2020년 1월 29일 보안정보 스크래핑

1월 29일 보안정보 스크래핑

=================================================

+ 주요 취약점 - Apple, 여러 가지 보안 업데이트 발표 외 1건

1. Apple, 여러 가지 보안 업데이트 발표
tvOS 13.3.1
Safari 13.0.5
iOS 13.3.1 및 iPadOS 13.3.1
macOS Catalina 10.15.3, 보안 업데이트 2020-001 Mojave, 보안 업데이트 2020-001 High Sierra
- https://www.us-cert.gov/ncas/current-activity/2020/01/28/apple-releases-multiple-security-updates

2. Citrix 제품군 취약점 보안 업데이트 권고
Citrix 社는 자사 제품군의 취약점을 해결한 보안 업데이트 발표
공격자는 취약점을 악용하여 피해를 발생시킬 수 있으므로, 해당 Citrix 제품을 사용하는 이용자들은 Citrix 홈페이지를 참고하여 조치 권고
- https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35250

=================================================

+ 취약점 - Apache 관련 제품 취약점

1. Apache 관련 제품 취약점
Apache Jackrabbit information disclosure (CVE-2020-1940)
** (Apache Jackrabbit는 Java 플랫폼을위한 오픈 소스 컨텐츠 저장소)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/175155

Apache Superset information disclosure (CVE-2020-1932)
** (Apache Superset는 오픈소스 웹기반의 데이터 시각화 BI툴)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/175154

Apache NiFi information disclosure (CVE-2020-1928)
** (Apache NiFi는 소프트웨어 시스템 간 데이터 흐름을 자동화하도록 설계된 소프트웨어)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/175153

Apache NiFi cross-site scripting (CVE-2020-1933)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/175152

=================================================

+ 보안정보 - 中 당국 “12월 정보보안 취약점 1,250개 확인” 외 2건

1. 中 당국 “12월 정보보안 취약점 1,250개 확인”
국가인터넷응급센터 “고위험급 취약점 500개, 중위험급 650개”
애플리케이션·웹 애플리케이션·운영체제 부문에서 보안취약점 많이 탐지돼
- https://www.boannews.com/media/view.asp?idx=86002

2. 윈도우 RDG에서 발견된 두 가지 취약점, 개념증명 익스플로잇 등장
원격 데스크톱 게이트웨이에서 최근 두 가지 치명적 취약점 패치됨.
다양한 개념증명용 코드가 발표되기 시작하면서 위험 가능성은 더 높아짐.
패치를 적용할 수 없다면 특정 UDP 포트를 비활성화 해야 안전.
- https://www.boannews.com/media/view.asp?idx=86003

3. 미쓰비시 일렉트릭 해킹 사건, 트렌드 마이크로의 솔루션이 문제였다?
일본과 한국 주로 공격하는 중국의 해킹 단체 틱, 미쓰비시 일렉트릭 해킹함.
각종 지적재산과 영업 기밀이 도난당한 것으로 알려져 있음.
이들이 활용한 건 트렌드 마이크로의 오피스스캔이라는 솔루션.
- https://www.boannews.com/media/view.asp?idx=86000

=================================================