I-Critical OpenSSH Vulnerability 'regreSSHion' Itholiwe, I-Velvet Ant' Isizakala ngokuba sengozini kwe-Cisco Zero-Day: I-Cybersecurity Roundup yakho

Isibhengezo sezindaba ze-Cybersecurity esigqamisa ubungozi bakamuva

I-Critical OpenSSH Vulnerability 'regreSSHion' Itholakele, Ithinta Izigidi Zezinhlelo Ze-Linux

Ukuba sengozini okusanda kutholwa kusofthiwe yeseva ye-OpenSSH esetshenziswa kabanzi, ebizwa ngokuthi “regreSSHion” (CVE-2024-6387), kuthumele ukushaqeka ngokusebenzisa Ukuphepha kwe-cyber umphakathi. Leli phutha elibalulekile, elinika amandla ukukhishwa kwekhodi yesilawuli kude okungagunyaziwe kumasistimu e-Linux asengozini, lingase linikeze abahlaseli ukufinyelela okugcwele kwezimpande futhi libavumele ukuthi badlule izindonga zomlilo.

Nakuba ochwepheshe bebuvuma ubukhali bokuba sengozini, bagcizelela ukuthi ukuxhashazwa akuqondile futhi kudinga izimo ezithile okufanele kuhlangatshezwane nazo. Isiphazamisi sisuka odabeni lwesikhathi, ukuhlehla kokuba sengozini okucashelwe ngaphambilini, okwaphinde kwaqalwa ngo-2020. Ukuhlasela kudinga umzamo oqhubekayo, ngokuvamile othatha amahora noma ngisho namaviki ukuze kwenziwe ngempumelelo.

Ngaphandle kobunzima bokuxhashazwa, ukusabalala kwe-OpenSSH kwingqalasizinda yedijithali kuphakamisa ukukhathazeka mayelana namandla umthelela lobu sengozini. Cishe izigameko zeseva ye-OpenSSH ezilinganiselwa ezigidini ezingu-14 zilinganiselwa ukuthi zizovezwa ku-inthanethi, okuzenza iziqondiso ezingase zibe khona kubadlali abanonya.

Abanakekeli be-OpenSSH bakhiphe izibuyekezo zokuphepha ukuze banciphise ubungozi, futhi abasebenzisi banxuswa kakhulu ukuthi bapeshe amasistimu abo ngokushesha. Izinyathelo zokuphepha ezengeziwe, ezifana nokukhawulela ukufinyelela kwe-SSH nokuphoqelela ukuhlukaniswa kwenethiwekhi, zinganciphisa ubungozi bokufinyelela okungagunyaziwe kanye nokunyakaza kwe-lateral.

I-Microsoft Ixwayisa Ngokukhubazeka Okubalulekile ku-Rockwell Automation PanelView Plus,

Abaphenyi bezokuphepha beMicrosoft bakhalise i-alamu phezu kwezinto ezimbili ezibalulekile ukukhubazeka kutholwe ku-PanelView Plus ye-Rockwell Automation, isixhumi esibonakalayo esisetshenziswa kakhulu somshini womuntu (HMI) kuzilungiselelo zezimboni. Ubungozi, obuhlonzwe njenge-CVE-2023-2071 kanye ne-CVE-2023-29464, bungasetshenziswa abadlali abanonya ukuze basebenzise ikhodi bekude noma baqalise ukuhlasela kwe-denial-of-service (DoS), okungase kubangele ukuphazamiseka okukhulu ezinqubweni zezimboni nengqalasizinda.

I-CVE-2023-2071, elinganiselwe ngo-9.8 koku-10 esikalini sokuqina se-CVSS, iwubungozi obungalungile bokuqinisekisa okokufaka obungavumela umhlaseli ongagunyaziwe ukuthi asebenzise ikhodi engafanele kudivayisi eqondiwe. Lokhu kungaholela ekonakeleni okuphelele kwesistimu, okuvumela umhlaseli ukuthi antshontshe idatha ebucayi, afake uhlelo olungayilungele ikhompuyutha eyengeziwe, noma imisebenzi yokucekela phansi.

I-CVE-2023-29464, nakuba imbi kakhulu ngesikolo se-CVSS esingu-8.2, isengabeka engcupheni enkulu. Lokhu kuba sengozini, futhi okuvela ekuqinisekisweni kokufaka okungafanele, kungase kusetshenziswe ukuze kufundwe idatha esuka kumemori noma kucuphe isimo se-DoS, kwenze idivayisi ingasabeli futhi iphazamise izinqubo zezimboni.

I-Rockwell Automation isivele ikhiphe ama-patches ukuze ibhekane nalobu bungozi ngoSepthemba nango-Okthoba 2023, ngokulandelana. Nokho, ukuxhashazwa kwakamuva kwephutha elifanayo Kuseva Yefayela Ye-HTTP kugcizelela ukubaluleka kokusebenzisa lezi zibuyekezo ngokushesha. Amadivayisi we-PanelView Plus angapeyishiwe ahlala esengozini yokuhlaselwa, okushiya ingqalasizinda ebucayi isengozini yokufakwa engozini.

