Updating software on employee workstations is a never-ending, constant process. Thus, you may simply lack the resources to keep updating all software. On average, dozens of new vulnerabilities are found every single day; accordingly, many hundreds and even thousands of patches for them are released every month.

This poses the question: what updates should be a priority? And there’s no simple answer to that. Patching strategies can be very different, and finding the one that works best for your company can depend on various circumstances. In this post, I share some thoughts on what software should be patched first — based on the potential risk of vulnerability exploitation.

Got any vulnerabilities on your system?

Some people believe that the number of discovered vulnerabilities speaks of the given software’s quality. Simply put, more bugs means worse software, and a lack of any ever reported means that software is great. These considerations then affect their choices of corporate software.

But this is, of course, a misperception: the number of detected vulnerabilities generally speaks of the program’s popularity, not quality. You can find bugs anywhere. And most of the time, bugs are discovered where people look for them. A company could get by using some long-forgotten software product just because nobody ever found any vulnerabilities in it. But that would be an unwise strategy: what if someone actually tries and succeeds in discovering a whole load of them right away?

In a nutshell, it’s not the number of bugs that matters, but how quickly patches for them come out and if they actually fix problems. Quick and regular patching is a good thing. While rare, sporadic releases — with the vendor trying to pretend that nothing bad has happened — are a disturbing sign; such software should be avoided.

Another good thing is when the developer runs a bug bounty program — even better if the program is open for everyone. A bad thing is a vendor threatening to sue bug hunters (yes, it happens more often than one would imagine), or worse: dragging people to court for reporting vulnerabilities.

Operating systems

But let’s get back to patching prioritization. The obvious candidates for the highest priority are operating systems. All-important OS updates must be installed as quickly as possible. The risk is self-evident: a compromised OS is the key to the rest of the computer’s software.

So if you use Windows, it’s in your best interests to at least look through the list of Microsoft updates on the second Tuesday of each month, and install them ASAP. But you should still follow the news: if a Windows patch comes out on a different date, it should be installed right away.


There are several solid reasons to prioritize browser updates. Firstly, browsers account for much of our digital activity these days. Secondly, browsers by definition interact with the internet, so they’re one of the first to be affected by any cyberthreats. Thirdly, attackers spare no effort looking for browser vulnerabilities, often succeed and quickly turn to exploiting them.

So try to install browser patches pronto. Additionally don’t forget to restart your browser after an update: until you do, the old, vulnerable version remains in use. Keep in mind that your system may have more than one browser installed. They all need timely updates.

And speaking of multiple browsers, there’s a couple of things to keep in mind:

  • Internet Explorer: hardly any user’s free choice anymore, but this browser is still featured on any Windows computer — and needs timely patching.
  • Many desktop apps (for example, messengers) are based on the Electron framework — technically a Chromium browser opened in a web app. Don’t forget to update them too, as they automatically inherit every Chromium flaw out there.

Office suites

Attacks through emails with malicious attachments are a classic cybercriminal move. They mostly rely on infected files — especially Microsoft Office and PDF documents. This means that office suite programs’ vulnerabilities often serve as an entry point into the target company’s network. Therefore, you should pay close attention to office software updates.

In most cases, malware attachments don’t open themselves — somebody has to click on them. That’s why it’s important to provide information security training for your employees — for example, on our interactive educational Kaspersky Automated Security Awareness Platform.

It’s also a good idea to set up an internal communication channel with your information security department: on the one hand, to alert your employees about relevant threats and improve general awareness; on the other, to receive their reports on various suspicious activity, including in their email boxes.

Cybersecurity solutions

As mentioned above, vulnerabilities can be found in any software — and security products are no exception. Antiviruses and other information security applications need lots of high-level permissions to operate efficiently, so a successful exploitation of a security solution’s vulnerability might cause very serious problems.

Security software developers are aware of the potential danger of such a scenario better than anyone else. Therefore, they try to promptly respond to reported vulnerabilities and release updates ASAP. Of course, promptness is equally important when installing those patches. We recommend monitoring your security products’ updates diligently and prioritizing their installation.

Work collaboration apps

One more software category that has earned special significance for office employees in the past decade requires special attention. I’m referring to work collaboration apps, such as Microsoft Teams, Slack, Confluence, and the like. In many companies these have gradually taken over a considerable part of business correspondence, file exchange, and conference calls.

Naturally, collaboration tools have become an attractive target for cybercriminals: they can usually learn a lot of juicy things from the content that’s transferred through collaboration apps. It’s important to keep these apps up to date with the latest security patches.

Here’s one more reason not to postpone updating your collaboration tools. As I mentioned above, every app based on the Electron framework is technically a Chromium browser — with all its vulnerabilities so popular among cybercriminals. And guess what? Electron is also quite a common framework for collaboration tools. For instance, it’s the backbone of the desktop versions of both Teams and Slack.

To protect employees’ computers from hacking at those unpleasant moments when a vulnerability has already been found but a patch for it hasn’t yet been released, be sure to use reliable protection on all corporate devices. By the way, a number of our solutions for business — including Kaspersky Endpoint Security for Business and Kaspersky Hybrid Cloud Security Enterprise — feature the built-in Kaspersky Vulnerability and Patch Management system that helps you automate and properly prioritize your software updates.

#software #patched

Koléksi patch Juli Microsoft tétéla janten kejutan. Mimiti, aranjeunna sakali deui ngalereskeun Internet Explorer anu sigana maot. Kadua, saloba genep kerentanan geus aktip dieksploitasi ku panyerang. Katilu, dua tina genep ditutup, sanés nganggo patch, tapi kalayan rekomendasi.

