2023.07.29 보안 이슈

==2023.07.29==

# 취약점 / 악성코드 

- 국내 프로그램 개발 업체를 통해 유포 중인 Sliver C2 - ASEC BLOG

https://asec.ahnlab.com/ko/55524/

- Ivanti patches new zero-day exploited in Norwegian govt attacks

https://www.bleepingcomputer.com/news/security/ivanti-patches-new-zero-day-exploited-in-norwegian-govt-attacks/

- Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

https://securityaffairs.com/148880/security/zimbra-fixed-2023-38750-zcs.html

- 정부부처 게시물 제목 모방해 악성코드 심은 MS워드 파일 유포

 https://m.boannews.com/html/detail.html?tab_type=1&idx=120526 

- Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking

https://thehackernews.com/2023/07/critical-mikrotik-routeros.html

- Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

https://thehackernews.com/2023/07/rust-based-realst-infostealer-targeting.html

- Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining

https://thehackernews.com/2023/07/hackers-target-apache-tomcat-servers.html

- New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads

https://thehackernews.com/2023/07/new-malvertising-campaign-distributing.html

- GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users

https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html

- Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html

- Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

https://thehackernews.com/2023/07/major-security-flaw-discovered-in.html

- Hackers Abusing Windows Search Feature to Install Remote Access Trojans

https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html

- New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data

https://thehackernews.com/2023/07/new-android-malware-cherryblos.html

- Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks

https://thehackernews.com/2023/07/hackers-deploy-submarine-backdoor-in.html

- IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

https://thehackernews.com/2023/07/icedid-malware-adapts-and-expands.html

# 국가지원 해킹그룹

- 북한의 사이버 공격자들, 깃허브의 개발자들 노리고 있다

 http://www.boannews.com/media/view.asp?idx=120476&kind=&sub_kind= 

- 최근 2년 중국발 사이버공격, 제로데이 취약점 공격에 집중됐다

 https://www.boannews.com/media/view.asp?idx=120418&page=9&kind=1 

- Lazarus hackers hijack Microsoft IIS servers to spread malware

https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/

- CoinsPaid blames Lazarus hackers for theft of $37,300,000 in crypto

https://www.bleepingcomputer.com/news/security/coinspaid-blames-lazarus-hackers-for-theft-of-37-300-000-in-crypto/

- STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

https://thehackernews.com/2023/07/starkmule-targets-koreans-with-us.html

- BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities

https://thehackernews.com/2023/07/bluebravo-deploys-graphicalproton.html

# 랜섬웨어 / 정보유출

- 빠르게 자라는 아키라 랜섬웨어, 현재 60개 넘는 조직 협박 중

 http://www.boannews.com/media/view.asp?idx=120545&kind=&sub_kind= 

- SK쉴더스 “2분기 랜섬웨어 공격, 전년 대비 두 배 넘게 늘어”

https://www.etnews.com/20230727000255

- 칠레 육군 문서 다크웹 유출의 원인, 코발트 스트라이크 랜섬웨어

 https://m.boannews.com/html/detail.html?tab_type=1&idx=120628 

- Clop now leaks data stolen in MOVEit attacks on clearweb sites

https://www.bleepingcomputer.com/news/security/clop-now-leaks-data-stolen-in-moveit-attacks-on-clearweb-sites/

- linux-version-of-abyss-locker-ransomware-targets-vmware-esxi-servers

https://www.bleepingcomputer.com/news/security/linux-version-of-abyss-locker-ransomware-targets-vmware-esxi-servers/

- ALPHV ransomware adds data leak API in new extortion strategy

https://www.bleepingcomputer.com/news/security/alphv-ransomware-adds-data-leak-api-in-new-extortion-strategy/


# 다크웹 / OSINT / 계정 / 피싱

- [알쓸보안사전] 어둠 속 범죄자들의 시장 ‘다크웹’

 https://m.boannews.com/html/detail.html?tab_type=1&idx=120470 

#AI 

- “AI 보안관제, 10만명 관제요원 투입과 같은 효과” - 데이터넷

 https://www.datanet.co.kr/news/articleView.html?idxno=185705 

- 글로벌 칼럼 | 생성형 AI, 더 새롭고 골치 아픈 섀도우 IT 시대를 열다

https://www.itworld.co.kr/news/301057

- 오픈AI, AI 탐지 서비스 중단…너무 낮은 정확성이 문제

https://www.itworld.co.kr/news/300985

- 칼럼 | 현장에서 전하는 ‘네트워크 운영에 AI를 못(안) 쓰는 이유’

https://www.ciokorea.com/news/301177

- 인공지능을 곁에 둔 ‘슈퍼 개발자’의 시대

 https://www.boannews.com/media/view.asp?idx=120452 

- New AI Tool 'FraudGPT' Emerges, Tailored for Sophisticated Attacks

https://thehackernews.com/2023/07/new-ai-tool-fraudgpt-emerges-tailored.html

# 공급망

- 북한 해킹그룹, 미국 소프트웨어 기업 ‘점프클라우드’ 공급망 공격

 http://www.boannews.com/media/view.asp?idx=120469&kind=&sub_kind= 

- 점프클라우드 고객사들, 역시나 북한 해커들의 표적이 되고 있다

 http://www.boannews.com/media/view.asp?idx=120463&kind=&sub_kind= 


# 기타

- 전 세계 사회 기반 시설에 사용되는 테트라에서 백도어 발견돼

 http://www.boannews.com/media/view.asp?idx=120467&kind=&sub_kind= 

- 네트워크 회복탄력성 연합 출범… “취약점 해결 목표”

https://www.ciokorea.com/news/300919

- 국내 대학 등 15개 기관에 침입, 개인정보 탈취한 대학생 2명 검거

 https://m.boannews.com/html/detail.html?tab_type=1&idx=120558