2024.02.24 보안 이슈

==2024.02.24==

# 취약점 / 악성코드 

- 인포스틸러·백도어 악성코드, 로그인 시 필요한 보안 프로그램으로 위장해 유포

http://www.boannews.com/media/view.asp?idx=126860&kind=&sub_kind=

- New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam

https://thehackernews.com/2024/02/new-vietcredcare-stealer-targeting.html

- 네트워크 자동 매핑 도구 SSH스네이크, 어느 새 해킹 도구로 전락

https://www.boannews.com/media/view.asp?idx=126992&page=1&kind=1

https://thehackernews.com/2024/02/cybercriminals-weaponizing-open-source.html

- Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability

https://thehackernews.com/2024/02/researchers-detail-apples-recent-zero.html

- 레디스 서버에 침투하는 새 멀웨어, 암호화폐 채굴 코드 받아 설치

https://www.boannews.com/media/view.asp?idx=126899&page=5&kind=1

- 인기 높은 CMS 줌라에서 다섯 가지 취약점 발견되고 패치돼

https://www.boannews.com/media/view.asp?idx=126956&page=4&kind=1

- 다시 돌아온 루시퍼 봇넷, 이번에는 하둡 서버 겨냥해 맹공 펼쳐

https://www.boannews.com/media/view.asp?idx=126964&page=3&kind=1

- 제2의 카세야 사태? 커넥트와이즈 솔루션에서 나온 10점 만점 취약점 주의보

https://www.boannews.com/media/view.asp?idx=126959&page=3&kind=1

# 국가지원 해킹그룹

- North Korean hackers linked to defense sector supply-chain attack

https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/#google_vignette

- Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

https://thehackernews.com/2024/02/russian-linked-hackers-breach-80.html

- Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

https://thehackernews.com/2024/02/iran-and-hezbollah-hackers-launch.html

- Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks

https://thehackernews.com/2024/02/russian-hackers-target-ukraine-with.html

- Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS

https://thehackernews.com/2024/02/mustang-panda-targets-asia-with.html

- Russian Government Software Backdoored to Deploy Konni RAT Malware

https://thehackernews.com/2024/02/russian-government-software-backdoored.html

- ‘애국 해킹’ 산업 키우는 중국, 수년 동안 부정하더니 대량 정보 유출돼 전모 드러났다

https://www.boannews.com/media/view.asp?idx=126965&page=3&kind=1

https://www.boannews.com/media/view.asp?idx=126950&page=4&kind=1

# 랜섬웨어 / 정보유출

- 그 어느 조직보다 크게 넘어진 록빗, 국제 공조 이전부터 힘 잃었었다

https://www.boannews.com/media/view.asp?idx=126998&page=1&kind=1

- 2023년 랜섬웨어 피해자들이 낸 돈은 11억 달러

https://www.boannews.com/media/view.asp?idx=126915&page=1&kind=4

# 다크웹 / OSINT / 계정 / 피싱

#AI 

-  “저작권 침해 막아라”…패션업계도 ‘AI 주의보’ [언박싱]

https://news.heraldcorp.com/view.php?ud=20240222050546

- Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI

https://thehackernews.com/2024/02/microsoft-releases-pyrit-red-teaming.html

# 공급망

- New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

https://thehackernews.com/2024/02/new-malicious-pypi-packages-caught.html

- Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

https://thehackernews.com/2024/02/dormant-pypi-package-compromised-to.html

# 클라우드

- ‘클라우드에서 온프레미스로 돌아온 이유’… 토마고 알루미늄 사례

https://www.ciokorea.com/news/325905

# 기타

- [단독]공동인증서 부정 발급…마이데이터 보안 위태

https://www.etnews.com/20240219000286

- 2024년 보안 리더에게 불어올 6가지 유행

http://www.boannews.com/media/view.asp?idx=126960&kind=&sub_kind=

- “BEYOND THE BORDER SCAM”, PAY ATTENTION TO THE INSTANCE OF THE NEW NIGERIAN FRAUD

https://securityaffairs.com/159491/cyber-crime/beyond-the-border-scam-nigerian-fraud.html

- A New Age of Hacktivism

https://thehackernews.com/2024/02/a-new-age-of-hacktivism.html