Ieu jumlah statistik: 132 aliran ditutup – salapan diantarana dianggap kritis. Eksploitasi 37 kerentanan tiasa nyababkeun palaksanaan kode anu sawenang-wenang, 33 diantarana – pikeun ngangkat hak husus, 13 – ngalangkungan fitur kaamanan, sareng 22 – kamungkinan, panolakan jasa.

Naha aranjeunna patch Internet Explorer?

Kami nembe nyerat yén Internet Explorer parantos maot – tapi henteu cekap. Khususna, urang ngobrol ngeunaan saran Microsoft pikeun tetep masang apdet kaamanan ngeunaan IE, sabab sababaraha komponénna masih aya dina sistem. Sareng ayeuna janten jelas naha aranjeunna masihan naséhat ieu. Patch Juli nutup saloba tilu vulnerabilities dina MSHTML, mesin di jero browser legendaris. Dina pedaran CVE, Microsoft nyatakeun ieu:

Sanajan Microsoft geus ngumumkeun deprecation tina aplikasi Internet Explorer 11 dina platform nu tangtu sarta aplikasi Microsoft Edge Warisan geus deprecated, platform MSHTML, EdgeHTML, jeung Aksara kaayaan masih didukung. Platform MSHTML dianggo ku mode Internet Explorer dina Microsoft Edge ogé aplikasi séjén liwat kadali WebBrowser. Platform EdgeHTML dianggo ku WebView sareng sababaraha aplikasi UWP. Platform naskah dianggo ku MSHTML sareng EdgeHTML tapi ogé tiasa dianggo ku aplikasi warisan anu sanés. Pembaruan pikeun ngatasi kerentanan dina platform MSHTML sareng mesin skrip kalebet kana Pembaruan Kumulatif IE; Parobihan EdgeHTML sareng Chakra henteu dilarapkeun kana platform éta.

Pikeun tetep ditangtayungan sapinuhna, kami nyarankeun yén para nasabah anu masang apdet Kaamanan Ngan masang apdet IE Cumulative.

Anu paling bahaya tina kerentanan IE anu nembé kapendak nyaéta CVE-2023-32046, sareng éta parantos dianggo dina serangan nyata. Eksploitasi anu suksés ngamungkinkeun para penjahat cyber naékkeun hak-hakna pikeun korban. Skenario serangan ngalibatkeun ngahasilkeun file jahat anu dikirim ka korban ku mail atanapi hosted dina ramatloka compromised. Sadaya anu diperyogikeun ku panyerang nyaéta ngayakinkeun pangguna pikeun nuturkeun tautan sareng muka filena.

Dua kerentanan anu sanés – CVE-2023-35308 sareng CVE-2023-35336 – tiasa dianggo pikeun ngalangkungan fitur kaamanan. Urut ngamungkinkeun penjahat cyber nyieun file bypass mékanisme Mark-of-the-Web ambéh maranéhanana bisa dibuka ku aplikasi Microsoft Office tanpa mode Protected View. Jeung duanana liang bisa dipaké pikeun nipu korban kana ngakses URL di Zona Kaamanan Internet anu kirang restrictive ti dimaksudkeun.

Rekomendasi tinimbang patch

Dua kerentanan salajengna ogé dieksploitasi sacara aktip, tapi tibatan patch pinuh, aranjeunna ngan ukur nampi. saran kaamanan.

Kahiji – CVE-2023-36884 (kalawan rating CVSS 8.3) – keur dieksploitasi dina serangan RCE Storm-0978 / RomCom on Kantor sarta Windows. Pikeun tetep aman, Microsoft nyarankeun nambihan sadaya executable Office kana daptar FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION.

Masalah kadua anu teu direngsekeun aya hubunganana sareng penandatanganan supir tingkat kernel. Ieu henteu gaduh indéks CVE, tapi ngan ukur pituduh sareng saran (ADV-230001). Microsoft ngabatalkeun seueur sertipikat pamekar anu dianggo dina serangan APT sareng meungpeuk sababaraha supir jahat, tapi panyababna tetep. Peretas masih tiasa ngadaptarkeun supir nganggo sertipikat Microsoft, atanapi ditandatanganan ku tanggal anu di-backdated pikeun dianggo salaku salah sahiji pengecualian sareng henteu ngabutuhkeun tandatangan portal pamekar MS.

Salaku pancegahan, Microsoft nyarankeun tetep Windows sareng EDR diropéa. Hiji-hijina panglipur leutik nyaéta pikeun ngamangpaatkeun éta supir, panyerang kedah gaduh hak istimewa administrator.

The vulnerabilities sésana dieksploitasi

Salian ti kerentanan anu disebatkeun di luhur, aya tilu deui liang anu dieksploitasi ku cybercriminals.

  • CVE-2023-32049 – SmartScreen fitur kaamanan bypass kerentanan. Eksploitasi ngamungkinkeun panyerang nyiptakeun file anu muka tanpa ningalikeun peringatan Windows “Diunduh tina Internét”.
  • CVE-2023-36874 – kerentanan eskalasi hak husus dina jasa ngalaporkeun Kasalahan Windows. Ngidinan panyerang pikeun ningkatkeun hak istimewa upami aranjeunna parantos ngagaduhan idin normal pikeun nyiptakeun polder sareng file ngawaskeun kinerja téknis.
  • CVE-2023-35311 – Kaamanan fitur bypass kerentanan dina Outlook. Eksploitasi ngabantosan penjahat cyber ngahindarkeun peringatan nalika nganggo sawangan.

Kumaha tetep aman

Pikeun ngajaga sumber daya perusahaan aman, kami nyarankeun masang patch kaamanan pas mungkin, sareng ngajagi sadaya komputer sareng server anu tiasa dianggo kalayan solusi modéren anu tiasa ngadeteksi eksploitasi kerentanan anu dipikanyaho sareng teu kadeteksi.

