Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Matthew Mace
Interesting! How long ago did it start seeing it and was It standard defender or Endpoint Business? Matthew Mace Director Honest Technology Solutions P: 07 3188 7244 E: matt...@htsol.com.au www.htsol.com.au "Keeping IT Honest"

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Jrandombob
Yeah, some of those forum threads are IMPRESSIVELY trainwrecky, I think the most succinct evaluation I've seen is this one; "Seriously. Your EDR tells you that your phone client is behaving like a C2 talking to North Korea, and your response is to put it in the whitelist? Wow..." On Thu, Mar 30,

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Greg Lipschitz
Windows Defender picked it up too. Greg Lipschitz | Founder & CEO | Summit Internet glipsch...@summitinternet.com.au summitinternet.com.au 1300 049 749 Unit 2, 31-39 Norcal Road, Nunawading VIC 3131 Summit Internet From: Matthew Mace Sent: 30 March 2023 15:57 To:

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread DaZZa
>From a security perspective, the utterly terrifying part of most of these responses boils down to "Oh, must be a glitch in the AV, I'll *whitelist* it so it doesn;t get caught". Jesus Wept. I'd be bashing heads if anyone in my company even suggested that without a much more thorough

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Tim Jago
Confirmed now at least... https://www.3cx.com/community/threads/threat-alerts-from-sentinelone-for-desktop-update-initiated-from-desktop-client.119806/post-558899 ___ AusNOG mailing list AusNOG@lists.ausnog.net

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Alexander Neilson
I haven't seen it personally However others are reporting it as separate investigations they have seen the loader execute: https://www.todyl.com/blog/post/threat-advisory-3cx-softphone-telephony-campaign

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Matthew Mace
Can anyone definitively confirm that they’ve personally seen it get picked up by anything else than S1? In addition to this anyone that has had it installed at a site and also run a premium DNS filtering service (Umbrella, DNS Filter etc.) and/or premium routers with DPI (Sonicwall, Firebox

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Nathan Brookfield
To be fair, they likely don’t know much yet and things are probably pretty hectic…. Give them time, crisis management is probably only kicking in now. From: AusNOG On Behalf Of Christopher Hawker Sent: Thursday, March 30, 2023 3:31 PM To: Greg Lipschitz ; Rob Thomas ; Subject: Re: [AusNOG]

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread James Hodgkinson
They've pulled the installers from their website and refer people to the web client...which is not much of a start... On 2023-03-30 14:09 Greg Lipschitz wrote: > Here is a list of commands (or make a shell script) to stop it phoning home > and getting more payload. > > # Disable 3CX

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Christopher Hawker
It appears their sales team have no info regarding this. Just rang our Senior AM at 3CX and they've advised that they have no information, and that they are referring anyone who calls to their technical teams via support tickets in the 3CX portal. Not a good look for them. CH Get Outlook for

Re: [AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Greg Lipschitz
Here is a list of commands (or make a shell script) to stop it phoning home and getting more payload. # Disable 3CX Unattended-Upgrades Service systemctl stop unattended-upgrades # Collect the version of 3CX Desktop Apps on the Server cd /var/lib/3cxpbx/Instance1/Data/Http/electron ls -la * >

[AusNOG] Critical 3CX Windows/Mac hack.

2023-03-29 Thread Rob Thomas
As no-one's mentioned it here yet, I just thought I'd bring up the zero-day, in the wild, active RIGHT NOW, trojan 3CX Windows and Mac apps. If you, or you have clients, running 3CX, make sure they ARE NOT using the app. If they are, their machines are probably already owned, and all their stored

[AusNOG] Call for paper - AusNOG 2023 Conference

2023-03-29 Thread Joe Wooller
Hey AusNOG People, AusNOG 2023 will be held at the Sea World Conference Centre on the Gold Coast (Yes this is not a typo, it is not in Sydney or Melbourne this year) on the 7th & 8th of September, 2023. The Program (was Programme) Committee is seeking submissions from people wishing to present

Re: [AusNOG] curious about lessons learned from your fiber rollouts?

2023-03-29 Thread John Edwards
My tips: Rural networks are economically tentative at the best of times, they are low density and the majority of the demographic that they serve don't have disposable income for tech entertainment. Government funding likes to be directed to announceables, and nobody announces a maintenance plan.

[AusNOG] curious about lessons learned from your fiber rollouts?

2023-03-29 Thread Dave Taht
I am doing an AMA friday, in part about the $70B dollar USA NTIA broadband and BEAD programs, which are largely targetted at improving rural access to the internet. The target audience is one with which I am mostly unfamiliar, the directors of the 50 US states administering these programs. I am