2023.09.23 보안 이슈

==2023.09.23==

# 취약점 / 악성코드 

- 국세청을 사칭한 악성 LNK 유포 - ASEC BLOG

https://asec.ahnlab.com/ko/57088/

- Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks

https://www.bleepingcomputer.com/news/security/mozilla-patches-firefox-thunderbird-against-zero-day-exploited-in-attacks/

- Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

https://thehackernews.com/2023/09/over-12000-juniper-firewalls-found.html

- GitLab Releases Urgent Security Patches for Critical Vulnerability

https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html

- 이블텔레그램, 모드가 활성화 된 텔레그램 생태계를 노려

 https://www.boannews.com/media/view.asp?idx=121831&page=20&kind=1 

- 구글, 올해 네 번째 발견된 크롬 제로데이 취약점 긴급히 패치

 https://www.boannews.com/media/view.asp?idx=121875&page=19&kind=1 

- 라우터와 장비 사이에 끼어들어 기밀 가로채는 공격 기법 발견돼

 https://www.boannews.com/media/view.asp?idx=121878&page=19&kind=4 

- 인텔 기반 맥OS 시스템 노리는 새 멀웨어, 메타스틸러

 https://www.boannews.com/media/view.asp?idx=121916&page=17&kind=1 

- 파키스탄의 해킹 조직, 가짜 유튜브 앱 통해 멀웨어 퍼트리는 중

 https://www.boannews.com/media/view.asp?idx=122107&page=7&kind=1 

- 아태와 아메리카 지역에서 활개치고 있는 사일런트스키머 멀웨어

 https://www.boannews.com/media/view.asp?idx=122143&page=5&kind=1 

- 최근 잦은 표적이 되고 있는 중동의 통신사, 백도어의 침공 받아

 https://www.boannews.com/media/view.asp?idx=122144&page=5&kind=1 

https://thehackernews.com/2023/09/shroudedsnoopers-httpsnoop-backdoor.html

- 얼마 전 등장한 P2P인펙트, 업그레이드 되더니 활동량 600배 증가

 https://www.boannews.com/media/view.asp?idx=122179&page=4&kind=1 

https://thehackernews.com/2023/09/researchers-raise-red-flag-on-p2pinfect.html

- 애플, 세 개의 제로데이 취약점 해결 위해 긴급 패치 배포

 https://www.boannews.com/media/view.asp?idx=122225&page=1&kind=1 

- New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html

# 국가지원 해킹그룹

- Evasive Gelsemium hackers spotted in attack against Asian govt

https://www.bleepingcomputer.com/news/security/evasive-gelsemium-hackers-spotted-in-attack-against-asian-govt/

- Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.

https://thehackernews.com/2023/09/charming-kitens-new-backdoor-sponsor.html

- Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

https://thehackernews.com/2023/09/iranian-nation-state-actors-employ.html

- Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html

- Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

https://thehackernews.com/2023/09/operation-rusty-flag-azerbaijan.html

- China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers

https://thehackernews.com/2023/09/china-accuses-us-of-decade-long-cyber.html

- Iranian Nation-State Actor OilRig Targets Israeli Organizations

https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html

- Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html

- 중국의 APT 단체, 타국 전기 공급망에서 6개월 간 정보 빼돌려

 https://www.boannews.com/media/view.asp?idx=121917&page=17&kind=1 

https://thehackernews.com/2023/09/chinese-redfly-group-compromised.html

- 북한의 라자루스, 6월부터 지금까지 2억 달러 넘는 암호화폐 훔쳐

 https://www.boannews.com/media/view.asp?idx=122055&page=9&kind=1 

https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html

- 독일 첩보부, “사이버 공격자들이 LNG 터미널 공격하려 한다” 경고

 https://www.boannews.com/media/view.asp?idx=122110&page=7&kind=1 

# 랜섬웨어 / 정보유출

- Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html

- AP통신 침해한 공격자들, 이미 피해자 대상으로 후속 공격 실시

 https://www.boannews.com/media/view.asp?idx=121819&page=21&kind=1 

- MGM casino's ESXi servers allegedly encrypted in ransomware attack

https://www.bleepingcomputer.com/news/security/mgm-casinos-esxi-servers-allegedly-encrypted-in-ransomware-attack/

