CyberSecurityBoard
Sponsor Register Login

3CX Urges Customers to Disable Integration Due to Potential Vulnerability

Business communication company 3CX is urging customers to disable SQL database integrations to prevent a vulnerability that occurs in certain configurations.
In a security advisory published on Friday, the company revealed that 3CX versions 18 and 20 are impacted by an integration bug.
According to 3CX, customers using MongoDB, MsSQL, MySQL, and PostgreSQL databases should disable their SQL database integrations until further notice.
To disable the integration, customers should go to the Settings section of the management console, go to CRM, set the available option to 'None', and save the modification.
Web-based CRM integrations are not affected, 3CX says.
The company has yet to provide technical details on the identified security defect.
In March this year, it came to light that North Korean hackers had compromised 3CX's Windows and macOS build environments after an employee downloaded a trojanized application on their personal computer.
The supply chain attack led to malware being pushed to the company's customers, with organizations in Europe and North America being impacted the most.
More than 600,000 companies worldwide are using 3CX's VoIP software.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 18 Dec 2023 10:43:04 +0000


Cyber News related to 3CX Urges Customers to Disable Integration Due to Potential Vulnerability

3CX Urges Customers to Disable Integration Due to Potential Vulnerability - Business communication company 3CX is urging customers to disable SQL database integrations to prevent a vulnerability that occurs in certain configurations. In a security advisory published on Friday, the company revealed that 3CX versions 18 and 20 ...
2 years ago Securityweek.com
3CX warns customers to disable SQL database integrations - VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. Although the security advisory released today lacks any specific information ...
2 years ago Bleepingcomputer.com CVE-2023-4966 Rhysida
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
2 years ago Theregister.com Lazarus Group
GPT in Slack With React Integration - Understanding GPT. Before delving into the intricacies of GPT Slack React integration, let's grasp the fundamentals of GPT. Developed by OpenAI, GPT is a state-of-the-art language model that utilizes deep learning to generate human-like text based on ...
2 years ago Feeds.dzone.com
How Servicenow Detects Open Source Security Vulnerabilities - Servicenow, a digital workflow company, recently announced their integration with Synk, an open source security platform, to detect security vulnerabilities in open source software. This integration will enable Servicenow customers to detect and ...
3 years ago Csoonline.com
T-Mobile Data Breach Affects 37 Million Customers: What You Should Know - T-Mobile recently announced that a data breach of its API had impacted the personal records of over 37 million customers. The breach occurred on the T-Mobile website, and could have allowed unauthorized users to access customer data such as name, ...
3 years ago Heimdalsecurity.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
8 months ago Cybersecuritynews.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
2 years ago Feedpress.me
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
2 years ago Cysecurity.news Meow
Microsoft Urges Customers to Secure Online Accounts with its Latest Identity Security Solution - Microsoft has come forward with a warning regarding identity-related security issues and urges its customers to secure their online accounts. The company has developed a new identity security solution to address this issue. ...
3 years ago Thehackernews.com
Cohesity partners with NVIDIA to harness the power of generative AI - Cohesity announced a collaboration with NVIDIA to help organizations safely unlock the power of generative AI and data using the recently announced NVIDIA NIM microservices and by integrating NVIDIA AI Enterprise into the Cohesity Gaia platform. ...
1 year ago Helpnetsecurity.com
Webex announces comprehensive Device Management Capabilities with Phonism integration - Webex is excited to announce a comprehensive solution for 3rd party Device Management referred to as 'Partner Managed Devices. ' Partner Managed Devices allows Webex Cloud Calling offers to support a flexible Device Management strategy. With this ...
2 years ago Feedpress.me
LastPass now requires 12-character master passwords for better security - LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password ...
2 years ago Bleepingcomputer.com
10 Most Notable Cyber Attacks of 2023 - In recent times, due to rapid advancements in technology, increased connectivity, and sophisticated tactics that threat actors use, cyber attacks are evolving at a rapid pace. The rise of AI and ML technologies enables threat actors to:-. These ...
2 years ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
ServiceNow Enhances Open Source Security With Snyk Integration - As open source software is increasingly used in application development, ServiceNow is taking steps to enhance the security of open source applications by integrating the Snyk platform into its IT Service Management system. This integration will ...
3 years ago Csoonline.com
CVE-2021-45490 - The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. ...
3 years ago
CVE-2023-29059 - 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, ...
2 years ago
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
2 years ago Bleepingcomputer.com
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems - U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal. Mr. Cooper is a mortgage lending company based out of Dallas, Texas, that employs ...
2 years ago Bleepingcomputer.com
Mr. Cooper breach affects more than 14.6M - Mr. Cooper, a major U.S. mortgage servicer, says an October data breach affected nearly 14.7 million people, including all its current and former customers. Mr. Cooper provided a data breach notification to the Office of the Maine Attorney General ...
2 years ago Packetstormsecurity.com
ARMO announces new Slack integration - We're thrilled to introduce a fresh ARMO app designed exclusively for Slack, delivering notifications directly to the channels where your teams focus on tackling security concerns related to Misconfiguration, Vulnerabilities, and Compliance. This ...
2 years ago Securityboulevard.com
Reflectiz Now Available on the Datadog Marketplace - The integration delivers critical Web Exposure Ratings and Real-Time Security Alerts directly in Datadog, allowing security and DevOps teams to detect vulnerabilities, prioritize risk, and respond faster than ever before. This ...
8 months ago Cybersecuritynews.com
MixMode platform enhancements boost threat detection and response - This release gives customers greater visibility into their digital attack surface, improved investigation capabilities, and increased customization options. Alert enrichment enhancements: MixMode's alert enrichments have been significantly enhanced ...
2 years ago Helpnetsecurity.com
Simplify budgets and purchasing with Cisco Security Suites - In the pursuit of better security outcomes, organizations have relied on an ever-increasing number of products and services. On average, enterprise customers use as many as 76 unique security solutions. This complexity makes it very difficult for ...
2 years ago Feedpress.me

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)