3CX Urges Customers to Disable Integration Due to Potential Vulnerability

Business communication company 3CX is urging customers to disable SQL database integrations to prevent a vulnerability that occurs in certain configurations.
In a security advisory published on Friday, the company revealed that 3CX versions 18 and 20 are impacted by an integration bug.
According to 3CX, customers using MongoDB, MsSQL, MySQL, and PostgreSQL databases should disable their SQL database integrations until further notice.
To disable the integration, customers should go to the Settings section of the management console, go to CRM, set the available option to 'None', and save the modification.
Web-based CRM integrations are not affected, 3CX says.
The company has yet to provide technical details on the identified security defect.
In March this year, it came to light that North Korean hackers had compromised 3CX's Windows and macOS build environments after an employee downloaded a trojanized application on their personal computer.
The supply chain attack led to malware being pushed to the company's customers, with organizations in Europe and North America being impacted the most.
More than 600,000 companies worldwide are using 3CX's VoIP software.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 18 Dec 2023 10:43:04 +0000


Cyber News related to 3CX Urges Customers to Disable Integration Due to Potential Vulnerability

3CX Urges Customers to Disable Integration Due to Potential Vulnerability - Business communication company 3CX is urging customers to disable SQL database integrations to prevent a vulnerability that occurs in certain configurations. In a security advisory published on Friday, the company revealed that 3CX versions 18 and 20 ...
1 year ago Securityweek.com
3CX warns customers to disable SQL database integrations - VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. Although the security advisory released today lacks any specific information ...
1 year ago Bleepingcomputer.com
GPT in Slack With React Integration - Understanding GPT. Before delving into the intricacies of GPT Slack React integration, let's grasp the fundamentals of GPT. Developed by OpenAI, GPT is a state-of-the-art language model that utilizes deep learning to generate human-like text based on ...
1 year ago Feeds.dzone.com
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
1 year ago Theregister.com
How Servicenow Detects Open Source Security Vulnerabilities - Servicenow, a digital workflow company, recently announced their integration with Synk, an open source security platform, to detect security vulnerabilities in open source software. This integration will enable Servicenow customers to detect and ...
1 year ago Csoonline.com
T-Mobile Data Breach Affects 37 Million Customers: What You Should Know - T-Mobile recently announced that a data breach of its API had impacted the personal records of over 37 million customers. The breach occurred on the T-Mobile website, and could have allowed unauthorized users to access customer data such as name, ...
1 year ago Heimdalsecurity.com
Microsoft Urges Customers to Secure Online Accounts with its Latest Identity Security Solution - Microsoft has come forward with a warning regarding identity-related security issues and urges its customers to secure their online accounts. The company has developed a new identity security solution to address this issue. ...
1 year ago Thehackernews.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
1 year ago Feedpress.me
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
11 months ago Cysecurity.news
Cohesity partners with NVIDIA to harness the power of generative AI - Cohesity announced a collaboration with NVIDIA to help organizations safely unlock the power of generative AI and data using the recently announced NVIDIA NIM microservices and by integrating NVIDIA AI Enterprise into the Cohesity Gaia platform. ...
9 months ago Helpnetsecurity.com
Webex announces comprehensive Device Management Capabilities with Phonism integration - Webex is excited to announce a comprehensive solution for 3rd party Device Management referred to as 'Partner Managed Devices. ' Partner Managed Devices allows Webex Cloud Calling offers to support a flexible Device Management strategy. With this ...
1 year ago Feedpress.me
LastPass now requires 12-character master passwords for better security - LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password ...
11 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
ServiceNow Enhances Open Source Security With Snyk Integration - As open source software is increasingly used in application development, ServiceNow is taking steps to enhance the security of open source applications by integrating the Snyk platform into its IT Service Management system. This integration will ...
1 year ago Csoonline.com
10 Most Notable Cyber Attacks of 2023 - In recent times, due to rapid advancements in technology, increased connectivity, and sophisticated tactics that threat actors use, cyber attacks are evolving at a rapid pace. The rise of AI and ML technologies enables threat actors to:-. These ...
11 months ago Cybersecuritynews.com
CVE-2021-45490 - The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. ...
2 years ago
CVE-2023-29059 - 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, ...
1 year ago
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com
ARMO announces new Slack integration - We're thrilled to introduce a fresh ARMO app designed exclusively for Slack, delivering notifications directly to the channels where your teams focus on tackling security concerns related to Misconfiguration, Vulnerabilities, and Compliance. This ...
11 months ago Securityboulevard.com
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems - U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal. Mr. Cooper is a mortgage lending company based out of Dallas, Texas, that employs ...
1 year ago Bleepingcomputer.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)