[News] 2015.09

2015.09.30

[보안뉴스] [9월 설문조사] 지금껏 가장 뜨거웠던 보안 이슈 8가지 [Web]

[보안뉴스] 스마트폰 악성앱 감염시 응급치료해 드립니다. [Web]

2015.09.29

[ArsTechnica] Storing secret crypto keys in the Amazon cloud? New attack can steal them [Web]

[MalwareBytes] Skype Hacking Tool : A Sting in the Tail... [Web]

2015.09.28

[DarkMatters] New DDoS attack uses smartphone browsers [Web]

     - 자료

          2015.04.30     [CloudFlare] An intruduction to Javascript-based DDoS [Web]

          2015.09.25     [CloudFlare] Mobile Ad Networks as DDoS Vectors :  A Case Study [Web]

[IBM] Shifu Officially Spreads to the UK : Banks and Wealth Management Firms Beware [Web]

[MalwareBytes] Malvertising Via Google AdWords Leads to Fake BSOD [Web]

2015.09.24

[TrendLabs] Credit Card-Scraping Kasidet Builder Leads to Spike in Detections [Web]

[데일리시큐] 중국 해커그룹, 미 국무부 이메일 시스템에 침입 [Web]

2015.09.21

[Softpedia] iOS9 Lock Screen Bypass Gives Access to All Photos and Contacts [Web]

2015.09.19

[Softpedia] Ghost Push Android Malware Infects 600,000 New Users per Day [Web]

     - 자료

          2015.09.18 [CheetahMobile] "Ghost Push" : An Un-Installable Android Virus Infecting 600,000+ Users Per Day [Web]

2015.09.18

[NakedSecurity] Google fixes an Android Lollipop lockscreen bypass bug - how bad was it? [Web]

     - Keyword : Stagefright

2015.09.17

[HelpNetSecurity] 80% increase of malware on Windows devices [Web]

[Softpedia] The Dukes (APT29) : One of Russia's Cyber-Espionage Hacking Squads [Web]

     - 연관기사

          2015.09.20 [보안뉴스] 해커조직 듀크, 알고 보니 러시아의 꼭두각시 [Web]

[Paloalto] Novel Malware XCodeGhost Modifies XCode, Infects Apple iOS Apps And Hits App Store [Web]

     - Keyword : AppStore, iOS, XCode, XCodeGhost, 

     - 자료

          2015.09.18 [Paloalto] Malware XCodeGhost Infects 39 iOS Apps, Including WeChat, Affecting Hundreds of Millions of Users [Web]

2015.09.16

[DailyNK] "철도공사 전산망, 북한 소행 추정 해킹으로 뚫렸다." [Web]

[TEXAS] Android 5.x Lockscreen Bypass (CVE-2015-3860) [Web]

[SecurityWeek] Online Shop Selling Account Data Linked to CoreBoy Malware [Web]

[TrendMicro] Operation Iron Tiger : How China-Based Actors Shifted Attacks from APAC to US Targets [Web][PDF]

[DarkMatter] iPhone and MAC vulnerability opens the door to hackers [Web]

[ThreatPost] Google Patches Lastest Android Lockscreen Bypass [Web]

2015.09.15

[MBC] 코레일 전산망도 뚫렸다. 주요 정보 50여건 유출 [Web]

2015.09.14

[HelpNetSecurity] Tor Security improves as .onion becomes a special-use domain name [Web]

     - Keyword : Tor, onion

[NakedSecurity] Public library shelves plans to become part of Tor [Web]

[TrendLabs] How Command and Control Servers Remain Resilient [Web]

     - Keyword : ZeuS, POISON, CLACK, BOZOK, IXESHE, ESILE, DUNIHI, KELIHOS

[DarkMatters] DOE Hacked : 53 instrusions resulted in root compromises [Web]

     - Keyword : US Department of Energy

2015.09.12

[보안뉴스] 커뮤니티 사이트 뽐뿌 해킹! 회원정보 모두 유출 [Web]

     - Keyword : 뽐뿌, 190만건, SQLInjection

     - 연관기사

          2015.09.12 [울지않는벌새] 뽐뿌 해킹 사건과 hotvideo_0910_3.apk 파일과의 관계 [Web]

