{"id":320,"date":"2021-04-11T16:47:38","date_gmt":"2021-04-11T16:47:38","guid":{"rendered":"http:\/\/wptf.themepul.com\/restly\/?p=320"},"modified":"2022-04-15T09:57:24","modified_gmt":"2022-04-15T09:57:24","slug":"lista-celor-mai-exploatate-vulnerabilitati-din-ultimii-2-ani","status":"publish","type":"post","link":"https:\/\/www.itmentenanta.ro\/en\/lista-celor-mai-exploatate-vulnerabilitati-din-ultimii-2-ani\/","title":{"rendered":"LISTA CELOR MAI EXPLOATATE VULNERABILIT\u0102\u021aI DIN ULTIMII 2 ANI"},"content":{"rendered":"

AGEN\u021aII IMPORTANTE DIN DIN DOMENIUL SECURIT\u0102\u021aII CIBERNETICE DEZV\u0102LUIE LISTA CELOR MAI EXPLOATATE VULNERABILIT\u0102\u021aI DIN ULTIMII 2 ANI<\/strong><\/p>\n\n\n\n

\u00cen total sunt enumerate 30 de vulnerabilitate; organiza\u021bii ar face bine s\u0103-\u0219i actualizeze sistemele, dac\u0103 nu au f\u0103cut asta deja<\/p>\n\n\n\n

Cele mai importante asigur\u0103ri de securitate cibernetic\u0103 \u0219i de aplicare a legii din Statele Unite, Marea Britanie \u0219i Australia au emis un aviz comun care prezinta top 30 vulnerabilit\u0103\u021bi utilizate \u00een mod obi\u0219nuit de c\u0103tre atacatori \u00een cursul anului 2020 \u0219i 2021.<\/p>\n\n\n\n

Comitetul consultativ, al\u0103turi de Biroul Federal de Investiga\u021bii al Statelor Unite (FBI) \u0219i Agen\u021bia de Securitate Cibernetic\u0103 \u0219i Infrastructur\u0103 (CISA), Centrul Na\u021bional de Securitate Cibernetic\u0103 al Marii Britanii (NCSC) \u0219i Centrul de Securitate Cibernetic\u0103 Australian\u0103 (ACSC) au dezv\u0103luit c\u0103 mai multe vulnerabilit\u0103\u021bi vizate \u00een 2020 au fost legat de tehnologiile axate pe munca la distan\u021b\u0103. Acest lucru ar putea fi atribuit pandemiei COVID-19 care a for\u021bat companiilor s\u0103 treac\u0103 rapid la un mediu de lucru de la domiciliu.<\/p>\n\n\n\n

\u201eMigrarea rapid\u0103 \u0219i utilizarea sporit\u0103 a op\u021biunilor de lucru la distan\u021b\u0103, cum ar fi re\u021belele private virtuale (VPN) \u0219i mediile bazate pe cloud, au adus, probabil, o grij\u0103 \u00een plus pentru responsabilitatea cu securitatea cibernetic\u0103, care se lupt\u0103 s\u0103 men\u021bin\u0103 \u0219i s\u0103-\u0219i fac\u0103. \u021bin\u0103 pasul cu patch-urile de rutin\u0103\u201d, a declarat comitetul.<\/p>\n\n\n\n

Conform concluziilor guvernului SUA, cea mai exploatat\u0103 vulnerabilitate \u00een 2020 a fost o eroare \u00een Citrix Delivery Controller. Urm\u0103rit\u0103 ca CVE-2019-19781, eroarea de execu\u021bie a codului arbitrar a fost evaluat\u0103 ca fiind critic\u0103 \u00een ceea ce prive\u0219te gradul de severitate \u0219i de\u021bine un scor aproape perfect de 9,8 din 10 pe scara sistemului comun de notare a vulnerabilit\u0103\u021bilor (CVSS) . Dac\u0103 un atacator reu\u0219e\u0219te s\u0103 exploateze lacuna de securitate, ar putea prelua sistemul afectat. Vulnerabilitatea a atras criminale, deoarece este u\u0219or de exploatat \u0219i de exploatare. Citrix sunt folosite pe scar\u0103 larg\u0103 \u00een lume.<\/p>\n\n\n\n

