Oleh Diposting pada

Early this year I gave you five reasons to avoid desktop versions of messengers. The fact that many such applications use the Electron framework is one of them. This means that such a messenger works as an additional browser in your system, and its updates are quite difficult to control.

But, as I wrote in that post, it has become clear the problem is much more widespread — affecting not only messengers but hundreds of other apps as well. Chances are, because of Electron-based apps, you have a many more browsers than you think in your system this very minute…

What is Electron, and why do application developers want to use it?

Electron is a cross-platform desktop application development framework that employs web technologies — mostly HTML, CSS, and JavaScript. It was originally created by GitHub for its source code editor Atom (hence its original name — Atom Shell). Later on the framework was renamed Electron, ultimately evolving into an extremely popular tool used to create desktop applications for various operating systems, including Windows, macOS, and Linux.

Electron framework official site

Main page of the Electron framework official site. Source

Electron itself is based on the Chromium browser engine, which is responsible for displaying web content within a desktop application. So any Electron application is effectively a single website opened in the Chromium browser.

Users usually have no idea at all how the thing works. From their point of view, an Electron application is just another program you install, run in the usual way, give access to some files, occasionally update to the newest version, and so on.

Why has Electron grown so popular with developers? The idea is mainly this: no matter what digital service one might want to create, a web version is still needed. And the Electron framework allows you to develop just the web version and, based on it, produce full-fledged apps for all the desktop operating systems out there.

Electron’s other convenience features include making installation packages, their diagnostics, publication to app stores, and automatic updates.

Mullvad VPN uses the Electron framework, too

Et tu autem, Brute! You can find Electron in apps you least expect to

Summing up, the Electron framework is popular among developers — most particularly as it allows to greatly accelerate and simplify the application development process for all desktop operating systems in one go.

Issues with Electron-based applications

Electron-based applications have a number of drawbacks. The most obvious from the users’ perspective is their sluggishness. Electron-based software is usually resource-intensive and suffers from excessive file size. No wonder: each such app carries its whole home on its back like a snail a full-blown Chromium browser. In effect, it operates through that browser — serving as a sort of intermedium.

Next issue: web browsers are a favorite target of cybercriminals. It’s worth repeating: inside every Electron-based app there’s a separate instance of the Chromium web browser. This means your system may have a dozen additional browsers installed, all of which present a tempting target for criminals.

New, serious vulnerabilities pop up almost weekly in a popular browser like Chrome/Chromium: so far this year more than 70 high, and three critical severity-level vulnerabilities have been found in Chromium as of the time of writing. Worse yet, exploits for the world’s most popular browser’s vulnerabilities appear really quick. This means that a good part of Chrome/Chromium holes are not just abstract bugs you treat as a matter of routine — they’re vulnerabilities that can be used for attacks by cybercriminals out in the wild.

List of Chrome/Chromium vulnerabilities found in the first eight months of 2023

Even in fine print, Chromium vulnerabilities found so far in 2023 take up several screens. Source

For the standalone Chrome browser, this isn’t such a serious problem. Google is very quick to release patches and rather persistent in convincing users to install them and restart their browser (it even thoughtfully re-opens all their precious tabs after restarting so they don’t need to fear updating).

Things are very different for the Electron-based apps. A Chromium browser built into such an app will only get patched if the app’s vendor has released a new version and successfully communicated to users the need to install it.

So it appears that, with a bunch of installed Electron apps, not only do you have multiple browsers installed on your system, but also little to no control over how updated and secure those browsers are, or how many unpatched vulnerabilities they contain.

The framework’s creators know full well about the problem, and strongly recommend that app developers release patches on time. Alas, users can only hope that those recommendations are followed.

And here’s a fresh example: On September 11, Google fixed the CVE-2023-4863 vulnerability in Google Chrome. At that point, it was already actively exploited in the wild. It allows a remote attacker to perform an out of bounds memory write via a crafted HTML page, which can lead to the execution of arbitrary code. Of course, this bug is present in Chromium and all Electron-based applications. So, all companies using it in their applications will have to work on updates.

Which desktop applications are based on Electron?

Not many folks seem to know how incredibly common Electron-based desktop applications are. I’ll bet you are using more than one of them. Check them out yourself:

  • 1Password
  • Agora Flat
  • Asana
  • Discord
  • Figma
  • GitHub Desktop
  • Hyper
  • Loom
  • Microsoft Teams
  • Notion
  • Obsidian
  • Polyplane
  • Postman
  • Signal
  • Skype
  • Slack
  • Splice
  • Tidal
  • Trello
  • Twitch
  • Visual Studio Code
  • WhatsApp
  • WordPress Desktop

I personally use around a third of the apps from the list (but, for the record, none of them as desktop applications).

That list is not exhaustive at all though, representing only the most popular Electron-based applications. In total there are several hundred such applications. A more or less complete list of them can be found on a special page on the official website of the framework (but, it seems, not all of them are listed even there).

List of Electron-based applications

The list of Electron-based desktop applications comprises several hundred online services, including about 20 really popular ones. Source

Security considerations

So how to avoid the threats posed by uncontrolled browsers that thoughtful developers are now unpredictably embedding into desktop apps? I have three main tips regarding this:

  • Minimize the number of Electron-based apps as much as possible. It’s not as difficult as it seems: the very fact of using the framework normally suggests that the service has an extremely advanced web version, which is most likely on a par with the desktop application in terms of features and convenience.
  • Try to inventory all Electron-based apps used by your company’s employees, and prioritize their updates. More often than not, these are collaboration applications of different forms and shades — from Microsoft Teams, Slack, and Asana, to GitHub and Figma.
  • Use a reliable security solution. It will help you repel attacks in those periods when vulnerabilities are already known and being exploited but the patches haven’t yet been issued. By the way, Kaspersky products have an exploit protection system: it helps our experts detect the exploitation of new, as yet unknown vulnerabilities, and warns the developers of the corresponding programs about these holes.


#Electronbased #desktop #applications #secure

Oleh Diposting pada

The start of the new school year plunges many parents back into the traditional routine: packing the kids off to school in the morning, and helping with homework in the evening. However, this ordered life is being disrupted by new technologies, which are rewriting the rules of digital hygiene. As ever, the first who have to get to grips with them are the parents.

In this series of posts, we explain what cyberthreats should be front-of-mind for parents in the new school year. Let’s start with the fundamentals, with the hardware — that is, with securing the devices that today’s schoolchildren can’t (or can) live without.

Geolocation, or “where are my kids?”

When I was in school, the only way my folks could track my class-skipping was from the attendance register. Today, parents have it easy in one sense: they can keep a close eye on their kids using smart gadgets. The downside, of course, is that those parents are becoming obsessed with their little ones’ whereabouts and physical safety. Even tiny tots can be watched over by a baby monitor or even a doll. And to oversee school attendance, parents offer their offspring smartwatches and other wearable trackers.

There are security issues common to all these devices. First, in the rush to bring their products to market, developers often fail to test them for vulnerabilities. Second, many of these new devices have uncommon architectures. This can means that either there are no antiviruses for them, or there’s no available interface to put a security solution in place.

This plays rights into the hands of hackers, who can connect to a smartwatch and spy on the wearer, or download a Trojan onto it to steal valuable data.

In addition, a smartwatch or tracker is yet another device you need to buy, monitor its battery, wrestle with the settings… But wait! Your child probably has a smartphone already, right? (To keep it safe, check out our step-by-step guide on how to ensure its security.) So that means you can install the Kaspersky Safe Kids app (available for iOS and Android), which, among other things, lets you monitor your child’s movements in real time. The map simultaneously displays all of your children’s devices, together with the battery level of each, so you can see at a glance where all of them are and whether you need to call someone to get them to recharge their phone.

The Kaspersky Safe Kids home screen shows both where your kids are and how much charge is left on their phones

The Kaspersky Safe Kids home screen shows both where your kids are and how much charge is left on their phones.

By the way, you can now get Kaspersky Safe Kids free with a Kaspersky Premium subscription to protect all of your family members’ devices from just about any threat.

Gadgets for study? We wish…

With the transition to digital teaching aids, parents face the question of which device to get for their kids. A mobile phone won’t do: small screens hurt the eyes. And to write essays you need a normal keyboard.

A shiny new iPad or MacBook Air, then? If it’s a junior schoolchild we’re talking about, bursting with energy, I wouldn’t advise it. An expensive tablet or laptop is likely to get smashed, along with your nervous system. Don’t even ask how many broken screens I, a father of three, have had to replace already. These troubles end only (if you’re lucky) when your kids become teenagers, when they’re likely to start to take more care of their devices — probably due to FOMO, since at that age social life is everything, and for today’s youth a huge part of it takes place online.

