Awudlulanga
Umsebenzi wokunxusa kuhlelo lwe-ASUS WebStorage watholwa ochwepheshe bakwa-Eset ekupheleni kuka-April. Ngaphambilini, iqembu le-BlackTech lisabalalise i-Plead lisebenzisa ukuhlasela kobugebengu bokweba imininingwane ebucayi nge-imeyili namarutha anobungozi obuvulekile. Ukuhlasela kwakamuva bekungavamile. Abaduni bafake i-Plead kuhlelo lwe-ASUS Webstorage Upate.exe, okuyithuluzi lenkampani lobunikazi bokubuyekeza isofthiwe. Ngemuva kwalokho i-backdoor iphinde yenziwa yasebenza uhlelo lokuphathelene nolwethembekile lwe-ASUS WebStorage.
Ngokusho kochwepheshe, abaduni bakwazile ukwethula i-backdoor ezinsizakalweni ze-ASUS ngenxa yokungavikeleki okwanele kuphrothokholi ye-HTTP besebenzisa lokho okubizwa ngokuthi ukuhlasela kwe-man-in-middle. Isicelo sokubuyekeza nokudlulisa amafayela kusuka kumasevisi e-ASUS nge-HTTP singabanjwa, futhi esikhundleni sesofthiwe ethenjwayo, amafayela anegciwane adluliselwa kulowo ohlukunyeziwe. Ngesikhathi esifanayo, isofthiwe ye-ASUS ayinazo izindlela zokuqinisekisa ubuqiniso bezinhlelo ezilandiwe ngaphambi kokubulawa kukhompyutha yesisulu. Ukunqanyulwa kwezibuyekezo kungenzeka kumarutha asengozini. Ngalokhu, kwanele ukuthi abalawuli bashaye indiva izilungiselelo ezizenzakalelayo. Amarutha amaningi kunethiwekhi ehlaselwe avela kumkhiqizi ofanayo onezinombolo zokungena ezisethwe embonini namaphasiwedi, ulwazi olungeyona imfihlo egadwe kakhulu.
Isevisi ye-ASUS Cloud iphendule ngokushesha ekubeni sengozini futhi yabuyekeza izindlela ezikuseva yokubuyekeza. Kodwa-ke, inkampani incoma ukuthi abasebenzisi bahlole amakhompyutha abo ukuze bathole amagciwane.
Source: 3dnews.ru