Category: Reports

3CX In The Wild

3CX In The Wild

Executive Summary On March 29, 2023, CrowdStrike and SentinelOne both reported on a supply chain attack involving 3CXDesktopApp, a multi-platform desktop application that enables users to communicate via chat, messaging, video, and voice. The attack was initiated by a threat actor believed to be affiliated with the Lazarus Group, who was able to insert arbitrary

More
ChatGPT-Based Phishing Attacks

ChatGPT-Based Phishing Attacks

Foreward As an AI language model, ChatGPT itself does not engage in phishing activities. However, it is possible for attackers to use ChatGPT or other similar language models to create more convincing phishing messages. ChatGPT-based phishing typically involves using a language model to generate messages that appear to be from a trusted source, such as

More
ESXIArgs

ESXIArgs

Executive Summary ESXiargs is a vulnerability that affects VMware ESXi hypervisors. It was discovered in 2020 and allows an attacker to execute code with elevated privileges on a vulnerable system, potentially leading to full compromise of the host and any virtual machines running on it. This vulnerability is caused by a flaw in the way

More