Riaan 
Izithombe ze-Getty
I-Rubrik, inkampani yezokuphepha kwedatha yaseSilicon Valley, ithe ihlangabezane nokungenwa kwenethiwekhi okwenziwa ukuba sengozini yosuku oluyiziro kumkhiqizo eyayiwusebenzisa obizwa ngokuthi i-GoAnywhere.
Ku-an iseluleko okuthunyelwe ngoLwesibili, uRubrik CISO uMichael Mestrovich uthe uphenyo mayelana nalokhu kuphulwa kwathola ukuthi izigebengu zikwazi ukufinyelela ikakhulukazi ulwazi lwangaphakathi lokuthengisa, okuhlanganisa amagama ezinkampani kanye nolwazi lokuxhumana, kanye nenani elilinganiselwe lama-oda okuthenga avela kubasabalalisi bakwaRubrik. Uphenyo, olwasizwa inkampani yenkampani yangaphandle engashiwongo igama, luphethe ngokuthi akukho ukudalulwa kolwazi olubucayi njengezinombolo Zokuvikeleka Komphakathi, izinombolo ze-akhawunti yezezimali, noma idatha yekhadi lokukhokha.
Anamalebe aqinile
“Sithole ukufinyelela okungagunyaziwe kwenani elilinganiselwe lolwazi kwenye yezindawo zethu zokuhlola i-IT ezingakhiqizi njengomphumela wokuba sengozini kwe-GoAnywhere,” kubhala uMstrovich. “Okubalulekile, ngokusekelwe ophenyweni lwethu lwamanje, olwenziwa ngosizo lochwepheshe bezinkampani zangaphandle, ukufinyelela okungagunyaziwe AKUBANGAKI noma iyiphi idatha esiyivikelayo egameni lamakhasimende ethu nganoma yimiphi imikhiqizo ye-Rubrik.”
UMestrovich ushiye imininingwane ebalulekile ekudaluleni, ikakhulukazi lapho ukwephulwa kwecala kwenzeka nini noma uma u-Rubrik ekubhalile ukuba sengozini. NgoFebhuwari 2, inkampani yeCybersecurity iFortra amakhasimende axwayise ngasese ihlonze izenzo zosuku oluyiziro zokuba sengozini ku-GoAnywhere MFT yayo, uhlelo lokusebenza lokudlulisa ifayela eliphethwe yizinga lebhizinisi. I-Fortra inxuse amakhasimende ukuthi athathe izinyathelo zokunciphisa usongo kuze kube yilapho kutholakala isiqeshana. NgoFebhuwari 6, iFortra kulungisiwe ubungozi, okulandelelwa njenge-CVE-2023-0669, ngokukhishwa kwenguqulo 7.1.2
Ngaphandle kokwazi ukuthi ukungenelela kwenzeke nini, akunakwenzeka ukunquma ukuthi ubungozi bekuwusuku oluyiziro ngesikhathi buxhashazwa ngaso ku-Rubrik, noma ukuthi ukuphulwa kwakuwumphumela we-Rubrik yokwehluleka ukufaka isiqeshana esitholakalayo noma ukuthatha ezinye izinyathelo zokunciphisa ngesikhathi esifanele.
Abamele i-Rubrik abazange baphendule ku-imeyili befuna ukuphawulwa mayelana nesikhathi sokungena nokuthi inkampani ikhiphe nini noma inciphise ubungozi. Lokhu okuthunyelwe kuzobuyekezwa uma lolu lwazi lutholakala kamuva.
I-CVE eqhubeka nokupha
I-CVE-2023-0669 ibonakale iyimpahla ebalulekile yokusongela abalingisi. Emasontweni amabili ngemuva kokuthi uFortra edalule okokuqala ubungozi, elinye lamaketanga amakhulu ezibhedlela e-US lathi abaduni. wasixhaphaza ekungeneni okunike abaduni ukufinyelela olwazini lwezempilo oluvikelekile lweziguli eziyisigidi. Idatha eyonakalisiwe ihlanganisa imininingwane yezempilo evikelwe njengoba kuchazwe uMthetho Wokuthwala Komshuwalense Wezempilo kanye Nokuziphendulela, kanye nemininingwane yomuntu siqu yeziguli, kusho uchungechunge lwesibhedlela, i-Community Health Systems yaseFranklin, eTennessee.
Muva nje, Kubikiwe Ikhompyutha Elalayo ukuthi amalungu eqembu lezigelekeqe le-Clop ransomware azithathele isikweletu ngokugebenga izinhlangano eziyi-130 ngokusebenzisa ukuba sengozini kwe-GoAnywhere. Ucwaningo oluvela enkampanini yezokuphepha i-Huntress luqinisekisile ukuthi uhlelo olungayilungele ikhompuyutha olusetshenziswa ekungeneni kwe-CVE-2023-0669 lwalunobudlelwane obungaqondile ne-Clop.
Muva nje, isizindalwazi esimnyama seClop sithi iqembu le-ransomware lephule i-Rubrik. Njengobufakazi, umlingisi osongelayo uthumele izithombe-skrini eziyisishiyagalolunye ezibonakala zikhombisa ulwazi lokuphathelene olukaRubrik. Izithombe-skrini zibonakala ziqinisekisa isimangalo sikaRubrik sokuthi idatha etholwe ekungeneni yayilinganiselwe kakhulu kulwazi lokuthengisa lwangaphakathi.
Isiza seClop siphinde sathi leli qembu ligqekeze iHatch Bank futhi lanikeza nezithombe-skrini ezingu-10 ezibonakala ziqinisekisa isimangalo. Ibhange elihlinzeka ngezinsizakalo zezinkampani ze-fintech, i-Hatch Bank kusho ngasekupheleni kukaFebhuwari ukuthi ihlangabezane nokwephulwa komthetho okunikeze ukufinyelela kumagama nezinombolo Zokuvikeleka Komphakathi zamakhasimende acishe abe ngu-140,000. A incwadi I-Hatch Bank ethunyelwe kwamanye amakhasimende ihlonze ukuba sengozini yosuku oluyizero ku-GoAnywhere njengembangela.
Uma bekungacacile ngaphambilini, kufanele kube manje: I-CVE-2023-0669 ibeka usongo olukhulu. Noma ubani osebenzisa i-GoAnywhere kufanele akwenze kubaluleke ukuphenya ukuchayeka kwabo kulobu bungozi futhi aphendule ngokufanele.
