3CX warns customers to disable SQL database integrations

VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability.
Although the security advisory released today lacks any specific information regarding the issue, it advises customers to take preventive measures by disabling their MongoDB, MsSQL, MySQL, and PostgreSQL database integrations.
Jourdan explained that the security issue impacts only versions 18 and 20 of 3CX's Voice Over Internet Protocol software.
Not all web-based CRM integrations are affected.
A post on the company's community website was shared earlier today, but the post is currently locked and no further replies are allowed.
The post includes a link to the security advisory, but no additional information is provided.
In March, 3CX disclosed that its 3CXDesktopApp Electron-based desktop client was trojanized in a supply chain attack to distribute malware.
It took the company over a week to react to a stream of customer reports saying that the software had been tagged as malicious by several cybersecurity companies, including CrowdStrike, SentinelOne, ESET, Palo Alto Networks, and SonicWall.
As later discovered by cybersecurity firm Mandiant, the 3CX hack resulted from another supply chain attack that impacted the Trading Technologies stock trading automation company.
3CX says its Phone System has over 12 million daily users and is used by more than 350,000 businesses worldwide, including high-profile organizations and companies such as Air France, the UK's National Health Service, PepsiCo, American Express, Coca-Cola, IKEA, and multiple automakers.
3CX didn't reply to a request for comment when BleepingComputer reached out earlier today.
Microsoft: OAuth apps used to automate BEC and cryptomining attacks.
US Health Dept urges hospitals to patch critical Citrix Bleed bug.
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately.
Citrix warns admins to kill NetScaler user sessions to block hackers.
FBI and CISA warn of opportunistic Rhysida ransomware attacks.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 15 Dec 2023 17:30:17 +0000


Cyber News related to 3CX warns customers to disable SQL database integrations

3CX warns customers to disable SQL database integrations - VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. Although the security advisory released today lacks any specific information ...
1 year ago Bleepingcomputer.com
3CX Urges Customers to Disable Integration Due to Potential Vulnerability - Business communication company 3CX is urging customers to disable SQL database integrations to prevent a vulnerability that occurs in certain configurations. In a security advisory published on Friday, the company revealed that 3CX versions 18 and 20 ...
1 year ago Securityweek.com
How Sekoia.io empowers cybersecurity with 170+ integrations - To enable this flexibility and streamline security operations, Sekoia.io adheres to a technology-agnostic approach and offers integrations with 170+ tools and third-party platforms. We enable building a holistic approach to threat detection and ...
11 months ago Blog.sekoia.io
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
1 year ago Theregister.com
Major Database Security Threats and How to Prevent Them | Tripwire - Cybercriminals can also attempt to seize control of the organization’s data management system, altering privileges so they can gain database access at any time. Data loss prevention (DLP) solutions can do a lot to prevent occurrences like ...
2 months ago Tripwire.com
Database Security - In today's rapidly evolving digital landscape, marked by the ascendancy of Artificial Intelligence and the ubiquity of cloud computing, the importance of database security has never been more pronounced. Effective database security strategies not ...
11 months ago Feeds.dzone.com
LastPass now requires 12-character master passwords for better security - LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password ...
11 months ago Bleepingcomputer.com
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
11 months ago Cysecurity.news
MixMode platform enhancements boost threat detection and response - This release gives customers greater visibility into their digital attack surface, improved investigation capabilities, and increased customization options. Alert enrichment enhancements: MixMode's alert enrichments have been significantly enhanced ...
1 year ago Helpnetsecurity.com
T-Mobile Data Breach Affects 37 Million Customers: What You Should Know - T-Mobile recently announced that a data breach of its API had impacted the personal records of over 37 million customers. The breach occurred on the T-Mobile website, and could have allowed unauthorized users to access customer data such as name, ...
1 year ago Heimdalsecurity.com
Top 7 Database Security Best Practices - Whether you're managing sensitive customer information or intricate analytics, database security should be at the top of your priority list. This article dives deep into the top 7 database security best practices that will help you fortify your ...
6 months ago Securityboulevard.com
Banco Santander warns of a data breach exposing customer info - Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. With a strong presence in Spain, the United Kingdom, Brazil, Mexico, and ...
7 months ago Bleepingcomputer.com
Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
10 months ago Darkreading.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
1 year ago Feedpress.me
Cohesity partners with NVIDIA to harness the power of generative AI - Cohesity announced a collaboration with NVIDIA to help organizations safely unlock the power of generative AI and data using the recently announced NVIDIA NIM microservices and by integrating NVIDIA AI Enterprise into the Cohesity Gaia platform. ...
9 months ago Helpnetsecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Advancing SOAR Technology: Key 2023 Updates in Incident Response Automation - In 2023, we've achieved a remarkable milestone in the cybersecurity landscape by securing 70% of our new business from security teams eager to upgrade from their existing Security Orchestration, Automation, and Response solutions. By actively ...
1 year ago Securityboulevard.com
CVE-2021-45490 - The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. ...
2 years ago
CVE-2023-29059 - 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, ...
1 year ago
10 Most Notable Cyber Attacks of 2023 - In recent times, due to rapid advancements in technology, increased connectivity, and sophisticated tactics that threat actors use, cyber attacks are evolving at a rapid pace. The rise of AI and ML technologies enables threat actors to:-. These ...
11 months ago Cybersecuritynews.com
CVE-2023-30552 - Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql/instance.py` ...
1 year ago
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com
Ivanti partners with Workato to boost operational efficiency for customers - By integrating their technologies, Ivanti Neurons for ITSM and Workato's Embedded Platform, the two companies will enable Ivanti customers to implement integrations with a wide variety of third-party applications. Using a no-code approach, this ...
1 year ago Helpnetsecurity.com
Okta warns of credential stuffing attacks targeting its CORS feature - Okta warns that a Customer Identity Cloud feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. Okta is a leading identity and access management company providing cloud-based ...
6 months ago Bleepingcomputer.com
Expanding Reach and Reducing Costs: Cato Enhances Capabilities with Latest Third-Party Integrations - This surge is evident not only in its adoption by organizations of all sizes but also in the increasing number of requests from third-party vendors eager to integrate SASE into their software solutions. This is where Cato API comes into play, ...
1 year ago Itsecurityguru.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)