#Microsoft #Juli #Patch #Salasa

Teu lila ti harita, rohangan média kaamanan IT ieu sakali deui pinuh ku laporan riang yén Microsoft tungtungna dikubur Internet Explorer (IE). Hayu urang recap carita panjang kumaha browser pang populerna di dunya ieu laun dipotong tina sistem rojongan hirup na, sarta nalungtik lamun éta tungtungna waktu pikeun girang (spoiler: éta henteu).

Internet Explorer: hirup jeung maot kronis

Kami ngingetkeun jalma anu henteu nyaksian (atanapi hilap) taun 2000-an yén, harita, Internet Explorer maréntah wéb, kalayan langkung ti 90% pangsa pasar browser. Hésé percanten ayeuna, tapi Explorer langkung dominan tibatan juara ayeuna, Google Chrome, ayeuna.

Nanging, ti saprak Chrome diluncurkeun taun 2008, popularitas Explorer terus-terusan turun. Urang tiasa nganggap 2012 salaku ahir jaman Explorer, nalika Chrome tungtungna nyandak alih. Kitu cenah, pangakuan resmi munggaran Microsoft ngeunaan kanyataan ieu ngan ukur sumping dina 2015.

Éta teras, sakaligus sareng sékrési Windows 10, perusahaan ngumumkeun yén éta nutup pangwangunan dina Internet Explorer sareng ngenalkeun Edge salaku browser standar pikeun Windows, nyirian fase mimiti mareuman IE. Versi asli Edge didamel ku mesin EdgeHTML milik Microsoft, modifikasi tina MSHTML (ogé katelah Trident), anu didasarkeun ku Internet Explorer.

Tangtosna, Edge gaduh modeu kasaluyuan IE. Sanajan kitu, Explorer, dina versi sabelas jeung final na, masih terpadu kana sistem operasi. Kituna dimimitian jaman browser dual, nalika Tepi jeung Explorer tos dipasang dina Windows, nu (spoiler sejen) terus nepi ka poé ieu.

Tilu taun ti harita, dina bulan Désémber 2018, sumping fase kadua: Microsoft ngantunkeun usaha salajengna pikeun ngembangkeun mesin sorangan sareng ngaluncurkeun vérsi Edge anu énggal, waktos ieu dumasar kana Chromium. Browser ieu ogé gaduh mode kasaluyuan IE. Sareng Explorer masih tinggaleun dina sistem.

Dina 2021, Microsoft ngarilis énggal Windows 11. Ayeuna teu mungkin deui pikeun boot sareng nganggo Explorer salaku browser mandiri — sahenteuna sacara téoritis. Sanajan kitu, Edge masih nahan mode kasaluyuan IE na. Sareng Explorer sorangan masih aya dina sistem, janten, saatos ngulik éta, masih tiasa dijalankeun.

Sababaraha taun saatos éta, nembé Pébruari 2023, aya warta yén Microsoft tungtungna maéhan Explorer dina pembaruan pangénggalna. Kudéta, ngeureunkeun kasangsaraan anu kejam ieu. Tapi, dina pamariksaan anu langkung caket, tétéla yén anjing kolot éta masih ngambekan!…

Nonaktipkeun henteu hartosna ngahapus

Hal kahiji anu sadar ngeunaan apdet Windows nyaeta aranjeunna henteu ngahapus Explorer tina sistem operasi; anjeunna mareuman eta. Dina prakna, ieu ngandung harti yén Explorer henteu tiasa deui diluncurkeun salaku browser mandiri (waktos ieu pasti). Nanging, Edge, sacara resmi hiji-hijina browser dina Windows, masih gaduh mode anu cocog sareng IE. Ieu ngandung harti yén Explorer masih hirup – lamun teu cukup najong di: eta aya ngan pikeun mastikeun operasi mode ieu.

Ayeuna upami anjeun nyobian muka Explorer, Edge bakal dijalankeun. Sareng di jerona, upami anjeun hoyong, anjeun tiasa milih modeu kasaluyuan IE. Hasilna, Explorer bakal terus nyicingan Windows nepi ka ahirna Microsoft mutuskeun pikeun ngubur mode kasaluyuan IE.

Patch pikeun nganonaktipkeun IE henteu tiasa dianggo dina sadaya sistem

Komo mareuman Explorer henteu mutlak. Aya ton sistem operasi anu dibebaskeun tina kéngingkeun apdet anu maéhan IE. Microsoft parantos nyebarkeun daptar pengecualian ieu:

  • Windows 8.1
  • Windows 7 Extended Security Update (ESU)
  • Windows Server Semi-Annual Channel (SAC), sadaya vérsi
  • Windows 10 IoT Long Term Service Channel (LTSC), sadaya vérsi
  • Windows Server LTSC, sadaya vérsi
  • Windows 10 LTSC klien, sadaya vérsi
  • Windows 10 Édisi Pamaréntah Cina

Dina basa sejen, pamaké sistem operasi ieu malah teu narima parobahan disebutkeun di luhur. Aranjeunna masih tiasa ngajalankeun Internet Explorer salaku browser mandiri.

Naon masalahna?

Masalahna nyaéta sapanjang sareng browser anu luntur pisan, sadaya kerentananna (tambah anu henteu acan kapendak) bakal tetep aya dina sistem. Hiji-hijina bédana nyata antara nganonaktipkeun IE “saméméh” jeung “sanggeus” éta bisa jadi bit leuwih hese mangpaatkeun browser rentan ieu dina tipe tangtu serangan.

