Executive Summary On March 29, 2023, CrowdStrike and SentinelOne both reported on a supply chain attack involving 3CXDesktopApp, a multi-platform desktop application that enables users to communicate via chat, messaging, video, and voice. The attack was initiated by a threat actor believed to be affiliated with the Lazarus Group, who was able to insert arbitrary
More
Executive Summary Microsoft recently released patches for approximately 80 newly discovered security vulnerabilities on March 14, 2023 . Among these vulnerabilities are two zero-day vulnerabilities, CVE-2023-23397 and CVE-2023-24880 . The severity of these two exploits was rated using the Common Vulnerability Scoring System (CVSS), with scores of 9.8 and 5.1, respectively. In addition to the
More
Foreward As an AI language model, ChatGPT itself does not engage in phishing activities. However, it is possible for attackers to use ChatGPT or other similar language models to create more convincing phishing messages. ChatGPT-based phishing typically involves using a language model to generate messages that appear to be from a trusted source, such as
More
Executive Summary ESXiargs is a vulnerability that affects VMware ESXi hypervisors. It was discovered in 2020 and allows an attacker to execute code with elevated privileges on a vulnerable system, potentially leading to full compromise of the host and any virtual machines running on it. This vulnerability is caused by a flaw in the way
More