2023.06.24 보안 이슈

==2023.06.24==

# 취약점 / 악성코드 

- Fortinet fixes critical FortiNAC RCE, install updates asap 

https://securityaffairs.com/147770/security/fortinet-fortinac-critical-flaw.html

- NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

https://thehackernews.com/2023/06/nsa-releases-guide-to-combat-powerful.html

- New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices

https://thehackernews.com/2023/06/new-cryptocurrency-mining-campaign.html

- RDP를 통해 Venus 랜섬웨어를 설치하는 Crysis 공격자

https://asec.ahnlab.com/ko/54767/

- 새로운 미라이 봇넷 변종, 인기 높은 사물인터넷 기기들 노려

 https://www.boannews.com/media/view.asp?idx=119456&kind=1&sub_kind= 

- 새로운 자비스크립트 기반 드로퍼, 어쩌면 랜섬웨어 공격의 신호탄

 https://www.boannews.com/media/view.asp?idx=119455&kind=1&sub_kind= 

https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html

- MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

https://thehackernews.com/2023/06/multistorm-campaign-targets-india-and.html

- New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices

https://thehackernews.com/2023/06/new-report-exposes-operation.html

 https://www.boannews.com/media/view.asp?idx=119405&kind=1&sub_kind= 

- Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover

https://thehackernews.com/2023/06/critical-noauth-flaw-in-microsoft-azure.html

- New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks

https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html

- Alert! Hackers Exploiting Critical Vulnerability in VMware's Aria Operations Networks

https://thehackernews.com/2023/06/alert-hackers-exploiting-critical.html

- Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products

https://thehackernews.com/2023/06/researchers-expose-new-severe-flaws-in.html

- Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer

https://thehackernews.com/2023/06/experts-uncover-year-long-cyber-attack.html

- 에이서스, 자사 라우터에서 발견된 초고위험도 취약점 패치

 https://www.boannews.com/media/view.asp?idx=119316&kind=1&sub_kind= 

https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html

- BAT 파일 확장자 단 ‘멜록스’ 랜섬웨어, MS-SQL 서버 공격 중

 https://www.boannews.com/media/view.asp?idx=119270&kind=1&sub_kind= 

- New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions

https://thehackernews.com/2023/06/new-mystic-stealer-malware-targets-40.html

- Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems

https://thehackernews.com/2023/06/researchers-discover-new-sophisticated.html

- MOVEit Transfer, 세번째 취약점(CVE-2023-35708) 주의!

https://blog.alyac.co.kr/5178

- DNS TXT 레코드를 활용한 악성코드 실행방법

https://asec.ahnlab.com/ko/54337/

- 제로데이 개념증명용 코드인 줄 알았는데 사실은 멀웨어

 https://www.boannews.com/media/view.asp?idx=119261&kind=1&sub_kind= 

- 한글 문서 파일 위장 악성코드 유포... 김수키 해킹그룹 공격 추정

 https://www.boannews.com/media/view.asp?idx=119246&kind=1&sub_kind= 

- 쓰나미 디도스 악성코드, 리눅스 SSH 서버 대상으로 유포 중

 https://www.boannews.com/media/view.asp?idx=119244&kind=1&sub_kind= 

# 국가지원 해킹그룹

- 北해킹 ‘철통보안’ 맥북까지 겨냥…국내서 첫 정황포착

 http://news.kmib.co.kr/article/view.asp?arcid=0018385464&code=61111611&sid1=pol11%EF%BF? 

- Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware

https://thehackernews.com/2023/06/camaro-dragon-hackers-strike-with-usb.html

- Chinese Hackers Targeted G7 Summit Through MS Office Flaw

https://www.govinfosecurity.com/chinese-hackers-targeted-g7-summit-through-ms-office-flaw-a-22344

- 북한의 스카크러프트, 새로운 멀웨어 사용해 탈북자 염탐

 https://www.boannews.com/media/view.asp?idx=119403&kind=1&sub_kind= 

https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html

- Pakistani Hackers Target Indian WhatsApp Users in Cyber War

https://enews.hamariweb.com/science-and-technology-news/pakistani-hackers-target-indian-whatsapp-users-in-cyber-war/

- Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign

https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html

- State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

https://thehackernews.com/2023/06/state-backed-hackers-employ-advanced.html

- Chinese Spies Hacked into Hundreds of Public & Private Networks Globally, Security Firm Reports

https://legalinsurrection.com/2023/06/chinese-spies-hacked-into-hundreds-of-public-private-networks-globally-security-firm-reports/