Salaku ilustrasi anu jelas ngeunaan naon anu salah, urang tiasa nginget kerentanan CVE-2021-40444. Kapanggih dina mesin MSHTML Internet Explorer dina 2021. Naon deui, dina waktos éta kapanggih, kerentanan ieu parantos dieksploitasi dina serangan ngalawan pangguna Microsoft Office. Panyerang ngalengkepan dokumén Office sareng elemen ActiveX anu jahat, anu ngamungkinkeun palaksanaan kode jauh saatos pangguna muka file trojan.

Naha Microsoft henteu ngubur Explorer keur alus? Masalahna nyaéta panyungsi ieu mangrupikeun hiji-hijina pilihan anu tiasa dianggo pikeun seueur perusahaan anu lami teuing, salami waktos éta parantos nyebarkeun akar anu jero kana infrastrukturna. Sababaraha perusahaan ieu masih teu tiasa pisah sareng warisan jaman baheula anu poék ieu. Janten, demi kasaluyuan (sapi suci pikeun Microsoft), browser anu satengah maot parantos diseret tina OS ka OS langkung ti dasawarsa ayeuna.

Kumaha tetep ditangtayungan

Tina katingalna, urang sigana bakal ngantosan sahenteuna sababaraha taun deui sateuacan Internet Explorer tungtungna leres-leres kaluar tina kasusahna. Ku alatan éta, iwal mun hayang ngadagoan MS tungtungna maéhan IE pikeun alus, (anu kami kacida nyarankeun ngalawan), éta hadé pikeun ngatur ritual panungtungan sorangan:

  • Upami perusahaan anjeun masih nganggo téknologi anu aya hubunganana sareng Internet Explorer, cobian leupaskeun éta sareng gentos kana téknologi modéren. Serius, ieu kedah dilakukeun 10 taun ka pengker.
  • Teras, nalika anjeun henteu peryogi deui kasaluyuan IE, éta hadé pikeun nganonaktipkeun browser dina sadaya sistem operasi anu anjeun anggo. Pikeun sistem operasi anu didaptarkeun di luhur, ieu kedah dilakukeun sacara manual – halaman wéb Microsoft ngagaduhan daptar petunjuk anu tiasa dipikahartos ngeunaan cara ngalakukeun ieu. Pikeun sakabéh sistem séjén, pastikeun patch Microsoft relevan dipasang.
  • Numutkeun naséhat Microsoft, anjeun kedah teras-terasan masang apdet kaamanan anu tiasa dianggo pikeun Internet Explorer bahkan saatos anjeun nganonaktipkeun aranjeunna, upami tiasa dianggo, sabab sababaraha komponén browser tetep aya dina sistem.
  • Sareng, tangtosna, nyebarkeun panyalindungan anu dipercaya dina sadaya alat di perusahaan anjeun.

#Microsoft #ngubur #Internet #Explorer #Tapi #teu #lengkep #deui

Dinten anu sanés – kerentanan browser anu sanés kapanggih! Mémang, jumlah liang kaamanan bahaya dua kali dina saminggu! Kami nembé nyorot kabutuhan anu mendesak pikeun ngapdet ios sareng macOS kusabab bug utama dina Apple WebKit (mesin di jero Safari sareng panyungsi sanés dina ios). Sareng ayeuna, kusabab ancaman anu sami dina hal eksploitasi, anjeun ogé kedah ngapdet browser anu sanés. Waktos ieu fokus perhatian bakal Google Chrome sareng panyungsi anu aya hubunganana (sareng sanés ngan ukur panyungsi, tapi ulah rusuh teuing).

Kerentanan dina mesin V8

Kerentanan CVE-2023-2033 parantos kapanggih dina mesin V8. Mesin ieu dipaké pikeun ngolah JavaScript. Kapanggihna ku panalungtik anu sami di Google Threat Analysis Group (TAG) anu ngagaduhan panangan dina panemuan kerentanan ios sareng macOS anu dijelaskeun dina tulisan kami sateuacana.

Kusabab éta mangrupikeun kabijakan standar Google pikeun henteu ngaluarkeun detil ngeunaan kerentanan dugi ka kalolobaan pangguna ngapdet panyungsina, teu aya anu khusus ngeunaan cacad kaamanan ieu. Nanging, anu urang terang nyaéta yén eksploitasi pikeun kerentanan ieu parantos aya.

Pikeun eksploitasi suksés, panyerang kedah mamingan korban ka halaman wéb anu didamel khusus sareng jahat. Éta ngamungkinkeun aranjeunna ngajalankeun kode sawenang dina komputer target. Kawas kerentanan kapanggih saméméhna dina Safari WebKit, liang ieu mempermudah serangan clickless. Dina basa sejen, penjahat cyber bisa nginféksi alat tanpa aksi aktif ti pihak pamaké – cukup nyieun korban nganjang ka situs jahat.

Kerentanan dipikanyaho aya sahenteuna dina versi desktop sadaya browser dumasar Chromium, hartosna henteu ngan ukur Google Chrome, tapi ogé Microsoft Edge, Opera, Yandex Browser, Vivaldi, Brave sareng seueur deui. Ieu kamungkinan ogé mangaruhan aplikasi dumasar-éléktron. Sakumaha anu urang tulis teu lami pisan, program sapertos ieu dasarna mangrupikeun halaman wéb anu dibuka dina browser Chromium anu diwangun kana aplikasi.

