3CX VOIP/PBX software under attack
It has been confirmed by our security provider, Sophos, that the 3CX client installed on Windows and MacOS has been compromised.
Embedded in the 3CX installation file is malware that will download / execute scripts that could possibly enable remote access to the affected computer, and ultimately network.
Our security manager confirmed that the AJS hosted environment infrastructure is not at risk.
If you have 3CX installed, we recommend that it is uninstalled immediately. Your security provider should do a full scan using scanning software that will detect the vulnerability, and change all usernames and passwords.
Click on the this link for further technical information: https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/?cmp=cmp=156122
Or watch this video for more: