2024.03.09 보안 이슈

==2024.03.09==

# 취약점 / 악성코드 

- THREAT ACTORS BREACHED TWO CRUCIAL SYSTEMS OF THE US CISA

https://securityaffairs.com/160246/hacking/us-cisa-systems-hacked.html

- Critical Fortinet flaw may impact 150,000 exposed devices

https://www.bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/#google_vignette

- New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities

https://thehackernews.com/2024/03/new-apt-group-lotus-bane-behind-recent.html

- 무료 메모장 플랫폼 ‘aNotepad’ 악용... 백도어 악성코드 WogRAT 유포

https://boannews.com/media/view.asp?idx=127280&page=14&kind=1

- UNC5325 그룹, 이반티 제로데이 취약점 공격

https://boannews.com/media/view.asp?idx=127297&page=13&kind=1

- VM웨어, 샌드박스 탈출 가능하게 하는 초고위험도 취약점 둘 패치

https://boannews.com/media/view.asp?idx=127427&page=8&kind=1

- 애플, 두 개의 제로데이에 대한 긴급 패치 배포 중

https://boannews.com/media/view.asp?idx=127426&page=8&kind=1

- 하이퍼바이저 플랫폼 케뮤, 공격자들의 통로로 활용된다

https://boannews.com/media/view.asp?idx=127428&page=8&kind=1

https://thehackernews.com/2024/03/cybercriminals-utilize-qemu-emulator-as.html

- 워드프레스 사이트 잘못 방문하면 브라우저가 공격 도구로 변신

https://boannews.com/media/view.asp?idx=127502&page=5&kind=1

https://thehackernews.com/2024/03/hacked-wordpress-sites-abusing-visitors.html

- 가짜 화상 회의 플랫폼 사이트 통해 정보 탈취형 멀웨어 퍼지고 있어

https://boannews.com/media/view.asp?idx=127503&page=5&kind=1

https://thehackernews.com/2024/03/watch-out-for-spoofed-zoom-skype-google.html

- 각종 서버 설정 오류와 취약점 노리는 공격자들, 암호화폐 채굴

https://boannews.com/media/view.asp?idx=127500&page=5&kind=1

- 아파치, 도커, 레디스, 컨플루언스 기반 서버들 노리는 공격 급증

https://boannews.com/media/view.asp?idx=127518&page=5&kind=1

https://thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html

- 각종 브라우저 노리는 스네이크, 페이스북 메시지 통해 퍼져

https://boannews.com/media/view.asp?idx=127561&page=4&kind=1

https://thehackernews.com/2024/03/new-python-based-snake-info-stealer.html


# 국가지원 해킹그룹

- [주의] 中 정부후원 해킹그룹이 사용하는 Keyplug 백도어 경유지, 한국서 발견돼

https://www.dailysecu.com/news/articleView.html?idxno=154152

- “올해 초 MS 시스템 해킹한 노벨리움, 핵심 소스코드에도 접근했다”

https://www.itbiznews.com/news/articleView.html?idxno=127954#google_vignette

https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html

- LITHUANIA SECURITY SERVICES WARN OF CHINA’S ESPIONAGE AGAINST THE COUNTRY

https://securityaffairs.com/160310/intelligence/cina-espionage-against-lithuania.html

- 北 , 국내 반도체 기업 해킹으로 설계도면과 현장사진 훔쳐갔다

https://boannews.com/media/view.asp?idx=127290&page=13&kind=1

https://www.bleepingcomputer.com/news/security/north-korea-hacks-two-south-korean-chip-firms-to-steal-engineering-data/

- 계속해서 공격의 빌미를 제공하는 커넥트와이즈의 취약점, 북한도 악용

https://boannews.com/media/view.asp?idx=127429&page=8&kind=1

- 중국 정부 지원 받는 해킹 그룹, 티베트 조직들과 인물들 염탐

https://boannews.com/media/view.asp?idx=127560&page=4&kind=1

https://thehackernews.com/2024/03/chinese-state-hackers-target-tibetans.html

# 랜섬웨어 / 정보유출

- SOME AMERICAN EXPRESS CUSTOMERS’ DATA EXPOSED IN A THIRD-PARTY DATA BREACH

https://securityaffairs.com/159964/data-breach/american-express-customers-data-exposed.html

- Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

https://thehackernews.com/2024/03/phobos-ransomware-aggressively.html

# 다크웹 / OSINT / 계정 / 피싱

- “작년 가장 큰 보안 위협은 신원 정보 탈취”

http://www.bikorea.net/news/articleView.html?idxno=39280

- New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users

https://thehackernews.com/2024/03/new-phishing-kit-leverages-sms-voice.html

- Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets

https://thehackernews.com/2024/03/over-225000-compromised-chatgpt.html

- 크롬·엣지·파이어폭스 등 자동 로그인 기능 악용한 계정 정보 탈취 주의

https://boannews.com/media/view.asp?idx=127565&page=3&kind=1

#AI 

- 인공지능 생태계에서도 공급망 공격이 시작되다

https://boannews.com/media/view.asp?idx=127358&page=12&kind=1

https://thehackernews.com/2024/03/over-100-malicious-aiml-models-found-on.html

- 생성형 인공지능 웜을 퍼트리는 멀웨어, 모델 전체를 감염시켜

https://boannews.com/media/view.asp?idx=127388&page=10&kind=

# 공급망

- 깃허브에서 울린 악성 패키지 홍수 주의보, 개발자들의 주의 요망

http://www.boannews.com/media/view.asp?idx=127390&kind=&sub_kind=

- 팀시티에서 발견된 초고위험도 취약점, 소프트웨어 공급망을 위협

https://boannews.com/media/view.asp?idx=127389&page=10&kind=4

https://thehackernews.com/2024/03/cisa-warns-of-actively-exploited.html

# 클라우드 

- 클라우드 보안 ‘공적1호’…러시아발 ‘APT29’

https://www.apple-economy.com/news/articleView.html?idxno=72901

- "클라우드 보안 이렇게 중요했어?" 보안 인식 꼴찌 한국 어쩌나

https://news.zum.com/articles/89253432?cm=entertain_home_rank

- [Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting - SANS Internet Storm Center

https://isc.sans.edu/diary/rss/30722

- CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices

https://www.cisa.gov/news-events/alerts/2024/03/07/cisa-and-nsa-release-cybersecurity-information-sheets-cloud-security-best-practices

# 기타

- 북한에 해킹 당한 사법부 전산망... 대법원, 압수수색 후 마지 못해 인정했다

https://boannews.com/media/view.asp?idx=127345&page=12&kind=1

- 아이돌 그룹 아이브·몬스타엑스·크래비티 유튜브 공식 채널 줄줄이 해킹

https://boannews.com/media/view.asp?idx=127387&page=10&kind=1

- 지난 해 사이버 범죄자들이 일으킨 피해는 125억 달러

https://boannews.com/media/view.asp?idx=127558&page=4&kind=1