Caution When Using 3CX DesktopApp (CVE-2023-29059) Posted By choeyul , April 5, 2023 Overview Details about how supply chains were attacked through the 3CX DesktopApp were published. [1] This software provides users with various communication functions, such as voice calls and video conferences, and can be operated on both Windows and MAC operating systems. Currently, the 3CX company is preparing to issue a new certificate, and until then, they are instructing users to use an alternative software. Description Regarding this, the distributed malware are confirmed to include modules that perform malicious functions and are…
Initech Product (INISAFE CrossWEB) Security Update Recommendation Posted By choeyul , April 5, 2023 Overview A security update to patch the vulnerability of Initech’s INISAFE CrossWeb EX V3 has been announced. INISAFE CrossWeb EX V3 is a software program used for electronic financial transactions and financial security certification in the public sector. It is used by various companies and individuals for Internet banking, so it is essential for most users to check if the program is installed on their PC and update it to the latest version following the guide below. Description AhnLab Security…
Microsoft Office Outlook Vulnerability (CVE-2023-23397) Appearance and Manual Measure Guide Posted By ASEC , March 29, 2023 AhnLab Security Emergency response Center (ASEC) recently published a notice about a Microsoft Office Outlook vulnerability. CVE-2023-23397 is a vulnerability that leaks a user’s account credentials upon receiving an email and triggering a notification. The stolen information includes the ‘NTLM’ hash value, which contains the password hashing information for the logged-in account. Threat actors can exploit this information for internal propagation and further compromise of the system. The application of security patches is essential to prevent the exposure of vulnerabilities,…
Warning for MagicLine4NX (Certificate Solution) Vulnerability and Update Recommended Posted By ASEC , March 28, 2023 Vulnerable Software and Overview MagicLine4NX is a non-ActiveX joint certificate program developed by the Korean company, Dream Security. Users can use MagicLine4NX to perform logins with a joint certificate and digitally sign transactions. This program is registered as a Startup Program and will be relaunched by a certain service (MagicLine4NXServices.exe) even if it is terminated. It remains constantly active as a process once it is installed, so it can be exposed to vulnerability attacks. Thus, it needs to be updated…
Warning for Asset Management Program (TCO!Stream) Vulnerability and Update Recommendation Posted By ASEC , March 23, 2023 Vulnerable Software and Overview TCO!Stream is an asset management solution developed by the Korean company, MLsoft. Consisting of a server and a client, administrators can use the console program to perform asset management work by accessing the server. TCO!Stream offers various features for asset management, but there is a process that runs constantly on the client in order to receive commands from the server. Commands are performed through this process. This management solution is exposed to vulnerability attacks that could…