CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...

Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack

The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies. Russian cybersecurity firm Kaspersky, which has been internally tracking the versatile backdoor under the name Gopuram since 2020, said ...

3CXDesktopApp Backdoored in a Suspected Lazarus Campaign

Introduction The attack involved a compromised version of the 3CX VoIP desktop client, which was used to target 3CXs customers. The compromised 3CX application is a private automatic branch exchange PABX software and is available for Windows, macOS, Linux, Android, IOS and Chrome. Currently, ther...

3CX Supply Chain Attack — Here's What We Know So Far

Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. The version numbers include 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS...

CVE-2023-29059

creationtimestamp| type| source ---|---|--- 2023-03-30 20:21:26+00:00| exploited| https://t.me/cibsecurity/61180 2023-12-27 12:34:26+00:00| exploited| https://t.me/truesecator/5250...

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...

CVE-2023-29059

CVE-2023-29059 is a supply-chain compromise affecting the 3CX DesktopApp (Windows Electron: 18.12.407/18.12.416; macOS Electron: 18.11.1213/18.12.402/18.12.407/18.12.416). The initial installer drops legitimate 3CX components, then loads a malicious ffmpeg.dll that loads d3dcompiler_47.dll, which...

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...