Rise in Tech-Support Scams Abusing Windows Action Center Notifications
Introduction The Zscaler ThreatLabz team recently observed a surge in tech-support scams, with a noteworthy focus on the utilization of Windows Action Center notifications to display misleading warning messages to users. While the majority of tech-support scams previously centered around counterfeit notifications related to Windows Defender, scammers have since expanded ... Read More
3CX Supply Chain Attack Campaign
On March 29th 2023, CrowdStrike published a blog outlining a supply chain attack leveraging the 3CXDesktopApp - a softphone application from 3CX. The ThreatLabz Team immediately started hunting for IoCs on the Zscaler Cloud. We observed infections dating back to February 2023 for both the Windows as well as the ... Read More
3CX Supply Chain Attack Campaign
On March 29th 2023, CrowdStrike published a blog outlining a supply chain attack leveraging the 3CXDesktopApp - a softphone application from 3CX. The ThreatLabz Team immediately started hunting for IoCs on the Zscaler Cloud. We observed infections dating back to February 2023 for both the Windows as well as the ... Read More
3CX Supply Chain Attack Campaign
Introduction On March 29th 2023, CrowdStrike published a blog outlining a supply chain attack leveraging the 3CXDesktopApp - a softphone application from 3CX. The ThreatLabz Team immediately started hunting for IoCs on the Zscaler Cloud. We observed infections dating back to February 2023 for both the Windows as well as ... Read More
Coverage Advisory for 3CX Supply Chain Attack
Update [2023-03-31 05:00 PM PST] We have published a blog detailing our analysis on the 3CX Supply Chain Attack. Background: On 30th March 2023, 3CX released a security alert for 3CX Electron Windows App shipped in Update 7, which informed users about a supply chain attack. The issue has affected ... Read More
Coverage Advisory for 3CX Supply Chain Attack
Background: On 30th March 2023, 3CX released a security alert for 3CX Electron Windows App shipped in Update 7, which informed users about a supply chain attack. The issue has affected the executables for both Windows and Mac operating systems. What is the issue? The impacted 3CX Electron Desktop App ... Read More
Coverage Advisory for CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
Background: On 14th March 2023, Microsoft released a security update guide for a critical severity vulnerability CVE-2023-23397. This vulnerability targets Microsoft Outlook and allows NTLM credentials theft which could be used for privilege escalation attacks. What is the issue? An attacker can send an email to the victim with an ... Read More
Uncovering new techniques and phishing attack trends from the cloud
Download your free copy of the 2022 ThreatLabz Phishing Report, and check out our infographic. For decades, phishing has been a complex and time-consuming challenge for every security team. As the findings of the ThreatLabz 2022 Phishing Report reveal, the challenge is getting harder: adversaries are getting craftier, and attackers ... Read More
Security Advisory: Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)
Background On 7th September 2021, Microsoft released an advisory for CVE-2021-40444. The CVE has a CVSS score of 8.8. What is the issue? Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) Microsoft has released an advisory for CVE-2021-40444, a Remote Code Execution Vulnerability in MSHTML that affects Microsoft Windows. The exploit ... Read More
Coverage Advisory for Kaseya VSA Supply-Chain Ransomware Attack
Background On July 2, 2021, Kaseya, an IT Management software firm, disclosed a security incident impacting their on-prem version of Kaseya VSA software. Kaseya VSA is a cloud-based MSP platform that allows service providers to perform patch management, backups, and client monitoring for their customers. As per Kaseya, the majority ... Read More