Kumaha ngajaga diri

Pikeun nétralisasi ancaman CVE-2023-2033 dina komputer anjeun, geura-giru ngapdet sadaya panyungsi basis Chromium anu dipasang dina éta. Parios pos lengkep kami sareng panjelasan kumaha cara ngalakukeun ieu dina Google Chrome. Tapi pikeun motong kana ngudag:

  • Apdet Google Chrome kana versi 112.0.5615.121.
Apdet Google Chrome kana versi 112.0.5615.121

Liang kaamanan anu dijelaskeun ku kami parantos dibenerkeun dina versi Google Chrome 112.0.5615.121.

  • Kerentanan patch dina aplikasi basis Chromium anu sanés ogé: Anjeun tiasa mendakan patch pikeun ngapdet Microsoft Edge kana versi 112.0.1722.48 di dieu, sedengkeun situs wéb Vivaldi sareng Brave parantos gaduh patch pikeun browser ieu.
  • Salawasna balikan deui browser sanggeus ngamutahirkeun; disebutkeun, update moal mawa pangaruh.
  • Ngamutahirkeun ogé sadaya aplikasi dumasar éléktron (patch pikeun aranjeunna sigana bakal muncul engké).

Sareng tangtosna, pastikeun ngajagi sadaya alat anjeun nganggo antipirus anu dipercaya anu ngajagi tina kerentanan anyar anu parantos dieksploitasi tapi henteu acan dibereskeun.

#Apdet #Google #Chrome #sareng #browser #dumasar #Chromium

Hatur nuhun kana komponén Mesin Deteksi Paripolah sareng Mesin Pencegahan Garapan, solusi kami parantos mendakan usaha pikeun ngamangpaatkeun kerentanan anu teu dipikanyaho dina Common Log File System (CLFS) – subsistem logging tina sistem operasi Windows. Saatos nalungtik sacara saksama eksploitasi, Tim Panaliti & Analisis Global (GReAT) urang ngahubungi Microsoft sareng nyayogikeun sadaya panemuanna. Pamekar netepkeun kerentanan salaku CVE-2023-28252, sareng ditutup dina 4 April 2023 kalayan pembaruan April Patch Salasa. Kami nyarankeun masang patch énggal pas mungkin, sabab kerentanan henteu ngan ukur dieksploitasi ku panyerang – aranjeunna ogé dianggo dina serangan ransomware.

Naon kerentanan CVE-2023-28252?

CVE-2023-28252 milik kelas kerentanan élévasi hak husus. Pikeun ngamangpaatkeunana, panyerang kedah ngamanipulasi file BLF pikeun ningkatkeun hak istimewana dina sistem sareng tiasa neraskeun seranganna (ku kituna aranjeunna peryogi aksés awal sareng hak istimewa pangguna).

Sakumaha biasa, halaman wéb Securelist kami gaduh inpormasi téknis, ditambah indikator intrusi, tapi detil henteu diungkabkeun ayeuna sabab tiasa dianggo ku penjahat cyber sanés pikeun ngalakukeun serangan énggal. Nanging, para ahli kami badé ngabagikeunana dina 20 April (atanapi sakitarna), nyaéta tanggal anu paling seueur pangguna parantos masang patch na.

Pikeun naon kerentanan CVE-2023-28252 dianggo?

Beda sareng kalolobaan kerentanan enol dinten, CVE-2023-28252 henteu dianggo dina serangan APT. Dina hal ieu, muatan ahir anu dikirimkeun ka komputer korban mangrupikeun varian énggal tina ransomware Nokoyawa. Tapi saatos mariksa eksploitasi, para ahli kami nyimpulkeun yén panyerang tukangeun éta ogé tanggung jawab pikeun nyiptakeun sajumlah eksploitasi saméméhna anu sami pikeun kerentanan dina CLFS anu sami. Dina serangan anu nyebarkeun éta, urang ogé ningali alat anu sanés, kalebet Cobalt Strike Beacon sareng backdoor modular Pipemagic.

Kumaha tetep aman

Anu mimiti, kami nyarankeun masang apdet April pikeun Windows. Sacara umum, pikeun ngamankeun infrastruktur anjeun tina serangan anu ngagunakeun kerentanan (boh dikenal sareng nol-dinten), anjeun kedah ngajagi sadaya komputer sareng server padamelan kalayan solusi kaamanan anu dipercaya anu gaduh panyalindungan ngalawan eksploitasi kerentanan. Produk kami sacara otomatis ngadeteksi usaha serangan via CVE-2023-28252 ogé malware anu dianggo ku penjahat cyber anu nyiptakeun eksploitasi sapertos kitu.

#Kerentanan #nol #dinten #CLFS #Blog #resmi #Kaspersky

Ancaman ransomware anyar ayeuna nyebarkeun dina komputer imah. Sareng anu ngajadikeun éta hésé pisan nyaéta nyamar salaku pembaruan sistem operasi.

Janten sadar skéma ransomware anyar ieu sareng ngajaga diri tina ransomware kalawan sababaraha tips ieu.

Naon ari Magniber Ransomware?

Magniber mangrupikeun jinis ransomware énggal anu nyamar dina ampir unggal touchpoint dugi ka muncul teu kamana-mana sareng nungtut artos. Serangan dimimitian nalika aya anu ngadatangan palsu Windows 10 ngamutahirkeun situs wéb milik grup kriminal cyber Magniber. Sakali aya anu ngaklik tautan jahat dina situs éta, malware énkripsi file bakal diunduh kana alat éta.

