Just had a late night dealing with this and am happy to see it blowing up in the news more this morning. The 3CX forum threw me for a loop with considering it a false positive last week, especially with the 3CX LTD official signature on the files.
At 16:55 UTC they have this on their blog: windows app shipped in Update 7, version numbers 18.12.407 & 18.12.416, included a severe security issue. We since learned that Electron Mac App version numbers 18.11.1213, 18.12.402, 18.12.407 & 18.12.416 have also been affected.
Thanks as always Tom. I notice your wearing specticals these days just like me. I contacted 3cx day one when sentinel one stopped the update in 111ms. Warned the team this could be a supply chain attack. Confusion among the guys as digitally signed thinking a fasle positive Only 3x Nodes with desktop app. We uninstalled and held. I think it was 3 days get a response of any sense from 3cx to confirm it was a compromise.
I think what Toms getting at it is. they comprised 3cx everyone updated. The potential hackers probably state sponsored then used it to access and compromise some specific people. Diplomat for example.
The biggest concern from me is 3CX still haven't named the upstream library that they claim was infected, and there is no reason not to. Was it an open source library they didn't provide attribution and code for? Was it a complete lie? We need to know if the 3cx development pipeline was compromised or if there is an infected library out there that could affect other services and projects
Congrats Tom. You are now a professional youtuber. Clickbait thumbnails and wasteful intros. Well done. I subbed back in 2018 when you had less than 10k subs. The beatnik Tom days. Back then you were just an IT pro sharing some useful knowledge. It was great. I even clicked on some ads to help you out. Then came the hobo Tom phase. Much more commercial and much less interesting and informative. That's when I implemented pfBlocker and Brave browser to block all ads. Just for you. Now, in 2023, we are entering the fake intellectual Tom phase with the glasses and the clickbait and the intros. I have no interest in or respect for people who think that youtube is a profession. It won't be long until the sponsored reviews start to appear, if they haven't already. Greed is always followed by corruption. I"m out.
NICE SHIRT :)
We should have coordinated wearing the same shirts for this topic.
Going to have to send him another shirt :D
Just had a late night dealing with this and am happy to see it blowing up in the news more this morning. The 3CX forum threw me for a loop with considering it a false positive last week, especially with the 3CX LTD official signature on the files.
At 16:55 UTC they have this on their blog:
windows app shipped in Update 7, version numbers 18.12.407 & 18.12.416, included a severe security issue.
We since learned that Electron Mac App version numbers 18.11.1213, 18.12.402, 18.12.407 & 18.12.416 have also been affected.
I agree that open source code is a good thing for the community!
Great video! Thanks for sharing on social media when alerted!
Was on the team that detected the incident last week with sentinelone which was then notified to 3CX.
Well done. 👍
We were part of those who signaled 3CX on the 22nd about S1 flagging it. Most of us thought it was a false positive at first.
Don't feel bad most everybody thought it was a false positive.
Wow! Thanks for the update!!
Thanks, great quick summary! This is going to be interesting in the long run.
Thanks for the update Tom! great info!
Thanks for the quick heads up.
Thumbnail on point - gave us a chuckle.
I Wonder if upstream source was compromised and others might distribute that ffmpeg as well or if they had their built system directly compromised.
big fan of your detailed breakdowns, from the solar winds video, i became hooked, big fan from kenya :)
Thanks as always Tom. I notice your wearing specticals these days just like me. I contacted 3cx day one when sentinel one stopped the update in 111ms. Warned the team this could be a supply chain attack. Confusion among the guys as digitally signed thinking a fasle positive Only 3x Nodes with desktop app. We uninstalled and held. I think it was 3 days get a response of any sense from 3cx to confirm it was a compromise.
This has been Tom, reporting to you live from Hollywood :P
yup!
We moved off 3CX last year, dodged a little bullet with this one.
Great video very informative thanks for the clear explanation, total aside what is running on your monitor in the background?
Where did you get that screensaver
Yeah the client update and install was a week previous, then we started seeing activity all at once.
We used this at work untill today
Thanks for the heads-up. RMM is showing us all clear with our clients :)
today was such a rough day getting everyone to uninstall and switch to web.
I assume you saw the report years ago about the shipping between two spots and credit card machines being infected?
Alright the title brought me here but the desktop screensaver in the background mesmerized me...need info.
It's a Linux package called Hollywood.
Agreed, looks sweet
nice t-shirt
Lmao at the thumbnail
What is going on with that monitor behind you?
Is that some video wallpaper? 😅
00:29 - Your spellchecker has been hacked "Verions" intead of "Versions" ?
Big whoop
So nobody knows if this virus was succesful at doing anything malicious?
I think what Toms getting at it is. they comprised 3cx everyone updated. The potential hackers probably state sponsored then used it to access and compromise some specific people. Diplomat for example.
The biggest concern from me is 3CX still haven't named the upstream library that they claim was infected, and there is no reason not to. Was it an open source library they didn't provide attribution and code for? Was it a complete lie? We need to know if the 3cx development pipeline was compromised or if there is an infected library out there that could affect other services and projects
Why involve the North Korean guy 😂He has nothing to do with it
“North Korea guy”? Is a Google search that hard?
Kim jong-un’s government hackers are the suspected culprits. So yeah, he is involved.
Because western propaganda
@@d_must4309 Triggered much? 😂
Continue sipping your Starbucks latte, on your Mac with your Che Guevara T-shirt. 😂
Rocket man loves using 3CX 😮
Congrats Tom. You are now a professional youtuber. Clickbait thumbnails and wasteful intros. Well done. I subbed back in 2018 when you had less than 10k subs. The beatnik Tom days. Back then you were just an IT pro sharing some useful knowledge. It was great. I even clicked on some ads to help you out. Then came the hobo Tom phase. Much more commercial and much less interesting and informative. That's when I implemented pfBlocker and Brave browser to block all ads. Just for you. Now, in 2023, we are entering the fake intellectual Tom phase with the glasses and the clickbait and the intros. I have no interest in or respect for people who think that youtube is a profession. It won't be long until the sponsored reviews start to appear, if they haven't already. Greed is always followed by corruption. I"m out.
First