December 15, 2023 at 12:32PM
3CX, a VoIP company, urged customers to disable SQL Database integrations due to potential vulnerabilities. The advisory, lacking specific details, affects versions 18 and 20 of the VOIP software and advises disabling MongoDB, MsSQL, MySQL, and PostgreSQL integrations. This comes after a supply chain attack trojanized their 3CXDesktopApp in March 2023.
Based on the meeting notes, here are the key takeaways:
1. 3CX has advised its customers to disable SQL Database integrations due to potential security risks posed by a vulnerability. This affects versions 18 and 20 of the 3CX Voice Over Internet Protocol (VOIP) software and impacts MongoDB, MsSQL, MySQL, and PostgreSQL database integrations.
2. The company’s 3CXDesktopApp Electron-based desktop client was found to be trojanized in a supply chain attack in March 2023.
3. Despite customer reports and the software being tagged as malicious by several cybersecurity companies, it took over a week for 3CX to react to the situation.
4. The supply chain attack on 3CX was linked to an attack that impacted the Trading Technologies stock trading automation company.
5. 3CX’s Phone System has over 12 million daily users and is used by more than 350,000 businesses worldwide, including high-profile organizations and companies such as Air France, the UK’s National Health Service, PepsiCo, American Express, Coca-Cola, IKEA, and multiple automakers.
Please let me know if there are any additional details or specific actions required.