2023.05.20 보안 이슈

==2023.05.20==

# 취약점 / 악성코드 

- WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

https://thehackernews.com/2023/05/webkit-under-attack-apple-issues.html

- 8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency

https://thehackernews.com/2023/05/8220-gang-exploiting-oracle-weblogic.html

- Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks

https://thehackernews.com/2023/05/critical-flaws-in-cisco-small-business.html

- Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

https://thehackernews.com/2023/05/threat-group-unc3944-abusing-azure.html

- Detailed Analysis of AlphaSeed, a new version of Kimsuky’s AppleSeed written in Golang

https://medium.com/s2wblog/detailed-analysis-of-alphaseed-a-new-version-of-kimsukys-appleseed-written-in-golang-2c885cce352a

- 맥OS 노리는 공격자들의 손에 코발트스트라이크가 쥐어졌다

 https://www.boannews.com/media/view.asp?idx=118174&kind=1&sub_kind= 

- 스팸 메일로 유포 중인 DarkCloud 인포스틸러

https://asec.ahnlab.com/ko/52810/

- CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules

https://thehackernews.com/2023/05/water-orthrus-copperstealer-malware.html

- 산업 현장에서 사용되는 셀룰러 라우터에서 11개 취약점 발견돼

 https://www.boannews.com/media/view.asp?idx=118117&kind=1&sub_kind= 

https://thehackernews.com/2023/05/industrial-cellular-routers-at-risk-11.html

- 취약점의 보고와 같은 워드프레스 플러그인, 자꾸만 버그가 나와

 https://www.boannews.com/media/view.asp?idx=118079&kind=1&sub_kind= 

- Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign

https://thehackernews.com/2023/05/researchers-uncover-powerful-backdoor.html

- New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems

https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html

- MS의 매크로가 떠나간 자리에서 아직도 헤매고 있는 공격자들

 https://www.boannews.com/media/view.asp?idx=118075&kind=1&sub_kind= 

- 성인 게임 위장한 정보 탈취형 악성코드 발견... 일본 사용자들 노린다

 https://www.boannews.com/media/view.asp?idx=118052&kind=1&sub_kind= 

- MS-SQL 서버의 sqlps.exe 유틸리티 악용한 Remcos RAT 유포

https://asec.ahnlab.com/ko/52616/

# 국가지원 해킹그룹

- 우크라이나의 IT군, 웹 카메라 노려 러시아의 정보 수집 시도 훼방

 https://www.boannews.com/media/view.asp?idx=118271&kind=1&sub_kind= 

- 북 해킹조직, 대용량 악성LNK 파일을 이용한 공격 진행중!