Maybe give your kid a hand-me-down laptop or tablet? Your wallet would appreciate it, but it’s not a win-win. Your old devices need to be scrubbed clean (digitally at least) before they get anywhere near your kids. For tablets and mobile devices, a full reset of all settings and data is best; for laptops — reinstall the operating system. And clear all traces of your Apple or Google IDs if you don’t want to repeat my wife’s experience: she gave our daughter her old tablet, which was still logged into all her accounts… linked to her bank cards… So after just a few minutes of play, our daughter went on an online shopping spree!

Another option is “school” tablets and laptops, which are simpler and cheaper models. Some of them, like Chromebooks, are even positioned as more secure. That said, many threats — such as fake browser extensions, hidden cryptominers, phishing/malicious websites — affect Chromebooks, too.

Wi-Fi freeloading is dangerous

A lot of parent-child conflicts these days stem from kids spending too much time online or visiting inappropriate sites. The most common method of control is to limit both screen time and screen access with the help of a parental control app such as Kaspersky Safe Kids. But some parents think it’s enough to just impose general internet-wide restrictions: when the paid-for data allowance runs out — no more access.

But this simply encourages children to look for free access on the side. And they’re sure to find it! Either a friend will set up a Wi-Fi hotspot on their iPhone right there in class, or a nearby cafe will let anyone connect without a password. Needless to say, it’s easy to stumble across a fake access point and fall victim to scammers.

There are two ways to overcome this problem. The radical option is to ban connections to unknown Wi-Fi networks on your child’s smartphone and block access to settings by means of an additional security code (for Android smartphones when using Kaspersky Security & VPN) or Parental Control. This should work for younger schoolchildren.

With teens, bans are likely to fail. So you’ll have to adopt the more liberal option of teaching your child the rules of safe Wi-Fi use. In particular, they need to know that a VPN is not just for anonymous browsing of dubious sites, but for encrypting the connection even when using unsecured Wi-Fi.

Get maxed-out protection

But no matter how you explain the rules of cybersecurity to your kids, remember they’re a lot younger and naiver than you, and therefore more vulnerable to online scams. That’s why it’s imperative to install and configure a reliable security solution on every single device you give them — one that will protect your kids not only from viruses, but also from phishing, spam calls and data leaks, as well as mindfully guard their online privacy.


#safeguard #kids #gadgets #school #year

Oleh Diposting pada

More great news: our recently updated Kaspersky Password Manager now has a built-in function for generating one-time codes for two-factor authentication (2FA). This means no more installing a separate authenticator app — everything you need is right there in our password manager. Now for a few details…

What’s an authenticator?

On this blog, we focus quite a bit on 2FA — app-generated one-time codes in particular. Over the past couple of years, we’ve posted a whole series of materials on this topic, the most important of which make for highly recommended reading:

In a nutshell, you need 2FA to better protect your accounts, so we recommend enabling it on all services that support it. In our view, one-off codes generated in special authenticator apps strike the best balance between security and usability. Such a code must be entered after the regular password, and because it’s valid for a limited time (usually no more than 30 seconds), it’s extremely difficult to intercept.

The 2FA method is both quick and smooth, provides a high level of protection, and requires no additional input or time investment on the part of the user. Before, 2FA meant having an authenticator app on your device — either Google Authenticator or any other that suits you. Now, however, there’s no need to install an additional app: you can generate codes right inside Kaspersky Password Manager, where your passwords are already stored securely. Let’s take a look at the advantages of our built-in authenticator.

1. Familiar interface with cross-platform convenience

Kaspersky Password Manager generates one-time codes in a familiar user-friendly way: in the special Authenticator section is a list of tokens with names and short descriptions, next to which one-time codes appear and a time counter ticks away until the next update of these codes. That’s similar to how it works in other apps, so you’ll have no trouble switching to Kaspersky Password Manager if you already use another authenticator. That’s an obvious advantage, but far from the only one.

A massive plus compared to other authenticators is that Kaspersky Password Manager gives you a universal, cross-platform, all-in-one solution — the app stores your passwords and generates one-time codes on whichever platform you prefer: computer or phone. Kaspersky Password Manager is available not only for Android and iOS, but also for macOS and Windows (support for 2FA code generation in Windows will be added in an upcoming update). The Windows version is especially important: if you’ve read our post about the best authenticator apps, you’ll have noticed that Windows is rather poorly served.

2. Synchronization and security

Next advantage: all Kaspersky Password Manager entries (passwords, notes, authenticator tokens, etc.) are automatically synchronized between all your devices. This allows you to generate an authentication code on any device you’re currently using.

Synchronization uses the cloud, of course, but with maximum security and convenience. For one thing, you don’t have to create an extra account — a My Kaspersky account is all that’s needed, which you already have if you use any of our products. And for another, all authentication tokens are securely protected by the main password, without which no intruder can use your passwords or authenticator — even if they do somehow get inside your My Kaspersky account.

3. Don’t have your smartphone to hand? No problem!

Users of other authenticator apps face the eternal nightmare of leaving behind or, worse, losing their smartphone: recovering authentication tokens is so difficult that we even wrote a special step-by-step guide for that. Now, because Kaspersky Password Manager securely stores your tokens (and with them all passwords) in encrypted form in the cloud, you can use the authenticator at any time on the device you’re using, as well as restore all data on a new device; all you have to remember is your main password.

4. Easy migration

Lastly, one other advantage of the built-in authenticator in Kaspersky Password Manager is quick and easy migration of all data from Google Authenticator. All you need to do is export all tokens from Google Authenticator to one large QR code in the usual way, then scan it in Kaspersky Password Manager — everything will work right away.

As far as we know, no other authenticator app makes it so easy to migrate data from Google Authenticator; the process usually involves lots of sweat and tears as you painstakingly recreate all your tokens one by one. But with Kaspersky Password Manager, four taps on the screen are literally all it takes.

What else can Kaspersky Password Manager do?

Let’s wrap up with a few words about some other useful features in Kaspersky Password Manager besides unbeatable password protection and the new built-in authenticator. This handy app can also:

  • Autofill data in online forms — and not only usernames and passwords, but other information such as addresses and bank card details.
  • Warn you if your password is too weak, was used before, or has been compromised in a known leak.
  • Generate the strongest passwords possible based on customizable random character combinations.
  • Securely store important documents, bank card details, and any other highly valuable information (for example, cryptowallet seed phrases).
  • Encrypt all stored data with the robust AES-256 algorithm. The encryption key is created from the main password and is not stored anywhere, so without the main password it’s simply impossible to decrypt the contents of Kaspersky Password Manager.

Incidentally, the recent update of Kaspersky Password Manager added not only a built-in authenticator, but also support for Opera and Opera GX browsers. So now you can autofill passwords and other data in all the most popular browsers out there: Chrome (and others based on Chromium), Safari, Firefox, Edge, and now Opera.

And remember, the full version of Kaspersky Password Manager comes included in the Kaspersky Plus and Kaspersky Premium subscriptions, along with the most reliable protection possible, unlimited VPN, and a host of other useful features.


#Builtin #authenticator #Kaspersky #Password #Manager

Oleh Diposting pada

VPN beuki populer dinten-dinten: privasi anu langkung saé, aksés kana kontén anu anjeun peryogikeun sareng kauntungan anu sanés parantos kéngingkeun bahkan anu henteu resep kana téknologi. Pikeun ngarasakeun mangpaat ieu dina sakabéh alat imah – kaasup komputer tur smartphone, konsol kaulinan, jeung smart TV – leuwih sae pikeun nyetél VPN langsung dina router anjeun (alias “kotak Wi-Fi”). Ku cara éta, teu kedah nyéépkeun waktos pikeun ngonpigurasikeun VPN dina unggal alat sacara misah, ditambah anjeun nampi sagala kauntungan sanajan dukungan VPN kirang, sapertos dina TV pinter atanapi konsol kaulinan. Sora metot? Teras hayu urang ngamimitian!…

syarat VPN

Pikeun ngajaga jaringan asal anjeun nganggo VPN, VPN sareng router anjeun kedah ngadukung pilihan ieu. Hal kahiji anu kedah diperhatoskeun nyaéta kalolobaan VPN gratis henteu nawiskeun panyalindungan jaringan dina tingkat router. VPN anjeun ogé moal dijalankeun dina router upami aya ngan dina bentuk tambihan browser atanapi aplikasi mobile. Upami anjeun henteu yakin naha VPN anjeun ngadukung operasi dumasar kana router, konsultasi manual atanapi hubungi dukungan téknis.

