{"id":49351,"date":"2022-06-01T09:46:00","date_gmt":"2022-06-01T08:46:00","guid":{"rendered":"https:\/\/www.soitron.com\/kryptophishingovy-podvod-ukazal-slabost-mailchimpu\/"},"modified":"2022-07-04T11:04:21","modified_gmt":"2022-07-04T10:04:21","slug":"kryptophishingovy-podvod-ukazal-slabost-mailchimpu","status":"publish","type":"post","link":"https:\/\/new.soitron.com\/sk\/kryptophishingovy-podvod-ukazal-slabost-mailchimpu\/","title":{"rendered":"Kryptophishingov\u00fd podvod pouk\u00e1zal na jednu v\u00fdznamn\u00fa slabos\u0165 dod\u00e1vate\u013esk\u00e9ho re\u0165azca"},"content":{"rendered":"\n<p><strong><strong>\u00datoky <a href=\"https:\/\/www.soitron.sk\/social-hacking-v-priamom-prenose\/\">soci\u00e1lneho in\u017einierstva<\/a> s\u00fa st\u00e1le sofistikovanej\u0161ie. V nebezpe\u010denstve sa nach\u00e1dzaj\u00fa jedinci aj firmy. Ako dokazuje ned\u00e1vny pr\u00edpad, dokonca aj pou\u017e\u00edvanie slu\u017eieb overen\u00fdch tret\u00edch str\u00e1n, u ktor\u00fdch s\u00fa ulo\u017een\u00e9 inform\u00e1cie, s\u00fa \u010dastokr\u00e1t cite\u013ene zranite\u013en\u00e9 a nie je mo\u017en\u00e9 im bezhrani\u010dne d\u00f4verova\u0165.<\/strong><\/strong><\/p>\n\n\n\n<p>Soci\u00e1lne in\u017einierstvo je sp\u00f4sob manipul\u00e1cie u\u017e\u00edvate\u013eov s cie\u013eom z\u00edska\u0165 od nich inform\u00e1cie d\u00f4vern\u00e9ho charakteru alebo ich prin\u00fati\u0165 k vykonaniu po\u017eadovanej akcie. Pre tento \u00fa\u010del sa za\u010dali vyu\u017e\u00edva\u0165 <a href=\"https:\/\/www.soitron.sk\/phishing-platformy-pre-timovu-spolupracu\/\">platformy pre t\u00edmov\u00fa spolupr\u00e1cu<\/a>, syst\u00e9my vyu\u017e\u00edvan\u00e9 k prev\u00e1dzke webov\u00fdch str\u00e1nok\/e-shopov alebo syst\u00e9my pre posielanie e-mailov\u00fdch kampan\u00ed. A pr\u00e1ve jeden z nich bol napadnut\u00fd.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Rast\u00faci trend \u00fatokov soci\u00e1lneho in\u017einierstva<\/h2>\n\n\n\n<p>Syst\u00e9m MailChimp je svetov\u00fdm synonymom pre rozposielanie newsletterov. Hack tohoto syst\u00e9mu urobil vr\u00e1sky nejedn\u00e9mu marketingov\u00e9mu mana\u017e\u00e9rovi. Pr\u00e1ve t\u00edto zamestnanci ho toti\u017e vo ve\u013ekej miere vyu\u017e\u00edvaj\u00fa k rozposielaniu r\u00f4znych kampan\u00ed (informa\u010dn\u00e9, marketingov\u00e9, ponuky a pod.). <em>\u201eHackerom sa v MailChimpe podarilo z\u00edska\u0165 pr\u00edstup k viac ako 100 z\u00e1kazn\u00edckym \u00fa\u010dtom. Jedn\u00fdm z postihnut\u00fdch e-mailov\u00fdch zoznamov bola datab\u00e1za spolo\u010dnosti Trezor, ktor\u00e1 vyr\u00e1ba krypto-pe\u0148a\u017eenky. \u00dato\u010dn\u00edci sa n\u00e1sledne sna\u017eili z\u00edska\u0165 prihlasovacie \u00fadaje ku kryptomenov\u00fdm pe\u0148a\u017eenk\u00e1m t\u00fdm sp\u00f4sobom, \u017ee ich majite\u013eom menom Trezoru rozposlali informa\u010dn\u00fd e-mail priamo z MailChimpu,\u201c <\/em><strong>poodkr\u00fdva praktiku<\/strong> <strong>Martin Lohnert, \u0161pecialista pre oblas\u0165 kyberbezpe\u010dnosti v technologickej spolo\u010dnosti Soitron.<\/strong> V e-maile klienti Trezoru dostali inform\u00e1ciu, \u017ee ich \u00fa\u010dty boli kompromitovan\u00e9 v d\u00f4sledku \u00faniku d\u00e1t. E-mail obsahoval odkaz na \u00fadajn\u00fa aktualizovan\u00fa verziu aplik\u00e1cie Trezor Suite spolu s pokynmi k nastaveniu nov\u00e9ho pr\u00edstupov\u00e9ho PINu \u2013 i\u0161lo ale o podvrhnut\u00fd phishingov\u00fd web ur\u010den\u00fd k z\u00edskaniu ich prihlasovac\u00edch \u00fadajov.