Tag: application | Page 2

Hackers infect popular 3CX communications application with malware

March 31, 2023/in Computer Security

Hackers have compromised 3CX, a popular videoconferencing and business phone management application used by more than 600,000 companies.

Multiple cybersecurity providers, including CrowdStrike Holdings Inc., issued warnings about the breach on Wednesday. CrowdStrike believes the hackers behind the breach are associated with a North Korean state-backed threat actor known as Labyrinth Chollima. According to the company, the hackers are using the compromised 3CX application to launch cyberattacks against users.

The 600,000 companies that use 3CX include major enterprises such as Coca-Cola Co., McDonald’s Corp. and BMW AG. The software has about 12 million daily users worldwide.

According to BleepingComputer, signs that CX3 has been compromised began emerging more than a week ago. On March 22, multiple customers reported that their antivirus software had flagged the application as malicious. The malicious version of the CX2 application was shipped more than two weeks earlier, on March 3.

The malware sends data it steals to remote infrastructure controlled by the hackers. According to a SentinelOne Inc. analysis, some of that infrastructure was prepared as early as last February.

As part of the cyberattack, the hackers packaged malicious code into the 3CX desktop client’s installer. The Windows and Mac versions are both affected. Moreover, customers that already have 3CX installed received an update that likewise contains the malicious code.

According to CrowdStrike, the malicious installer and update are signed. Code signing is a cybersecurity method that allows a company to confirm it developed a piece of software. Using the method, a computer can verify that an application it’s about to install was downloaded from the original source and not a malicious server.

Pierre Jourdan, chief security information officer at 3CX, stated in a blog post that the malicious code appears to have originated from one of the “bundled libraries” the company uses. A library is an externally developed code component that engineers incorporate into their software. Jourdan didn’t provide technical details about the malicious component.

According to SentinelOne, the malicious 3CX…

Source…

Preventing 2022’s Application Security Fails: What We Can Learn

March 24, 2023/in Internet Security

As the number of risks and security attacks grows, 2022 left us with a vast list of incidents to learn from, demonstrating the significance of prioritizing security more. The following list includes significant incidents and failures from 2022.

Notable Data Breaches

2.5 Million Records Leaked from Student Loan Data Breach

In June 2022, a data breach at student loan servicer Nelnet resulted in the disclosure of more than 2.5 million individuals’ private information.

On August 17, 2022, the inquiry came to the conclusion that from June until July 22, 2022, an unidentified third party had access to the student loan account registration data due to a vulnerability in the web portal, which included names, home and email addresses, phone numbers, and social security numbers.

Optus Leak Exposed 11 Million People’s Medical and Personal Data

On September 22, 2022, the Australian telecommunications firm Optus had a severe data breach that exposed the personal information of 11 million users.

Customers’ names, dates of birth, phone numbers, email and home addresses, driver’s licenses and/or passport numbers, and Medicare ID numbers were among the data obtained.

After Optus declined to pay a ransom sought by the hacker, files containing this private information were shared on a hacking site. Victims of the attack also said that the alleged hacker called them and demanded they pay AU$2,000 (US$1,300) or their data would be sold to other malicious parties.

The Optus data breach happened due to an unsecured and publicly accessible API. This API does not require user authentication before allowing a connection to be established. Because there was no authentication mechanism, anybody who found the API on the internet may connect to it without entering a username or password.

Twitter Accused of Hiding Data Breach Affecting Millions

On November 23, 2022, Los Angeles-based cyber security specialist Chad Loder posted about a Twitter data breach that impacted “millions” in the US and EU. Loder stated the data breach happened “no earlier than 2021” and “had not been notified previously”. Twitter had disclosed a data breach that compromised millions of user accounts in July…

Source…

Application Security Predictions For 2023

March 21, 2023/in Internet Security

JP oversees the Research and Innovation teams that keep Onapsis on the cutting-edge of the business-critical application security market.

getty

In 2021, we commenced the year reeling from the aftermath of the hack involving SolarWinds, and in 2022, organizations were left dealing with the discovery of the Log4j zero-day vulnerability, dubbed Log4shell. In the months following its discovery, attackers continued finding ways to exploit unpatched Log4j flaws. Despite countless warnings, many organizations failed to apply the necessary mitigations, leaving them highly vulnerable.

Unfortunately, the Log4j catastrophe only set the stage for the remainder of the year. In the past year, we saw a ransomware attack place an entire country in a state of emergency and numerous well-known brands hit by data breaches, among countless other incidents. We also witnessed hackers deploying new sophisticated techniques to directly target organizations’ business-critical applications, such as the Elephant Beetle organized financial theft scheme in early 2022.

With the proliferation of zero-day and unpatched known vulnerabilities on critical business applications combined with threat actors’ ever-evolving sophisticated tactics, organizations should be prepared to face any threat that comes their way. Here are a few predictions for what’s in store in 2023.

There is still room for the next Log4j flaw.

Log4shell has had a significant impact on enterprises across the globe, with many still being impacted to this day. Nearly every software supply chain vendor has been tasked with patching the infamous vulnerability, highlighting just how difficult it can be to fix flaws located in frequently used libraries.

Unfortunately, there are many organizations that have yet to apply the patches, and adversaries are catching on. Cybercriminals are still taking advantage of unpatched Log4j flaws more than one year after its discovery. In September 2022, the Lazarus hacking group was found exploiting the Log4j vulnerability to attack energy companies and perform cyber espionage campaigns.

We can expect to see even more incidents around Log4j exploits in 2023. In addition, we’ll likely see cybercriminals seeking…

Source…

Malwarebytes Expands Platform With New Application Block Capabilities

February 22, 2023/in Mobile Security

SANTA CLARA, Calif., Feb. 21, 2023 /PRNewswire/ — Malwarebytes™, a global leader in real-time cyberprotection, today announced the addition of Malwarebytes Application Block to its Nebula and OneView endpoint protection platforms. The new threat prevention module helps resource-strained security teams quickly guard against unsafe third-party Windows applications, meet key compliance requirements and encourage productivity without adding management complexity.

Third-party apps pose a serious security threat to businesses with limited IT resources and expertise. Vulnerabilities in Android applications have led to more than one million malicious application downloads, with researchers frequently uncovering malware-ridden applications on Google Play. Since 63% of workers use unauthorized applications, businesses of all sizes can be vulnerable to phishing schemes or exploitation – two of the four leading ways attackers gain access to a company’s network.1

For the over 1.4 billion monthly active Windows 10 or Windows 11 devices2, Application Block allows IT admins to blacklist or restrict access to outdated, untrusted, or unsafe applications with known vulnerabilities or that lack the latest patches. IT security teams can use Application Block’s dashboard to understand what applications are being blocked in real-time, as well as its reporting features to meet key compliance requirements and navigate increasing data protection regulations.

“Third-party applications are essential to productivity, but they also greatly expand organizations’ attack surfaces,” said Malwarebytes Chief Product Officer, Mark Strassman. “Malwarebytes Application Block can be near-instantly deployed, helping resource-strapped organizations to effectively manage secure access to third-party apps and add another protective layer without added complexity.”

Malwarebytes Application Block is immediately available for Windows endpoints within the Malwarebytes Nebula and OneView platforms to help organizations:

Improve Application Security – Stop the execution of vulnerable applications so that companies can test and apply updates or block the vulnerable application until a patch is available.

Encourage…

Source…

https://spinsafe.com/wp-content/uploads/2021/12/og-image.jpg 342 342 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-02-22 06:00:092023-02-22 06:00:09Malwarebytes Expands Platform With New Application Block Capabilities

Tag Archive for: application

There is still room for the next Log4j flaw.