I-Brazil Ivimbela i-Meta ekusebenziseni Idatha Yomsebenzisi Yokuqeqeshwa kwe-AI Icaphuna Ukukhathazeka Kobumfihlo

Iziphathimandla zokuvikela idatha yase-Brazil, i-ANPD, ivimbele okwesikhashana i-Meta ekusebenziseni idatha yomuntu siqu yabasebenzisi bayo ngezinjongo zokuqeqesha i-AI. Lesi sinqumo silandela isibuyekezo sakamuva se-Meta emigomeni yayo, eyivumele ukuthi isebenzise okuqukethwe esidlangalaleni okuvela ku-Facebook, Instagram, kanye ne-Messenger ukuqeqesha ama-algorithms ayo e-AI. I-ANPD ithole ukuthi imigomo ebuyekeziwe yephula uMthetho Wokuvikelwa Kwedatha Yabantu Okujwayelekile wase-Brazil, icaphuna ukukhathazeka mayelana nokushoda kwezinto ngale, isisekelo somthetho esinganele, kanye nezingozi ezingaba khona ezinganeni nasebancane. 

Lesi sinyathelo seBrazil asihlukanisiwe. I-Meta ibhekane nokuphikiswa okufanayo e-European Union, okwenza inkampani ukuthi ime kancane izinhlelo zayo zokuqeqeshwa kwe-AI esifundeni ngaphandle kwemvume yomsebenzisi ecacile. Umongameli wale nkampani wezindaba zomhlaba jikelele ukugxekile ukuma kwe-EU njengesithiyo ekwakhiweni kwezinto ezintsha. 

Phakathi naleso sikhathi, i-Cloudflare yethule ithuluzi elisha lokuvimbela i-AI bots ukuthi ikhiphe okuqukethwe kokuqeqeshwa kwe-LLM, iphinde igqamise ukukhathazeka okukhulayo mayelana nobumfihlo bedatha kanye nokuthuthukiswa kwe-AI.

Iqembu le-Chinese Espionage Group 'i-Velvet Ant' Lixhaphaza Ukuba Sengozini Kosuku Lwe-Cisco Zero Ku-Cyberattack Eyinkimbinkimbi

Inkampani ye-Cybersecurity i-Sygnia iveze ukuhlasela okuhlosiwe yiqembu lezinhloli ezixhaswe nguhulumeni wase-China, i-Velvet Ant, exhaphaza ubungozi obungaziwa ngaphambili ku-Cisco's NX-OS Software. Lokhu kushiyeka kosuku oluyiziro, okuqokwe njenge-CVE-2024-20399, kutholwe phakathi kwamaswishi e-Cisco Nexus, izingxenye ezibalulekile zengqalasizinda yenethiwekhi.

Ukuba sengozini kuvumela abahlaseli abagunyazwe ukuthi basebenzise imiyalo engafanele ngamalungelo ezimpande, okubanikeze ukulawula okubanzi kumadivayisi onakalisiwe. I-Velvet Ant isebenzise leli phutha ukuze ikhiphe uhlelo olungayilungele ikhompuyutha, ivumela ukufinyelela kude, ukulayishwa kwamafayela, nokusebenzisa ikhodi kumaswishi aqondiwe.

Ukutholwa kuka-Sygnia kufike ngesikhathi sophenyo olukhudlwana lwezobunhloli emisebenzini ye-Velvet Ant, okuveza iphethini yamaqhinga obunhloli ku-inthanethi asetshenziswa yiqembu. I-Cisco, ixwayiswe ngobungozi ngo-Ephreli 2024, selokhu yakhipha ama-patches ukulungisa le nkinga.

 

Ukuxhashazwa kwalolu suku lweziro kugqamisa umdlalo wekati negundane oqhubekayo phakathi kochwepheshe bezokuphepha ku-inthanethi nabalingisi abaxhaswe uhulumeni. Igcizelela ukubaluleka kwezinyathelo zokuphepha eziqinile, ikakhulukazi kumadivayisi enethiwekhi abalulekile njengamaswishi, avame ukunganakwa njengezindawo zokungena ezingaba khona zabahlaseli. 

Ngaphezu kwalokho, lesi sigameko sigcizelela izinselele zokuthola nokuphenya umsebenzi onobungozi ezinsizeni zenethiwekhi ngenxa yokuntuleka kokuqapha nokugawulwa kwemithi endaweni eyodwa. Njengoba izinsongo ze-inthanethi ziqhubeka nokuvela, izinhlangano kufanele zihlale ziqaphile futhi zisebenzisa izinyathelo ezisheshayo zokuvikela ingqalasizinda yazo kanye nedatha.