Trojanized WordPress Credentials Checker e utsoa lintlha tse 390,000, tlokotsi e tebileng e senotsoeng ho Microsoft Azure MFA: Cybersecurity Roundup
Trojanized WordPress Credentials Checker e utsoa lintlha tse 390,000 ho Letšolo la MUT-1244
Sebapali se hloahloa sa tšokelo, se lateloang e le MUT-1244, se entse lets'olo le leholo selemong se fetileng, se atlehile ho utsoa lintlha tse fetang 390,000 tsa WordPress. Ts'ebetso ena, e neng e shebane haholo le batšoantšisi ba bang ba ts'okelo hammoho le bafuputsi ba ts'ireletso, lihlopha tse khubelu, le bahlahlobi ba ho kenella, e ne e itšetlehile ka sehlahlobi sa lintlha tsa WordPress sa trojanized le polokelo ea GitHub e kotsi ho senya bahlaseluoa ba eona.
Bahlaseli ba sebelisitse sesebelisoa se kotsi, "yawpp," se phatlalalitsoeng e le sehlahlobi sa lintlha tsa WordPress. Bahlaseluoa ba bangata, ho kenyeletsoa batšoantšisi ba tšokelo, ba sebelisitse sesebelisoa ho netefatsa mangolo a utsoitsoeng, ba pepesa litsamaiso le lintlha tsa bona ba sa tsebe. Haufi le sena, MUT-1244 e thehile lipolokelo tse ngata tsa GitHub tse nang le litlatsetso tsa bopaki ba mohopolo tse tsebahalang. kholofalo. Libaka tsena tsa polokelo li ne li etselitsoe hore li bonahale li le molaong, hangata li hlahella lijong tsa bohlale tse tšeptjoang tse kang Feedly le Vulnmon. Ponahalo ena ea 'nete e thetsitse litsebi le batšoantšisi ba lonya ka mokhoa o ts'oanang ho phethahatsa malware, e ileng ea fanoa ka mekhoa e fapaneng, ho kenyeletsoa lifaele tsa tlhophiso tse ka morao, li-dropper tsa Python, liphutheloana tse mpe tsa npm, le litokomane tse utsoitsoeng tsa PDF.
Letšolo le boetse le kenyelletsa a phishing element. Bahlaseluoa ba ile ba qhekelloa hore ba fane ka litaelo tsa ho kenya seo ba neng ba lumela hore ke ntlafatso ea microcode ea CPU empa ha e le hantle e ne e le malware. Ha e se e kentsoe, malware e ile ea kenya mochini oa "cryptocurrency" le "backdoor", e lumellang bahlaseli ho utsoa lintlha tsa bohlokoa tse kang linotlolo tsa poraefete tsa SSH, linotlolo tsa phihlello tsa AWS le mefuta e fapaneng ea tikoloho. E utswitsweng boitsebiso bo ka nako eo e ile ea fetisetsoa ho li-platform tse kang Dropbox le file.io ho sebelisa mangolo a netefalitsoeng a kentsoeng ho malware.
Bafuputsi ba Senola Kotsi ea Bohlokoa ho Microsoft Azure MFA, e lumellang ho nka Akhaonto
Bafuputsi ba ts'ireletso ho Oasis Security ba hlokometse tsietsi e kholo ho Microsoft Azure's multifactor authentication (MFA) sistimi e ba lumelletseng ho feta ts'ireletso ea MFA le ho fumana phihlello e sa lumelloeng ea li-account tsa mosebelisi ka nako e ka etsang hora. Bofokoli, bo bakiloeng ke ho ba sieo ha sekhahla ha liteko tsa MFA tse hlōlehileng, li siile li-account tsa Microsoft 400 tse fetang limilione tse 365 li le kotsing ea ho pepesetsoa, ho pepesa lintlha tsa bohlokoa tse kang li-imeile tsa Outlook, lifaele tsa OneDrive, lipuisano tsa Lihlopha le lits'ebeletso tsa Azure Cloud.
Ka ho sebelisa monyetla oa ho ba kotsing, o bitsoang "AuthQuake," bahlaseli ba ka leka ka nako e le 'ngoe, ba leka ka potlako ho hakanya khoutu ea MFA ea linomoro tse tšeletseng, e nang le motsoako o ka bang limilione tse 1. Khaello ea litemoso tsa basebelisi nakong ea liteko tse hlōlehileng tsa ho kena li entse hore tlhaselo e be e poteletseng le e thata ho e lemoha. Ho feta moo, bafuputsi ba fumane hore sistimi ea Microsoft e lumelletse likhoutu tsa MFA hore li lule li sebetsa metsotso e ka bang 2.5-metsotso e 30 ho feta nako ea ho felloa ke nako ea metsotsoana e 6238 e khothaletsoang ke RFC-XNUMX - e eketsa haholo monyetla oa ho hakanya ho atlehileng.
Ka liteko tsa bona, bafuputsi ba bontšitse hore nakong ea linako tse 24 (hoo e ka bang metsotso e 70), bahlaseli ba ka ba le monyetla o fetang 50% oa ho hakanya khoutu e nepahetseng.
Russia e Thibela Viber Ka lebaka la Tlōlo ea Melao ea Naha eo ho thoeng ke eona
Molaoli oa likhokahano oa Russia, Roskomnadzor, o thibetse sesebelisoa sa melaetsa se patiloeng sa Viber, a bua ka tlolo ea molao oa naha. Sesebelisoa sena, se sebelisoang haholo lefatšeng ka bophara, se ile sa qosoa ka ho hloleha ho latela litlhokahalo tse reretsoeng ho thibela tšebeliso e mpe ea eona mesebetsing e kang bokhukhuni, litaba tse feteletseng, ho rekisa lithethefatsi le ho hasa litaba tse seng molaong. Roskomnadzor e ile ea lokafatsa thibelo eo ha ho hlokahala ho fokotsa likotsi tsena le ho boloka ho latela melao ea Russia.
Viber, e fumanehang ho li-desktop le li-platform tsa mehala, e tumme haholo, e jarollotsoe ho feta 1 bilione Lebenkeleng la Google Play le ts'ebeliso ea bohlokoa ea basebelisi ho iOS. Leha ho le joalo, mohato ona o latela letoto la liketso tsa ba boholong Russia tse lebisitseng liforomo tsa puisano tsa kantle ho naha. Ka Phuptjane 2023, lekhotla la Moscow le ile la lefisa Viber li-ruble tse limilione tse 1 ka lebaka la ho hloleha ho tlosa lintho tse neng li ngotsoe e le litaba tse seng molaong, ho kenyelletsa le lisebelisoa tse amanang le ntoa e ntseng e tsoela pele ea Russia Ukraine. Ho putlama ha Viber ho tsamaisana le lithibelo tse pharalletseng tseo Russia e li behileng litšebeletsong tsa melaetsa.