Penting pikeun terang rinci ngeunaan dukungan téknis, sanés ngan ukur jawaban “enya / henteu”. Naon protokol VPN husus bisa dipaké pikeun router (jeung sakabéh jaringan)? Naha sadaya pangladén VPN anu anjeun peryogikeun sayogi nganggo protokol ieu? Bersenjata sareng pangaweruh ieu, teras angkat ka situs dukungan téknis pikeun router khusus anjeun.

syarat router

Anu mimiti, router kedah ngadukung ngirim sadaya lalu lintas bumi ngalangkungan saluran VPN. Dinten ayeuna malah model murah gaduh fitur ieu, tapi masih aya kasus nalika routers moal tiasa dianggo sareng VPN, khususna upami disewa ku panyadia ladénan internét (ISP). Anu ogé tiasa kajantenan nyaéta yén VPN parantos dianggo pikeun nyiptakeun saluran tina router ka ISP sareng mangrupikeun bagian tina setélan internét bumi standar. Jenis “jasa VPN” ieu biasana henteu masihan kauntungan inti anu dipikahoyong ku kalolobaan pangguna.

Anjeun tiasa pariksa router anjeun ku tilu cara:

  1. Pindah ka panel kontrol wéb (alamat sareng kecap akses biasana ditingalikeun di handapeun router) sareng diajar setélan anu sayogi
  2. Taroskeun dokuméntasi dina situs wéb anu ngajual router
  3. Hubungi dukungan téknis anu ngajual atanapi — upami anjeun ngagaduhan router ti panyadia anjeun — hubungi dukungan téknisna

Upami ISP anjeun henteu nawiskeun dukungan VPN, pertimbangkeun gentos panyadia. Upami masalahna aya dina router sorangan, pariksa firmware alternatif anu ngagaduhan fungsionalitas anu anjeun peryogikeun. Anu paling kasohor nyaéta DD-WRT sareng OpenWRT – tautan langsung nuju ka halaman dimana anjeun tiasa pariksa kasaluyuan router. Ngaganti firmware router tiasa sacara teknis nangtang, janten pastikeun anjeun ngartos lengkep prosedur sareng résiko sateuacan anjeun ngamimitian.

Saatos ngonfirmasi yén router nawiskeun dukungan VPN ti mimiti, teras pariksa mana protokol VPN khusus anu tiasa dianggo. Anu paling umum nyaéta OpenVPN sareng WireGuard, kalayan masing-masing gaduh kaunggulan sareng kalemahan sorangan.

OpenVPN geus sabudeureun pikeun lila sarta loba dirojong ku routers, Tapi aranjeunna biasana teu nyadiakeun speeds VPN maksimum, sarta ogé nempatkeun beban beurat dina prosesor router. Pikeun router anu murah sareng prosesor anu lemah, ieu tiasa mangaruhan kinerja Wi-Fi sareng kagancangan di bumi.

Nu leuwih anyar WireGuard protokol pisan gancang jeung aman. Upami anjeun gaduh konéksi Internét anu gancang pisan, WireGuard bakal ngaunggulan OpenVPN dina hal kacepetan sareng beban anu langkung handap dina prosésor router. Diantara kalemahanna nyaéta pangaturan awal anu langkung rumit (pamaké kedah ngahasilkeun pasangan konci klien) sareng pilihan sambungan anu langkung sakedik: WireGuard ngabeungkeut pangguna ka server khusus, OpenVPN — ka hiji lokasi, janten anu terakhir ngamungkinkeun anjeun ngalih ka server anu sanés. di lokasi nu sarua lamun saméméhna dipaké téh handap. Ogé, henteu sadayana router ngakuan WireGuard.

Sarta ampir kabéh routers ngarojong warisan L2TP/IP detik Jeung PPTP protokol. Kami henteu nyarankeun éta, sabab henteu nyumponan standar kaamanan panganyarna sareng henteu énkripsi lalu lintas sacara standar. Nanging, upami dua pilihan anu langkung modern henteu sayogi, sareng VPN masih diperyogikeun, langkung saé ngagunakeun L2TP / IPsec atanapi PPTP kalayan enkripsi lalu lintas diaktipkeun tibatan henteu aya VPN.

Kumaha ngaktipkeun VPN dina router

Spésifikna béda ti panyadia ka panyadia sareng ti router ka router, ku kituna urang ngan ukur tiasa ngajelaskeun setélan sacara umum.

Léngkah munggaran nyaéta ngaunduh profil VPN anu leres tina situs wéb VPN. Propilna biasana individu, janten anjeun kedah angkat ka akun pribadi anjeun dina halaman wéb sareng milarian halaman kalayan profil VPN. Ieu tiasa janten daptar alat anu ditangtayungan dimana anjeun tiasa nambihan router, atanapi router khusus Tambahkeun Router bagian, atawa bagian pikeun ngatur protokol VPN husus (OpenVPN, WireGuard) dimana anjeun bisa nyieun profil sambungan nu dipikahoyong.

Contona, pikeun Kaspersky VPN Secure Connection, anjeun tiasa ngadamel profil router dina situs My Kaspersky dina Secure Connection dina tilu léngkah anu gampang. Ayeuna, ngan ukur profil OpenVPN anu ditawarkeun pikeun router, tapi dina ahir taun 2023 kami ngarencanakeun ogé nyayogikeun dukungan WireGuard (perhatikeun yén WireGuard ayeuna sayogi dina VPN kami pikeun Windows).

Nyiptakeun profil OpenVPN pikeun router dina situs My Kaspersky.

Nyiptakeun profil OpenVPN pikeun router dina situs My Kaspersky.

Nalika nambihan profil anyar dina akun pribadi anjeun, anjeun kedah ngajawab sababaraha patarosan. Ieu kalebet nami profil, pangladén anu anjeun pikahoyong, sareng saterasna. Jandéla anu sami sering nyayogikeun rohangan pikeun detil téknis – sapertos konci pribadi, nami, sareng kecap akses – tapi kalolobaan panyadia ngadukung generasi otomatis ieu, ku kituna aranjeunna tiasa ditinggalkeun kosong. Salajengna, link pikeun ngundeur bakal muncul .ovpn file pikeun OpenVPN atawa .conf file pikeun WireGuard.

Pikeun L2TP sareng PPTP, anjeun henteu kedah ngaunduh nanaon. Gantina, anjeun kedah nyerat sababaraha inpormasi tina akun pribadi anjeun:

  • alamat server pikeun sambungan nu
  • ngaran pamaké sarta sandi
  • konci enkripsi tambahan (konci tos dibagikeun, PSK, konci rusiah)
  • tipe auténtikasi (PAP, CHAP)

Saatos nampi inpormasi ieu, buka panel kontrol wéb router. Gumantung kana… imajinasi anu ngajual, anjeun panginten kedah napigasi maze sub-bagian pikeun dugi ka sipat VPN:

  • asus routers biasana mibanda VPN → klien VPN bagian
  • Keenetik router hides sambungan VPN handap Internét → Sambungan séjén
  • dina Netgear routers, buka Setélan Advanced → Service VPN
  • dina TP-Link routers, muka Jaringan → WAN tab

Ati-ati, sabab router tiasa nunjukkeun sambungan VPN dina dua bentuk: siga sambungan VPN éksternal ka jaringan asal anjeun (di dieu router nu tindakan minangka server VPN jeung nyadiakeun aksés éksternal aman ka jaringan lokal Anjeun) jeung salaku sambungan aman ka server VPN jauh (di dieu router jadi klien VPN nu nyambung aman ka layanan VPN). Anjeun peryogi pilihan kadua.

Saatos mendakan bagian anu leres, jieun sambungan énggal sareng pasihan nami (contona, pikeun layanan VPN sareng/atawa lokasi server), teras lebetkeun inpormasi anu dicandak tina akun pribadi anjeun sareng panyadia VPN.

Pikeun PPTP sareng L2TP/IPSEC, sadaya inpormasi diperyogikeun, kalebet alamat pangladén. Pikeun OpenVPN sareng WireGuard, ngalampirkeun file profil OVPN/CONF biasana cekap, tapi sakapeung anjeun ogé kedah ngémutan nami pangguna sareng kecap akses.

Kanggo sababaraha model router (Contona, Keenetic), tinimbang hiji tombol unggah profil, aya jandela pikeun asup kana konfigurasi VPN; dina hal ieu, buka file OVPN / CONF dina pangropéa téksu (enya, éta file téks polos, jeung anjeun bisa ngarobah extension ka .txt lamun resep), nyalin sagala informasi ti dinya, sarta paste kana jandela ieu. . Upami anjeun henteu yakin ngeunaan setélan anu leres, tingali halaman pitulung setelan router – biasana dipendakan langsung dina jandela Setélan.

