Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 04-Jan-2025 06:59:24 JST Kevin Beaumont

   in reply to

   I had a big thread on #3CX supply chain hack here but it accidentally got deleted. One of the things I criticised them on was AV alert handling as they missed the early warning signs. Just got a mail from them, they’re fixing it.

   To give them credit, they’ve done a really job at listening and responding in the incident.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 04-Jan-2025 06:59:25 JST Kevin Beaumont

     in reply to

     #3CX supply chain compromise of their customers was caused by a supply chain breach of #TradingTechnologies. There's probably other victims. https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 04-Jan-2025 06:59:26 JST Kevin Beaumont

     3CX got breached and used for supply chain delivery. I don’t know if anybody remembers my #3CX thread on Twitter last year but.. uh.. it got fun. https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/

   • Embed this notice
     Fellows (fellows@cyberplace.social)'s status on Saturday, 04-Jan-2025 07:42:09 JST Fellows

     @GossiTheDog Difficult to tell from that Reddit post what’s going on. Multiple people reporting seeing a higher number of unauthorized attempts over the holidays. Others indicating trunks being abused with high number of international calls until the SIP trunks were shutdown by the provider.

     Sounds like this is malicious actors abusing 3CX systems for international calls, and not a supply chain attack like last time?

   • Embed this notice
     Fellows (fellows@cyberplace.social)'s status on Saturday, 04-Jan-2025 07:55:56 JST Fellows

     @GossiTheDog what’s interesting from that Reddit post is the comments surrounding the CEO - apparently blacklisting partners who mention security issues involving their products on Reddit. Hopefully that’s untrue, but most likely isn’t. I can only imagine if you represented a 3CX partner! :)

   • Embed this notice
     Fellows (fellows@cyberplace.social)'s status on Saturday, 04-Jan-2025 08:19:37 JST Fellows

     @GossiTheDog your last comment is too funny! In reading the Reddit post I was thinking to myself, ‘What CEO would have the time to engage in actively reading Reddit and black listing partners who comment on their product’s security woes.’ It made me question the post’s validity lol - I will do as you suggest and check out the forums, I’m in need of a laugh.