2022.04.16 보안 이슈

==2022.04.16==

- [단독] 신한카드 어플(FAN) 고객 정보유출 해킹 사고..."위메프 결제 피해"

http://m.ilyoweekly.co.kr/news/newsview.php?ncode=1065582068239210

- 금감원, '망분리 위반' NHN페이코에 과태료

https://newsis.com/view/?id=NISX20220322_0001803212

- 홍익대 졸업생 1천 명 개인정보 대거 유출…"파일 첨부 실수"

https://news.sbs.co.kr/news/endPage.do?news_id=N1006715381

- 보안 부서 넘어서는 ‘내부자 위협’ 문제··· 요주의 직원은? 대응 방법은?

https://www.ciokorea.com/news/232734#csidx5be72786b253d5ebb85df856edc0109 

- 정부, 금융권 클라우드 및 망분리 규제 개선한다

http://www.boannews.com/media/view.asp?idx=106072

- 또 다른 미라이의 변종? 디도스 공격용 봇넷 에너미봇 등장

http://www.boannews.com/media/view.asp?idx=106062

- 구글 크롬에서 또 제로데이 취약점 발견돼

http://www.boannews.com/media/view.asp?idx=106063

- 미국 정보 기관들, 인컨트롤러라는 고급 ICS 멀웨어 발견해 경고

http://www.boannews.com/media/view.asp?idx=106071

https://securityaffairs.co/wordpress/130195/apt/us-gov-warns-apt-targets-ics-scada.html

- MS, 악명 높은 지로더 봇넷 장악하는 데 성공해

http://www.boannews.com/media/view.asp?idx=106030

- 아프리카 은행들에 쏟아지는 렘코스랫 폭격

http://www.boannews.com/media/view.asp?idx=106031

- EU officials were targeted with Israeli surveillance software

https://securityaffairs.co/wordpress/130139/malware/eu-officials-surveillance-software.html

- 비너스락커 조직, 또 다시 Makop 랜섬웨어 유포중

https://blog.alyac.co.kr/4640

- Qbot 악성코드, 새로운 윈도우 인스톨러 감염 벡터로 전환해

https://blog.alyac.co.kr/4632

- 정보 탈취형 멀웨어 2개, 새롭게 등장해 사이버 공간 위협

http://www.boannews.com/media/view.asp?idx=105985

- 또 다시 NPM에 나타난 프로테스트웨어, 오픈소스 망가트려

http://www.boannews.com/media/view.asp?idx=105986

- Ransomware: March 2022 review

https://blog.malwarebytes.com/threat-intelligence/2022/04/ransomware-march-2022-review/

- Windows  10 버전 1909 및 20H2 지원 종료 예정

https://blog.alyac.co.kr/4630

- 우크라이나 IT 전문가들의 전쟁과 리질리언스 이야기

http://www.boannews.com/media/view.asp?idx=105959

- 미 FBI, 6억 달러 암호화폐 해킹에 북한 ‘라자루스’ 지목

https://www.voakorea.com/a/6531529.html

https://thehackernews.com/2022/04/lazarus-hackers-behind-540-million-axie.html

- GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens

https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html

- 미국 정보 기관들, 인컨트롤러라는 고급 ICS 멀웨어 발견해 경고

https://www.boannews.com/media/view.asp?idx=106071&kind=1&sub_kind=

- 북한·중국·러시아·이란 등 정부후원 APT 해킹그룹들, 유럽 기업들 겨냥 사이버 공격 감행중

https://www.dailysecu.com/news/articleView.html?idxno=135963

- Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers

https://thehackernews.com/2022/04/microsoft-exposes-evasive-chinese.html

- Emotet 모듈 및 최근 공격

https://securelist.com/emotet-modules-and-recent-attacks/106290/

- 거의 모든 오픈소스들에 보안 취약점이 한 개 이상 존재한다

https://www.boannews.com/media/view.asp?idx=106024&kind=1&sub_kind=

- 사법 기관들, 다크웹의 유명 마켓인 레이드포럼즈 폐쇄

https://www.boannews.com/media/view.asp?idx=106011&kind=1&sub_kind=

https://thehackernews.com/2022/04/fbi-europol-seize-raidforums-hacker.html

- 엔진엑스, LDAP에 영향을 주는 제로데이 취약점 완화책 공유 (ATW 공격그룹)

https://www.boannews.com/media/view.asp?idx=106010&kind=1&sub_kind=

https://blog.alyac.co.kr/4636

- 미국 암호화폐 전문가, 북한 도운 벌로 63개월 형 선고 받아

https://www.boannews.com/media/view.asp?idx=106009&kind=1&sub_kind=

- Anonymous hacked Russia’s Ministry of Culture and leaked 446 GB

https://securityaffairs.co/wordpress/130106/hacktivism/anonymous-hacked-russia-ministry-of-culture.html

- MS, 우크라이나 공격에 활용되던 도메인들 폐쇄시켜

http://www.boannews.com/media/view.asp?idx=105983

- 미국 CISA, 러시아 공격자들의 워치가드 버그 악용에 대해 경고 (샌드웜 공격)

https://www.boannews.com/media/view.asp?idx=105984

- 러시아와 연결된 Sandworm APT, 우크라이나 에너지 시설 공격해

https://www.boannews.com/media/view.asp?idx=106023&kind=1&sub_kind=

https://blog.alyac.co.kr/4635

https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html

- Threat actors use Zimbra exploits to target organizations in Ukraine

https://securityaffairs.co/wordpress/130244/cyber-warfare-2/attacks-ukraine-govt-zimbra-exploits.html

- LNG 시설 겨냥한 새로운 멀웨어, 파이프드림 발견돼

http://www.boannews.com/media/view.asp?idx=106029

- How to SLSA Part 1 - The Basics (공급망 해킹 방어기술)

https://security.googleblog.com/2022/04/how-to-slsa-part-1-basics.html