I just imagined scam call centers being affected by this

I hope 3CX gets sued to oblivion. This is absolutely unacceptable behavior from a company that mass-distributes corporate software 😑

It's particularly frustrating when security professionals know this software is doing something malicious but the company where the file is hosted refuses to even look into the problem.

The "fun" part is that the threat actors used a 10 year old Windows certificate evaluation bug (CVE-2013-3900) for this supply chain attack, which has not been patched out of existence yet.

The sound effects just add annoyance.

Too many vulnerabilities w common apps. Nuts

Whats the actual best free antivirus

I don't like deskphone apps, - they tend to ring just while your computer is busy, they can be a convenience but also a headache ...VOIP phones are cheap enough...

If I'm a business, bye bye 3CX. Start cleaning your machines.

What’s the current status of the app? Its been cleaned from threats?

The 3CX response is somewhat typical of many businesses in general. It just shows, that making business is mostly about getting paid and avoiding as many responsibilities as possible.

This figure us becoming common day after another, which means companies are feeling safe from people's reaction since long violation of their privacy caused them not to care any more.

Interesting video, thanks. Hadn't heard of 3CX before to be honest. In those areas of the public sector I'm most familiar with we tend to use MS Teams for all calls/video conferencing these days.

Thanks for this.

That really shows that even with words from the companies, that isn't gonna stop malicious actors from hijacking you. Hence why FOSS is really gonna be the bigger alternative if that kind of thing keeps up.

Excellent video!!! This video gave me an idea for possible future PC Security Channel video: Maybe do a "top 10 most sophisticated malware threats" video, where you highlight the malware threats with the most sophisticated techniques for avoiding detection,etc. What you presented here is very impressive and I can only imagine, the bad actors will improve, especially with AI helping out. Thanks for posting!

What an informative video, as usual. Thank you. May I ask what the name of the graph program you are using is?

Cyber Security Sauna, a podcast from Finland brings guests from F-Secure all the time. I never actually seen their products

Thanks Leo! As usual, very informative and a great breakdown of the key facts. Thanks for what you do!

Not the first time nor the last - supply chain attacks are becoming more frequent . Kaseaya, Solar winds,.....there will be many more.