Nyetel sambungan VPN via OpenVPN dina router Keenetic.

Nyetel sambungan VPN via OpenVPN dina router Keenetic.

Teras klik Tetep tombol jeung pilarian Aktipkeun atawa tombol Hirup jeung maot switch pikeun sambungan VPN. Éta dilakukeun, dina téori VPN kedah salawasna dihurungkeun sareng ngaktipkeun nyalira sacara otomatis saatos router dibalikan deui. Hadé pisan mun éta mariksa ieu ku muka situs kawas whatismyipaddress.com atanapi iplocation.net dina sagala alat imah: aranjeunna bakal némbongkeun Anjeun wewengkon mana tina dunya online nu Anjeun ditéang. Éta setélan VPN dasarna dilakukeun – sadaya alat anu nyambung ka router ayeuna bakal ngaksés internét ngalangkungan sambungan énkripsi. Sareng sababaraha router bahkan ngantepkeun anjeun milih alat bumi mana anu bakal nyambung langsung ka internét sareng anu bakal ngalangkungan VPN.

Upami kusabab sababaraha alesan VPN teu tiasa disetél dina router anjeun, anjeun tiasa ngajagi aksés internét anjeun ku cara nyetél DNS anu aman dina router anjeun. Éta moal masihan anjeun sagala kauntungan tina sambungan VPN anu aman, tapi tiasa masihan anjeun sababaraha – sapertos ngajagi budak tina eusi anu teu pantes sareng ngablokir iklan dina sadaya alat.

Pikeun panyalindungan maksimal dina kulawarga anjeun dugi ka 10 alat, kami nyarankeun langganan Kaspersky Premium, anu, salian ti panyalindungan ngalawan virus, hacking, phishing sareng bocor data, kalebet Sambungan Aman Kaspersky VPN anu gancang sareng henteu terbatas, manajer sandi sareng kolong anu aman. , a bebas langganan Kaspersky Aman Kids pikeun sataun, sarta loba mangpaat séjén.


#Kumaha #nyetél #VPN #dina #router

Oleh Diposting pada

Teu lami saatos urang nyerat ngeunaan kerentanan dina sistem operasi Apple sareng Microsoft, ogé dina chip Exynos Samsung, anu ngamungkinkeun hacking smartphone tanpa tindakan naon waé, muncul warta ngeunaan sababaraha liang kaamanan anu serius dina ios sareng macOS – salian ti éta. ka nu geus dieksploitasi ku panyerang. Kerentanan éta kritis pisan, pikeun merangan éta, Apple gancang ngaluarkeun apdet henteu ngan ukur pikeun sistem operasi anu pang anyarna, tapi ogé pikeun sababaraha vérsi anu sateuacana. Tapi hayu urang ngalakukeun léngkah-léngkah…

Kerentanan dina WebKit sareng IOSurfaceAccelerator

Dina total, dua kerentanan kapanggih. Anu kahiji – namina CVE-2023-28205 (tingkat ancaman: “luhur” [8.8/10]) – masalah mesin WebKit, nu jadi dadasar browser Safari (teu ngan eta; leuwih rinci handap). Intina kerentanan nyaéta, nganggo halaman jahat anu didamel khusus, jalma jahat tiasa ngalaksanakeun kode anu sawenang dina alat éta.

Kerentanan kadua – CVE-2023-28206 (tingkat ancaman “luhur”. [8.6/10]) – kapanggih dina obyek IOSurfaceAccelerator. Penyerang tiasa nganggo éta pikeun ngaéksekusi kode kalayan idin inti sistem operasi. Ku kituna, dua kerentanan ieu tiasa dianggo dina kombinasi: anu kahiji dianggo pikeun nembus alat heula supados anu kadua tiasa dieksploitasi. Anu kadua, kahareupna ngamungkinkeun anjeun “kabur kotak pasir” sareng ngalakukeun ampir naon waé sareng alat anu kainféksi.

Kerentanan tiasa dipendakan dina sistem operasi desktop macOS sareng sistem mobile: iOS, iPadOS sareng tvOS. Henteu ngan ukur generasi panganyarna tina sistem operasi anu rentan, tapi ogé generasi saacanna, ku kituna Apple parantos ngaluarkeun apdet (hiji-hiji) pikeun sadaya sistem: macOS 11, 12 sareng 13, iOS/iPadOS 15 sareng 16, sareng ogé tvOS 16.

Naha kerentanan ieu bahaya

Mesin WebKit mangrupikeun hiji-hijina mesin browser anu diidinan dina sistem operasi mobile Apple. Naon waé browser anu anjeun anggo dina iPhone, WebKit masih bakal dianggo pikeun ngajantenkeun halaman wéb (jadi browser naon waé dina ios dasarna nyaéta Safari).

Salian ti éta, mesin anu sami ogé dianggo nalika muka halaman wéb tina aplikasi anu sanés. Kadang-kadang malah henteu katingali sapertos halaman wéb, tapi WebKit masih bakal aub dina nampilkeunana. Éta sababna penting pisan pikeun masang apdet énggal anu aya hubunganana sareng Safari, sanaos anjeun nganggo browser anu béda sapertos Google Chrome atanapi Mozilla Firefox.

Kerentanan dina WebKit, sakumaha anu dijelaskeun di luhur, ngamungkinkeun anu disebut “no-klik” inféksi dina iPhones, iPads, atanapi Macs. Ieu ngandung harti yén alat-alat anu kainféksi tanpa aksi aktif ti pihak pamaké – ngan saukur mamingan aranjeunna ka situs jahat dijieun husus.

Seringna, kerentanan sapertos kitu dieksploitasi dina serangan anu disasarkeun ka individu anu kuat atanapi organisasi ageung (sanaos pangguna biasa ogé tiasa kakeunaan upami aranjeunna ngagaduhan nasib sial pikeun darat dina halaman anu kainféksi). Sareng sigana aya kajadian anu sami dina hal ieu. Sakumaha biasa, Apple henteu ngaluarkeun detil naon waé, tapi ku sadaya rekeningranté kerentanan ditétélakeun di luhur geus aktip dipaké ku panyerang kanyahoan masang spyware.

Ranté kerentanan parantos aktip dianggo ku panyerang anu teu dipikanyaho

Salaku tambahan, saprak CVE-2023-28205 sareng CVE-2023-28206 parantos janten kanyaho umum sareng bukti konsép parantos diterbitkeun pikeun kerentanan kadua, kamungkinan yén penjahat cyber anu sanés ogé bakal mimiti ngamangpaatkeunana.

Kumaha ngajaga diri tina kerentanan anu dijelaskeun

Tangtosna, cara anu pangsaéna pikeun ngajagaan tina CVE-2023-28205 sareng CVE-2023-28206 nyaéta masang apdet Apple énggal. Ieu naon anu anjeun kedah laksanakeun, gumantung kana alat anu dimaksud:

  • Upami anjeun gaduh salah sahiji alat ios, iPadOS, atanapi tvOS panganyarna, anjeun kedah ngapdet sistem operasi anjeun ka versi 16.4.1.
  • Upami Anjeun gaduh iPhone atawa iPad heubeul nu teu ngarojong deui OS panganyarna, Anjeun kudu ngamutahirkeun ka versi 15.7.5.
  • Upami Mac anjeun ngajalankeun Ventura OS panganyarna, kantun update kana macOS 13.3.1.
  • Upami Mac anjeun ngajalankeun macOS Big Sur atanapi Monterey, anjeun kedah ngapdet kana macOS 11.7.6 atanapi 12.6.5, masing-masing, jeung deuih install apdet misah pikeun Safari.

Sareng tangtosna, tong hilap ngajagi Mac anjeun nganggo parangkat lunak antipirus anu tiasa dipercaya anu tiasa ngajagi anjeun tina kerentanan anu teu tetep anyar.


#Pembaruan #urgent #pikeun #iPhone #ios #16.4.1 #sareng #Mac #macOS #13.3.1

Oleh Diposting pada

VPN janten langkung populer: sambungan anu aman sareng énkripsi diperyogikeun dinten ayeuna henteu ngan ukur ku wisatawan, tapi ogé pamaén, streamer, investor crypto komo peminat acara TV asing. Sareng éta sababna industri VPN maju. Tapi naha anjeun terang yén ku ngan saukur ngamutahirkeun aplikasi VPN anjeun sareng ngonpigurasikeunana sakedik, anjeun tiasa sacara signifikan ningkatkeun kagancangan, genah, sareng kaamanan sambungan anjeun? Anjeun bakal sanggeus maca pos ieu!

protokol anyar

Lamun anjeun ngaktipkeun sambungan VPN, anjeun nyieun sambungan énkripsi ka salah sahiji server panyadia VPN. Hal ieu dilakukeun pikeun ngarobih alamat IP umum anjeun sareng ngajagi sambungan anjeun tina prying panon dina jaringan lokal. Mangtaun-taun, sadaya jasa VPN nawiskeun pilihan antara protokol komunikasi PPTP sareng L2TP anu langkung lami, kirang aman, sareng protokol OpenVPN anu langkung énggal, langkung laun – anu langkung aman dina hal enkripsi.