# 랜섬웨어 / 정보유출

- 새로 등장한 랜섬웨어 그룹 에잇베이스, 중소기업들을 집중적으로 노려 

 http://www.boannews.com/media/view.asp?idx=119410&kind=&sub_kind= 

- 인터넷 커뮤니티 ‘더쿠’, 해킹으로 회원 개인정보 유출

 https://www.boannews.com/media/view.asp?idx=119330&kind=1&sub_kind= 

- 레딧에서 80GB 넘는 데이터 훔쳤다고 주장하기 시작한 블랙캣

 https://www.boannews.com/media/view.asp?idx=119259&kind=1&sub_kind= 

https://www.cshub.com/attacks/news/blackcat-threatens-to-leak-80gb-of-reddit-data

- Ransomware thugs paying influencers to flaunt their brand tattoos: ACSC

https://www.themandarin.com.au/222990-ransomware-thugs-paying-influencers-to-flaunt-their-brand-tattoos-acsc/

# 다크웹 / OSINT / 계정 / 피싱

- Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering

https://thehackernews.com/2023/06/cybercrime-group-muddled-libra-targets.html

- ASEC 주간 피싱 이메일 위협 트렌드 (20230611 ~ 20230617)

https://asec.ahnlab.com/ko/54743/

- Recent Threat: Deep Analysis of NFT Phishing Campaign Impersonating Korean Organizations

https://medium.com/s2wblog/recent-threat-deep-analysis-of-nft-phishing-campaign-impersonating-korean-organizations-4500abe6c312

- 정상 사이트에 포함된 악성 스크립트를 통해 유포되는 피싱 공격 주의!

https://blog.alyac.co.kr/5179

- Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces

https://thehackernews.com/2023/06/over-100000-stolen-chatgpt-account.html

 https://www.boannews.com/media/view.asp?idx=119370&kind=1&sub_kind= 

#AI 

- 인공지능 활용도를 높이려면 데이터 파이프라인을 구축하라 

 http://www.boannews.com/media/view.asp?idx=119274&kind=&sub_kind= 

- Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning

https://thehackernews.com/2023/06/unveiling-unseen-identifying-data.html

- '챗GPT 악용' 범죄 늘었는데…양날의 검, 국내업체엔 기회? [팩플]

 https://news.nate.com/view/20230621n01559?mid=n0105 

- "생성형 AI 이용한 해킹 위협 아직 크지 않아"

https://www.mk.co.kr/news/it/10764756

# 공급망

- 유럽연합, 위험 가능성 높은 공급자로부터 5G 장비 받지 말라고 촉구

 https://www.boannews.com/media/view.asp?idx=119320&kind=1&sub_kind= 

# 기타

- [아이덴티티 관리④] 모든 것을 할 수 있는 권한계정 

 http://www.datanet.co.kr/news/articleView.html?idxno=184515 

- The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins

https://thehackernews.com/2023/06/the-power-of-browser-fingerprinting.html

- Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack

https://thehackernews.com/2023/06/alert-million-of-github-repositories.html

- 사이버 보안 산업이 의미 있게 앞으로 나아가 변화를 이끌려면

 https://www.boannews.com/media/view.asp?idx=119369&kind=1&sub_kind= 

- 데이터 주권이 강조되는 때에 국경 너머로 데이터를 자유롭게 주고받으려면

 https://www.boannews.com/media/view.asp?idx=119333&kind=1&sub_kind= 

- 인기 높아지는 메신저 앱과 협업 도구들, 보안에 대한 오해 유발한다

 https://www.boannews.com/media/view.asp?idx=119334&kind=1&sub_kind= 

- “2023 상반기 사이버공격, 초기 침투 브로커(IAB) 성행…랜섬웨어 공격은 오래된 취약점 활용”

 https://www.dailysecu.com/news/articleView.html?idxno=147127 

- 웨스턴디지털, 패치 안 된 장비들은 클라우드 서비스로부터 차단

 https://www.boannews.com/media/view.asp?idx=119315&kind=1&sub_kind= 

- 미국 CISA, 앞으로 해외 정부도 도울 수 있게 되었다

 https://www.boannews.com/media/view.asp?idx=119319&kind=1&sub_kind= 

- MS, “6월초 있었던 아웃룩/클라우드 기능 장애는 사이버 공격에 의한 것”

 https://www.boannews.com/media/view.asp?idx=119257&kind=1&sub_kind= 

https://thehackernews.com/2023/06/microsoft-blames-massive-ddos-attack.html