- 라스베이거스의 유명 카지노 업체, 랜섬웨어 공격자들에게 3천만 달러 내

 https://www.boannews.com/media/view.asp?idx=121956&page=14&kind=1 

- 복잡해지는 랜섬웨어 산업에 등장한 새내기, 3AM

 https://www.boannews.com/media/view.asp?idx=121957&page=14&kind=1 

https://thehackernews.com/2023/09/rust-written-3am-ransomware-sneak-peek.html

- 클롭 랜섬웨어, 무브잇 취약점 통해 10곳 넘는 병원 침해했다

 https://www.boannews.com/media/view.asp?idx=122059&page=9&kind=1 

- MS의 인공지능 개발자들, 실수로 38TB의 데이터 노출시켜

 https://www.boannews.com/media/view.asp?idx=122106&page=7&kind=1 

https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html

- 록빗, 8월 한 달 동안 126개 기업의 데이터를 유출했다

 https://www.boannews.com/media/view.asp?idx=122228&page=1&kind=1 

# 다크웹 / OSINT / 계정 / 피싱

- Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger

https://thehackernews.com/2023/09/vietnamese-hackers-deploy-python-based.html

- Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper

https://thehackernews.com/2023/09/sophisticated-phishing-campaign.html

- Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

https://thehackernews.com/2023/09/retool-falls-victim-to-sms-based.html

- Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers

https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html

- 구글의 루커스튜디오 악용한 공격자들, 이메일 보안 장치들 농락

 https://www.boannews.com/media/view.asp?idx=121923&page=16&kind=1 

- 비트코인을 무료로 나눠준다는 사기 캠페인, 틱톡에서 진행 중

 https://www.boannews.com/media/view.asp?idx=122056&page=9&kind=1 

- 이더리움 창립자의 엑스(트위터) 계정 해킹돼 70만 달러 사기 피해 발생

 https://www.boannews.com/media/view.asp?idx=122057&page=9&kind=1 

- 중국 사용자들을 겨냥한 피싱 캠페인, 각종 멀웨어 유포 중

 https://www.boannews.com/media/view.asp?idx=122180&page=4&kind=1 

https://thehackernews.com/2023/09/sophisticated-phishing-campaign_20.html

- 다크웹 이용한 ‘은밀한 마약 거래’, 5년 전보다 13배 늘었다

 https://www.boannews.com/media/view.asp?idx=122230&page=1&kind=2 

#AI 

- [주말판] 인공지능을 당신의 제품에 녹여낼 가장 현실적인 방법

 https://www.boannews.com/media/view.asp?idx=121655&page=21&kind=4 

- 다크웹의 해커들, 챗봇 탈옥 기술 발견했다며 자랑하기 시작

 https://www.boannews.com/media/view.asp?idx=122007&page=12&kind=1 

# 공급망

- Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html

- Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack

https://thehackernews.com/2023/09/ukrainian-hacker-suspected-to-be-behind.html

# 기타

- Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT

https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html

- 리포재킹 공격에 노출된 4천여 개의 깃허브 리포지터리

 https://www.boannews.com/media/view.asp?idx=121918&page=17&kind=1 

https://thehackernews.com/2023/09/critical-github-vulnerability-exposes.html

- 취약점 발굴 업체 롤바에서 데이터 침해 사고 발생해

 https://www.boannews.com/media/view.asp?idx=121960&page=14&kind=1 

- 공격 경로들을 관리하려면 보다 공격적인 보안이 필요하다

 https://www.boannews.com/media/view.asp?idx=121863&page=10&kind=4 

- AWS에 몰래 침투한 해커들, 암호화폐 채굴 진행해 2천만 원 가까이 벌어

 https://www.boannews.com/media/view.asp?idx=122109&page=7&kind=1 

- 공격 표면 관리실태 분석해보니... “역동적인 클라우드 환경이 취약점”

 https://www.boannews.com/media/view.asp?idx=122146&page=5&kind=3 

- 유명 인터넷서점 알라딘과 입시학원 2곳 해킹해 전자책 유출한 3명 잡혔다

 https://www.boannews.com/media/view.asp?idx=122186&page=3&kind=1