![]() ![]() ![]() The scale of the attack is currently unknown. "Servers will be restarted and the new Electron App MSI/DMG will be installed on the server."Įvidence available so far points to either a compromise of 3CX's software build pipeline to distribute Windows and macOS versions of the app package, or alternatively, the poisoning of an upstream dependency. "3CX Hosted and StartUP users do not need to update their servers as we will be updating them over the night automatically," 3CX CEO Nick Galea said in a blog post. In the interim, it's urging its customers of self-hosted and on-premise versions of the software to update to version 18.12.422. The company said it's engaging the services of Google-owned Mandiant to review the incident. The issue has been assigned the CVE identifier CVE-2023-29059. Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |