2023.07.15 보안 이슈

==2023.07.15==

# 취약점 / 악성코드 

- Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services

https://thehackernews.com/2023/07/critical-security-flaws-uncovered-in.html

- New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html

- Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html

- AVrecon malware infects 70,000 Linux routers to build botnet

https://www.bleepingcomputer.com/news/security/avrecon-malware-infects-70-000-linux-routers-to-build-botnet/

- 윈도우 서버를 공격해 악성코드 배포 서버로 사용하는 Lazarus 공격 그룹

https://asec.ahnlab.com/ko/55252/

- Cisco SD-WAN vManage impacted by unauthenticated REST API access

https://www.bleepingcomputer.com/news/security/cisco-sd-wan-vmanage-impacted-by-unauthenticated-rest-api-access/

- Source code for BlackLotus Windows UEFI malware leaked on GitHub

https://www.bleepingcomputer.com/news/security/source-code-for-blacklotus-windows-uefi-malware-leaked-on-github/

- Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware

https://thehackernews.com/2023/07/blog-post.html

- Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks

https://thehackernews.com/2023/07/rockwell-automation-controllogix-bugs.html

- New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products

https://thehackernews.com/2023/07/new-vulnerabilities-disclosed-in.html

- USB drive malware attacks spiking again in first half of 2023

https://www.bleepingcomputer.com/news/security/usb-drive-malware-attacks-spiking-again-in-first-half-of-2023/

- Russian state hackers lure Western diplomats with BMW car ads

https://www.bleepingcomputer.com/news/security/russian-state-hackers-lure-western-diplomats-with-bmw-car-ads/

- Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining

https://thehackernews.com/2023/07/python-based-pyloose-fileless-attack.html

- Microsoft: Unpatched Office zero-day exploited in NATO summit attacks

https://www.bleepingcomputer.com/news/security/microsoft-unpatched-office-zero-day-exploited-in-nato-summit-attacks/

- Hackers exploit Windows policy to load malicious kernel drivers

https://www.bleepingcomputer.com/news/security/hackers-exploit-windows-policy-to-load-malicious-kernel-drivers/

https://thehackernews.com/2023/07/chinese-hackers-deploy-microsoft-signed.html

- SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign

https://thehackernews.com/2023/07/scarleteel-cryptojacking-campaign.html

- Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud

https://securityaffairs.com/148341/cyber-crime/antidetect-tooling-mobile-fraud.html

- 텔레그램 앱으로 사칭한 트리아다, 다량의 안드로이드 장비 감염시키는 중

 https://www.boannews.com/media/view.asp?idx=120043&kind=1&sub_kind= 

- VMware warns of exploit available for critical vRealize RCE bug

https://www.bleepingcomputer.com/news/security/vmware-warns-of-exploit-available-for-critical-vrealize-rce-bug/

- Experts released PoC exploit for Ubiquiti EdgeRouter flaw

https://securityaffairs.com/148334/hacking/ubiquiti-edgerouter-flaw.html

- Apple releases emergency update to fix zero-day exploited in attacks

https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/

- New TOITOIN Banking Trojan Targeting Latin American Businesses

https://thehackernews.com/2023/07/new-toitoin-banking-trojan-targeting.html

- Two spyware sending data of more than 1.5M users to China were found in Google Play Store

https://securityaffairs.com/148295/malware/spyware-sending-data-china-google-play-store.html

# 국가지원 해킹그룹

- PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

https://thehackernews.com/2023/07/picassoloader-malware-used-in-ongoing.html

- Analysis of Storm-0558 techniques for unauthorized email access

https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/

- Chinese hackers breached State Dept., other government email on eve of Blinken visit, officials say

https://www.wowktv.com/news/ap-china-based-hackers-breached-western-european-government-email-accounts-microsoft-says/

