Muhimmiyar raunin Apache Log4j 2 yana buɗe hanya ga masu satar bayanan da jihar ke daukar nauyin satar bayanai da kaddamar da hare-haren fansa, a cewar Microsoft.
A ranar Talata, kamfanin gargadi An lura da kungiyoyin satar bayanan kasa daga China, Iran, Koriya ta Arewa, da Turkiyya suna kokarin yin amfani da kuskuren Log4j 2. Ayyukansu sun haɗa da gwaji tare da kwaro da cin zarafin aibi don sauke nauyin biyan kuɗi da kuma fitar da bayanai daga waɗanda abin ya shafa.
A cewar Microsoft, wata kungiyar kutse ta Iran, mai suna Phosphorus ko Charming Kitten, ta yi zargin cewa tana amfani da Log4j 2 don yada kayan fansa. An lura da wata ƙungiya ta daban daga China da ake kira Hafnium tana yin amfani da raunin da ya dace don taimaka mata wajen kai hari ga waɗanda abin ya shafa.
"A cikin waɗannan hare-haren, an lura da tsarin da ke da alaƙa da Hafnium ta amfani da sabis na DNS wanda ke da alaƙa da ayyukan gwaji zuwa tsarin sawun yatsa," in ji Microsoft.
Rashin lahani yana ƙara ƙararrawa saboda ana amfani da software na Apache's Log4j 2 a cikin masana'antar intanit a matsayin kayan aiki don shigar da canje-canje a cikin software ko aikace-aikacen yanar gizo. Ta hanyar yin amfani da aibi, dan gwanin kwamfuta zai iya shiga cikin tsarin IT don satar bayanai ko gudanar da wani shiri na mugunta. Rashin taimakawa matsalar shine yadda kuskuren yake da ƙarancin kafawa, wanda ya sa ya zama mai sauƙi ga kowa ya yi amfani da shi.
Rahoton daga Microsoft ya jaddada bukatar daukacin masana'antar kere-kere su daidaita aibi kafin rikici ya afku. Kamfanin bai bayyana kungiyoyin satar bayanan da gwamnati ke daukar nauyinta daga Koriya ta Arewa ko Turkiyya ba. Amma Microsoft ya kara da cewa wasu kungiyoyin masu aikata laifuka ta yanar gizo, wadanda ake kira "dillalan shiga," an gansu suna amfani da kwaro na Log4j 2 don samun gindin zama a cikin hanyoyin sadarwa.
Editocin mu sun ba da shawarar
"Wadannan dillalai masu samun damar shiga sai su sayar da damar shiga waɗannan cibiyoyin sadarwa zuwa haɗin gwiwar ransomware-as-a-service," in ji Microsoft. "Mun lura da waɗannan ƙungiyoyin suna ƙoƙarin cin zarafi akan tsarin Linux da Windows, wanda zai iya haifar da haɓaka tasirin fansa na ɗan adam akan duka waɗannan dandamali na tsarin aiki."
Sauran kamfanonin tsaron yanar gizo, da suka hada da Mandiant, sun kuma ga kungiyoyin satar bayanan da gwamnati ke daukar nauyinta daga China da Iran suna kai hari. "Muna tsammanin sauran 'yan wasan jiha suna yin haka, ko kuma suna shirye-shiryen," in ji Mandiant VP na Binciken Leken Asiri John Hultquist. "Mun yi imanin cewa waɗannan 'yan wasan za su yi aiki cikin sauri don ƙirƙirar ginshiƙai a cikin kyawawan hanyoyin sadarwa don ayyukan da za su biyo baya, waɗanda na iya ɗaukar ɗan lokaci."
Kamar Abin da kuke karantawa?
Shiga don Tsaro Watch wasiƙar don manyan bayanan sirrinmu da labarun tsaro waɗanda aka isar da su kai tsaye zuwa akwatin saƙo naka.
Wannan wasiƙar na iya ƙunsar tallace-tallace, ciniki, ko hanyoyin haɗin gwiwa. Biyan kuɗi ga wasiƙar yana nuna yardar ku ga mu Sharuddan Amfani da kuma takardar kebantawa. Kuna iya cire rajista daga wasiƙun labarai a kowane lokaci.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
English
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba