Lazarus Assault Via 3CX Exposes Need to Rethink Security

Lazarus updates firmware open source Log4j OpenSSF API security dynamic code application

When North Korean threat actors the Lazarus Group exploited a legitimate update to the 3CXDesktopApp—a softphone application from 3CX—security professionals didn’t initially pick up on the import of the activity and tactics that signaled the attack. In fact, according to CrowdStrike, which discovered the attack, even experienced security professionals pooh-poohed detections as false positives. And..

The post Lazarus Assault Via 3CX Exposes Need to Rethink Security appeared first on Security Boulevard.

Article Link: https://securityboulevard.com/2023/04/lazarus-assault-via-3cx-exposes-need-to-rethink-security/