2023.05.27 보안 이슈

==2023.05.27==

# 취약점 / 악성코드 

- Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

https://thehackernews.com/2023/05/severe-flaw-in-google-clouds-cloud-sql.html

- Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliance

https://thehackernews.com/2023/05/barracuda-warns-of-zero-day-exploited.html

- 러시아의 코스믹에너지 멀웨어, 전기 공급망 차단한다

 https://www.boannews.com/media/view.asp?idx=118526&kind=1&sub_kind= 

https://thehackernews.com/2023/05/new-cosmicenergy-malware-exploits-ics.html

- EDR을 활용한 프로세스 할로잉(Hollowing) 악성코드 추적

https://asec.ahnlab.com/ko/53215/

- 워드프레스 인기 플러그인 통해 150만 사이트 공략 중인 해커들

 https://www.boannews.com/media/view.asp?idx=118483&kind=1&sub_kind= 

- 클라우드 노리는 레기온 멀웨어, AWS 클라우드워치까지 침해하기 시작

 https://www.boannews.com/media/view.asp?idx=118482&kind=1&sub_kind= 

https://thehackernews.com/2023/05/legion-malware-upgraded-to-target-ssh.html

- 다크클라우드 인포스틸러, PDF 아이콘 위장해 스팸 메일로 유포 중

 https://www.boannews.com/media/view.asp?idx=118439&kind=1&sub_kind= 

- 삼성 스마트폰의 취약점, 해커들이 활발히 익스플로잇 중

 https://www.boannews.com/media/view.asp?idx=118380&kind=1&sub_kind= 

- CISA, 아이폰에서 발견된 취약점을 KEV 목록에 포함시켜

 https://www.boannews.com/media/view.asp?idx=118379&kind=1&sub_kind= 

- 악성 윈도 커널 드라이버 이용한 블랙캣 랜섬웨어 단체

 https://www.boannews.com/media/view.asp?idx=118376&kind=1&sub_kind= 

- 인도네시아의 해킹 단체, AWS 익스플로잇 해 암호화폐 채굴

 https://www.boannews.com/media/view.asp?idx=118375&kind=1&sub_kind= 

https://thehackernews.com/2023/05/indonesian-cybercriminals-exploit-aws.html

- KeePass Exploit Allows Attackers to Recover Master Passwords from Memory

https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html

- 유명 멀웨어 골든치킨스의 두 번째 배후 세력 드러나

 https://www.boannews.com/media/view.asp?idx=118301&kind=1&sub_kind= 

# 국가지원 해킹그룹

- 북한 사이버 공격, 악성 이메일 공격 비중 가장 높아

 https://www.cctvnews.co.kr/news/articleView.html?idxno=235248 

- 정찰풍선 다음은 악성코드...'미군 요충지' 괌, 중국 해킹에 뚫렸다

https://m.hankookilbo.com/News/Read/A2023052511250005033

https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

- New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government

https://thehackernews.com/2023/05/new-powerexchange-backdoor-used-in.html

- Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry

https://thehackernews.com/2023/05/iranian-tortoiseshell-hackers-targeting.html

- 북한 라자루스 해킹그룹, 마이크로소프트 윈도 IIS 웹 서버 노린다

 https://www.boannews.com/media/view.asp?idx=118449&kind=1&sub_kind= 

https://thehackernews.com/2023/05/n-korean-lazarus-group-targets.html

- Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation

https://thehackernews.com/2023/05/cyber-attacks-strike-ukraines-state.html

- 2019년부터 활동해 온 해킹 단체 골든재컬, 이제야 모습 드러나

 https://www.boannews.com/media/view.asp?idx=118434&kind=1&sub_kind= 

https://thehackernews.com/2023/05/goldenjackal-new-threat-group-targeting.html

- North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware

https://thehackernews.com/2023/05/north-korean-kimsuky-hackers-strike.html

- New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East

https://thehackernews.com/2023/05/new-wintapixsys-malware-engages-in.html

- 북한인권단체 겨냥한 北 APT37 해킹그룹 스피어피싱 공격 포착...주의

 https://www.dailysecu.com/news/articleView.html?idxno=146278 

- Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade

https://thehackernews.com/2023/05/bad-magics-extended-reign-in-cyber.html

- [국가기반 공격②] 장기간 활동하는 국가기반 공격자

 http://www.datanet.co.kr/news/articleView.html?idxno=183601 

# 랜섬웨어 / 정보유출

- “랜섬웨어의 93%, 백업 저장소 노려”