2015.09.11

[보안뉴스] 카스퍼스키랩이 말하는 한국 타깃 해커조직 5곳 [Web]

     - CozyDuke : 정부기관, 한국, 미국, 독일, 우즈베키스탄

     - Darkhotel : 기밀문서, 한국, 북한

     - Destover (=wiper) 

     - DarkSeoul : 금융기관

     - Winnti : 게임회사

[FireEye] SUCEFUL : Next Generation ATM Malware [Web]

     - Keyword : Brower Hooking, MITM, Hidden VNC bot (hvnc), WebInjection, CoreBotv2

[Scoop] [단독] 금융사 35곳 중 31곳 가상키보드, RCS에 뚫렸다 [Web]

2015.09.10

[welivesecurity] Aggressive Android ransomware spreading in the USA [Web]

     - Keyword : PinLock, Lockerpin.A

[TheHackerNews] Russian Hackers Hijack Satellite To Steal Data from Thousands of Hacked Computers [Web]

     - Keyword : Satellite

[IBM] An Overnight Sensation - CoreBot Returns as a Full-Fledged Financial Malware [Web]

[TheHacherNews] 11Million Ashley Madison Passwords Cracked in Just 10 Days [Web]

2015.09.09

[IBM] Certificates-as-a-Service? Code Signing Certs Become Popular Cybercrime Commodity [Web]

2015.09.08

[Darknet] Gcat - Python Backdoor Using Gmail For C&C [Web]

[Symantec] Microsoft Patch Tuesday - September 2015 [Web]

     - Keyword : MS15-094, MS15-095, MS15-096, MS15-097, MS15-098, MS15-099, MS15-100, MS15-101, MS15-102, MS15-103, MS15-104, MS15-105

* [SecureList] Attacking Diffie-Hellman protocol implementation in the Angler Exploit Kit [Web]

[NakedSecurity] Gozi banking Trojan co-author pleads guilty [Web]

[HelpNetSecurity] Vulnerabilities in WhatsApp Web affect 200 million users globally [Web]

[HelpNetSecurity] Carbanak APT still targeting high-value financial institutions and casinos [Web]

     - 유사변종/진단명 : Carbanak, Win32/Spy.Sekur, Win32/Spy.Agent.ORM, Win32/Wemosis

     - Keyword : CVE-2015-1770, CVE-2015-2426, PDF, DOC, RTF

[HelpNetSecurity] Android ransomware masquerades as Adult Player app, takes photo of victim [Web]

[ThreatPost] Adobe Patches Two Shockwave Player Vulnerabilities [Web]

     - Keyword : CVE-2015-6680, CVE-2015-6681

[TheRegister] Hacker drops zero-day, opens FireEye fire sale [Web]

[Softpedia] AppLock Android App Rendered Useless by Security Researchers [Web]

[welivesecurity] Carbanak gang is back and packing new guns [Web]

2015.09.07

[SCMagazine] Hackers spread malware via Yahoo ads [Web]

[V3.co.uk] Mozilla admits Bugzilla account hack led to Firefox Attacks [Web]

     - 연관기사

          2015.09.04 [ThreatPost] Attacker Compromised Mozilla Bug System, Stole Private Vulnerability Data [Web]

[MalwareBytes] A Week in Security (8.30 ~ 9.5) [Web]

[Gartner] APT Attacks Will Seek Smaller Targets [Web]

* [Softpedia] Zero-Day Vulnerability Found in FireEye Antivirus [Web]

* [Softpedia] Zero-Day Vulnerability Found in Kaspersky Antivirus [Web]

     - 연관기사

          2015.09.07 [SecurityWeek] Kaspersky Patches Critical Vulnerability in Antivirus Products [Web]

* [Softpedia] Avira's Mobile Security iOS App Exposes Credentials in Cleartext [Web]

* [동아] 국내 불법도박 프로그램 북 정찰총국이 제작유통 [Web]

[FoxIt] The State of Ransomware in 2015 [Web]

