Trojanized WordPress Credentials Checker Amaba Zidziwitso 390,000, Chiwopsezo Chachikulu Chowululidwa mu Microsoft Azure MFA: Cybersecurity Roundup

Trojanized WordPress Credentials Checker Amaba Zidziwitso 390,000 mu Kampeni ya MUT-1244
Wochita ziwopsezo wotsogola, yemwe amadziwika kuti MUT-1244, wachita kampeni yayikulu chaka chatha, kuba zidziwitso zopitilira 390,000 za WordPress. Opaleshoniyi, yomwe makamaka imayang'ana ochita ziwopsezo komanso ofufuza zachitetezo, ochita masewera ofiira, ndi oyesa kulowa, idadalira chowunikira chodziwika bwino cha WordPress ndi malo oyipa a GitHub kuti asokoneze omwe akuzunzidwa.
Owukirawo adagwiritsa ntchito chida choyipa, "yawpp," cholengezedwa ngati chofufuza za WordPress. Ambiri mwa ozunzidwa, kuphatikizapo ochita ziwopsezo, adagwiritsa ntchito chidachi kuti atsimikizire zidziwitso zabedwa, kuwonetsa mosadziwa machitidwe awo ndi deta. Pamodzi ndi izi, MUT-1244 idakhazikitsa nkhokwe zingapo za GitHub zomwe zili ndi umboni wamalingaliro odziwikiratu. zovuta. Zosungirazi zidapangidwa kuti ziziwoneka ngati zovomerezeka, zomwe nthawi zambiri zimawonekera muzakudya zowopseza zowopsa monga Feedly ndi Vulnmon. Kuwoneka kowona kumeneku kunanyengerera akatswiri komanso ochita zoyipa kuti awononge pulogalamu yaumbanda, yomwe idaperekedwa kudzera m'njira zosiyanasiyana, kuphatikiza mafayilo osinthira kumbuyo, otsitsa a Python, mapaketi oyipa a npm, ndi zolemba za PDF.
Kampeniyi idaphatikizaponso a phishing chinthu. Ozunzidwa adanyengedwa kuti ayambe kulamula kuti aike zomwe amakhulupirira kuti ndikusintha kwa ma microcode a CPU koma kwenikweni anali pulogalamu yaumbanda. Ikangoyikidwa, pulogalamu yaumbandayo idatumiza wogwiritsa ntchito mgodi wa cryptocurrency komanso kumbuyo, kulola owukirawo kuba zidziwitso zachinsinsi monga makiyi achinsinsi a SSH, makiyi olowera a AWS, ndi zosintha zachilengedwe. Zobedwa mudziwe Kenako idatulutsidwa kumapulatifomu ngati Dropbox ndi file.io pogwiritsa ntchito zidziwitso zolimba zophatikizidwa mu pulogalamu yaumbanda.
Ofufuza Amavumbula Chiwopsezo Chachiwopsezo mu Microsoft Azure MFA, Kulola Kutenga Akaunti
Ofufuza zachitetezo ku Oasis Security adazindikira chiwopsezo chachikulu mu Microsoft Azure's multifactor authentication (MFA) system yomwe idawalola kudutsa chitetezo cha MFA ndikupeza mwayi wosaloledwa wamaakaunti ogwiritsa ntchito pafupifupi ola limodzi. Cholakwikacho, chomwe chinabwera chifukwa chosowa malire pa zoyesayesa za MFA zomwe zidalephera, zidasiya maakaunti opitilira 400 miliyoni a Microsoft 365 pachiwopsezo chosokonekera, kuwulula zidziwitso zachinsinsi monga maimelo a Outlook, mafayilo a OneDrive, macheza a Teams, ndi ntchito za Azure Cloud.
Pogwiritsa ntchito chiwopsezochi, chomwe chimatchedwa "AuthQuake," owukira amatha kuyesa nthawi imodzi, mwachangu kuyerekeza nambala ya MFA yokhala ndi manambala asanu ndi limodzi, yomwe imatha kuphatikiza 1 miliyoni. Kuperewera kwa zidziwitso za ogwiritsa ntchito pakuyesa kulephera kolowera kudapangitsa kuti kuwukirako kukhala kwachibwanabwana komanso kovuta kuzindikira. Kuphatikiza apo, ofufuza adapeza kuti machitidwe a Microsoft amalola ma code a MFA kukhala ovomerezeka kwa mphindi pafupifupi zitatu-mphindi 2.5 motalika kuposa kutha kwa masekondi 30 komwe RFC-6238 idanenedweratu - ndikuwonjezera mwayi woyerekeza bwino.
Kupyolera mu kuyesa kwawo, ofufuza adawonetsa kuti mkati mwa magawo 24 (pafupifupi mphindi 70), owukira atha kukhala ndi mwayi wopitilira 50% wolosera nambala yolondola.
Russia Ikuletsa Viber Chifukwa Chophwanya Malamulo Adziko Lonse
Woyang'anira ma telecommunications ku Russia, Roskomnadzor, aletsa pulogalamu ya mauthenga ya Viber, ponena za kuphwanya malamulo a dziko. Pulogalamuyi, yomwe imagwiritsidwa ntchito kwambiri padziko lonse lapansi, ikuimbidwa mlandu wolephera kutsatira zomwe akufuna kuti isagwiritsidwe ntchito molakwika pazinthu monga zauchigawenga, zigawenga, kuzembetsa mankhwala osokoneza bongo, komanso kufalitsa uthenga wosaloledwa. Roskomnadzor idalungamitsa kuletsako ngati kuli kofunikira kuti achepetse zoopsazi ndikutsatira malamulo aku Russia.
Viber, yomwe imapezeka pa desktop komanso pamapulatifomu am'manja, ndiyotchuka kwambiri, ndikutsitsa kopitilira 1 biliyoni pa Google Play Store komanso kugwiritsa ntchito kwambiri kwa ogwiritsa ntchito pa iOS. Komabe, kusunthaku kukutsatira zochitika zingapo zomwe akuluakulu aku Russia akutsata nsanja zolumikizirana zakunja. Mu June 2023, khoti la ku Moscow linapereka chindapusa cha ma ruble 1 miliyoni a Viber chifukwa cholephera kuchotsa zomwe zidanenedwa kuti ndizoletsedwa, kuphatikiza zida zokhudzana ndi nkhondo yomwe ikuchitika ku Russia ku Ukraine. Kuphwanyidwa kwa Viber kumagwirizana ndi zoletsa zambiri zomwe Russia idayika pazantchito zotumizirana mauthenga.