Bai wuce ba
ƙwararrun Eset ne suka gano ayyukan roƙo a cikin shirin Asus WebStorage a ƙarshen Afrilu. A baya can, ƙungiyar BlackTech ta rarraba Plead ta amfani da hare-haren phishing ta imel da masu amfani da hanyoyin sadarwa tare da buɗe ido. Harin na baya-bayan nan ya kasance sabon abu. Hackers sun shigar da Plead a cikin ASUS Webstorage Upate.exe shirin, wanda shine kayan aikin sabunta software na kamfanin. Sa'an nan kuma an kunna kofa ta baya ta mai mallakar ta kuma amintaccen shirin Asus WebStorage.
A cewar masana, masu satar bayanai sun sami damar shigar da kofa ta baya cikin abubuwan amfani na ASUS saboda rashin isasshen tsaro a cikin ka'idar HTTP ta amfani da abin da ake kira harin-in-da-tsakiyar. Buƙatar sabuntawa da canja wurin fayiloli daga sabis na ASUS ta hanyar HTTP ana iya katsewa, kuma maimakon amintaccen software, fayilolin da suka kamu da cutar ana canja su zuwa ga wanda aka azabtar. A lokaci guda, ASUS software ba ta da hanyoyin tabbatar da sahihancin shirye-shiryen da aka zazzage kafin a aiwatar da su akan kwamfutar wanda aka azabtar. Tsangwama na sabuntawa yana yiwuwa akan masu amfani da hanyoyin sadarwa da aka yi sulhu. Don wannan, ya isa masu gudanarwa suyi watsi da saitunan tsoho. Yawancin masu amfani da hanyar sadarwa a cikin hanyar sadarwar da aka kai hari sun fito ne daga masana'anta guda tare da saitunan masana'anta da kalmomin shiga, bayanan da ba wani sirrin sirri ba ne.
Sabis na ASUS Cloud ya amsa da sauri ga raunin kuma ya sabunta hanyoyin akan sabar sabuntawa. Koyaya, kamfanin ya ba da shawarar cewa masu amfani da su bincika kwamfutocin su don ƙwayoyin cuta.
source: 3dnews.ru