2023.07.08 보안 이슈

==2023.07.08==

# 취약점 / 악성코드 

- Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks

https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html

https://securityaffairs.com/148241/cyber-crime/truebot-variant-netwrix-auditor-rce.html

- Apps with 1.5M installs on Google Play send your data to China

https://www.bleepingcomputer.com/news/security/apps-with-15m-installs-on-google-play-send-your-data-to-china/

- Android July security updates fix three actively exploited bugs

https://www.bleepingcomputer.com/news/security/android-july-security-updates-fix-three-actively-exploited-bugs/

- New tool exploits Microsoft Teams bug to send malware to users

https://www.bleepingcomputer.com/news/security/new-tool-exploits-microsoft-teams-bug-to-send-malware-to-users/

- Mexico-Based Hacker Targets Global Banks with Android Malware

https://thehackernews.com/2023/07/mexico-based-hacker-targets-global.html

- SSH 악용하여 암호화폐 채굴하는 새로운 공격 기법 프록시재킹 주의보

 https://www.boannews.com/media/view.asp?idx=119843&kind=1&sub_kind= 

- 33만 개 이상의 포티게이트 방화벽, 원격 코드 실행 취약점에 노출돼 있어

 https://www.boannews.com/media/view.asp?idx=119829&kind=1&sub_kind= 

https://securityaffairs.com/148110/hacking/fortinet-fortios-vulnerable-devices-online.html

- 새로운 멀웨어 메두자 출현, 지갑과 비밀번호, 브라우저 정보 노린다

 https://www.boannews.com/media/view.asp?idx=119831&kind=1&sub_kind= 

https://thehackernews.com/2023/07/evasive-meduza-stealer-targets-19.html

- 미국 CISA, 삼성과 디링크 장비의 취약점들에 관한 경고 발표

 https://www.boannews.com/media/view.asp?idx=119780&kind=1&sub_kind= 

https://thehackernews.com/2023/07/cisa-flags-8-actively-exploited-flaws.html

- 국내 리눅스 시스템 공격에 사용되고 있는 Rekoobe 백도어 분석

https://asec.ahnlab.com/ko/55070/

# 국가지원 해킹그룹

- North Korean satellite had no military utility for spying, says South Korea 

https://go.theregister.com/feed/www.theregister.com/2023/07/06/north_korean_satellite_had_no/

- 북한 김수키 해킹그룹의 크롬 원격 데스크톱 악용 사례 분석했더니

 https://www.boannews.com/media/view.asp?idx=119878&kind=1&sub_kind= 

- Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users

https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html

- 문서 뷰어로 위장한 악성 배치 파일 유포 중... 또 다시 김수키 조직 소행?

 https://www.boannews.com/media/view.asp?idx=119880&kind=1&sub_kind= 

- 중국 해커들, HTML 스머글링 기법으로 유럽 장관실 감염시켜

 https://www.boannews.com/media/view.asp?idx=119828&kind=1&sub_kind= 

https://thehackernews.com/2023/07/chinese-hackers-use-html-smuggling-to.html

- 친러 핵티비스트 노네임, 우크라이나 금융 분야 공략 중

 https://www.boannews.com/media/view.asp?idx=119779&kind=1&sub_kind= 

# 랜섬웨어 / 정보유출

- The five-day job: A BlackByte ransomware intrusion case study

https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

- Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/

- 해외에서 난리난 무브잇 사태, 랜섬웨어 산업에 새 바람 일으킬까

 https://www.boannews.com/media/view.asp?idx=119928&kind=1&sub_kind= 

- Ransomware accounts for 54% of cyber threats in the health sector

https://securityaffairs.com/148207/reports/enisa-threat-landscape-report-health-sector.html

- RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors

https://thehackernews.com/2023/07/redenergy-stealer-as-ransomware-threat.html

- Japan’s largest port stops operations after ransomware attack

https://www.bleepingcomputer.com/news/security/japans-largest-port-stops-operations-after-ransomware-attack/

- 무브잇 사태의 또 다른 피해자는 더블린공항

 https://www.boannews.com/media/view.asp?idx=119871&kind=1&sub_kind= 

https://securityaffairs.com/148152/data-breach/dublin-airport-data-breach.html

- 블랙캣 랜섬웨어, 가짜 소프트웨어 설치 파일 통해 멀웨어 유포

 https://www.boannews.com/media/view.asp?idx=119872&kind=1&sub_kind= 

https://thehackernews.com/2023/07/blackcat-operators-distributing.html

# 다크웹 / OSINT / 계정 / 피싱

- Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing

https://thehackernews.com/2023/07/vishing-goes-high-tech-new-letscall.html

- 워크넷, 해외 IP에서 사용자 계정으로 로그인 시도 포착... 개인정보 유출 의심

 https://www.boannews.com/media/view.asp?idx=119929&kind=1&sub_kind= 

- “비즈니스 이메일 침해 공격의 절반, 도난 당한 유저네임과 패스워드 때문”

 https://www.dailysecu.com/news/articleView.html?idxno=147621 

#AI 

- 글로벌 칼럼ㅣ‘AI’와 관련된 잘못된 생각 

https://www.itworld.co.kr/news/297595

- “하나의 모델이 만능은 아니다” 챗GPT를 대체할 만한 14가지 LLM 

https://www.itworld.co.kr/news/298207

- 사이버 보안 전문가가 바라보는 챗GPT 열풍 현황

 https://www.boannews.com/media/view.asp?idx=119841&kind=1&sub_kind= 

# 공급망

- ‘2023년도 공급망보안 워크숍’ 7월 14일 개최...국내외 최신 정보 공유

 https://www.dailysecu.com/news/articleView.html?idxno=147677 

- 소프트웨어 공급망에 기술 부채가 쌓이는 이 때, CISO들의 할 일은?

 https://www.boannews.com/media/view.asp?idx=119927&kind=1&sub_kind= 

- Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

https://thehackernews.com/2023/07/nodejs-users-beware-manifest-confusion.html

- 서드파티 침해 사고로 7천만 달러 내야 할 위기에 처한 TSMC

 https://www.boannews.com/media/view.asp?idx=119766&kind=1&sub_kind= 

# 기타

- [단독] KB알뜰폰, 접속 정보 6억 6천만 건 수집…“개인 취향까지 파악 가능”

 https://news.kbs.co.kr/news/view.do?ncd=7715485 

- 대담해지는 기술유출…주요국 대응 살펴보니 

https://it.donga.com/104038/

- Silentbob Campaign: Cloud-Native Environments Under Attack

https://thehackernews.com/2023/07/silentbob-campaign-cloud-native.html

- 11 best practices for securing data in cloud services

https://www.microsoft.com/en-us/security/blog/2023/07/05/11-best-practices-for-securing-data-in-cloud-services/

- 구글 애널리틱스 이용했을 뿐인데 GDPR 위반

 https://www.boannews.com/media/view.asp?idx=119874&kind=1&sub_kind= 

- 2023 Hot🔥 보안 사건 사고 — 상반기

https://medium.com/theori-blog/2023-h1-hot-security-issue-case-84eac2942176

- 트위터의 골치를 썩게 하는 봇들, 이번엔 성인물 광고

 https://www.boannews.com/media/view.asp?idx=119782&kind=1&sub_kind=