Uncategorized

Izinhlobo Zefayela Ezingalungile Eziphezulu – I-HP Wolf Security zihlaziye izinhlobo eziphezulu zamafayela ohlelo olungayilungele ikhompuyutha futhi amaspredishithi aphuma phambili.

Umbiko omusha wenhlolovo wembula i-Spreadsheest njengohlobo lwefayela oluyi-malware ephezulu 34% futhi 11% ukwanda kwezinsongo ezilethwa kungobo yomlando.

I-Wolf Security inikezela ngokuvikeleka okuphelele kokuphela kanye nokuqina okuqala ezingeni lehadiwe futhi kunwetshwe kuyo yonke isoftware nezinsizakalo..

Umbiko ubuyekeza izinsongo eziphawulekayo, izitayela namasu ohlelo olungayilungele ikhompyutha ahlonzwe i-telemetry yekhasimende le-HP Wolf Security kukhalenda Q2 2022. Okugqamile kufaka phakathi ukuhlaziya ubungozi obulethwa yi-CVE-2022-30190, ubungozi bosuku oluyiziro obuthinta Ithuluzi Lokuxilonga I-Microsoft Support, okuhlanganisa nemikhankaso ebonakala endle yabahlaseli abaxhaphaza leli phutha, kanye nokukhuphuka kwesinqamuleli (I-LNK) amafayela njengenye indlela yamahhala yokusebenzisa uhlelo olungayilungele ikhompuyutha.

 

A security incident at Cisco sheds light on how attacks of the future will unfold.

Here’s how it went down:

1. The hacker gained access to a Cisco employee’s personal Gmail account. That Gmail account had saved credentials for the Cisco VPN.

2. The VPN required MFA for authentication. To bypass this, the hacker used a combination of MFA push spamming (sending multiple MFA prompts to the user’s phone) and impersonating Cisco IT support and calling the user.

3. After connecting to the VPN, the hackers enrolled new devices for MFA. This removed the need to spam the user every time and allowed them to log into the network and begin moving laterally.

There isn’t a silver bullet in cyber security. As organizations roll out defenses like MFA, attackers will find a way to bypass. While this can be frustrating for organizations, it is the reality security professionals live in.

We can either get frustrated by the constant change or choose to adapt and stay alert. It helps to recognize that there is no finish line in cyber security – it is an endless game of survival.

WordPress powers 37% of all websites on the internet in 2021. That’s 10% more than in 2016 when they powered only 25% of websites. WordPress powers over 13 times the number of CMS websites compared to Joomla, the second most popular CMS host.

Undertaking a regular website security test of your WordPress website is critical to ensure any vulnerabilities or malware as fixed.

An example of this is hackers have reportedly scanned almost 1.6 million WordPressn websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin.

The vulnerability targets Kaswara Modern WPBakery Page Builder Addons futhi, if exploited, it would allow criminals to upload malicious JavaScript files and even completely take over an organization’s website.

Nikeza Hack Security Breach

Isikhondlakhondla sezokuphepha i-Entrust sesiqinisekise ukuthi izinhlelo zayo zangaphakathi ze-IT zaphulwa emuva ngoJuni.

I-Entrust yinkampani yezokuphepha egxile ekuthembekeni ku-inthanethi nokuphathwa kobunikazi, enikeza inhlobonhlobo yezinsizakalo, okuhlanganisa ukuxhumana okubethelwe, izinkokhelo zedijithali ezivikelekile, kanye nezixazululo zokukhishwa kwe-ID.

Abaduni bantshontshe 'amanye amafayela' umthengisi wezokuphepha u-Entrust uyavuma: Ukuphulwa kwedatha ngenyanga edlule nokufinyelela kwamasistimu angagunyaziwe okungagunyaziwe kuqinisekisiwe.

Entrust has reluctantly admitted the databreach, okuholela ekwebiweni kwedatha ebalulekile yebhizinisi. Ukwephulwa komthetho kunomthelela ku-DOJ, i-DOE, kanye ne-USDT, phakathi kwezinye izinhlangano ezinkulu.

Kwaze kwaba umhla zingama-26 kuJulayi lapho ukwephulwa komthetho kwaqinisekiswa esidlangalaleni lapho umcwaningi wezokuphepha u-Dominic Alvieri ebhala ku-Twitter isithombe-skrini sesaziso sokuphepha esithunyelwe kumakhasimende akwa-Entrust..

Ukusebenza kweqembu elinomthwalo wemfanelo kuncike kunethiwekhi ethembekile yabathengisi bokufinyelela kwenethiwekhi ukuze bathole ukufinyelela kokuqala endaweni ye-Entrust okuholele ekubhalweni kwemfihlo nokuchayeka kokuhlunga ngeqembu elaziwayo le-ransomware..

Ukuthi isihlengo sesikhokhiwe noma cha akwaziwa okwamanje.

Ukwephulwa kwemithetho kutholwe ngoJuni 18 and the firm started notifying customers on July 6. The reasons for the delay on notifying customers was not given. Lokhu kubambezeleka kungabeka ngokucacile izinhlelo zamakhasimende engozini futhi kungase kubhekwe njengokunganaki.

I-trust ithe “Sithole ukuthi amanye amafayela athathwe kumasistimu ethu angaphakathi. Njengoba sisaqhubeka nokuphenya udaba, sizokuthinta ngokuqondile uma sifunda ulwazi esikholelwa ukuthi lungathinta ukuphepha kwemikhiqizo namasevisi esiwanikeza inhlangano yakho.” – Thembisa.