https://blog.alyac.co.kr/5147

- 아랍권 안드로이드 사용자 노리는 새 공격 단체, 오일알파 

 http://www.boannews.com/media/view.asp?idx=118226&kind=&sub_kind= 

https://thehackernews.com/2023/05/oilalpha-emerging-houthi-linked-cyber.html

- State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered

https://thehackernews.com/2023/05/state-sponsored-sidewinder-hacker.html

- 윈도우 IIS 웹 서버를 노리는 Lazarus 그룹

https://asec.ahnlab.com/ko/52829/

- China's Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks

https://thehackernews.com/2023/05/chinas-mustang-panda-hackers-exploit-tp.html

- Kimsuky 그룹의 대북 종사자 대상 피싱 공격

https://asec.ahnlab.com/ko/52743/

- Meterpreter를 이용해 웹 서버를 공격하는 Kimsuky 그룹

https://asec.ahnlab.com/ko/52662/

- North Korea’s missile programs allegedly funded by stolen crypto

https://www.cryptopolitan.com/north-koreas-funding-weapons-with-crypto/

# 랜섬웨어 / 정보유출

- Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

https://thehackernews.com/2023/05/notorious-cyber-gang-fin7-returns-cl0p.html

- 오리온, 블랙캣 랜섬웨어 공격으로 1테라 데이터 탈취당했나

 https://www.boannews.com/media/view.asp?idx=118266&kind=1&sub_kind= 

- [단독] 알라딘 e북 1백만권 유출? 텔레그램에서 샘플 공유 중

 https://www.boannews.com/media/view.asp?idx=118263&kind=1&sub_kind= 

- 비안리안 랜섬웨어, 원격 데스크톱 기능 통해 들어온다

 https://www.boannews.com/media/view.asp?idx=118225&kind=1&sub_kind= 

- 스캔소스, 랜섬웨어 공격에 당해 현재 사업이 마비된 상태

 https://www.boannews.com/media/view.asp?idx=118224&kind=1&sub_kind= 

- 프랑스의 대형 가전 장비 업체, 랜섬웨어에 당해 공장 가동 중단

 https://www.boannews.com/media/view.asp?idx=118165&kind=1&sub_kind= 

- U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator

https://thehackernews.com/2023/05/us-offers-10-million-bounty-for-capture.html

- Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts

https://thehackernews.com/2023/05/inside-qilin-ransomware-affiliates-take.html

- [단독] 백신기업 아이진, 백신개발 국책과제 등 기술 유출? 랜섬웨어에 당했나

 https://www.boannews.com/media/view.asp?idx=118113&kind=1&sub_kind= 

- 새로운 랜섬웨어 그룹 RA, 바북의 소스코드 이용해 미국과 한국 공격

 https://www.boannews.com/media/view.asp?idx=118114&kind=1&sub_kind= 

https://thehackernews.com/2023/05/new-ransomware-gang-ra-group-hits-us.html

- 미국 스태튼아일랜드병원, 랜섬웨어로 1주일 동안 수동 운영 중

 https://www.boannews.com/media/view.asp?idx=118065&kind=1&sub_kind= 

# 다크웹 / OSINT / 계정 / 피싱

- 석유와 가스 산업, 다크웹 첩보를 수집하고 분석하는 데 있어 최하위

 https://www.boannews.com/media/view.asp?idx=118170&kind=1&sub_kind= 

- ‘Meta’ 사칭해 기업 페이스북 계정 노리는 피싱 메일 유포중

 https://www.boannews.com/media/view.asp?idx=118162&kind=1&sub_kind= 

- 새로운 ‘서비스형 피싱’ 페이지, 매우 그럴싸한 피싱 페이지 만들어 줘

 https://www.boannews.com/media/view.asp?idx=118066&kind=1&sub_kind= 

#AI 

- 양날의 검 ‘챗GPT’에 베이지 않으려면... AI 보안위협 선제 대응 필요 

 http://www.boannews.com/media/view.asp?idx=118177&kind=&sub_kind= 

- 생성형 AI를 법적으로 안전하게 사용하는 방법 

https://www.itworld.co.kr/news/291217

- An AI trained on dark web? Researchers may have unlocked a new weapon against hackers

https://indianexpress.com/article/technology/artificial-intelligence/darkbert-unveiled-ai-llm-dark-web-8616834/

- [Part1] Getting to know DarkBERT: A Language Model for the Dark Side of the Internet

https://medium.com/s2wblog/part1-getting-to-know-darkbert-a-language-model-for-the-dark-side-of-the-internet-7c4c178faf3d

# 공급망

- Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

https://thehackernews.com/2023/05/developer-alert-npm-packages-for-nodejs.html

- 아직 가게 진열대에 있는 새 안드로이드 장비, 이미 감염됐을 수 있다

 https://www.boannews.com/media/view.asp?idx=118272&kind=1&sub_kind= 

https://thehackernews.com/2023/05/this-cybercrime-syndicate-pre-infected.html

- 미국 사회 기반 시설에 사용되는 전자 장비 생산 업체, 해킹 당했나

 https://www.boannews.com/media/view.asp?idx=118070&kind=1&sub_kind= 

# 기타

- 맨디언트 “클라우드, 공격 더 쉽고 탐지 더 어려워” 

 http://www.datanet.co.kr/news/articleView.html?idxno=183534 

- 한국 기업 CISO들, 사이버 보안의 최대 위협은 ‘공급망 리스크’ 

 http://www.boannews.com/media/view.asp?idx=118221&kind=&sub_kind= 

- Dr. Active Directory vs. Mr. Exposed Attack Surface: Who'll Win This Fight?

https://thehackernews.com/2023/05/dr-active-directory-vs-mr-exposed.html

- How to Reduce Exposure on the Manufacturing Attack Surface

https://thehackernews.com/2023/05/how-to-reduce-exposure-on-manufacturing.html

- 줌, 사업 확장 위해 중국 정부의 무리한 요구 다 들어줬다

 https://www.boannews.com/media/view.asp?idx=118222&kind=1&sub_kind= 

- 북한의 해킹 공격 여부를 둘러싼 선관위의 입장, ‘논란’ 커졌다

 https://www.boannews.com/media/view.asp?idx=118038&kind=1&sub_kind= 

- 구글의 ZIP과 MOV 도메인, 보안 전문가들의 우려 불러일으켜

 https://www.boannews.com/media/view.asp?idx=118167&kind=1&sub_kind= 

- Why High Tech Companies Struggle with SaaS Security

https://thehackernews.com/2023/05/why-high-tech-companies-struggle-with.html

- 틱톡 최고 엔지니어의 고발, “틱톡은 중국 정부의 꼭두각시”

 https://www.boannews.com/media/view.asp?idx=118069&kind=1&sub_kind=