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Uklada\u0165 d\u00e1ta mimo firemn\u00fa infra\u0161trukt\u00faru m\u00f4\u017ee znamena\u0165 probl\u00e9m<\/h2>\n\n\n\n<p>Tento pr\u00edpad jasne poukazuje na to, ak\u00e9 zlo\u017eit\u00e9 je zabezpe\u010denie v\u0161emo\u017en\u00fdch slu\u017eieb \u010di aplik\u00e1ci\u00ed, ktor\u00e9 sa daj\u00fa v dne\u0161nej dobe \u00faplne be\u017ene prenaj\u00edma\u0165 alebo s\u00fa k dispoz\u00edci\u00ed zadarmo. Cloudov\u00e9 slu\u017eby s\u00fa fenom\u00e9nom, ale je bezpe\u010dn\u00e9 ich pou\u017e\u00edva\u0165?<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em><em>\u201eIT oddelenie firmy m\u00f4\u017ee ma\u0165 nadov\u0161etko dobr\u00fa ochranu vn\u00fatorn\u00e9ho prostredia, ale ak nebude rie\u0161i\u0165, ako s\u00fa na tom ich dod\u00e1vatelia, alebo za ak\u00fdch podmienok spolo\u010dnos\u0165 vyu\u017e\u00edva extern\u00e9 syst\u00e9my, nebude im to sta\u010di\u0165. Aj jedna kompromitovan\u00e1 slu\u017eba \u010di aplik\u00e1cia m\u00f4\u017ee ohrozi\u0165 cel\u00fd biznis \u010di reput\u00e1ciu firmy,\u201c<\/em> upozor\u0148uje Martin Lohnert.<\/em><\/p><\/blockquote>\n\n\n\n<p>V pr\u00edpade finan\u010dn\u00fdch in\u0161tit\u00faci\u00ed ako s\u00fa banky, pois\u0165ovne a podobne sa z d\u00f4vodu pr\u00edsnych pravidiel nem\u00f4\u017ee zamestnanec rozhodn\u00fa\u0165 a za\u010da\u0165 pou\u017e\u00edva\u0165 v pr\u00e1ci nejak\u00fa nov\u00fa aplik\u00e1ciu, aj ke\u010f je zadarmo. Mnoho in\u00fdch organiz\u00e1ci\u00ed je ale ove\u013ea viac benevolentnej\u0161\u00edch. Ak sa u\u017e firma rozhodne vyu\u017ei\u0165 nejak\u00e9 rie\u0161enie tretej strany, v\u017edy by sa mala zaobera\u0165 aj jej zabezpe\u010den\u00edm \u2013 na akej vysokej \u00farovni je, pri\u010dom sa nem\u00f4\u017ee uspokoji\u0165 iba s marketingov\u00fdm tvrden\u00edm, ale \u00eds\u0165 do h\u013abky. Zam\u00fd\u0161\u013ea\u0165 sa a pripravova\u0165 sa na situ\u00e1cie, ako t\u00e1, ktor\u00e1 postihla MailChimp.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Incidentov bude prib\u00fada\u0165 \u2013 d\u00f4vera nesta\u010d\u00ed<\/h2>\n\n\n\n<p>Je potrebn\u00e9 si uvedomi\u0165, \u017ee jedn\u00fdm z najv\u00e4\u010d\u0161\u00edch nebezpe\u010d\u00ed soci\u00e1lneho in\u017einierstva je to, \u017ee jedna \u00faspe\u0161ne oklaman\u00e1 obe\u0165 m\u00f4\u017ee nechcene poskytn\u00fa\u0165 dostatok inform\u00e1ci\u00ed ku spusteniu \u00fatoku, ktor\u00fd m\u00f4\u017ee ovplyvni\u0165 chod celej organiz\u00e1cie. <em>\u201eA to u\u017e by mal by\u0165 dobr\u00fd d\u00f4vod za\u010da\u0165 sa vn\u00fatri organiz\u00e1cie zauj\u00edma\u0165 o to, ktor\u00ed dod\u00e1vatelia bud\u00fa ku spolupr\u00e1ci vybran\u00ed. Nesta\u010d\u00ed sa spo\u013eahn\u00fa\u0165 len na to, \u017ee syst\u00e9m renomovanej firmy vyu\u017e\u00edva in\u00e1 ve\u013ek\u00e1 \u010di zn\u00e1ma spolo\u010dnos\u0165, a teda je vhodn\u00fd aj pre na\u0161u organiz\u00e1ciu,\u201c<\/em> uv\u00e1dza Martin Lohnert.<\/p>\n\n\n\n<p>Soci\u00e1lne in\u017einierstvo je ve\u013emi d\u00f4le\u017eit\u00e9 pre mnoho s\u00fa\u010dasn\u00fdch hackersk\u00fdch skup\u00edn, preto\u017ee im otv\u00e1ra pr\u00edstupy k d\u00e1tam a identite. Kyberzlo\u010dinci sa bud\u00fa aj na\u010falej zameriava\u0165 najm\u00e4 na firmy s ve\u013ek\u00fdm mno\u017estvom klientov \u010di z\u00e1kazn\u00edkov preto, aby napadli ich syst\u00e9my a n\u00e1sledne vyu\u017eili z\u00edskan\u00fd pr\u00edstup ku svojmu v\u00fdraznej\u0161iemu obohateniu.