Kwilinge lokomeleza ukhuseleko lwayo lwe-cybersecurity, iCisco isandula ukubhaqa kwaye ngokukhawuleza yajongana nokuba semngciphekweni okuphezulu ngaphakathi kwesoftware yoKhuseleko loMthengi. Eyona nto ibaluleke kakhulu kwezi, ezichongiweyo njenge-CVE-2024-20337, ibeka isoyikiso esibalulekileyo ngokuvumela ukufikelela okungagunyaziswanga kwiiseshoni zeVPN. Ngamanqaku e-CVSS ka-8.2, obu buthathaka buvela kuhlaselo lwe-carriage return line feed (CRLF), ebonisa isango elinokubakho labadlali abakhohlakeleyo ukuba baqhube iiseshini zabasebenzisi ezineziphumo ezibi. Eli nqaku lijonge kwiinkcukacha zokuba sesichengeni, impembelelo enokubakho, kunye namanyathelo athatyathwe yiCisco ukunciphisa umngcipheko.
CVE-2024-20337 ngokweNgcaciso
Ukuba sesichengeni entliziyweni yesi soyikiso se-cyber kuvumela abahlaseli abakude ukuba basebenzise uhlaselo lwenaliti yeCRLF ngenxa yokuqinisekiswa okunganelanga kwegalelo elinikezelwe ngumsebenzisi. Ngokusebenzisa amakhonkco enziwe ngokukodwa, abadlali bezoyikiso banokukhohlisa abasebenzisi ukuba baqalise ukuxhaphaza ngokungazi ngexesha loxhumo lweVPN. Esi siphene sineziphumo ezibi, ukunika abahlaseli amandla okuphumeza ikhowudi yeskripthi engafanelekanga ngaphakathi kwendawo yebrawuza yamaxhoba kunye nokufikelela kulwazi olubuthathaka, kubandakanywa iimpawu ezisebenzayo zoKhuseleko lwe-Assertion Markup Language (SAML).
Ngamathokheni ahlaselweyo, abahlaseli banokuqalisa iiseshini zeVPN ezikude, bazenze njengabasebenzisi abaqinisekisiweyo, abanokungena kuthungelwano lwangaphakathi kunye nokubeka esichengeni idatha ebuthathaka. Obu buthathaka bubaluleke kakhulu kwandisa ukufikelela kwawo kumaqonga amaninzi, kuchaphazela isoftware yoMthengi oKhuselekileyo kwiWindows, Linux, kunye neMacOS.
Ebona ubunzima bale meko, uCisco wathatha amanyathelo ngokukhawuleza ukujongana nobuthathaka. Inkampani ikhuphe iipetshi kwiinguqulelo ezahlukeneyo zesoftware ukunciphisa umngcipheko ngempumelelo. Iinguqulelo ezingaphambi kwe-4.10.04065 zithathwa njengezingenabungozi, ngelixa ukukhutshwa okulandelayo kuye kwaqiniswa ukuphelisa isiphene esichongiweyo.
Ukongeza kwi-CVE-2024-20337, iCisco iphinde yasombulula esinye isiphene sobunzima obuphezulu, i-CVE-2024-20338, echaphazela uMthengi oKhuselekileyo weLinux. Ngamanqaku eCVSS ka-7.3, obu buthathaka bunokwenza abahlaseli basekhaya baphakamise amalungelo kwizixhobo ezisengozini, bephakamisa iinkxalabo zokhuseleko ezibalulekileyo.
Ukuphendula kobu buthathaka, iCisco ibongoza abasebenzisi ukuba basebenzise ngokukhawuleza iipetshi eziyimfuneko kunye nohlaziyo lokukhusela iinkqubo zabo ekuxhatshazweni okunokwenzeka. Ukubaluleka kokuhlala uphaphile kwaye uthatha inyathelo xa ujongene nezisongelo ze-cyber eziguqukayo akunakubaxwa.
Ngelixa amagama athile okubona i-malware eyayanyaniswa nobu sesichengeni engabonelelwanga, imibutho iyacetyiswa ukuba ihlale inolwazi malunga nezoyikiso ezivelayo kwaye isebenzise amanyathelo okhuseleko oluqilima kwi-cybersecurity ukubona kunye nokuthintela uhlaselo olunokwenzeka. Izoyikiso ezifanayo zinokusebenzisa ubuthathaka kwisoftware eyahlukeneyo, igxininisa imfuneko yezenzo zokhuseleko ezibanzi.
IiNdlela eziGqwesileyo zoThintelo
Ukuqinisa ukhuseleko lwe-cybersecurity kunye nokuthintela usulelo oluzayo, abasebenzisi bayacetyiswa ukuba basebenzise ezi ndlela zilandelayo:
- Hlaziya rhoqo isoftwe kunye ne-firmware: Qinisekisa ukuba zonke iisistim ezisebenzayo, usetyenziso, kunye nesoftware yokhuseleko zisexesheni ukuze kulungiswe ubuthathaka kwaye kwandise ukomelela kwenkqubo.
- Sebenzisa ulwahlulo lothungelwano: Yahlula uthungelwano lube ngamacandelo ukunciphisa ifuthe lokwaphulwa kolwaphulo-mthetho olunokwenzeka kwaye luqulathe imisebenzi eyingozi.
- Ukufundisa abasebenzisi: Ukukhuthaza inkcubeko yokwazisa ngokhuseleko lwe-cybersecurity phakathi kwabasebenzisi, ugxininisa ukubaluleka kokuqaphela iinzame zokukhohlisa kunye nokusebenzisa isilumkiso ngamakhonkco kunye nezincamatheliso.
- Ukubeka iliso kwitrafikhi yothungelwano: Sebenzisa izixhobo zokubeka iliso zenethiwekhi ezomeleleyo zokubona kwaye uphendule kwimisebenzi engaqhelekanga okanye ekrokrisayo ngokukhawuleza.
- Ukuqhuba uphicotho oluthe gqolo lokhuseleko: Vavanya rhoqo kwaye uphicothe iiprothokholi zokhuseleko, ulungelelwaniso, kunye nolawulo lokufikelela ukuze uchonge kwaye ulungise ubuthathaka obunokubakho.
isiphelo
Ukufunyanwa kunye nokunciphisa ngokukhawuleza ubuthathaka ngaphakathi kwesoftware yeCisco's Secure Client kugxininisa ubume bezoyikiso ze-cyber. Njengoko imibutho iqhubeka nokujonga imeko yedijithali, ukugcina isimo sokusebenza, ukuhlala unolwazi malunga nemingcipheko evelayo, kunye nokuphumeza amanyathelo okhuseleko olomeleleyo zizinto ezibalulekileyo zesicwangciso esibanzi sokhuseleko lwe-cyber. Impendulo yeCisco isebenza njengesikhumbuzo somzamo wentsebenziswano ofunekayo ukukhusela kwizisongelo eziguqukayo kunye nokukhusela ulwazi olubuthathaka ekufikeleleni okungagunyaziswanga.