3CX Supply Chain Attack — Here's What We Know So Far
Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack
Stay updated on Google's info security advances, threats, and solutions. Protect your data with the latest insights from our dedicated Google security tag.
Search across headline titles and summaries.
Background for this topic.
Google is a technology company whose ecosystem includes internet services, cloud infrastructure, mobile software, browsers, and productivity platforms. In information security, the tag commonly covers vulnerabilities and security changes across these services, as well as Google’s role as an identity and data-processing provider for organizations.
Material risks include compromised Google accounts, overly permissive cloud identities or APIs, exposed stored data, and unpatched flaws in software such as Android or Chrome. Security teams should track relevant advisories, prioritize patches based on affected assets and exposure, enforce strong authentication and least-privilege access, and review logging for suspicious account or service activity. Google’s collection and processing of user, device, and organizational data also makes privacy controls, retention settings, contractual obligations, and regulatory compliance important. Its vulnerability-disclosure and threat-intelligence work can inform defensive monitoring, but does not replace asset inventory, configuration review, or tested recovery procedures.
Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers
Mandiant identifies 'moderately sophisticated' but 'prolific' APT43 as global menace Google Cloud's recently acquired security outfit Mandiant has named a new nasty from North Korea: a cyber crime gang it calls APT43 and accuses of a five-year rampage.…
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
Spyware vendors facilitated the spread of malware by government-backed threat actors
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed
Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices. [...]
A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang's geopolitical interests since 2018
Starting to see a pattern here? Google Chat histories handed over by the web giant in ongoing Android antitrust litigation reveal the biz has been systematically destroying evidence, according to those suing the big G.…