2015.09.06

[IBM] The InfoSecond (8.31 ~ 9.4) : Shifu, CoreBot, Protecting Universities and More [Web]

2015.09.04

[MalwareBytes] A look at the OS X "BrokenChain" vulnerability [Web]

     - 연관기사 

          2015.08.03 [MalwareBytes] DYLD_PRINT_TO_FILE exploit found in the wild [Web]

          2015.08.31 [MalwareBytes] Genieo installer tricks keychain [Web]

[Softpedia] 24 Chinese Android Smartphone Models Come With Pre-Installed Malware [Web]

[Heimdal] Security Alert : Over 142 Million Legitimate Websites Could Deliver Ransomware Because of Script Injection Compromise [Web]

     - Keyword : ransomware

2015.09.03

[ArsTechnica] Android ransomware uses XMPP chat to call home, claims it's from NSA [Web]

[BankInfoSecurity] Gartner : Security Spending to Grow 8.3% [Web]

[SecurityWeek] New Version of Carbanak Malware Spotted in Attacks [Web]

     - 연관기사

          2015.02.15 [SecurityWeek] Hackers Hit 100 Banks in "Unprecedented" $1 Billion Cyber Heist : Kaspersky Lab [Web]

     - 자료

          [Kaspersky] CarBanak : APT The Great Bank Robbery [PDF]

          [TrendMicro] Joke or Blunder : Carbanak C&C Leads to Russia Federal Security Service [Web]

          [BlueCoat] Carbanak / Anunak in BlueCoat malware analysis appliance [Web]

          [CSIS] Carbanak returns [Web]

2015.09.02

[HelpNetSecurity] Major browser makers synchronize end of support for RC4 [Web]

     - Summary : 2016년 초(1월 또는 2월부터) Firefox, Google. MS 브라우저에서 RC4를 사용하기로 합의

[HelpNetSecurity] Popular Android AppLock app full of gaping security holes [Web]

     - Summary : 개인보호용으로 사용하는 "AppLock" App이 취약점으로 무력화가 가능

[HelpNetSecurity] 95% of websites in 10 new TLDs are suspicious [Web]

[TheHackerNews] FBI's Cyber Task Force Identifies Stealthy FF-RATs used in Cyber Attack [Web]

[Bloter] 구글, MS, 아마존, 모질라..차세대 동영상 코덱 개발 "맞손" [Web]

[ArsTechnica] Lizard Squad launches DDoS against UK law enforcement agency [Web]

[SecurityWeek] GPU Malware Not Difficult to Detect : Intel [Web] [PDF]

     - 연관기사

          2015.05.08 [SecurityWeek] PoC Linux Rootkit Uses GPU to Evade Detection [Web]

[Softpedia] Shifu Banking Trojan Comes with Its Own Antivirus to Keep Other Malware at Bay [Web]

[Zdnet] Webroot launches IoT toolkit to protect connected home devices [Web]

[DarkMatters] Sweet dreams? IoT baby monitors are hackable [Web]

[TheHackerNews] Critical OS X Flaw Grants Mac Keychain Access to Malware [Web]

2015.09.01

[데일리시큐] 이메일 해킹 통해 거래계좌 변경 유도, 사이버 사기 주의 [Web]

     - 자료

          [FireEye] An Inside Look Into the World of Nigerian Scammers [PDF]

[CheckPoint] Global XMPP Android Ransomware Campaign Hits Tens of Thousands of Devices [Web]

[SCMagazine] New Scanner Detects thousands of vulnerable Android apps [Web]

     - 자료

          [USENIX] Finding Unknown Malice in 10 Seconds_Mass Vetting for New Threats at the Google-Play Scale [PDF]

[MalwareBytes] A Week in Security (8.23 ~ 8.29) [Web]

[연합뉴스] "미, 중-러 정보기관 '해킹 합작' 정황 포착" [Web]

[Krebsonsecurity] Like Kasperkey, Russian Antivirus Firm Dr.Web Tested Rivals [Web]

이 글은 Evernote에서 작성되었습니다. Evernote는 하나의 업무 공간입니다. Evernote를 다운로드하세요.