Abacwaningi abavela eNyuvesi yase-Leiden e-Netherlands bahlole udaba lokuthunyelwa kwe-dummy exploit prototypes ku-GitHub, equkethe ikhodi enonya yokuhlasela abasebenzisi abazame ukusebenzisa lokho kuxhaphaza ukuze bahlole ukuba sengozini. Kwahlaziywa isamba esingu-47313 sezindawo zokugcina zokuxhaphaza, okuhlanganisa ubuthakathaka obaziwayo obuhlonziwe kusukela ngo-2017 kuya ku-2021. Ukuhlaziywa kokuxhashazwa kubonise ukuthi ama-4893 (10.3%) akho aqukethe ikhodi eyenza izenzo ezinonya. Abasebenzisi abanquma ukusebenzisa ukuxhaphaza okushicilelwe batuswa ukuthi baqale bakuhlole ukuthi kukhona yini okufakiwe okusolisayo futhi basebenzise ukuxhashazwa kuphela emishinini ebonakalayo ehlukanisiwe nesistimu enkulu.
Izigaba ezimbili eziyinhloko zokuxhaphaza ezinonya zikhonjiwe: ukuxhaphaza okuqukethe ikhodi enonya, isibonelo, ukushiya umnyango ongemuva ohlelweni, ukulanda i-Trojan, noma ukuxhuma umshini ku-botnet, nokuxhashazwa okuqoqa futhi kuthumele ulwazi oluyimfihlo mayelana nomsebenzisi. . Ngaphezu kwalokho, isigaba esihlukile sokuxhaphaza mbumbulu okungenangozi kukhonjwe futhi okungazenzi izenzo ezinonya, kodwa futhi akuqukethe ukusebenza okulindelekile, ngokwesibonelo, okudalelwe ukudukisa noma ukuxwayisa abasebenzisi abasebenzisa ikhodi engaqinisekisiwe evela kunethiwekhi.
Kusetshenziswe ukuhlola okuningana ukuze kutholakale ukuxhashazwa okunonya:
- Ikhodi yokuxhaphaza yahlaziywa ukuze kutholakale amakheli e-IP omphakathi ashumekiwe, okwathi ngemva kwalokho amakheli akhonjiwe aphinde ahlolwa ngokuqhathaniswa nesizindalwazi esinohlu oluvinjelwe lwabasingathi olusetshenziswa ukuphatha ama-botnet nokusabalalisa amafayela anonya.
- Ukuxhashazwa okuhlinzekwe ngefomu elihlanganisiwe kwahlolwa kusofthiwe yokulwa namagciwane.
- Ikhodi ikhonjwe ngokuba khona kokulahlwayo okungajwayelekile kwe-hexadecimal noma ukufakwa ngefomethi ye-base64, okwathi ngemva kwalokho lokhu kufakwa kwaqoshwa futhi kwahlolwa.
Source: opennet.ru