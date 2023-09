Takaitacciyar shawara: Shawarwari ta haɗin gwiwa ta CISA, FBI, da USCYBERCOM ta bayyana cewa ƙungiyoyin satar bayanan da ke samun goyon bayan jihohi sun keta ƙungiyar jiragen sama ta Amurka ta amfani da fa'ida da ke niyya ga munanan rauni a Zoho da Fortinet. Ko da yake ba a tantance maharan ba, amma ana alakanta su da kokarin cin gajiyar Iran. Masu satar bayanan sun sami damar shiga cibiyar sadarwar kungiyar ba tare da izini ba ta hanyar lahani a cikin Zoho ManageEngine ServiceDesk Plus da tacewar wuta ta Fortinet. Shawarar ta yi gargaɗin cewa waɗannan ƙungiyoyin barazanar akai-akai suna bincika rashin lahani a cikin na'urorin da ba a buɗe ba kuma da zarar sun kutsa cikin hanyar sadarwa, za su ci gaba da dagewa kan abubuwan da aka yi kutse. An shawarci masu kare hanyar sadarwa da su yi amfani da shawarwarin ragewa da mafi kyawun ayyuka don amintar da ababen more rayuwa. Wannan ƙetare ya biyo bayan gargaɗin da aka yi a baya daga CISA game da rashin lahani a cikin al'amuran ManageEngine da cin zarafin Zoho daga ƙungiyoyi masu goyon bayan jihohi. Hakanan an yi amfani da raunin Fortinet, CVE-2022-42475, a cikin hare-haren kwanaki da aka kai wa kungiyoyin gwamnati. Fortinet ya bayyana cewa an zazzage ƙarin kayan aikin mugunta akan na'urorin da aka lalata yayin hare-haren.

Ma'anar:

– CISA: Hukumar Tsaro ta Yanar Gizo da Tsaro, wata hukuma ce ta gwamnatin tarayya ta Amurka.

– FBI: Ofishin Bincike na Tarayya, leken asirin cikin gida da sabis na tsaro na Amurka.

- USCYBERCOM: Dokar Intanet ta Amurka, umarnin da ke da alhakin ayyukan sojojin Amurka a sararin samaniya.

– Zoho SarrafaEngine ServiceDesk Plus: Taimako da software na sarrafa kadara wanda Kamfanin Zoho ya haɓaka.

- Fortinet: Babban kamfani na kasa da kasa wanda ke haɓakawa da siyar da hanyoyin tsaro ta yanar gizo, gami da bangon wuta da VPNs.

- CVE: Laifukan gama gari da Bayyanawa, jerin raunin da aka bayyana a bainar jama'a ta yanar gizo.

