Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset.
As a result, today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers. Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure. The attack vector used by the threat actor has been mitigated.
3CX VoIP Software Compromise & Supply Chain Threats
The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.
3CX VoIP Software Compromise & Supply Chain Threats
The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.