Manuver siluman anu sanés ti Magniber nyaéta yén malware énkripsi diunduh salaku file JavaScript langsung kana mémori alat, anu sering tiasa ngageser dina radar antipirus. Malware ieu ngamungkinkeun penjahat ningali, mupus, sareng énkripsi file sareng kéngingkeun aksés administrator alat. Biasana, bahkan sateuacan jalma éta terang yén alatna aya dina bahaya, Magniber ngungkabkeun dirina sareng nungtut mayar tebusan salaku tukeran pikeun ngaleupaskeun dokumén sareng meunangkeun deui kadali komputer. Upami nu gaduh alat nolak mayar, penjahat ngancem ngahapus file salamina.1

Ransomware Pribadi Bisa Naék

Sapanjang sababaraha taun ka pengker, perusahaan-perusahaan utama murag kenca sareng ka katuhu pikeun ngalanggar éta. Grup peretas nyusupkeun pertahanan cybersecurity anu kompleks, kéngingkeun inpormasi perusahaan atanapi palanggan anu sénsitip, sareng ngancem pikeun ngaleupaskeun panemuanna dina wéb poék upami aranjeunna henteu mayar tebusan anu ageung. Alesan cybercriminals nargétkeun basis data perusahaan versus alat pribadi teu ngan sabab bisa ngagugat jutaan, tapi sabab pausahaan anu leuwih dilengkepan sangkan transaksi tebusan anonim. Seringna, transaksi cryptocurrency henteu tiasa dilacak, anu ngamungkinkeun para penjahat tetep ageung.

Ayeuna beuki loba jalma anu mahér dina cryptocurrencies, ransomware bisa balik ka targeting alat pribadi. Nalika mayar tebusan moal nguntungkeun, moal aya ahli cybersecurity perusahaan pikeun ngabantosan penjahat cyber.

Kumaha Ngajaga Alat Anjeun Aman

Pikeun ngahindarkeun skéma ransomware anu sami sareng Magniber, laksanakeun tilu kabiasaan ieu pikeun ngajagi alat sareng privasi digital anjeun:

  • Hurungkeun apdet otomatis. Éta prakték pangalusna pikeun nampa sagala apdet software jeung alat anyar, nu ngajadikeun Magniber anceman hésé pisan ngadeteksi. Pertimbangkeun ngonpigurasikeun alat anjeun pikeun apdet otomatis. Upami anjeun ngaktipkeun apdet otomatis, anjeun teras tiasa ngubaran popups atanapi apdet halaman wéb kalayan skeptisisme. Pikeun ngonfirmasi naha konfirmasi apdet éta asli, buka sistem operasi atanapi halaman perusahaan alat anjeun sareng milarian pengumuman naon waé ngeunaan apdet énggal.
  • Cadangkeun file penting anjeun rutin. Upami anjeun nyimpen dokumén sénsitip (sapertos pamulangan pajeg anjeun) atanapi file sentimental (sapertos poto kawinan anjeun) dina komputer anjeun, pertimbangkeun ogé nyadangkeunana dina hard drive éksternal. Henteu ngan ukur bakal ngosongkeun mémori dina alat anjeun, tapi ogé bakal ngajagi upami penjahat cyber nyandak alih komputer anjeun. Lamun alat Anjeun musnah tina payil penting ieu, Anjeun bisa pabrik ngareset alat Anjeun tanpa kaleungitan nanaon. Ku cara éta, penjahat cyber teu meunang nanaon: boh inpormasi pribadi anjeun atanapi artos anjeun.
  • Hindarkeun situs picilakaeun. Magniber diunduh kana alat saatos aya anu nganjang ka situs anu dikawasa ku penjahat cyber. Upami anjeun kantos curiga kana situs mana waé, langkung saé tinggalkeun éta sareng ulah ngaklik tautan naon waé nalika anjeun aya. Malahan situs anu nyobian nyamar anu sah ninggalkeun sababaraha petunjuk yén aranjeunna palsu. Pariksa keur typo, logos kabur, grammar salah, sarta hyperlinks nu nunjuk ka panjang, URL teu biasa.

Perlindungan Ransomware

Upami penjahat cyber ngahubungi anjeun nungtut tebusan, langsung ngahubungi kantor lapangan FBI lokal anjeun sareng kirimkeun laporan FBI Internet Keluhan Pidana Center. Ti dinya, otoritas bakal mamatahan anjeun kumaha pikeun lumangsungna.

Hiji hal anu anjeun tiasa ngamimitian ayeuna pikeun ngabela diri ngalawan ransomware nyaéta investasi McAfee + pamungkas. Éta nyayogikeun alat, privasi, sareng panyalindungan identitas anu paling komprehensif, kalebet $ 25,000 sinyalna ransomware.

1ZDNET, “Serangan ransomware anu teu biasa ieu nargétkeun PC bumi, janten ati-ati

#Ransomware #Disguised #salaku #Pembaruan #Microsoft #nargétkeun #Komputer #Imah

Versi Exchange Server anu luntur sareng teu didukung lengkep nyababkeun bahaya anu teu tiasa dipungkir pikeun infrastruktur perusahaan sareng aliran email. Nanging, seueur pangurus masih percanten kana paribasa “upami henteu rusak – entong ngalereskeunana”, sareng langkung milih henteu ngapdet Exchange kecuali leres pisan. Sareng ieu sigana alesan kunaon Microsoft mutuskeun pikeun ngembangkeun sistem penegak dumasar angkutan pikeun Exchange Online.

Tujuan utama sistem ieu nyaéta pikeun nginpokeun ka pangurus yén aranjeunna damel sareng parangkat lunak anu luntur sareng kamungkinan teu aman, sareng yén, upami aranjeunna henteu ngamutahirkeun dina waktosna, pangiriman e-mail ti server anu rentan bakal laun-laun diwatesan sareng pamustunganana diblokir. Ieu ngaharepkeun yén sistem ieu bakal ngawula ka salaku alesan compelling pikeun pangurus ahirna ningkatkeun atawa ngamutahirkeun Exchange Server.

