2023.09.06 보안 이슈

==2023.09.09==

# 취약점 / 악성코드 

- Apple zero-click iMessage exploit used to infect iPhones with spyware

https://www.bleepingcomputer.com/news/security/apple-zero-click-imessage-exploit-used-to-infect-iphones-with-spyware/

- Cisco warns of VPN zero-day exploited by ransomware gangs

https://www.bleepingcomputer.com/news/security/cisco-warns-of-vpn-zero-day-exploited-by-ransomware-gangs/

- Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

https://thehackernews.com/2023/09/beware-of-maldoc-in-pdf-new-polyglot.html

- New Python Variant of Chaes Malware Targets Banking and Logistics Industries

https://thehackernews.com/2023/09/new-python-variant-of-chaes-malware.html

- Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks

https://thehackernews.com/2023/09/mirai-botnet-variant-pandora-hijacks.html

- Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play

https://thehackernews.com/2023/09/millions-infected-by-spyware-hidden-in.html

- Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks

https://thehackernews.com/2023/09/cybercriminals-weaponizing-legitimate.html

- 19만개 이상 취약점 노출된 주니퍼 방화벽, RCE 취약점 버그 체인 주의

 https://www.boannews.com/media/view.asp?idx=121583&page=11&kind=1 

- VM웨어 아리아에서 발견된 초고위험도 취약점의 PoC 공개돼

 https://www.boannews.com/media/view.asp?idx=121597&page=11&kind=1 

- 레드아이즈 악성코드, KISA 등 공공기관 사칭해 압축파일로 유포 중

 https://www.boannews.com/media/view.asp?idx=121665&page=7&kind=1 

- 아틀라스VPN에서 발견된 제로데이 취약점, 개념 증명 익스플로잇도 나와

 https://www.boannews.com/media/view.asp?idx=121696&page=6&kind=1 

- X로더 악성코드, 오피스노트로 위장 유포... 인포스틸러이자 봇 유형

 https://www.boannews.com/media/view.asp?idx=121365&page=5&kind=1 

- 에이전트테슬라의 새 버전, 오래된 취약점 통해 퍼지고 있어

 https://www.boannews.com/media/view.asp?idx=121746&page=4&kind=1 

- 최신 iOS가 설치된 아이폰에 은밀히 설치되고 있는 페가수스

 https://www.boannews.com/media/view.asp?idx=121787&page=1&kind=1 

# 국가지원 해킹그룹

- Iranian hackers breach US aviation org via Zoho, Fortinet bugs

https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-us-aviation-org-via-zoho-fortinet-bugs/

- Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster

https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html

- 북한 해커그룹, 소셜미디어 통해 각국 보안연구원 타깃 공격...한국도 주의

 https://www.dailysecu.com/news/articleView.html?idxno=149341 

- North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html

- MS의 조그만 보안 틈들이 모이고 모여 서명 키 탈취 사건으로 확대돼

 https://www.boannews.com/media/view.asp?idx=121795&page=1&kind=1 

 https://www.boannews.com/media/view.asp?idx=121744&page=4&kind=1 

https://thehackernews.com/2023/09/outlook-breach-microsoft-reveals-how.html

# 랜섬웨어 / 정보유출

- MSSQL 데이터베이스, 무작위 대입 공격에 이은 랜섬웨어 때문에 몸살

 https://www.boannews.com/media/view.asp?idx=121607&page=10&kind=1 

https://thehackernews.com/2023/09/threat-actors-targeting-microsoft-sql.html

- 랜섬웨어 단체 록빗, 영국 국방 관련 업체의 내부 정보 유출시켜

 https://www.boannews.com/media/view.asp?idx=121732&page=5&kind=1 

# 다크웹 / OSINT / 계정 / 피싱

- Microsoft Teams phishing attack pushes DarkGate malware

https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-attack-pushes-darkgate-malware/

- Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.

https://thehackernews.com/2023/09/chinese-speaking-cybercriminals-launch.html

- 옥타의 관리자 계정 노리는 소셜엔지니어링 공격, 최근 유행하고 있어

 https://www.boannews.com/media/view.asp?idx=121704&page=6&kind=1 

- 피싱 전문 해커 웰, 피싱 공격의 전문성 높이는 거대 생태계 만들었다

 https://www.boannews.com/media/view.asp?idx=121754&page=3&kind=1 

https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html

#AI 

- 北, 사이버 위협의 오른팔 ‘APT 그룹’... 왼팔은 ‘AI’?

 https://www.boannews.com/media/view.asp?idx=121558&page=12&kind=1 

- ‘생성형 AI는 보안 리스크다’... 전 세계 분야별 이사회 구성원 약 60%가 동의

 https://www.boannews.com/media/view.asp?idx=121741&page=4&kind=3 

- 구글 클라우드와 엔비디아가 맺은 인공지능 파트너십, 그 의미는

 https://www.boannews.com/media/view.asp?idx=121653&page=1&kind=3 

- [주말판] 인공지능을 당신의 제품에 녹여낼 가장 현실적인 방법

 https://www.boannews.com/media/view.asp?idx=121655&page=1&kind=4 

# 공급망

# 기타

- 거대 게임사 록스타게임즈, 크래킹 도구 사용해 게임 개발했나

 https://www.boannews.com/media/view.asp?idx=121747&page=3&kind=1