2023.08.05 보안 이슈

==2023.08.05==

# 취약점 / 악성코드 

- New Microsoft Azure AD CTS feature can be abused for lateral movement

https://www.bleepingcomputer.com/news/security/new-microsoft-azure-ad-cts-feature-can-be-abused-for-lateral-movement/

- Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners

https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html

- Hackers can abuse Microsoft Office executables to download malware

https://www.bleepingcomputer.com/news/security/hackers-can-abuse-microsoft-office-executables-to-download-malware/

- FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022

https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-reveal-top-exploited-vulnerabilities-of-2022/

- 중소기업의 맥OS 장비 노리는 새로운 멀웨어 등장해

 https://www.boannews.com/media/view.asp?idx=120759&kind=&sub_kind= 

- Over 640 Citrix servers backdoored with web shells in ongoing attacks

https://www.bleepingcomputer.com/news/security/over-640-citrix-servers-backdoored-with-web-shells-in-ongoing-attacks/

- Amazon's AWS SSM agent can be used as post-exploitation RAT malware

https://www.bleepingcomputer.com/news/security/amazons-aws-ssm-agent-can-be-used-as-post-exploitation-rat-malware/

- New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets

https://thehackernews.com/2023/08/new-nodestealer-targeting-facebook.html

- European Bank Customers Targeted in SpyNote Android Trojan Campaign

https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html

- Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

https://thehackernews.com/2023/08/cybercriminals-renting-wikiloader-to.html

- Hackers steal Signal, WhatsApp user data with fake Android chat app

https://www.bleepingcomputer.com/news/security/hackers-steal-signal-whatsapp-user-data-with-fake-android-chat-app/

- Hackers exploit BleedingPipe RCE to target Minecraft servers, players

https://www.bleepingcomputer.com/news/security/hackers-exploit-bleedingpipe-rce-to-target-minecraft-servers-players/

- New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

https://thehackernews.com/2023/07/new-p2pinfect-worm-targets-redis.html

- AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service

https://thehackernews.com/2023/07/avrecon-botnet-leveraging-compromised.html

- Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

https://thehackernews.com/2023/07/fruity-trojan-uses-deceptive-software.html

- Experts warn attackers started exploiting Citrix ShareFile RCE flaw CVE-2023-24489

https://securityaffairs.com/148981/hacking/citrix-sharefile-cve-2023-24489-flaws-attacks.html

- 의료 기관, 데이터 유출 및 사이버 범죄 노출 위험성 야기하는 7가지 취약점

 https://www.dailysecu.com/news/articleView.html?idxno=148192 

- Now Abyss Locker also targets VMware ESXi servers

https://securityaffairs.com/148933/malware/abyss-locker-vmware-esxi.html

- Google: Android patch gap makes n-days as dangerous as zero-days

https://www.bleepingcomputer.com/news/security/google-android-patch-gap-makes-n-days-as-dangerous-as-zero-days/

- In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

https://securityaffairs.com/148965/hacking/zero-day-2022-google-report.html

# 국가지원 해킹그룹

- Midnight Blizzard conducts targeted social engineering over Microsoft Teams

https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/

- CLOUD SECURITYIran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups

https://www.securityweek.com/iran-run-isp-cloudzy-caught-supporting-nation-state-apts-cybercrime-hacking-groups/

- US govt is hunting a Chinese malware that can interfere with its military operations

https://securityaffairs.com/149041/security/china-malware-critical-infrastructure.html

- Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia

https://thehackernews.com/2023/08/researchers-expose-space-pirate-cyber.html

- China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

https://thehackernews.com/2023/08/chinas-apt31-suspected-in-attacks-on.html

- Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html

- 북한 사이버공격 그룹, 미군 가운데 한국어 사용자 타깃 공격 진행

 https://www.dailysecu.com/news/articleView.html?idxno=148195 

# 랜섬웨어 / 정보유출

- “취약한 MSSQL 서버 겨냥한 맬록스 랜섬웨어 공격, 작년보다 174% 증가”

https://www.itworld.co.kr/news/301741

- KISA, 랜섬웨어 대응 가이드라인 개정본 배포

https://www.etnews.com/20230803000162

- Clop ransomware now uses torrents to leak data and evade takedowns

https://www.bleepingcomputer.com/news/security/clop-ransomware-now-uses-torrents-to-leak-data-and-evade-takedowns/

