Awudlulanga , abacwaningi bezokuphepha benkundla yekhompuyutha baphinde babamba kanjani insiza yefu ye-ASUS ezingemuva. Kulokhu, isevisi ye-WebStorage nesofthiwe kufakwe engcupheni. Ngosizo lwayo, iqembu labaduni iBlackTech Group lifake i-Plead malware kumakhompyutha ezisulu. Ngokunemba kakhudlwana, uchwepheshe we-cybersecurity wase-Japan u-Trend Micro ubheka isofthiwe ye-Plead njengethuluzi leqembu le-BlackTech, elivumela ukuthi likhombe abahlaseli ngezinga elithile lokunemba. Masingeze ukuthi iqembu le-BlackTech ligxile kakhulu kubunhloli be-cyber, futhi izinhloso zalo yizikhungo zikahulumeni nezinkampani eziseNingizimu-mpumalanga ye-Asia. Isimo ngokugetshengwa kwakamuva kwe-ASUS WebStorage besihlobene nemisebenzi yeqembu e-Taiwan.
Umsebenzi wokunxusa kuhlelo lwe-ASUS WebStorage watholwa ochwepheshe bakwa-Eset ekupheleni kuka-April. Ngaphambilini, iqembu le-BlackTech lisabalalise i-Plead lisebenzisa ukuhlasela kobugebengu bokweba imininingwane ebucayi nge-imeyili namarutha anobungozi obuvulekile. Ukuhlasela kwakamuva bekungavamile. Abaduni bafake i-Plead kuhlelo lwe-ASUS Webstorage Upate.exe, okuyithuluzi lenkampani lobunikazi bokubuyekeza isofthiwe. Ngemuva kwalokho i-backdoor iphinde yenziwa yasebenza uhlelo lokuphathelene nolwethembekile lwe-ASUS WebStorage.
Ngokusho kochwepheshe, abaduni bakwazile ukwethula i-backdoor ezinsizakalweni ze-ASUS ngenxa yokungavikeleki okwanele kuphrothokholi ye-HTTP besebenzisa lokho okubizwa ngokuthi ukuhlasela kwe-man-in-middle. Isicelo sokubuyekeza nokudlulisa amafayela kusuka kumasevisi e-ASUS nge-HTTP singabanjwa, futhi esikhundleni sesofthiwe ethenjwayo, amafayela anegciwane adluliselwa kulowo ohlukunyeziwe. Ngesikhathi esifanayo, isofthiwe ye-ASUS ayinazo izindlela zokuqinisekisa ubuqiniso bezinhlelo ezilandiwe ngaphambi kokubulawa kukhompyutha yesisulu. Ukunqanyulwa kwezibuyekezo kungenzeka kumarutha asengozini. Ngalokhu, kwanele ukuthi abalawuli bashaye indiva izilungiselelo ezizenzakalelayo. Amarutha amaningi kunethiwekhi ehlaselwe avela kumkhiqizi ofanayo onezinombolo zokungena ezisethwe embonini namaphasiwedi, ulwazi olungeyona imfihlo egadwe kakhulu.
Isevisi ye-ASUS Cloud iphendule ngokushesha ekubeni sengozini futhi yabuyekeza izindlela ezikuseva yokubuyekeza. Kodwa-ke, inkampani incoma ukuthi abasebenzisi bahlole amakhompyutha abo ukuze bathole amagciwane.
Source: 3dnews.ru