Ongoing Campaign Hijacking 3CXDesktopApp to Deliver Infostealer

Context On March 29, 2023, multiple cybersecurity firms began reporting that 3CXDesktopApp, a Voice Over Internet Protocol (VOIP) Private Automatic Branch Exchange (PABX) enterprise call routing software, is currently compromised in a supply chain attack. Multiple investigations have reported that an unknown threat actor has trojanized installers for 3CXDesktopApp, to install an information stealing malware….

Read More

Retail & Hospitality ISAC Announces New Partnerships

Vienna, VA (March 30, 2023) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced that several cybersecurity solutions providers have joined the organization as new Associate Members. These companies will help to support the cybersecurity needs of the consumer-facing sector by providing thought leadership, resources, and expert guidance to RH-ISAC Core Members,…

Read More

FBI IC3 2022 Internet Crime Report Identifies Key BEC and Ransomware Trends

Context On March 27, 2023, the Federal Investigation Bureau released the IC3 2022 Internet Crime Report. The report covers major trends found across complaints investigated by the IC3, which the FBI defines as “an intelligence-driven and threat focused national security organization with both intelligence and law enforcement responsibilities.” Key Takeaways According to the report key…

Read More

Member Spotlight: Jeffrey Davidhizar

This month’s member spotlight is Jeffrey (Jeff) Davidhizar, security analyst at Crutchfield Corporation. We asked Jeff to tell us more about how he transitioned from teaching math to middle and high school students to his career in cybersecurity. Can you introduce yourself? Tell us a little bit about your background and what you do at…

Read More

Mispandu Bank Trojan Campaigns Targeting Latin American Organizations for Credential Harvesting

On March 20, 2023, Metabase Q security researchers reported the technical details of more than 20 different campaigns targeting organizations in Chile, Mexico, Peru, and Portugal with the Mispandu bank trojan. According to the report, the campaigns attempt to “steal credentials from users when accessing online banking, schools, government services, social media, gaming, ecommerce, public…

Read More