 https://www.dailysecu.com/news/articleView.html?idxno=146309 

- 독일의 군수 업체 라인메탈, 블랙바스타 랜섬웨어에 당해

 https://www.boannews.com/media/view.asp?idx=118435&kind=1&sub_kind= 

# 다크웹 / OSINT / 계정 / 피싱

- 네이버 전자문서와 판박이 피싱 메일... 재산세 고지서로 계정정보 탈취 시도

 https://www.boannews.com/media/view.asp?idx=118563&kind=1&sub_kind= 

- 암호화 된 RPMSG 메시지 활용한 MS 365 피싱 공격

 https://www.boannews.com/media/view.asp?idx=118527&kind=1&sub_kind= 

- 강력해진 BEC 공격자들, MS의 ‘불가능한 이동’ 경고도 속인다

 https://www.boannews.com/media/view.asp?idx=118448&kind=1&sub_kind= 

- 뉴스레터 전송 대행 서비스 슈퍼메일러 통한 슈퍼사이즈 피싱 공격

 https://www.boannews.com/media/view.asp?idx=118442&kind=1&sub_kind= 

- 티오리, 네이버 로그인 위장한 피싱 공격 포착...유사공격 주의 당부

 https://www.dailysecu.com/news/articleView.html?idxno=146242 


#AI 

- 구글 "각국 정부, AI 개발 지원하되 책임성·보안 담보해야"

https://www.yna.co.kr/view/AKR20230523012000017

- 글로벌 칼럼ㅣ대규모 언어 모델(LLM)은 ‘척척박사’가 아니다 

https://www.itworld.co.kr/news/291961

- “오남용 절대 안 돼” MS, 생성형 AI 아트 도구에 암호화 워터마크 삽입 

https://www.itworld.co.kr/news/291889

- [주말판] 인공지능 이야기로 혼란스러울 때 더 집중해야 할 것들

 https://www.boannews.com/media/view.asp?idx=118319&kind=1&sub_kind= 

- 대형 언어 모델을 바라보는 IT와 금융 업계의 시선

 https://www.boannews.com/media/view.asp?idx=118316&kind=1&sub_kind= 

- 인공지능이라는 기술이 우리를 위협할 때, 과연 사람은 막을 수 없게 될까?

 https://www.boannews.com/media/view.asp?idx=118321&kind=1&sub_kind= 

# 공급망

- 국내 VPN 설치에서 MeshAgent 감염으로 이어지는 공격 사례 분석

https://asec.ahnlab.com/ko/53053/

- 공급망 공격 발견되면서 PyPI 일부 기능 잠시 중단돼

 https://www.boannews.com/media/view.asp?idx=118303&kind=1&sub_kind= 

https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html

# 기타

- 30개 넘는 포르투갈 금융 단체 공격한 브라질 해커들

 https://www.boannews.com/media/view.asp?idx=118525&kind=1&sub_kind= 

https://thehackernews.com/2023/05/alert-brazilian-hackers-targeting-users.html

- What to Look for When Selecting a Static Application Security Testing (SAST) Solution

https://thehackernews.com/2023/05/what-to-look-for-when-selecting-static.html

- The Rising Threat of Secrets Sprawl and the Need for Action

https://thehackernews.com/2023/05/the-rising-threat-of-secrets-sprawl-and.html

- China Bans U.S. Chip Giant Micron, Citing "Serious Cybersecurity Problems"

https://thehackernews.com/2023/05/china-bans-us-chip-giant-micron-citing.html

- 랜섬웨어 방어를 완결짓게 해 주는 세 가지 키워드

 https://www.boannews.com/media/view.asp?idx=118388&kind=1&sub_kind= 

- Are Your APIs Leaking Sensitive Data?

https://thehackernews.com/2023/05/are-your-apis-leaking-sensitive-data.html

- Detailed Analysis of CloudDon, Cloud Data Breach of Korea e-commerce company

https://medium.com/s2wblog/detailed-analysis-of-clouddon-cloud-data-breach-of-korea-e-commerce-company-948c3a5df90d

- 채널톡 사건으로 불거진 개인정보 무단 공유 논란, 동의 제도 개선으로 해결될까

 https://www.boannews.com/media/view.asp?idx=117511&kind=1&sub_kind=