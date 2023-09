By

Bungwe la US Cybersecurity and Infrastructure Security Agency (CISA) lapereka chenjezo lokhudza anthu angapo m'mayiko omwe akugwiritsa ntchito ziwopsezo zachitetezo mu Fortinet FortiOS SSL-VPN ndi Zoho ManageEngine ServiceDesk Plus. Ochita izi akupeza mwayi wosaloledwa ku machitidwe osokonezeka ndikukhazikitsa kulimbikira.

Chenjezoli, lomwe linasindikizidwa pamodzi ndi CISA, Federal Bureau of Investigation (FBI), ndi Cyber ​​National Mission Force (CNMF), likuti ochita masewera a National-state advanced persistent threat (APT) akhala akugwiritsa ntchito CVE-2022-47966. Chiwopsezochi chimalola mwayi wofikira ku Zoho ManageEngine ServiceDesk Plus, zomwe zimapangitsa kuti pakhale kulimbikira komanso kuyenda kotsatira kudzera pamanetiweki.

Ngakhale ziwopsezo zamagulu omwe akuwopseza sizinafotokozedwe, bungwe la US Cyber ​​​​Command (USCYBERCOM) lati zitha kutengapo gawo kwa ogwira ntchito m'boma la Iran.

Zomwe zapezazi zikuchokera pa zomwe CISA idachita ku bungwe loyendetsa ndege lomwe silinatchulidwe dzina kuyambira February mpaka Epulo 2023. Akukhulupirira kuti ntchito yoyipayi idayamba kuyambira pa Januware 18, 2023.

Chiwopsezo cha CVE-2022-47966 chimatanthawuza cholakwika chachikulu chomwe chimathandizira kukhazikitsidwa kwa ma code akutali, kulola owukira osatsimikizika kuti athetseretu omwe ali pachiwopsezo.

Owukirawo atagwiritsa ntchito bwino kusatetezekako, adapeza mwayi wofikira pa seva yapaintaneti. Kenako adatsitsa pulogalamu yaumbanda yowonjezera, kuwerengera netiweki, kusonkhanitsa zidziwitso za ogwiritsa ntchito, ndikuyenda motsatana ndi netiweki.

Sizikudziwikabe ngati pali zidziwitso za eni ake zomwe zidabedwa chifukwa cha ziwopsezozi.

Bungwe lomwe likufunsidwalo lidaphwanyidwanso pogwiritsa ntchito vekitala yachiwiri yofikira, yomwe idaphatikizira kugwiritsa ntchito CVE-2022-42475, cholakwika chachikulu mu Fortinet FortiOS SSL-VPN, kuti athe kupeza zozimitsa moto.

CISA yanena kuti achiwembuwo adasokoneza ndikugwiritsa ntchito zidziwitso zovomerezeka zaakaunti yovomerezeka yochokera kwa kontrakitala yemwe adalembedwapo kale ntchito. Zinatsimikiziridwa kuti wogwiritsa ntchitoyo adayimitsidwa zisanachitike zoyipa zomwe zidawonedwa.

Owukirawo adawonedwa akuyambitsa magawo angapo obisika a Transport Layer Security (TLS) kumaadiresi osiyanasiyana a IP, kuwonetsa kusamutsa deta kuchokera pazida zozimitsa moto zomwe zidawonongeka. Adagwiritsanso ntchito zidziwitso zovomerezeka kuti asunthe kuchokera pa firewall kupita pa seva yapaintaneti ndikuyika zipolopolo zapaintaneti kuti zitheke kulowa kumbuyo.

Muzochitika zonsezi, ochita ziwopsezo adayimitsa zidziwitso zaakaunti ya oyang'anira ndikuchotsa zipika pamaseva ovuta kuti atseke zomwe akutsatira ndikuchotsa umboni wazomwe akuchita.

Paziwopsezo, anydesk.exe executable idawonedwa pa makamu atatu kuyambira koyambirira kwa February ndi pakati pa Marichi 2023. Ochita ziwopsezo adasokoneza wolandila m'modzi ndiyeno adasunthira pambali kuti akhazikitse zomwe zikuyenera kuchitika pa ena awiriwo.

Njira yoyika AnyDesk pamakina aliwonse sadziwika. Osewerawo adagwiritsanso ntchito kasitomala wovomerezeka wa ConnectWise ScreenConnect kuti atsitse ndikuyendetsa chida chodziwika bwino chotaya Mimikatz.

Owukirawo anayesa kugwiritsa ntchito mwayi wodziwika bwino wa Apache Log4j (CVE-2021-44228 kapena Log4Shell) mu ServiceDesk system kuti apezeke koyamba koma sizinaphule kanthu.

Pofuna kuteteza ku ziwonetsero zomwe zikuchitikazi, mabungwe akulangizidwa kuti agwiritse ntchito zosintha zaposachedwa, kuyang'anira kugwiritsa ntchito mosaloledwa kwa pulogalamu yolowera kutali, ndikuchotsa maakaunti ndi magulu osafunikira kuti apewe kugwiritsidwa ntchito kwawo.