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00datoky soci\u00e1lneho in\u017einierstva s\u00fa st\u00e1le sofistikovanej\u0161ie. V nebezpe\u010denstve sa nach\u00e1dzaj\u00fa jedinci aj firmy. Ako dokazuje ned\u00e1vny pr\u00edpad, dokonca aj pou\u017e\u00edvanie slu\u017eieb overen\u00fdch tret\u00edch str\u00e1n, u ktor\u00fdch s\u00fa ulo\u017een\u00e9 inform\u00e1cie, s\u00fa \u010dastokr\u00e1t cite\u013ene zranite\u013en\u00e9 a nie je mo\u017en\u00e9 im bezhrani\u010dne d\u00f4verova\u0165. Soci\u00e1lne in\u017einierstvo je sp\u00f4sob manipul\u00e1cie u\u017e\u00edvate\u013eov s cie\u013eom z\u00edska\u0165 od nich inform\u00e1cie d\u00f4vern\u00e9ho charakteru alebo [&hellip;]<\/p>\n","protected":false},"author":34,"featured_media":49079,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"news_categories":[370],"class_list":["post-49351","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nezaradene","news_categories-bezpecnost"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Kryptophishingov\u00fd podvod uk\u00e1zal slabos\u0165 Mailchimpu<\/title>\n<meta name=\"description\" content=\"Syst\u00e9m MailChimp je svetov\u00fdm synonymom pre posielanie newslettrov. Hack tohto syst\u00e9mu urobil vr\u00e1sky nejedn\u00e9mu marketingov\u00e9mu mana\u017e\u00e9rovi.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kryptophishingov\u00fd podvod uk\u00e1zal slabos\u0165 Mailchimpu\" \/>\n<meta property=\"og:description\" content=\"Syst\u00e9m MailChimp je svetov\u00fdm synonymom pre posielanie newslettrov. Hack tohto syst\u00e9mu urobil vr\u00e1sky nejedn\u00e9mu marketingov\u00e9mu mana\u017e\u00e9rovi.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/\" \/>\n<meta property=\"og:site_name\" content=\"Soitron\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-01T08:46:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-07-04T10:04:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/06\/AdobeStock_455286748_Editorial_Use_Only-min-1920x1280.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Natalia Jurakova\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Natalia Jurakova\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 min\u00faty\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kryptophishingov\u00fd podvod uk\u00e1zal slabos\u0165 Mailchimpu","description":"Syst\u00e9m MailChimp je svetov\u00fdm synonymom pre posielanie newslettrov. Hack tohto syst\u00e9mu urobil vr\u00e1sky nejedn\u00e9mu marketingov\u00e9mu mana\u017e\u00e9rovi.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"sk_SK","og_type":"article","og_title":"Kryptophishingov\u00fd podvod uk\u00e1zal slabos\u0165 Mailchimpu","og_description":"Syst\u00e9m MailChimp je svetov\u00fdm synonymom pre posielanie newslettrov. Hack tohto syst\u00e9mu urobil vr\u00e1sky nejedn\u00e9mu marketingov\u00e9mu mana\u017e\u00e9rovi.","og_url":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/","og_site_name":"Soitron","article_published_time":"2022-06-01T08:46:00+00:00","article_modified_time":"2022-07-04T10:04:21+00:00","og_image":[{"width":1920,"height":1280,"url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/06\/AdobeStock_455286748_Editorial_Use_Only-min-1920x1280.jpeg","type":"image\/jpeg"}],"author":"Natalia Jurakova","twitter_card":"summary_large_image","twitter_misc":{"Autor":"Natalia Jurakova","Predpokladan\u00fd \u010das \u010d\u00edtania":"3 min\u00faty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/#article","isPartOf":{"@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/"},"author":{"name":"Natalia Jurakova","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986"},"headline":"Kryptophishingov\u00fd