Hot Topics

Account takeover fraud: 5 steps for protecting your customers
Seven Common Lateral Movement Techniques
Antisocial Media and Critical National Infrastructure
API Discovery: Definition, Importance, and Step-by-Step Guide on AppTrana WAAP
Infoline launches LogRhythm-Powered SOC to Deliver Crucial Cybersecurity Services in Malaysia

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North ...

Krebs on Security

OSINT, Lazarus updates firmware open source Log4j OpenSSF API security dynamic code application

Lazarus Assault Via 3CX Exposes Need to Rethink Security

Teri Robinson | April 12, 2023 | 3CX, Lazarus Group, North Korea, Software Security, supply chain attack, updates

When North Korean threat actors the Lazarus Group exploited a legitimate update to the 3CXDesktopApp—a softphone application from 3CX—security professionals didn’t initially pick up on the import of the activity and tactics ...

Security Boulevard