Tapi nembe sababaraha protokol VPN anyar parantos muncul. Contona, aya protokol Catapult Hydra dipaké dina Kaspersky VPN Secure Connection. Éta mangrupikeun panyekel catetan laju, sareng hatur nuhun kana protokol ieu, VPN kami nembé kéngingkeun tés komparatif pikeun solusi VPN anu unggul. Kusabab sifat proprietary tina protokol Catapult Hydra, panalungtik kaamanan naroskeun patarosan ngeunaan kaamanan sareng privasina. Nanging, pamariksaan bebas panganyarna ngeunaan kode sumber Catapult Hydra henteu mendakan kerentanan kritis.

Protokol anu populér anu kedah ditingali nyaéta WireGuard. Éta ogé langkung gancang (leuwih ti OpenVPN) dina nransferkeun data, gaduh latency minimal, sareng nyayogikeun sambungan instan. Dina waktos anu sami, kode sumber dibuka, janten tiasa dipendakan dina seueur jasa VPN, kalebet Kaspersky VPN Secure Connection.

Naon anu kedah dilakukeun: update aplikasi tur pilih protokol bener dina setélan klien VPN dina unggal alat. Laju dina urutan turun sapertos kieu: Catapult Hydra, WireGuard, OpenVPN. Protokol sanésna henteu nyayogikeun kaamanan anu cekap – khususna pikeun transaksi kauangan.

server optimal

Hal utama anu kedah dipilarian nalika milih jasa VPN nyaéta jumlah server anu dipiboga sareng lokasina. Beuki server – beuki Chances sambungan alus.

Masuk akal pikeun milih pangladén dumasar kana kabutuhan anjeun: boh sacaket mungkin sareng lokasi geografis anjeun anu saleresna, atanapi ayana di daérah anu halaman wéb anjeun badé didatangan.

Janten upami anjeun nganggo VPN pikeun kaulinan anu aman, anjeun kedah milih server VPN di nagara anu sami sareng lokasi server kaulinan – ieu bakal mastikeun sambungan anu langkung gancang sareng stabil.

Nalika ningali eusi media asing, server anu aya di nagara tempat eusina dialirkeun ogé condong nyayogikeun sambungan anu langkung stabil.

Kadang-kadang jasa kota atanapi pamaréntah henteu sayogi ti luar negeri kusabab sababaraha alesan. Dina hal ieu, server VPN anu leres ngabantosan warga kota, atanapi warga, nampi inpormasi anu diperyogikeun nalika jauh ti bumi.

Anu tiasa kajantenan nyaéta yén server caket dieu kabeuratan sareng laju sambunganna turun salaku hasilna. Dina hal éta, éta hadé pikeun nyobaan server anu sanés di daérah anu sami. Ku jalan kitu, Kaspersky VPN outperforms lolobana pesaing na teu ukur dina hal speed, tapi ogé dina watesan jumlah server sadia: 99 lokasi di 80 nagara, kalawan leuwih 2000 server dipaké.

Naon anu kedah dilakukeun: ngapdet aplikasi sacara teratur sareng pariksa daptar pangladén anu diropéa. Pilih pangladén VPN anu pangsaéna pikeun tugas anjeun, merhatikeun jarak geografis sareng jasa online anu diperyogikeun.

Sapinuhna up-to-date, Kaspersky VPN Secure Connection boga kirang ti saratus lokasi server sakuliah dunya, sarta ogé ciri tema poék nyaman.

Sapinuhna up-to-date, Kaspersky VPN Secure Connection boga kirang ti saratus lokasi server sakuliah dunya, sarta ogé ciri tema poék nyaman.

Ngajagi sadaya alat sareng sadaya jaringan

Unggal jasa VPN gaduh klien pikeun Windows, ios, sareng Android, tapi pabrik parangkat lunak kadang ngalalaworakeun komputer Mac. Nanging, aya solusi anu efektif henteu ngan ukur pikeun Mac, tapi ogé pikeun Smart TV, konsol kaulinan, sareng alat home pinter anu henteu ngadukung VPN sorangan. Ieu mangrupikeun setélan kaamanan VPN dina router anjeun anu ngamungkinkeun anjeun ngajalur sadaya lalu lintas tina alat naon waé dina jaringan asal anjeun ngalangkungan VPN.

Tangtosna, VPN kami tiasa dianggo dina router – sareng éta ogé ngagaduhan versi Mac “nyata”.

Naon anu kedah dilakukeun: Pastikeun sadaya alat Anjeun ngajalankeun ngaliwatan VPN, utamana nu Anjeun pake pikeun nyieun transaksi finansial.

Setélan canggih

Mimitina, ampir sadaya aplikasi VPN dianggo dina prinsip switch basajan: on / off. Tapi dina kahirupan nyata ieu teu salawasna merenah. Contona, hiji boga smartphone hayang ngajaga aplikasi dompét crypto maranéhanana jeung VPN, sarta teu hayang digawekeun ku finances ngaliwatan sambungan unencrypted; Samentara éta, sababaraha toko online merlukeun VPN dipareuman. Sababaraha urang ogé kedah mastikeun yén henteu aya bait tunggal anu asup kana jaringan anu henteu énkripsi.

Ku alatan éta, aplikasi VPN modern nawiskeun setélan sapertos Torowongan misah dana Maéhan switch.

Torowongan misah ngidinan Anjeun pikeun milih aplikasi nu salawasna dianggo ngaliwatan VPN, atawa, sabalikna, tanpa VPN. Merenah, contona, ngagunakeun dua panyungsi béda: hiji nu nyadiakeun aksés ka loka via VPN, sarta séjén langsung.

Anu Maéhan switch, di sisi séjén, nyegah data tina dikirim lamun sambungan VPN dumadakan interrupted — contona, lamun alat nyambung ka jaringan sejen. Ieu tiasa kajantenan, contona, nalika smartphone anjeun otomatis ngalih tina data seluler ka jaringan Wi-Fi anu dikenal. Kaspersky VPN Secure Connection ngarojong duanana fitur.

Setélan Sambungan Aman Kaspersky VPN pikeun Android.

Setélan Sambungan Aman Kaspersky VPN pikeun Android.

Naon anu kedah dilakukeun: Konpigurasikeun VPN masing-masing pikeun aplikasi anu peryogi, atanapi, sabalikna, mareuman VPN pikeun aplikasi khusus. Anggo panyungsi anu béda pikeun ngaksés situs sakaligus sareng sareng tanpa protokol VPN. Upami ngajagi lalu lintas anjeun penting, hurungkeun Maéhan switch.


#Kumaha #ningkatkeun #laju #VPN #sareng #usability

Oleh Diposting pada

Sababaraha sumber média ngalaporkeun serangan ranté suplai massal nargétkeun pamaké sistem telepon 3CX VoIP. Panyerang anu teu dipikanyaho parantos suksés ngainféksi aplikasi 3CX VoIP pikeun Windows sareng macOS. Ayeuna cybercriminals nyerang pamaké maranéhanana ngaliwatan aplikasi pakarang ditandatanganan ku sertipikat 3CX valid. Daptar pamaké cukup lega – diwangun ku leuwih ti 600.000 pausahaan, kaasup merek luhur ti sakuliah dunya (American Express, BMW, Air France, Toyota, IKEA). Sababaraha peneliti nyebat serangan jahat ieu SmoothOperator.

Tétéla, trojan nu nyumput dina sakabéh versi software dirilis sanggeus 3 Maret; éta, ngawangun 18.12.407 jeung 18.12.416 pikeun Windows, jeung 18.11.1213 sarta engké pikeun macOS. Numutkeun hiji wawakil 3CX, kodeu jahat asup kana program alatan sababaraha komponén open source trojan unnamed dipaké ku tim ngembangkeun.