# 다크웹 / OSINT / 계정 / 피싱

- 랜섬웨어 조직에 최초 접근 권한 판매하는 브로커 ‘IAB’ 활개

 https://www.boannews.com/media/view.asp?idx=119767&kind=&sub_kind= 

- Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign

https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html

- Threat actors abuse Google AMP for evasive phishing attacks

https://www.bleepingcomputer.com/news/security/threat-actors-abuse-google-amp-for-evasive-phishing-attacks/

- Alleged NATO Data Theft Leaked Hundreds of Sensitive Documents and Thousands of User Records

https://www.cpomagazine.com/cyber-security/alleged-nato-data-theft-leaked-hundreds-of-sensitive-documents-and-thousands-of-user-records/

- Retail chain Hot Topic discloses wave of credential-stuffing attacks

https://www.bleepingcomputer.com/news/security/retail-chain-hot-topic-discloses-wave-of-credential-stuffing-attacks/

- 50+ Phishing Statistics For 2023

https://www.business2community.com/statistics/phishing

- 브라질 사이버 위협 단체 “GeoMetrix”의 피싱 이메일 공격 증가

 https://www.dailysecu.com/news/articleView.html?idxno=148208 

#AI 

- "기업 55%, 새 애플리케이션 개발에 AI 우선 전략 채택" 가트너 AI 설문조사

https://www.itworld.co.kr/news/301573

- 개인정보위, AI 시대 개인정보 보호 정책 발표…전담팀 신설

https://www.etnews.com/20230803000134

- [주말판] 인공지능의 편향성과 불평등, 시급한 해결이 필요하다

 https://www.boannews.com/media/view.asp?idx=120686&kind=&sub_kind= 

- OWASP Top 10 for LLM (Large Language Model) applications is out!

https://securityaffairs.com/149124/security/owasp-top-10-for-llm.html

- 악성 생성형 인공지능 개발하는 공격자들, 곧 다크바트와 다크버트 나온다

 https://www.boannews.com/media/view.asp?idx=120735&kind=&sub_kind= 

- 인공지능이 만드는 디지털 트윈, 심리까지 파고든다

 https://www.boannews.com/media/view.asp?idx=120684&kind=&sub_kind= 

- Cybercriminals train AI chatbots for phishing, malware attacks

https://www.bleepingcomputer.com/news/security/cybercriminals-train-ai-chatbots-for-phishing-malware-attacks/

- 인공지능의 인기가 너무 빠르게 올라가고 있는 것 자체가 리스크

 https://www.boannews.com/media/view.asp?idx=120688&kind=&sub_kind= 

- Artificial Intelligence (AI) in Cyber Security Market 2023 Industry Key Players, Share, Trend, Segmentation and Forecast to 2030 | FireEye, Cisco, Fortinet

https://www.openpr.com/news/3151010/artificial-intelligence-ai-in-cyber-security-market-2023

- FBI Issues Warning About AI Malware Attacks

https://fagenwasanni.com/news/fbi-issues-warning-about-ai-malware-attacks/101640/

- 20 issues shaping generative AI strategies today

https://www.cio.com/article/647700/20-issues-shaping-cios-generative-ai-strategies-today.html

# 공급망

- Fake VMware vConnector package on PyPI targets IT pros

https://www.bleepingcomputer.com/news/security/fake-vmware-vconnector-package-on-pypi-targets-it-pros/

- Malicious npm Packages Found Exfiltrating Sensitive Data from Developers

https://thehackernews.com/2023/08/malicious-npm-packages-found.html

# 기타

- 애플, 개발자들에게 API 사용 목적 상세히 요구한다

 https://www.boannews.com/media/view.asp?idx=120679&kind=&sub_kind= 

- “2023년 상반기 침해사고 신고 건수, 전년 동기 대비 약 40% ↑”

 https://www.dailysecu.com/news/articleView.html?idxno=148201