2023.08.12 보안 이슈

==2023.08.12==

# 취약점 / 악성코드 

- Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems

https://thehackernews.com/2023/08/reptile-rootkit-advanced-linux-malware.html

- Hackers Abusing Cloudflare Tunnels for Covert Communications

https://thehackernews.com/2023/08/hackers-abusing-cloudflare-tunnels-for.html

- QakBot Malware Operators Expand C2 Network with 15 New Servers

https://thehackernews.com/2023/08/qakbot-malware-operators-expand-c2.html

- Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

https://thehackernews.com/2023/08/emerging-attacker-exploit-microsoft.html

- 슬리버 C2 악성코드, 국내 개발 업체의 정상 설치 파일로 위장 유포

 https://www.boannews.com/media/view.asp?idx=120824&page=8&kind=1 

- 전 세계적인 플랫폼 Points.com에서 로열티 시스템 해킹 가능성 밝혀

 https://www.boannews.com/media/view.asp?idx=120861&page=7&kind=4 

- 포티게이트 방화벽 사용자, 취약점 패치 안해 4천대 이상 안전 ‘빨간불’

 https://www.boannews.com/media/view.asp?idx=120960&page=1&kind=1 

# 국가지원 해킹그룹

- Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus

https://thehackernews.com/2023/08/researchers-uncover-decade-long-cyber.html

- 북한 해킹그룹 ‘스카크러프트’, 러시아 미사일 제조사 해킹

 https://www.boannews.com/media/view.asp?idx=120927&page=3&kind=4 

- 中 인민해방군 소속 해커들 日 안보망 침투... “일본 현대사 최악의 해킹”

 https://www.boannews.com/media/view.asp?idx=120898&page=2&kind=1 

- 중국 국가안전부 소속 해커들, 3년 만에 전 세계 17개국 공격 퍼부어

 https://www.boannews.com/media/view.asp?idx=120963&page=1&kind=4 

https://thehackernews.com/2023/08/china-linked-hackers-strike-worldwide.html

# 랜섬웨어 / 정보유출

- 국내 기업을 대상으로 공격 중인 하쿠나 마타타(Hakuna matata) 랜섬웨어 - ASEC BLOG

https://asec.ahnlab.com/ko/55907/

- The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

https://securityaffairs.com/149244/hacking/ransomware-attacks-against-finland.html

- 클롭 랜섬웨어, 데이터 유출 및 추적 피하기 위해 ‘토렌트’ 활용했다

 https://www.boannews.com/media/view.asp?idx=120888&page=5&kind=4 

- 새롭게 등장한 야슈마 랜섬웨어의 변종, 한 번 당하면 지독하게 당할 수 있다

 https://www.boannews.com/media/view.asp?idx=120897&page=4&kind=1 

- 라이시다 랜섬웨어, 의료기관 타깃으로 무차별 공격

 https://www.boannews.com/media/view.asp?idx=120961&page=1&kind=4 

# 다크웹 / OSINT / 계정 / 피싱

- “유출된 ID 관련 보안 위협 급격히 증가” 크라우드스트라이크 보고서

https://www.itworld.co.kr/news/302701

- EvilProxy phishing campaign targets 120,000 Microsoft 365 users

https://www.bleepingcomputer.com/news/security/evilproxy-phishing-campaign-targets-120-000-microsoft-365-users/

- Lapsus$ hackers took SIM-swapping attacks to the next level

https://www.bleepingcomputer.com/news/security/lapsus-hackers-took-sim-swapping-attacks-to-the-next-level/

- 비즈니스의 관점에서 다크웹 다루기

 https://www.boannews.com/media/view.asp?idx=120856&page=5&kind=4 

# AI 

- 빅테크 'AI 레드팀'은 무슨 일 할까

 https://zdnet.co.kr/view/?no=20230809150555 

- 챗GPT 등 생성형 AI의 그림자? 가이드라인 통해 본 보안 위협들

 https://www.boannews.com/media/view.asp?idx=120359&page=8&kind=2 

- 인공지능과 자동화에 대한 선입견이 조직 차원에서 사라져야 한다

 https://www.boannews.com/media/view.asp?idx=120690&page=8&kind=4 

- 인공지능의 편향성 문제, 얼마나 심각하고 어떻게 해결하나?

 https://www.boannews.com/media/view.asp?idx=120863&page=7&kind=1 

# 공급망

- 정품 VMware vSphere 커넥터와 유사한 악성 PyPI 패키지 등장

 https://www.boannews.com/media/view.asp?idx=120862&page=7&kind=1 

# 기타 

- [OT보안②] OT 타깃 공격 늘며 세계 각국 보안 규제 강화 - 데이터넷

 https://news.google.com/rss/articles/CBMiO2h0dHA6Ly93d3cuZGF0YW5ldC5jby5rci9uZXdzL2FydGljbGVWaWV3Lmh0bWw_aWR4bm89MTg2MDM40gEA?oc=5 

- Sysmon 활용 가이드: ArchiveDirectory Data 활용

https://blog.plainbit.co.kr/archivedirectory-data-application/

- [블랙햇 2023] 올해 글로벌 보안 콘퍼런스의 화두는 역시나 AI와 리질리언스

 https://www.boannews.com/media/view.asp?idx=120931&page=3&kind=3 

- 되풀이되는 국가기술 유출... 지난 5년간 중대 피해 살펴보니

 https://www.boannews.com/media/view.asp?idx=120625&page=1&kind=1 

- 중국계 美 해군 스파이 체포, 한국 관련 기밀도 유출

 https://www.boannews.com/media/view.asp?idx=120962&page=1&kind=4 

- BlackHat USA 2023 slides

github.com/onhexgroup/Conferences/tree/main/Black%20Hat%20USA%202023%20slides

github.com/onhexgroup/Conferences/releases/tag/bhusa2023