Serangan via 3CX software trojanized

Ngutip panaliti ti sababaraha perusahaan, BleepingComputer ngajelaskeun mékanisme serangan via klien Windows anu ditrojan sapertos kieu:

  • Pamaké ngundeur pakét pamasangan tina situs wéb resmi perusahaan sareng ngajalankeunana, atanapi nampi apdet pikeun program anu parantos dipasang;
  • Sakali dipasang, program trojan nyiptakeun sababaraha perpustakaan jahat, anu dianggo pikeun tahap serangan salajengna;
  • Malware lajeng ngundeur file .ico hosted on GitHub kalawan garis tambahan data jero;
  • Garis-garis ieu teras dianggo pikeun ngaunduh muatan jahat anu terakhir – anu dianggo pikeun nyerang pangguna akhir.

Mékanisme pikeun nyerang pangguna macOS rada béda. Anjeun tiasa mendakan pedaran lengkep dina situs web yayasan nirlaba Objective-See.

Naon anu hacker sanggeus?

Malware anu diunduh tiasa ngumpulkeun inpormasi ngeunaan sistem, ogé maok data sareng nyimpen kredensial tina profil pangguna browser Chrome, Edge, Brave sareng Firefox. Salaku tambahan, panyerang tiasa nganggo cangkang paréntah interaktif, anu sacara téoritis ngamungkinkeun aranjeunna ngalakukeun ampir naon waé sareng komputer korban.

Ahli Kaspersky ngulik panto tukang anu dianggo ku panyerang salaku bagian tina muatan ahir. Numutkeun analisis maranéhanana, backdoor ieu, dubbed Gopuram, dipaké utamana dina serangan on cryptocurrency pausahaan nu patali. Para ahli ogé nyangka, dumasar kana sababaraha petunjuk, yén grup Lasarus aya di tukangeun serangan éta. Rincian ngeunaan backdoor Gopuram, sareng indikator kompromi, tiasa dipendakan dina tulisan dina blog Securelist.

Naha serangan ieu bahaya pisan?

Versi trojan program ieu ditandatanganan sareng sertipikat resmi 3CX Ltd. dikaluarkeun ku DigiCert – sertipikat anu sami anu dianggo dina vérsi saméméhna tina program 3CX.

Ogé, numutkeun Objective-See, versi macOS tina malware henteu ngan ukur ditandatanganan ku sertipikat anu sah, tapi ogé otorisasi ku Apple! Ieu ngandung harti yén aplikasi diidinan ngajalankeun dina versi macOS panganyarna.

Kumaha tetep aman

Pamekar aplikasi nyarankeun nyabut pamasangan versi trojan program langsung nganggo klien wéb VoIP dugi ka pembaruan dileupaskeun.

Éta ogé wijaksana pikeun ngalaksanakeun panyilidikan anu jero ngeunaan kajadian éta pikeun mastikeun yén panyerang teu gaduh waktos nyandak alih komputer perusahaan anjeun. Sacara umum, pikeun ngadalikeun naon anu lumangsung dina jaringan perusahaan sareng pikeun ngadeteksi kagiatan jahat dina waktosna, kami nyarankeun ngagunakeun kelas jasa Detect and Managed Response (MDR).


#serangan #ranté #suplai #konsumén #3CX

Oleh Diposting pada

Sababaraha sumber média ngalaporkeun serangan ranté suplai massal nargétkeun pamaké sistem telepon 3CX VoIP. Panyerang anu teu dipikanyaho parantos suksés ngainféksi aplikasi 3CX VoIP pikeun Windows sareng macOS. Ayeuna cybercriminals nyerang pamaké maranéhanana ngaliwatan aplikasi pakarang ditandatanganan ku sertipikat 3CX valid. Daptar pamaké cukup lega – diwangun ku leuwih ti 600.000 pausahaan, kaasup merek luhur ti sakuliah dunya (American Express, BMW, Air France, Toyota, IKEA). Sababaraha peneliti nyebat serangan jahat ieu SmoothOperator.

Tétéla, trojan nu nyumput dina sakabéh versi software dirilis sanggeus 3 Maret; éta, ngawangun 18.12.407 jeung 18.12.416 pikeun Windows, jeung 18.11.1213 sarta engké pikeun macOS. Numutkeun hiji wawakil 3CX, kodeu jahat asup kana program alatan sababaraha komponén open source trojan unnamed dipaké ku tim ngembangkeun.

Serangan via software trojanized 3CX

Ngutip panaliti ti sababaraha perusahaan, BleepingComputer ngajelaskeun mékanisme serangan via klien Windows anu ditrojan sapertos kieu:

  • Pamaké ngundeur pakét pamasangan tina situs wéb resmi perusahaan sareng ngajalankeunana, atanapi nampi apdet pikeun program anu parantos dipasang;
  • Sakali dipasang, program trojan nyiptakeun sababaraha perpustakaan jahat, anu dianggo pikeun tahap serangan salajengna;
  • Malware lajeng ngundeur file .ico hosted on GitHub kalawan garis tambahan data jero;
  • Garis-garis ieu teras dianggo pikeun ngaunduh muatan jahat anu terakhir – anu dianggo pikeun nyerang pangguna akhir.

Mékanisme pikeun nyerang pangguna macOS rada béda. Anjeun tiasa mendakan pedaran lengkep dina situs web yayasan nirlaba Objective-See.

Naon anu hacker sanggeus?

Malware anu diunduh tiasa ngumpulkeun inpormasi ngeunaan sistem, ogé maok data sareng nyimpen kredensial tina profil pangguna browser Chrome, Edge, Brave sareng Firefox. Salaku tambahan, panyerang tiasa nganggo cangkang paréntah interaktif, anu sacara téoritis ngamungkinkeun aranjeunna ngalakukeun ampir naon waé sareng komputer korban.

Naha serangan ieu bahaya pisan?

Versi trojan program ieu ditandatanganan sareng sertipikat resmi 3CX Ltd. dikaluarkeun ku DigiCert – sertipikat anu sami anu dianggo dina vérsi saméméhna tina program 3CX.

Ogé, numutkeun Objective-See, versi macOS tina malware henteu ngan ukur ditandatanganan ku sertipikat anu sah, tapi ogé otorisasi ku Apple! Ieu ngandung harti yén aplikasi diidinan ngajalankeun dina versi macOS panganyarna.

Kumaha tetep aman

Pamekar aplikasi nyarankeun nyabut pamasangan versi trojan program langsung nganggo klien wéb VoIP dugi ka pembaruan dileupaskeun.

Éta ogé wijaksana pikeun ngalaksanakeun panyilidikan anu jero ngeunaan kajadian éta pikeun mastikeun yén panyerang teu gaduh waktos nyandak alih komputer perusahaan anjeun. Sacara umum, pikeun ngadalikeun naon anu lumangsung dina jaringan perusahaan sareng pikeun ngadeteksi kagiatan jahat dina waktosna, kami nyarankeun ngagunakeun kelas jasa Detect and Managed Response (MDR).


#serangan #ranté #suplai #konsumén #3CX

Oleh Diposting pada

Seueur perusahaan, khususna anu alit, henteu nganggo sistem khusus sapertos Slack atanapi Microsoft Teams pikeun komunikasi antara karyawan, tapi nganggo utusan biasa sapertos WhatsApp, Telegram sareng Signal. Sarta bari jalma leuwih resep versi mobile pikeun pamakéan pribadi, lamun datang ka kabutuhan gawe, loba install aplikasi desktop tanpa mere loba pamikiran kana kumaha aman aranjeunna.

Dina tulisan panganyarna kami ngeunaan kerentanan dina versi desktop Signal, kami nyerat yén “naséhat pangsaéna nyaéta henteu nganggo versi desktop Signal (sareng versi desktop messenger sacara umum)”. Tapi kusabab alesanana henteu langsung jelas, di dieu kami ngajelaskeun sacara rinci kakurangan utusan desktop nalika datang ka cybersecurity.

Catet yén urang ngobrolkeun ngeunaan versi desktop tina aplikasi olahtalatah “sipil” (sapertos Telegram, WhatsApp, sareng Signal) – sanés platform perusahaan sapertos Slack sareng Microsoft Teams, anu sacara khusus diadaptasi pikeun prosés kerja (sareng ku kituna beroperasi rada béda. teu katutupan dina bagian ieu). tulisan ieu).

1. Aplikasi di luar, browser di jero

Salah sahiji hal anu penting pikeun ngartos ngeunaan vérsi desktop utusan nyaéta kalolobaanana diwangun dina luhureun kerangka éléktron. Naon dasarna ieu hartosna program sapertos kitu, di jero, aplikasi wéb anu dibuka dina browser Chromium anu dipasang.

Ieu sabenerna alesan utama naha éléktron jadi populer di kalangan pamekar utusan desktop: kerangka ngajadikeun eta gancang jeung gampang nyieun aplikasi nu ngajalankeun on sagala sistem operasi. Nanging, ieu ogé hartosna yén program anu diwangun di luhur Éléktron sacara otomatis ngawariskeun sadaya kerentananna.

