SoylentNews

Freeman [soylentnews.org] writes:

https://arstechnica.com/information-technology/2023/03/3cx-knew-its-app-was-flagged-as-malicious-but-took-no-action-for-7-days/ [arstechnica.com]

The support team for 3CX, the VoIP/PBX software provider with more than 600,000 customers and 12 million daily users, was aware its desktop app was being flagged as malware but decided to take no action for a week when it learned it was on the receiving end of a massive supply chain attack [arstechnica.com], a thread [3cx.com] on the company’s community forum shows.

“Is anyone else seeing this issue with other A/V vendors?” one company customer asked on March 22, in a post titled “Threat alerts from SentinelOne for desktop update initiated from desktop client.” The customer was referring to an endpoint malware detection product from security firm SentinelOne. Included in the post were some of SentinelOne’s suspicions: the detection of shellcode, code injection to other process memory space, and other trademarks of software exploitation.

Original Submission