- RomCom RAT Targeting NATO and Ukraine Support Groups

https://thehackernews.com/2023/07/romcom-rat-targeting-nato-and-ukraine.html

https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/

- 레코디드퓨처 밋치 해저드 수석연구원 “북한, 한국은 정보유출... 미국은 외화벌이 공격”

 https://www.boannews.com/media/view.asp?idx=119924&kind=1&sub_kind= 

- 이란의 차밍키튼, 새 멀웨어 동원해 맥OS 사용하는 피해자 노려

 https://www.boannews.com/media/view.asp?idx=119987&kind=1&sub_kind= 

# 랜섬웨어 / 정보유출

- Ransomware payments on record-breaking trajectory for 2023

https://www.bleepingcomputer.com/news/security/ransomware-payments-on-record-breaking-trajectory-for-2023/

- 내일의 랜섬웨어 방어, 열쇠를 쥐고 있는 건 마이크로소프트다

 https://www.boannews.com/media/view.asp?idx=119995&kind=1&sub_kind= 

# 다크웹 / OSINT / 계정 / 피싱

- [단독] 창진원, 1.8억 '피싱 사기' 당했다…공공기관으론 처음

https://news.koreadaily.com/2023/07/12/economy/economygeneral/20230712130036475.html

- 한 달 새 3차례 발생한 '크리덴셜 스터핑' 공격... 기업 및 기관의 역할 막중

 http://www.newsworker.co.kr/news/articleView.html?idxno=212756 

- 스타벅스 앱 충전금 해킹…부정 결제 피해

 https://www.fetv.co.kr/news/article.html?no=143390 

- Razer investigates data breach claims, resets user sessions

https://www.bleepingcomputer.com/news/security/razer-investigates-data-breach-claims-resets-user-sessions/

- 러시아의 다크웹 시장, 전 세계 마약 시장의 80% 차지해

 https://www.boannews.com/media/view.asp?idx=119986&kind=1&sub_kind= 

#공급망

- [SW 공급망 보안①] 연쇄적인 공급망 공격…대규모 피해 예고 

 https://www.datanet.co.kr/news/articleView.html?idxno=185162 

- [SW 공급망 보안②] SBOM이 능사 아니다 

 https://www.datanet.co.kr/news/articleView.html?idxno=185193 

#AI 

- [단독]깜깜이 알고리즘…"AI 채용 공정한가" 정부가 뜯어본다

 https://news.mt.co.kr/mtview.php?no=2023071012521949138 

- 삼성·애플·아마존 등 챗GPT 금지 기업은 어디? 

 https://www.digitaltoday.co.kr/news/articleView.html?idxno=481513 

- Microsoft Edge's Bing AI sidebar will remember previous conversations

https://www.bleepingcomputer.com/news/microsoft/microsoft-edges-bing-ai-sidebar-will-remember-previous-conversations/

# 기타

- LG유플러스의 개인정보 유출사고, 총 68억여원 과징금 부과 

 http://www.boannews.com/media/view.asp?idx=120105&kind=&sub_kind= 

- New Windows 11 build ships with more Rust-based Kernel features

https://www.bleepingcomputer.com/news/microsoft/new-windows-11-build-ships-with-more-rust-based-kernel-features/

- How to Apply MITRE ATT&CK to Your Organization

https://thehackernews.com/2023/07/how-to-apply-mitre-att-to-your.html

- [위크넷 해킹] 신종 해킹에 공공기관 '초비상'...보안관리 강화해야

https://www.newspim.com/news/view/20230710000948

- Global Retailers Must Keep an Eye on Their SaaS Stack

https://thehackernews.com/2023/07/global-retailers-must-keep-eye-on-their.html

- France’s government is giving the police more surveillance power

https://securityaffairs.com/148305/laws-and-regulations/french-government-surveillance-power.html

- '제로트러스트 가이드라인1.0' 발표...개념･보안원리･핵심원칙 등 설명

 https://www.dailysecu.com/news/articleView.html?idxno=147694