Kumaha sistem penegak berbasis angkutan jalan

Mékanismena cukup saderhana: nalika Exchange Online nampi email ti Exchange Server via panyambung tipe Inbound OnPremises, Exchange Online ngidentipikasi versi ngawangun server sareng ngaevaluasi naha aman nampi email ti éta (nyaéta, naha versi server. dirojong sareng patch kaamanan kritis parantos aya). Upami pangladén rentan, Exchange Online ngarékam tanggal patepang munggaran sareng server éta sareng nambihan béwara ngeunaan pangladén anu luntur kana laporan aliran email, anu tiasa diakses ku pangurus Exchange Server.

Upami kaayaan henteu robih dina 30 dinten ti mimiti kapanggihna, Exchange Online bakal ngawitan throttling (nyaéta delaying) pesen ti server anu rentan. Durasi throttling ningkat sacara bertahap unggal 10 dinten. Upami teu aya anu robih 60 dinten saatos deteksi, Exchange Online ngamimitian ngablokir email.

Mimitina, Microsoft ngarencanakeun pikeun nerapkeun sistem ieu ngan ka server Exchange 2007, tapi engké pendekatan anu sami bakal dilarapkeun ka sadaya vérsi Exchange, sareng henteu masalah kumaha server komunikasi sareng Exchange Online (nyaéta, éta moal dugi ka Panyambung asup OnPremises). Anjeun tiasa mendakan detil tambahan ngeunaan sistem panyebaran basis angkutan dina pos blog resmi tim Exchange. Hanjakalna, teu aya inpormasi ngeunaan iraha sistem ieu bakal diluncurkeun sareng, anu paling penting, iraha éta bakal manjangkeun jangkauan ka vérsi pangladén Exchange anu sanés.

Naha sistem penegak berbasis transportasi penting

Palaksanaan sistem saperti bakal metot salaku precedent a. Microsoft geus rada agrésif ngeunaan némbongkeun konsumén na kumaha pentingna kaamanan infrastruktur awan na. Éta bakal pikaresepeun pikeun ningali naha inisiatif ieu janten tren – upami produsén solusi hibrid anu sanés (nyaéta, anu ngajalankeun sawaréh di tempat sareng sawaréh dina méga) nuturkeun conto Microsoft.

Kumaha carana mastikeun operability server Microsoft Exchange jeung aliran e-mail aman?

Upami anjeun masih nganggo vérsi platform Exchange anu henteu didukung, panginten waktosna pikeun ningkatkeun. Upami Anjeun gaduh versi panganyarna tina Exchange, Anjeun kudu ngawas release patch kaamanan tur masang aranjeunna dina waktu.

Salaku tambahan, kami nyarankeun ngajagi server Exchange sareng e-mail anu dikirimkeun ku solusi khusus Kaspersky Security pikeun Microsoft Exchange Server (kaasup dina Kaspersky Security for Mail Server). Sumawona, sakumaha anu ditingalikeun taun-taun ayeuna, panyerang rela ngeksploitasi kerentanan dina Microsoft Exchange – sakapeung nyiptakeun eksploitasi sateuacan pangguna ngagaduhan kasempetan pikeun masang patch, sareng ieu tiasa ngakibatkeun akibat anu serius. Tapi anjeun tiasa tetep di luhur sadayana — ngadalikeun naon anu lumangsung dina infrastruktur perusahaan anjeun sareng ngadeteksi kagiatan jahat dina waktos anu pas — kalayan bantosan kelas jasa Managed Detect and Response.

#Microsoft #bakal #meungpeuk #email #pangladén #Exchange #anu #kadaluwarsa

Tautan phishing dina awak email mangrupikeun hal anu kapungkur. Saringan email ayeuna ngadeteksi trik ieu kalayan efisiensi ampir 100%. Éta sababna penjahat siber terus-terusan milarian cara anyar pikeun kéngingkeun kredensial login perusahaan. Kami nembe mendakan metode anu rada pikaresepeun anu ngamangpaatkeun server SharePoint anu sah. Dina tulisan ieu, urang ngajelaskeun kumaha skéma jalanna, sareng naon anu kedah diperhatoskeun para karyawan pikeun ngahindarkeun masalah.

Anatomi phishing SharePoint

Karyawan nampi bewara standar ngeunaan jalma anu ngabagi file. Ieu saperti teu mirip ngangkat kacurigaan (utamana lamun pausahaan pagawe pikeun sabenerna ngagunakeun SharePoint). Ieu kusabab ieu bewara nyata ti server SharePoint nyata.

Bewara valid ti server SharePoint.

Bewara valid ti server SharePoint.

Karyawan anu teu curiga ngaklik tautan sareng dibawa ka server SharePoint anu nyata, dimana file OneNote kedah muncul sakumaha sakuduna. Ngan éta, di jero sigana aya bewara file anu sanés sareng ngandung ikon ageung (waktos ieu mangrupikeun file PDF). Perceiving ieu salaku hambalan sejen dina prosés download, korban clicks link – ayeuna phishing baku.

Eusi file OneNote anu kedah aya dina server SharePoint.

Eusi file OneNote anu kedah aya dina server SharePoint.

Tautan ieu giliran muka situs phishing standar anu niru halaman login OneDrive, anu gampang nyolong kredensial pikeun Yahoo!, AOL, Outlook, Office 365, atanapi jasa email anu sanés.

Kaca login Microsoft OneDrive palsu.

Kaca login Microsoft OneDrive palsu.

