I-Trojanized WordPress Credentials Checker Intshontsha Iziqinisekiso ezingama-390,000, Ukuba sengozini Okubalulekile Kwembulwa ku-Microsoft Azure MFA: I-Cybersecurity Roundup yakho
I-Trojanized WordPress Credentials Checker Intshontsha Ukuqinisekisa okungu-390,000 kumkhankaso we-MUT-1244
Umlingisi osabisayo osezingeni eliphezulu, olandelwa njenge-MUT-1244, wenze umkhankaso omkhulu ngonyaka odlule, weba ngempumelelo izifakazelo ze-WordPress ezingaphezu kuka-390,000. Lo msebenzi, owawuqondise kakhulu abanye abadlali abasabisayo kanye nabacwaningi bezokuphepha, amathimba abomvu, nabahloli bokungena, bethembele kusihloli semininingwane ye-WordPress esifakelwe izintambo namakhosombe e-GitHub anonya ukuze afake engozini izisulu zawo.
Abahlaseli basebenzise ithuluzi elinonya, elithi “yawpp,” elikhangiswa njengesihloli semininingwane ye-WordPress. Iningi lezisulu, okuhlanganisa nabalingisi abasabisayo, basebenzise ithuluzi ukuze baqinisekise izifakazo ezebiwe, bedalula amasistimu nedatha yabo bengaqondile. Eceleni kwalokhu, i-MUT-1244 yamisa amakhosombe e-GitHub amaningi aqukethe ubufakazi bomqondo obungemuva okwaziwa. ukukhubazeka. Lawa makhosombe ayedizayinelwe ukuthi abonakale esemthethweni, ngokuvamile avela kokuphakelayo okuthembekile okusabisayo okufana ne-Feedly ne-Vulnmon. Lokhu kubukeka kobuqiniso kwakhohlisa ochwepheshe kanye nabalingisi abanonya ukuze basebenzise uhlelo olungayilungele ikhompuyutha, olulethwe ngezindlela ezihlukahlukene, okuhlanganisa amafayela okucupha angemuva, ama-Python droppers, amaphakheji anonya we-npm, kanye nemibhalo ye-PDF entshontshiwe.
Umkhankaso uphinde wahlanganisa a ukuphinga isici. Izisulu zakhohliswa ukuthi zisebenzise imiyalo yokufaka lokho ezikholelwa ukuthi isibuyekezo se-microcode ye-CPU kodwa empeleni kwakuyi-malware. Uma isifakiwe, uhlelo olungayilungele ikhompuyutha lusebenzise kokubili umvukuzi we-cryptocurrency kanye nomnyango ongemuva, okuvumela abahlaseli ukuthi bantshontshe idatha ebucayi efana nokhiye abayimfihlo be-SSH, okhiye bokufinyelela be-AWS, neziguquko zemvelo. Eyebiwe Imininingwane yabe isikhishelwa ezinkundleni ezifana neDropbox kanye ne-file.io kusetshenziswa izifakazelo ezinekhodi eliqinile elishunyekwe kuhlelo olungayilungele ikhompuyutha.
Abacwaningi Badalula Ukuba Sengozini Okubalulekile ku-Microsoft Azure MFA, Ivumela Ukuthathwa Kwe-akhawunti
Abacwaningi bezokuphepha kwa-Oasis Security bahlonze ukuba sengozini okubalulekile ohlelweni lwe-Microsoft Azure's multifactor authentication (MFA) olubavumele ukuba badlule ukuvikela kwe-MFA futhi bathole ukufinyelela okungagunyaziwe kuma-akhawunti abasebenzisi esikhathini esingangehora. Iphutha, elibangelwe ukungabikho komkhawulo wezinga emizamweni ehlulekile ye-MFA, lishiye ama-akhawunti e-Microsoft 400 angaphezu kwezigidi ezingu-365 engozini engase ibe sengozini, lidalula idatha ebucayi njengama-imeyili e-Outlook, amafayela e-OneDrive, izingxoxo zamaQembu, namasevisi e-Azure Cloud.
Ngokuxhaphaza ukuba sengozini, okubizwa ngokuthi “I-AuthQuake,” abahlaseli bangenza kanyekanye, imizamo esheshayo yokuqagela ikhodi ye-MFA enezinhlamvu eziyisithupha, enezinhlanganisela ezingaba yisigidi esingu-1. Ukuntuleka kwezaziso zomsebenzisi phakathi nemizamo yokungena ehlulekile kwenze ukuhlasela kwaba isinyenyela futhi kwaba nzima ukukubona. Ukwengeza, abacwaningi bathola ukuthi isistimu ye-Microsoft ivumele amakhodi e-MFA ukuthi ahlale evumelekile cishe imizuzu emithathu—imizuzu engu-2.5 ubude kunokuphelelwa yisikhathi kwamasekhondi angu-30 okunconywe i-RFC-6238—okwandisa ngokuphawulekayo amathuba okuqagela okuphumelelayo.
Ngokuhlola kwabo, abacwaningi babonise ukuthi phakathi neseshini engu-24 (cishe imizuzu engu-70), abahlaseli bazoba nethuba elingaphezu kuka-50% lokuqagela ikhodi elungile.
I-Russia Ivimba I-Viber Ngezinsolo Zokwephula Umthetho Kazwelonke
Umlawuli wezokuxhumana waseRussia, iRoskomnadzor, uvimbe uhlelo lokusebenza lokuthumela imiyalezo lwe-Viber, ecaphuna ukwephulwa komthetho kazwelonke. Uhlelo lokusebenza, olusetshenziswa kakhulu emhlabeni wonke, lwasolwa ngokuhluleka ukuthobela izimfuneko ezihloselwe ukuvimbela ukusetshenziswa kwalo kabi emisebenzini efana nobuphekula, ukweqisa, ukushushumbiswa kwezidakamizwa, kanye nokusatshalaliswa kolwazi olungekho emthethweni. I-Roskomnadzor yathethelela ukuvinjelwa njengoba kudingeka ukuze kuncishiswe lezi zingozi futhi kugcinwe ukuhambisana nemithetho yaseRussia.
I-Viber, etholakala kuzo zombili izinkundla zedeskithophu kanye neselula, idume kakhulu, ngokulandwa okungaphezulu kwebhiliyoni elingu-1 ku-Google Play Isitolo kanye nokuzibandakanya kwabasebenzisi okubalulekile ku-iOS. Kodwa-ke, lesi sinyathelo silandela uchungechunge lwezenzo zeziphathimandla zaseRussia eziqondise izinkundla zokuxhumana zangaphandle. NgoJuni 2023, inkantolo yaseMoscow yahlawulisa i-Viber isigidi esingu-ruble sama-ruble ngokwehluleka kwayo ukususa lokho okubhalwe njengokuqukethwe okungekho emthethweni, okuhlanganisa nezinto ezihlobene nokungqubuzana okuqhubekayo kwaseRussia e-Ukraine. Ukuqhekeka kwe-Viber kuhambisana nemikhawulo ebanzi iRussia eyibekile ezinsizakalweni zemiyalezo.
