Riaan Izigebengu eziningi, okuhlanganisa okungenani iqembu lesizwe elilodwa, zangena kuseva yewebhu ye-Microsoft Internet Information Services yesikhungo sikahulumeni wase-US ngokusebenzisa isiphazamisi se-Telerik esibucayi esineminyaka emithathu ukuze kufezwe ikhodi ekude.
I-snafu yenzeke phakathi kukaNovemba 2022 nasekuqaleni kukaJanuwari, ngokwesexwayiso esihlanganyelwe esivela ku-FBI, CISA, kanye ne-American’s Multi-State Information Sharing and Analysis Centre (MS-ISAC) kuleli sonto.
AbakwaFed bakubonile lokhu kugasela ngemuva kokubona izimpawu eziyisixwayiso esikhungweni segatsha esiphethe umphakathi, kusho umeluleki. Ayizange ibize i-federal agency.
“Abahlaziyi banqume ukuthi abalingisi abaningi abasongela i-cyber, okuhlanganisa nomlingisi we-APT, bakwazi ukusebenzisa ubungozi be-.NET deserialization (I-CVE-2019-18935) ku-Progress Telerik interface yomsebenzisi (UI) ye-ASP.NET AJAX, etholakala kuseva yewebhu ye-Microsoft Internet Information Services (IIS),” iseluleko esihlanganyelwe kusho.
Ukwenziwa kwe-serialization kuyinqubo yokuguqula uhlaka lwedatha enkumbulweni lube uchungechunge lwamabhayithi okugcinwa noma ukudluliswa. I-Deserialization ihlehlisa lokhu futhi iphendule ukusakazwa kwedatha kubuyele entweni ekumemori.
Ukuba sengozini kwe-Deserialization kuthinta izilimi eziningi zokuhlela nezinhlelo zokusebenza, futhi, njenge Kuchaza uMandiantempeleni “imiphumela yezinhlelo zokusebenza ezibeka ithemba elikhulu kudatha umsebenzisi (noma umhlaseli) angakwazi ukuyiphazamisa.”
Lokhu ikakhulukazi I-Telerik bug, ethole amaphuzu angu-9.8 kwangu-10 e-CVSS, yaqala ukutholwa ngo-2019 futhi idume kakhulu ezigebengwini ezisekelwa yiBeijing. Ngo-2020 wenza uhlu lwe- top 25 ubungozi bokuphepha kwekhompyutha Izigebengu zikahulumeni waseShayina zisebenzisa ukugqekeza amanethiwekhi futhi zebe idatha.
Ngakho-ke nakuba i-Fed ingamhlonzi umdlali oqhubekayo wokusongela (i-APT) osekuqapheleni kwawo, singavuma ukubheja ngesinye seqembu likaMongameli u-Xi Jinping le-cyber-goon. Futhi kuyacaca ukuthi othile kuhulumeni wobumbano akazange ayithole imemo mayelana nokusebenzisa ukulungiswa kwezokuphepha ngesikhathi esifanele.
Ngokokwelulekwa, yi-Telerik UI kuphela ye-ASP.NET AJAX eyakha ngaphambi kuka-R1 2020 (2020.1.114) abasengcupheni. Futhi ngokwehlukana ukuhlaziya uhlelo olungayilungele ikhompuyuthai-CISA ihlonze amafayela anonya nezinye izinkomba zokuyekethisa.
Ukwengeza, i-ejensi ye-cybersecurity iphakamisa ukuhlala kwezinhlangano phezu kokuchibiyela ukuze ziqinisekise ukuthi isofthiwe yazo isesikhathini samanje, futhi zikhawulele izimvume ebuncaneni obudingekayo ukuze ziqhube amasevisi.
Isexwayiso sakamuva sezokuphepha silandela uchungechunge lokugqekeza kukahulumeni wase-US kanye nokuntshontshwa kwedatha. Ngesonto eledlule, i-FBI ithe ibiphenya ngokwephulwa kwamaseva aphethwe yi-DC Health Care Link lapho amaqili entshontsha amalungu eCongress kanye nemininingwane yomuntu siqu yabasebenzi.
I-DC Health Link iyindawo yemakethe eku-inthanethi ye-Affordable Care Act elawula izinhlelo zokunakekelwa kwezempilo zamalungu eCongress kanye nemindeni yawo kanye nabasebenzi. Enye yaleyo datha eyebiwe isikhona manje enikezwa ukudayiswa ezinkundleni zokuxhumana ezimnyama.
Futhi ngasekupheleni kukaFebhuwari, i-US Marshals Service yavuma ukwephulwa “okukhulu” kwezokuphepha kolwazi okuholele ekutheni ukutheleleka kwe-ransomware kanye nokukhishwa “kolwazi olubucayi lokugcinwa komthetho.” ®
