Another day, another zero-day attack hitting widely deployed software from a big tech provider. Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild. The high-severity vulnerability, tracked as CVE-2023-2033, is described as a…
Business communication company 3CX recently reported that it was the victim of a supply chain attack. On Tuesday, 3CX confirmed that the attack was likely conducted by North Korean hackers. Google-owned Mandiant is currently investigating the breach and has released some information from their initial analysis. Mandiant found that the hackers targeted 3CX Windows systems…
Yum Brands, the parent company of KFC, Pizza Hut, and Taco Bell, has acknowledged that personal identifiable information (PII) was compromised in a ransomware attack that took place in January 2023. On January 18, Yum Brands disclosed that the cyberattack had resulted in them taking systems offline and closing roughly 300 restaurants in the UK…
Due to encountered difficulties, the request cannot be processed. Organizations are currently experiencing a significant hurdle in terms of managing security posture. In fact, research conducted in 2022 revealed that only 2% of attack paths result in access to critical assets. Therefore, it is crucial to prioritize securing these critical points, as it can greatly…
New details have been revealed about the recent 3CX supply chain attack, indicating that it was orchestrated by hackers from North Korea with the aim of targeting cryptocurrency companies. Cybersecurity firm Kaspersky has conducted its own analysis of the incident and found links to attacks observed by the company back in 2020. Those attacks involved a…
Cryptocurrency companies have become the target of a sophisticated cyber attack, orchestrated by the Lazarus Group, a North Korea-aligned nation-state group. The attack was discovered by Russian cybersecurity firm Kaspersky, which has been internally tracking the versatile backdoor under the name Gopuram since 2020. Gopuram acts as a connection to a command-and-control (C2) server and…
On March 31, 2023, enterprise communications software maker 3CX confirmed that multiple versions of its desktop app for Windows and macOS were affected by a supply chain attack. Evidence suggests that the campaign could have started as early as February 2022 and involved the distribution of a rogue library referred to as \”ffmpeg.dll\” in the…