Dina waktos anu sami, urang kedah ngartos yén, kusabab popularitasnya anu ageung, Chrome sareng Chromium sok janten sorotan. Cybercriminals rutin manggihan kerentanan dina eta, sarta gancang nyieun exploitasi kalawan déskripsi lengkep ngeunaan kumaha carana make eta. Dina kasus browser Chrome mandiri normal, ieu sanés masalah anu ageung: Google responsif pisan kana inpormasi ngeunaan kerentanan sareng ngaleupaskeun patch sacara rutin. Pikeun tetep aman, anjeun ngan ukur kedah pasang apdet tanpa reureuh. Tapi lamun datang ka program dumasar kana éléktron, browser embedded meunang apdet ngan lamun pamekar ngaleupaskeun versi anyar tina aplikasi.

Janten naon anu urang tungtungna? Upami karyawan anjeun nganggo aplikasi anu diwangun dina éléktron, ieu hartosna aranjeunna gaduh sababaraha panyungsi anu dijalankeun dina sistemna anu eksploitasi sering muncul. Salaku tambahan, anjeun atanapi aranjeunna henteu tiasa ngontrol apdet pikeun panyungsi ieu. Langkung seueur aplikasi sapertos kieu, langkung ageung résiko anu aya. Ku kituna éta bakal wijaksana pikeun sahenteuna ngawatesan jumlah “sipil” utusan dipaké pikeun kaperluan gawé di pausahaan.

2. Patarosan konci

Salah sahiji daya tarik pangbadagna utusan modéren nyaéta pamakéan maranéhanana enkripsi tungtung-to-tungtung; nyaeta — dekripsi pesen merlukeun konci swasta pamilon obrolan, nu pernah ninggalkeun alat maranéhanana. Sareng salami teu aya anu terang konci enkripsi, koresponden anjeun aman dijagi. Tapi lamun panyerang meunang nyekel konci swasta, aranjeunna henteu ngan bisa maca korespondensi Anjeun, tapi ogé impersonate salah sahiji pamilon obrolan.

Sareng ieu dimana masalah sareng versi desktop utusan asalna: aranjeunna nyimpen konci enkripsi dina hard drive, anu hartosna aranjeunna gampang dipaling. Tangtosna, panyerang kedah kumaha waé aksés kana sistem, sebutkeun – ngalangkungan malware, tapi éta tiasa dilakukeun dina kasus sistem operasi desktop. Pikeun alat sélulér, fitur arsitékturna ngajantenkeun maok konci énkripsi langkung sesah – khususna jarak jauh.

Kalayan kecap séjén, ngagunakeun vérsi desktop utusan sacara otomatis sareng sacara signifikan ningkatkeun résiko yén konci enkripsi, sareng ku kituna damel susuratan, bakal tumiba kana panangan anu salah.

3. Beurit dina obrolan

Anggap sadayana lancar, sareng teu aya anu (acan) gaduh konci enkripsi karyawan anjeun: ieu hartosna sadaya korespondensi padamelan aman sareng saé, leres? Henteu teuing. Penjahat siber berpotensi ngagunakeun alat administrasi jauh ogé Trojans aksés jauh (duanana gaduh akronim anu sami – RAT) pikeun nanganan korespondensi padamelan. Beda antara aranjeunna rada simbolis: duanana légal parabot jeung haram Trojans bisa dipaké pikeun ngalakukeun loba hal metot jeung komputer Anjeun.

Beurit ngagambarkeun ancaman ngalawan klien utusan desktop, teu sapertos mitra sélulérna, praktis teu aya pertahanan. Program sapertos kitu ngamungkinkeun bahkan panyerang anu teu berpengalaman pikeun nahan eusi korespondensi rahasia. Dina utusan anu dijalankeun dina desktop, sadaya obrolan sacara otomatis didekripsi, janten henteu kedah maok konci pribadi. Saha waé dina modeu desktop jauh tiasa maca korespondensi anjeun, sanaos dilakukeun dina utusan anu paling aman di dunya. Sareng henteu ngan ukur maca, tapi ogé nyerat pesen dina obrolan padamelan dina kedok karyawan perusahaan.

Sumawona, alat administrasi jauh mangrupikeun program anu sah, sareng sadaya akibat anu salajengna. Anu mimiti, teu sapertos malware, anu kedah dicandak tina pojok poék internét, aranjeunna tiasa dipendakan sareng diunduh sacara online tanpa masalah. Kadua, henteu sadayana solusi kaamanan ngingetkeun pangguna upami alat aksés jauh kapanggih dina komputerna.

4. Naon dina kotak?

Alesan anu sanés pikeun ngahindarkeun panggunaan klien desktop tina utusan populér nyaéta résiko aranjeunna tiasa dianggo salaku saluran tambahan anu teu dikontrol pikeun ngirim file jahat ka komputer karyawan anjeun. Tangtosna, anjeun tiasa nyandak ti mana waé. Tapi lamun datang ka kantétan surélék tur, komo deui, file diundeur ti internét, paling jalma sadar potensi bahaya. Tapi file anu ditampi dina utusan, khususna anu diposisikan aman, ditingali béda: “naon anu salah di dieu?” Ieu khususna upami file asalna ti batur sapagawean: “teu aya anu matak hariwang” mangrupikeun pandangan umum.

Kerentanan anu dipendakan dina versi desktop Signal anu aya hubunganana sareng cara utusan nanganan file (dijelaskeun dina postingan panganyarna kami) janten conto. Eksploitasi kerentanan ieu ngamungkinkeun panyerang pikeun nyebarkeun dokumen anu katépaan sacara rahasia pikeun ngobrol pamilon anu pura-pura janten salah sahijina.

Ieu ngan ukur hiji skenario hipotétis anu nunjukkeun kamampuan téknis canggih tina panyerang. Batur ogé teu bisa dileungitkeun: ti mailings massal dumasar kana database dipaling kana serangan sasaran maké rékayasa sosial.

Deui, sistem operasi mobile anu leuwih ditangtayungan tina malware, jadi masalah ieu kirang akut pikeun pamaké klien utusan mobile. Counterparts desktopna ngagaduhan résiko anu langkung ageung pikeun narik sababaraha jinis malware ka aranjeunna.

5. Urang kudu boga shotgun pikeun nurun ieu hal

Ancaman tradisional teu kedah dipopohokeun. Solusi kaamanan khusus di tingkat gateway mail perusahaan ngalaksanakeun panyalindungan ngalawan kantétan jahat sareng phishing. Tapi dina kasus klien utusan desktop, hal-hal anu langkung rumit. Henteu aya solusi anu tiasa ngarobih bursa pesen énkripsi tungtung-ka-tungtung nganggo server utusan sorangan; objék bahaya ngan bisa bray di kaluar, nu ngurangan tingkat panyalindungan.

Sakali deui, ieu jauh tina masalah dina alat sélulér. Aranjeunna langkung hese ngainféksi malware, sareng langkung sakedik file penting anu disimpen di dinya. Salaku tambahan, gerakan gurat dina jaringan perusahaan saatos serangan anu suksés dina alat sélulér sigana moal gaduh akibat anu sami.

Utusan desktop dina komputer kerja nyayogikeun saluran komunikasi anu henteu ngan ukur teu kakadalian ku pangurus jaringan, tapi ogé aman tina tindakanna; sarta ti kaayaan ieu hal pisan jahat bisa timbul.

Nyegah langkung saé tibatan ngubaran sareng nyalahkeun

Urang tungtung dasarna dimana urang dimimitian: sakumaha disebutkeun dina bubuka, tip anu pangsaéna nyaéta henteu nganggo versi desktop messenger. Upami kusabab sababaraha alesan éta sanés pilihan, sahenteuna nyandak sababaraha pancegahan dasar:

  • Pastikeun pikeun masang software kaamanan dina alat gawé. Nyatana, ieu mangrupikeun hiji-hijina cara pikeun ngajagi tina hal-hal jahat anu tiasa dirayap ku utusan kana jaringan perusahaan anjeun.
  • Upami karyawan anjeun nganggo langkung ti hiji utusan pikeun tujuan damel, cobian ngeureunkeun prakték ieu. Pegatkeun sambungan hiji jeung blok sésana.
  • Ogé, pantau alat aksés jauh anu dipasang sareng dianggo dina alat kerja.
  • Ku jalan kitu, Kaspersky Endpoint Security Cloud kami gaduh fitur Cloud Discovery, anu ngalacak usaha karyawan nganggo jasa awan anu henteu disatujuan.
  • Sareng ngajantenkeun sadaya ukuran ieu langkung efektif sareng dina waktos anu sami nunjukkeun kabutuhan mutlakna, nyayogikeun pelatihan kaamanan inpormasi pikeun karyawan bakal ngabantosan.


