organization offers a variety of programs, including emergency shelter, long-term foster care, and adoption services. Critical Path Security has been involved with The Children's Haven for several years, providing…

0 Comments

GoDaddy Breach – What You Should Know. What You Should Do.

According to a statement by GoDaddy, a major web hosting company, it has experienced a breach in which unidentified attackers accessed its cPanel shared hosting environment, resulting in the theft of source code and the installation of malware on its servers. The attack spanned multiple years, but GoDaddy only became aware of the breach in early December 2022 after receiving reports from customers that their websites were being redirected to unfamiliar domains. "Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the hosting firm said in an SEC filing. According to the company, the recent multi-year campaign responsible for the latest breach is also connected to previous breaches that were disclosed in November 2021 and March 2020. In November 2021,…

0 Comments

The Importance of a Secure Configuration
of Enterprise Assets and Software to EMCs

In our recent posts, we covered Controls One, Two, and Three. Here, we are going to discuss Control Four, the importance of a Secure Configuration of Enterprise Assets and Software to Electric Membership Cooperatives (EMCs). First, the definition of Enterprise Assets under this control are end-user devices (such as laptops, work pads, or mobile phones); network devices; non-computing/IoT devices (such as Wi-Fi access points); and servers. And Enterprise Software is defined as operating systems and application software. So, why is this control so important for EMCs and organizations of all types and sizes? It is quite simple, without following Control Four's policies, procedures, and safeguards, your organization could face the worst day in its history and quite frankly, it brings corporate survival into the equation. For ease of distribution and cost savings, manufacturers and third-party resellers sell equipment in a state that makes installation and deployment easiest. They do this…

0 Comments