KZ-CERT has protected more than 300 Kaznet sites
During the monitoring of the Kazakhstan segment of the Internet for the presence of threats to information security by the Computer Incident Response Team (hereinafter — KZ-CERT) of JSC “State Technical Service”, more than 300 Internet resources were found potentially exposed to vulnerabilities with the identifier CVE-2021-32648 associated with the content management system “October”.
Recall that according to the Ukrainian portal focus.ua , On January 14, 2022, information was published about the hacking of Ukrainian government Internet resources. The attackers, having compromised the Internet resource, left a message that all personal data has been uploaded to public access. Later, information was published on the same portal about the discovery of the vulnerability CVE-2021-32648, through which Internet resources were compromised.
To prevent possible attacks on Internet resources managed by October CMS on identified domain names in Kaznet, the KZ-CERT Team sent notifications to telecom operators and organizations with the following recommendations:
• update October CMS to the current version with fixed vulnerabilities;
• set a secure password for the administrator account;
• check the CMS activity log for abnormal actions;
• check the log of actions on the hosting server side for abnormal actions;
• apply CMS updates in a timely manner;
• periodically perform backups (if not performed);
• hide the URL path to the Internet resource administration panel (change the standard directories).
• update October CMS to the current version with fixed vulnerabilities;
• set a secure password for the administrator account;
• check the CMS activity log for abnormal actions;
• check the log of actions on the hosting server side for abnormal actions;
• apply CMS updates in a timely manner;
• periodically perform backups (if not performed);
• hide the URL path to the Internet resource administration panel (change the standard directories).
• update October CMS to the current version with fixed vulnerabilities;
• set a secure password for the administrator account;
• check the CMS activity log for abnormal actions;
• check the log of actions on the hosting server side for abnormal actions;
• apply CMS updates in a timely manner;
• periodically perform backups (if not performed);
• hide the URL path to the Internet resource administration panel (change the standard directories).
