3CX Desktop Client Supply Chain Vulnerability used in Attacks (SmoothOperator) (CVE-2023-29059)

3CX Desktop Application is currently facing ongoing multi-stage Supply Chain attacks targeted at the company’s customers. The hacker groups have used the trojanized Voice Over Internet Protocol (VOIP) desktop client to stage the attacks. The vulnerability has been termed “SmoothOperator.” The vulnerability has been assigned with CVE-2023-29059.   Post exploitation, attackers can spawn an interactive command shell and … Continue reading “3CX Desktop Client Supply Chain Vulnerability used in Attacks (SmoothOperator) (CVE-2023-29059)”

SolarWinds Backdoor Supply Chain Attack

On December 8, 2020, FireEye disclosed the theft of their Red Team assessment tools. FireEye has confirmed that the attack leveraged trojanized updates to the SolarWinds Orion platform, which is used by organizations to monitor and manage IT infrastructure. Communications at U.S.Treasury and Commerce Departments were also compromised by a highly skilled manual supply chain … Continue reading “SolarWinds Backdoor Supply Chain Attack”