Naha jenis phishing ieu bahaya pisan

Ieu sanés hartosna kasus munggaran phishing berbasis SharePoint. Tapi, waktos ieu panyerang henteu ngan nyumputkeun tautan phishing dina server SharePoint, tapi nyebarkeunana ngaliwatan mékanisme béwara asli platform. Ieu mungkin sabab, berkat pamekar Microsoft, SharePoint gaduh fitur anu ngamungkinkeun anjeun ngabagi file anu aya dina situs SharePoint perusahaan sareng pamilon éksternal anu henteu gaduh aksés langsung ka server. Pitunjuk ngeunaan cara ngalakukeun ieu disayogikeun dina situs wéb perusahaan.

Sadaya anu kedah dilakukeun ku panyerang nyaéta kéngingkeun aksés ka server SharePoint batur (nganggo trik phishing anu sami atanapi sanés). Rengse, aranjeunna unggah file sareng tautan sareng nambihan daptar email pikeun dibagikeun. SharePoint sorangan mantuan ngabéjaan nu boga email. Sareng béwara ieu bakal ngalangkungan sadaya saringan sabab asalna tina jasa resmi sababaraha perusahaan nyata.

Kumaha tetep aman

Pikeun nyegah karyawan anjeun tina ragrag korban surelek curang, maranéhanana kudu bisa mikawanoh tanda. Dina hal ieu, umbul beureum atra nyaéta kieu:

  • Nalika anjeun henteu terang saha anu ngabagi file (anjeun henteu kedah muka file ti urang asing).
  • Nalika urang henteu terang naon jinis file éta (jalma biasana henteu ngabagi file langsung tanpa panjelasan naon anu aranjeunna kirimkeun sareng kunaon).
  • Emailna nyarioskeun ngeunaan file OneNote – tapi dina server kami ningali PDF.
  • Tautan unduhan file mawa urang ka situs pihak katilu anu teu aya hubunganana sareng perusahaan korban atanapi SharePoint.
  • Berkasna sakuduna aya dina server SharePoint, tapi situsna meniru OneDrive – ieu mangrupikeun dua jasa Microsoft anu béda.

Pikeun mastikeun ieu, kami nyarankeun ngayakeun pelatihan kasadaran kaamanan rutin pikeun karyawan. Platform online khusus tiasa ngabantosan ieu.

Metodeu anu dijelaskeun di luhur jelas nunjukkeun yén solusi kaamanan sareng téknologi anti phishing kedah dipasang henteu ngan ukur di tingkat server surat perusahaan tapi ogé dina sadaya alat padamelan karyawan.

#Phishing #SharePoint #Blog #resmi #Kaspersky

Selfish promotions can be somewhat irritating, however, they are barely notable. The premium form has no promotion and allows you to separate and consolidate PDF to Word. Professional interpretation is a life permit with three years of administrations included. An elective block of notes with tabs and high -level reflexes, particularly valuable for encoders. Probably the most famous device in this classification. Simply use and careful, even accompanies a tracker mode that you will find and kill programs in view of easy symbols or routes on your screen. Know to about Best Practices Learned In Networks Of The Atllasian Networks for the best knowledge.

The backs of master variants restricted uninstall, mass uninstallation, expanded verification of additional documents, continuous observation of changes with records of records, step reinforcement framework, printing and merchandise a summary of projects introduced and more plots. The uninstalant of IObit classifies each of its projects into classifications that simplify the applications that it introduced in recent times, programming that occupies a large amount of space or devices that is barely used at any time. This utility also allows you to quickly eliminate toolbars and program modules, and Windows applications.

Humax and Sony also manufacture sets of series2 tivo. The most recent model is the DVR Series3 HD, which can register superior quality channels. Like the Dual Series2 tuner model, the Tivo Series3 can record several channels simultaneously. You can also guide your homeland organization, however, not all the great elements that you obtain with a series2 tivo are still maintained. Tivo says that customers will really want to download the programming to their sets of Tivo Series3 as new applications are maintained. Despite the three series, some manufacturers offer DVD recorders that have a hard drive and modify to work with Tivo.

Humax, Pioneer and Toshiba treat such models. With these sets, you can copy pre -recorded projects to DVD using a unit. Regardless of the age of tivo you possess, some normal guidelines are applied. The limit of its non -stone by the size of the hard disk in the unit and the quality configuration that decides for the accounts. For complete information reinforcements (Terabytes of photographs, recordings, complete units), there are preferred options on those mentioned. Above all, it obtains a specific reinforcement program, training of records and a frequently unlimited capacity, so that you can download information tenderness and remain silent.

Suggested cloud reinforcement suppliers incorporate backblaze, IDRive, Carbonite and SOS backrest. Assuming that you understand what you are doing, the two windows and macOS accompany a good security of the container. A good judgment should be enough for energy customers, while the typical customer may need to add one more insurance layer that does not transform into a weight for their frame. Malwarebytes is the main instrument to be considered. A veteran work in the avoidance of malware and root assaults, is perfect and free for individual use.

In the event that it prefers not to introduce antivirus in its PC, since it fears the excessive discovery, the EMSISOFT emergency kit for Windows can be placed in a key plate, which it could associate when you want. So that the crowd understands the program both mentally and internally, you must tell it as a firm story, a story. The slides must impart those three direct thoughts supported by basic joints of text, images and solid graphics.

However, in general, make an effort to not be too heavy in the perspective of the text: let the story you are telling play with the slides and remember, while we learn on the next page, the truth can be more strange than fiction . A cozy, empowering and Peppy disposition can help prevail even in the most robust skeptics, and generally excited transport can go quite far towards the drawing of its crowd. People are exceptionally visual students. It is much easier for our memorable cerebrums a solid and novel image than a progression of statistical data points. PowerPoint is an incredible and simple program to use to make many types of diagrams and graphics. Remember that the easier and the greater the table, the better.

  • 1
  • 2