2023.03.11 보안 이슈

==2023.03.11==

# 취약점 / 악성코드 

- GitLab XSS 취약점(CVE-2023-0050) 주의! \

https://blog.alyac.co.kr/5093

- Increase in exploits agains Joomla (CVE-2023-23752)

https://isc.sans.edu/diary/rss/29614

- BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads

https://thehackernews.com/2023/03/batloader-malware-uses-google-ads-to.html

- New GoBruteforcer malware targets phpMyAdmin, MySQL, FTP, Postgres

https://www.bleepingcomputer.com/news/security/new-gobruteforcer-malware-targets-phpmyadmin-mysql-ftp-postgres/

- Xenomorph Android malware now steals data from 400 banks

https://www.bleepingcomputer.com/news/security/xenomorph-android-malware-now-steals-data-from-400-banks/

- SonicWall devices infected by malware that survives firmware upgrades

https://www.bleepingcomputer.com/news/security/sonicwall-devices-infected-by-malware-that-survives-firmware-upgrades/

- New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

https://thehackernews.com/2023/03/new-scrubcrypt-crypter-used-in.html

- 포티넷의 포티OS와 포티프록시에서 초고위험도 취약점 패치돼

 https://www.boannews.com/media/view.asp?idx=115007&kind=1&sub_kind= 

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-unauthenticated-rce-vulnerability/

- CISA adds three new bugs to Known Exploited Vulnerabilities Catalog

https://securityaffairs.com/143204/security/cisa-known-exploited-vulnerabilities-catalog-2.html

- VM웨어 NSX관리자 겨냥한 취약점 익스플로잇 공격 이어져

 https://www.boannews.com/media/view.asp?idx=115012&kind=1&sub_kind= 

https://securityaffairs.com/143172/hacking/vmware-nsx-manager-bugs-attacks.html

- 활동을 재개한 이모텟(Emotet) 악성코드, 국내 유포 정황 포착!

https://blog.alyac.co.kr/5098

https://www.bleepingcomputer.com/news/security/emotet-malware-attacks-return-after-three-month-break/

- Microsoft Excel now blocking untrusted XLL add-ins by default

https://www.bleepingcomputer.com/news/microsoft/microsoft-excel-now-blocking-untrusted-xll-add-ins-by-default/

- SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms

https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html

- LockBit 랜섬웨어 및 Vidar 악성코드, 입사지원서 위장해 유포중!

https://blog.alyac.co.kr/5096

- MS, 안드로이드 장비의 클립보드에서 정보 훔치는 앱 발견

 https://www.boannews.com/media/view.asp?idx=114973&kind=1&sub_kind= 

https://thehackernews.com/2023/03/sheins-android-app-caught-transmitting.html

- 2년 전에 발견된 윈도 보안 시스템 우회 기법, 본격적으로 활용되기 시작

 https://www.boannews.com/media/view.asp?idx=114921&kind=1&sub_kind= 

https://www.bleepingcomputer.com/news/security/old-windows-mock-folders-uac-bypass-used-to-drop-malware/

- 마이크로소프트 워드의 초고위험도 취약점, 익스플로잇 코드 공개돼

 https://www.boannews.com/media/view.asp?idx=114970&kind=1&sub_kind= 

https://www.bleepingcomputer.com/news/security/proof-of-concept-released-for-critical-microsoft-word-rce-bug/

- 새로운 하이아터스랫 멀웨어, 기업용 라우터 공략해 염탐 중

 https://www.boannews.com/media/view.asp?idx=114922&kind=1&sub_kind= 

https://thehackernews.com/2023/03/new-hiatusrat-malware-targets-business.html

- ICS/OTCritical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs

https://www.securityweek.com/critical-vulnerabilities-allow-hackers-to-take-full-control-of-wago-plcs/

- 마이크로소프트 원노트를 통한 멀웨어 감염, 유행 중

 https://www.boannews.com/media/view.asp?idx=114870&kind=1&sub_kind= 

https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/

# 국가지원 해킹그룹

- 북한 해커조직 레드아이즈, 금융기업 보안 메일 사칭 공격 

 http://www.boannews.com/media/view.asp?idx=114934&kind=&sub_kind= 

- North Korean hackers used polished LinkedIn profiles to target security researchers

https://cyberscoop.com/north-korea-hackers-linkedin-phishing/

- Tehran Targets Female Activists in Espionage Campaign

https://www.infosecurity-magazine.com/news/tehran-female-activists-espionage/

- 친러 성향 킬넷, 독일의 국방 업체 레인메탈 겨냥

 https://www.boannews.com/media/view.asp?idx=115006&kind=1&sub_kind= 

- Lazarus Group Exploits Zero-Day Vulnerability to Hack South Kor