2023.11.04 보안 이슈

==2023.11.04==

# 취약점 / 악성코드 

- Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel

https://thehackernews.com/2023/11/google-warns-of-hackers-absing-calendar.html

- Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation

https://thehackernews.com/2023/11/researchers-uncover-undetectable-crypto.html

- New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

https://thehackernews.com/2023/11/new-malvertising-campaign-uses-fake.html

- Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers

https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html

- 5년 동안 들키지 않고 활동해 온 멀웨어, 스트라입트플라이

https://www.boannews.com/media/view.asp?idx=123416&page=12&kind=1

https://thehackernews.com/2023/11/stripedfly-malware-operated-unnoticed.html

- 페이스북에 수위 높은 광고 올려 노드스틸러 퍼트리는 공격자들

https://www.boannews.com/media/view.asp?idx=123417&page=12&kind=1

- 속스5시스템즈라는 프록시 봇넷 멀웨어, 세계 곳곳의 컴퓨터 감염시키는 중

https://www.boannews.com/media/view.asp?idx=123418&page=11&kind=1

https://securityaffairs.com/153658/cyber-crime/socks5systemz-proxy-botnet.html

- 아틀라시안 컨플루언스에서 발견된 최근 취약점, 랜섬웨어 공격의 통로가 돼

https://www.boannews.com/media/view.asp?idx=123470&page=10&kind=1

https://thehackernews.com/2023/11/alert-effluence-backdoor-persists.html

- 업그레이드 된 정보 탈취 멀웨어 주피터, 이전보다 위험해져

https://www.boannews.com/media/view.asp?idx=123584&page=4&kind=1

- 무브잇 제로데이 공략한 해커들, 이번에는 시스에이드 제로데이 공략

https://www.boannews.com/media/view.asp?idx=123661&page=1&kind=1

https://thehackernews.com/2023/11/zero-day-alert-lace-tempest-exploits.html

- 기업 홍보물 제작으로 위장한 악성 LNK 유포

https://www.boannews.com/media/view.asp?idx=123659&page=1&kind=1

# 국가지원 해킹그룹

- Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors

https://thehackernews.com/2023/11/iran-linked-imperial-kitten-cyber-group.html

- Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes

https://thehackernews.com/2023/11/russian-hackers-sandworm-cause-power.html

- 北 해킹창구 ‘매직라인(MagicLine4NX)’ 취약점 아직도 악용중!

https://www.boannews.com/media/view.asp?idx=123497&page=8&kind=1

- 북한의 해킹 그룹 블루노로프, 새 맥OS 멀웨어 들고 나타나

https://www.boannews.com/media/view.asp?idx=123560&page=6&kind=1

https://thehackernews.com/2023/11/n-korean-bluenoroff-blamed-for-hacking.html

- 北 해킹그룹 ‘안다리엘’ 자산관리 프로그램 악용한 공격 정황 포착

https://www.boannews.com/media/view.asp?idx=123655&page=1&kind=1

# 랜섬웨어 / 정보유출

- FBI: Ransomware gangs hack casinos via 3rd party gaming vendors

https://www.bleepingcomputer.com/news/security/fbi-ransomware-gangs-hack-casinos-via-3rd-party-gaming-vendors/

- 범죄자는 서비스형 랜섬웨어를 어떻게 활용하나?

https://www.boannews.com/media/view.asp?idx=123485&page=5&kind=1

- 클라우드 보안 업체 수모로직에서 침해 사고 발생해

https://www.boannews.com/media/view.asp?idx=123576&page=5&kind=1

https://www.bleepingcomputer.com/news/security/sumo-logic-discloses-security-breach-advises-api-key-resets/

- 외교부, 지난해 1월 해킹으로 ‘이메일 유출’... 뒤늦게 드러나

https://www.boannews.com/media/view.asp?idx=123654&page=1&kind=1

- 중국공상은행, 랜섬웨어 공격에 당해 일부 시스템에 장애 와

https://www.boannews.com/media/view.asp?idx=123611&page=3&kind=1

# 다크웹 / OSINT / 계정 / 피싱

- ‘나눔로또’ 판매 동행복권, 해킹으로 부정 로그인 시도... 개인정보 유출 가능성

https://www.boannews.com/media/view.asp?idx=123412&page=12&kind=1

- 동행복권 “침해사고 때 아이디별 비밀번호는 노출되지 않았다”

https://www.boannews.com/media/view.asp?idx=123609&page=3&kind=1

- 정부24 홈페이지, 카카오톡 인증 통한 비정상 시도 발견

https://www.boannews.com/media/view.asp?idx=123414&page=12&kind=1

- 데이터 브로커들이 합법적으로 판매하는 데이터 안에 민감 정보 포함돼

https://www.boannews.com/media/view.asp?idx=123530&page=8&kind=1

# 공급망

- [테크칼럼] 소프트웨어 개발 단계 공급망 보안 관련 표준화 동향

https://www.boannews.com/media/view.asp?idx=123383&page=12&kind=5

- 파이선 리포지터리에 등장한 블레이즈스틸러 멀웨어

https://www.boannews.com/media/view.asp?idx=123574&page=5&kind=1

https://thehackernews.com/2023/11/beware-developers-blazestealer-malware.html# 기타

- 어나니머스수단, 디도스 공격으로 챗GPT 마비시켜

https://www.boannews.com/media/view.asp?idx=123612&page=3&kind=1