\u201e\u00cen 2021, actorii cibernetici r\u0103u inten\u021biona\u021bi au continuat s\u0103 vizeze vulnerabilit\u0103\u021bile dispozitivelor de tip in-perimeter. Printre cele extreme de exploatate \u00een 2021 se num\u0103r\u0103 vulnerabilit\u0103\u021bi \u00een Microsoft, Pulse, Accellion, VMware \u0219i Fortinet. CISA, ACSC, NCSC \u0219i FBI aprecia c\u0103 organiza\u021biile \u0219i private din \u00eentreaga lume au r\u0103mas vulnerabile la compromisuri \u00een urma exploat\u0103rii acestor vulnerabilit\u0103\u021bi CVE\u201d, a ad\u0103ugat CISA.<\/p>\n\n\n\n

g\u0103si\u021bi o list\u0103 complet\u0103 a vulnerabilit\u0103\u021bilor \u0219i a atenu\u0103rilor recomandate \u00een ghidul CISA<\/a>.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

IMPLEMENTA\u021aI TOATE PATCH-URILE DISPONIBILE<\/h2>\n\n\n\n

Cvartetul de agen\u021bii a \u00eendemnat companiile \u0219i organiza\u021biile s\u0103-\u0219i actualizeze sistemele vulnerabile, aceasta fiind una dintre cele mai simple modalit\u0103\u021bi de a atenua \u0219ansele ca vulnerabilit\u0103\u021bile s\u0103 fie exploatate \u0219i s\u0103 le fie compromise sistemele. Este de la sine \u00een\u021beles c\u0103 patch-urile ar trebui s\u0103 fie implementate c\u00e2t mai cur\u00e2nd posibil. Nu toate sistemele beneficiaz\u0103, \u00eens\u0103, de patch-uri, \u0219i \u00een aceste cazuri cea mai bun\u0103 cale de ac\u021biune este aplicarea unor solu\u021bii alternative sau a altor atenu\u0103ri puse la dispozi\u021bie, de regul\u0103, de furnizori.<\/p>\n\n\n\n

\u201e\u00cen domeniul securitat\u0103\u021bii cibernetice, s\u0103 ai \u00een vedere elementele de baz\u0103 este deseori cea mai important aspect. Organiza\u021biile care aplic\u0103 cele mai bune practici de securitate cibernetic\u0103, cum ar fi patch-urile, pot reduce riscul ca atacatorii s\u0103 exploateze vulnerabilit\u0103\u021bile cunoscute din re\u021belele lor\u201d, a  declarat Eric Goldstein, Executive Assistant Director \u00een Securitate Cibernetic\u0103 la CISA.<\/a><\/p>","protected":false},"excerpt":{"rendered":"

AGEN\u021aII IMPORTANTE DIN DIN DOMENIUL SECURIT\u0102\u021aII CIBERNETICE DEZV\u0102LUIE LISTA CELOR MAI EXPLOATATE VULNERABILIT\u0102\u021aI DIN ULTIMII 2 ANI \u00cen total sunt enumerate 30 de vulnerabilitate; organiza\u021bii ar face bine s\u0103-\u0219i actualizeze sistemele, dac\u0103 nu au f\u0103cut asta deja Cele mai importante asigur\u0103ri de securitate cibernetic\u0103 \u0219i de aplicare a legii din Statele Unite, Marea Britanie \u0219i […]<\/p>","protected":false},"author":1,"featured_media":5943,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"gallery","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[17],"tags":[30,34],"class_list":["post-320","post","type-post","status-publish","format-gallery","has-post-thumbnail","hentry","category-business","tag-software","tag-video","post_format-post-format-gallery"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.itmentenanta.ro\/wp-content\/uploads\/2021\/04\/Vulnerability-scanning-1175x450-1.jpg?fit=1175%2C450&ssl=1","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/posts\/320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/comments?post=320"}],"version-history":[{"count":1,"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/posts\/320\/revisions"}],"predecessor-version":[{"id":5945,"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/posts\/320\/revisions\/5945"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/media\/5943"}],"wp:attachment":[{"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/media?parent=320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/categories?post=320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itmentenanta.ro\/en\/wp-json\/wp\/v2\/tags?post=320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}