#Naha #anjeun #henteu #kedah #nganggo #utusan #desktop

Oleh Diposting pada

Versi panganyarna tina ios sareng iPadOS (16.3) sareng macOS (Ventura 13.2) parantos ngalereskeun kerentanan anu dilacak salaku CVE-2023-23530 sareng CVE-2023-23531. Kami ngajelaskeun sifat bug ieu, naha aranjeunna peryogi perhatian anjeun, naon hubunganna spyware Pegasus sareng éta, sareng kunaon anjeun kedah nyandak apdet kaamanan ios, iPad, sareng macOS ka hareup sacara serius.

NSPredicate, FORCEDENTRY, Pegasus sareng anu sanésna

Pikeun ngajelaskeun naha update panganyarna ieu penting, urang peryogi latar tukang saeutik. Pondasi parangkat lunak aplikasi anu diwangun pikeun sistem operasi Apple disebut — sanaos anjeun henteu percanten — kerangka Yayasan! Ieu katerangan Apple ngeunaan éta:

“Kerangka Yayasan nyayogikeun lapisan fungsionalitas dasar pikeun aplikasi sareng kerangka, kalebet neundeun data sareng kegigihan, pamrosésan téks, itungan tanggal sareng waktos, asihan sareng saringan, jeung jaringan. Kelas, protokol, sareng jinis data anu ditetepkeun ku yayasan dianggo dina macOS, iOS, watchOS, sareng tvOS SDK.

Langkung ti dua taun ka pengker, dina Januari 2021, panaliti kaamanan ios namina CodeColorist nyebarkeun laporan anu nunjukkeun kumaha palaksanaan kelas NSPredicate sareng NSExpression (anu mangrupikeun bagian tina kerangka Yayasan) tiasa dieksploitasi pikeun ngaéksekusi kode anu sawenang. Salaku kajadian, kelas ieu tanggung jawab asihan jeung nyaring data. Anu penting di dieu dina kontéks naon anu kami nyarioskeun ka anjeun dina tulisan blog ieu nyaéta yén alat ieu ngamungkinkeun pikeun ngaéksekusi skrip dina alat tanpa pariksa tanda tangan digital kodeu.

Pananjung utama CodeColorist nyaéta skrip sapertos kitu tiasa ngabantosan mékanisme kaamanan Apple – kalebet ngasingkeun aplikasi. Ieu ngamungkinkeun pikeun nyieun aplikasi jahat anu maok data (sapertos korespondensi pangguna atanapi poto acak tina galeri) tina aplikasi anu sanés.

Dina Maret 2022, makalah diterbitkeun ngeunaan aplikasi praktis tina aplikasi sapertos kitu – eksploitasi klik-nol FORCEDENTRY – anu dianggo pikeun nyebarkeun malware Pegasus anu kasohor. Kerentanan dina NSPredicate sareng NSExpression ngamungkinkeun malware ieu pikeun ngajalankeun sandbox escapes sareng kéngingkeun aksés kana data sareng fungsionalitas di luar wates anu ditetepkeun sacara ketat dimana sadaya aplikasi ios dijalankeun.

Saatos karya téoritis CodeColorist sareng diajar langsung ngeunaan eksploitasi FORCEDENTRY, Apple ngalaksanakeun sababaraha ukuran sareng larangan kaamanan. Nanging, panilitian énggal nunjukkeun yén éta masih gampang lulus.

Naha CVE-2023-23530 sareng CVE-2023-23531 bahaya

Kerentanan CVE-2023-23530 sareng CVE-2023-23531 parantos nyayogikeun cara énggal pikeun ngalangkungan watesan ieu. Anu kahiji, CVE-2023-23530, asalna tina persis kumaha Apple ngabéréskeun masalah éta. Khususna, aranjeunna nyusun daptar deprecations kelas sareng metode anu nyababkeun résiko kaamanan anu jelas dina NSPredicate. Nyekel téh, ngagunakeun métode euweuh kaasup dina daptar ditampik, daptar ieu bisa musnah bersih lajeng nganggo set pinuh ku métode jeung kelas.

Kerentanan kadua, CVE-2023-23531, aya hubunganana sareng kumaha prosés dina ios sareng macOS saling berinteraksi, sareng kumaha prosés nampi data nyaring inpormasi anu datang. Kantun nempatkeun, prosés ngirim data tiasa nambihan tag “eusi anu diverifikasi”, teras eupan prosés panampa naskah jahat anu nganggo NSPredicate, anu dina sababaraha kasus bakal dieksekusi tanpa verifikasi.

Numutkeun kana panaliti, dua téknik ieu pikeun ngalangkungan pamariksaan kaamanan ngamungkinkeun eksploitasi sababaraha kerentanan khusus anu sanés. Panyerang tiasa nganggo kerentanan ieu pikeun kéngingkeun aksés kana data pangguna jahat sareng fitur sistem operasi, bahkan masang aplikasi (kalebet aplikasi sistem). Kalayan kecap sanésna, CVE-2023-23530 sareng CVE-2023-23531 tiasa dianggo pikeun nyiptakeun eksploitasi jinis FORCEDENTRY.

Pikeun nunjukkeun kamampuan CVE-2023-23530 sareng CVE-2023-23531, panaliti ngarékam pidéo anu nunjukkeun kumaha aplikasi jahat tiasa dilakukeun pikeun ngaéksekusi kode di jero SpringBoard (aplikasi standar anu ngatur layar utama dina ios) dina iPad. . Pikeun bagian na, SpringBoard geus ditingkatkeun hak husus sarta sababaraha hak aksés – kaasup kana kaméra, mikropon, sajarah panggero, poto, jeung data geolocation. Naon deui – eta bisa ngusap alat sagemblengna.

Naon hartosna pikeun kaamanan ios sareng macOS

Urang kedah negeskeun yén cilaka anu ditimbulkeun ku CVE-2023-23530 sareng CVE-2023-23531 murni téoritis: teu aya kasus eksploitasi di alam liar anu kacatet. Ogé, apdet ios 16.3 sareng macOS Ventura 13.2 parantos nambal, janten upami anjeun masangna dina waktosna, anjeun dianggap aman.

Kusabab ieu, urang henteu terang kumaha Apple parantos nambal kerentanan éta Ieu waktos. Panginten solusi pikeun patch ieu ogé bakal dipendakan. Nanging, dina paguneman sareng Wired, para panaliti nyalira yakin yén kerentanan anyar kelas ieu bakal terus muncul.

Émut yén, ngan saukur ngajalankeun skrip dina ios nganggo NSPredicate henteu cekap pikeun hack anu suksés. Panyerang masih kedah asup kana alat korban pikeun tiasa ngalakukeun naon waé. Dina kasus FORCEDENTRY, ieu kalebet ngagunakeun kerentanan anu sanés: PDF anu katépaan anu nyamar salaku file GIF anu teu salah dilebetkeun kana alat target via iMessage.

Kamungkinan kerentanan sapertos anu dianggo dina serangan APT tinggi, janten kedah diulang deui pancegahan anu anjeun tiasa laksanakeun. Kami gaduh tulisan anu misah dina subjek ieu dimana Costin Raiu, Diréktur Tim Panaliti & Analisis Global (GReAT), ngajelaskeun sacara rinci kumaha cara ngajagaan diri anjeun tina malware kelas Pegasus sareng kunaon éta jalanna. Ieu kasimpulan ringkes naséhatna:

  • Balikan deui iPhone sareng iPad anjeun langkung sering – sesah pikeun panyerang kéngingkeun pijakan permanén dina ios, sareng ngamimitian deui sering maéhan malware.
  • Pareuman iMessage sareng FaceTime sabisana – aplikasi ieu nyayogikeun titik éntri anu cocog pikeun nyerang alat ios.
  • Gantina Safari, make browser alternatif kawas, sebutkeun, Firefox Pokus.
  • Entong nuturkeun tautan dina pesen.
  • Pasang panyalindungan anu dipercaya dina sadaya alat anjeun.
  • Sarta pamustunganana (sakumaha urang terus keukeuh ad infinitum), tetep sistem operasi anjeun nepi ka tanggal (jeung ti ayeuna, meureun tetep panon ngadeukeutan dina ios, iPadOS, sarta apdet macOS sakumaha jeung sakumaha aranjeunna dileupaskeun).


#Apdet #iPhone #ios #sareng #Mac #macOS #Ventura