podvod pouk\u00e1zal na jednu v\u00fdznamn\u00fa slabos\u0165 dod\u00e1vate\u013esk\u00e9ho re\u0165azca","datePublished":"2022-06-01T08:46:00+00:00","dateModified":"2022-07-04T10:04:21+00:00","mainEntityOfPage":{"@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/"},"wordCount":781,"publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"image":{"@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/06\/AdobeStock_455286748_Editorial_Use_Only-min-1920x1280.jpeg","inLanguage":"sk-SK"},{"@type":"WebPage","@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/","url":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/","name":"Kryptophishingov\u00fd podvod uk\u00e1zal slabos\u0165 Mailchimpu","isPartOf":{"@id":"https:\/\/new.soitron.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/#primaryimage"},"image":{"@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/06\/AdobeStock_455286748_Editorial_Use_Only-min-1920x1280.jpeg","datePublished":"2022-06-01T08:46:00+00:00","dateModified":"2022-07-04T10:04:21+00:00","description":"Syst\u00e9m MailChimp je svetov\u00fdm synonymom pre posielanie newslettrov. Hack tohto syst\u00e9mu urobil vr\u00e1sky nejedn\u00e9mu marketingov\u00e9mu mana\u017e\u00e9rovi.","breadcrumb":{"@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/"]}]},{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/#primaryimage","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/06\/AdobeStock_455286748_Editorial_Use_Only-min-1920x1280.jpeg","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/06\/AdobeStock_455286748_Editorial_Use_Only-min-1920x1280.jpeg","width":1920,"height":1280},{"@type":"BreadcrumbList","@id":"https:\/\/new.soitron.com\/cryptophishing-fraud-has-uncovered-vulnerability-in-mailchimp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/new.soitron.com\/"},{"@type":"ListItem","position":2,"name":"Kryptophishingov\u00fd podvod pouk\u00e1zal na jednu v\u00fdznamn\u00fa slabos\u0165 dod\u00e1vate\u013esk\u00e9ho re\u0165azca"}]},{"@type":"WebSite","@id":"https:\/\/new.soitron.com\/#website","url":"https:\/\/new.soitron.com\/","name":"Soitron","description":"Soitron je IT firma s viac ako 30 ro\u010dnou trad\u00edciou.","publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/new.soitron.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Organization","@id":"https:\/\/new.soitron.com\/#organization","name":"Soitron","url":"https:\/\/new.soitron.com\/","logo":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","width":224,"height":56,"caption":"Soitron"},"image":{"@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986","name":"Natalia Jurakova","image":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","caption":"Natalia Jurakova"},"url":"https:\/\/new.soitron.com\/sk\/author\/naty\/"}]}},"_links":{"self":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts\/49351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/comments?post=49351"}],"version-history":[{"count":0,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/posts\/49351\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/media\/49079"}],"wp:attachment":[{"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/media?parent=49351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/categories?post=49351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/tags?post=49351"},{"taxonomy":"news_categories","embeddable":true,"href":"https:\/\/new.soitron.com\/sk\/wp-json\/wp\/v2\/news_categories?post=49351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}