2020년 2월 26일 보안정보 스크래핑

2월 26일 보안정보 스크래핑 

==================================================================== 

+ 주요 취약점 - Google은 Chrome에 대한 보안 업데이트를 발표 외 1건

1. Google은 Chrome에 대한 보안 업데이트를 발표
Google은 Windows, Mac 및 Linux 용 Chrome 버전 80.0.3987.122를 출시
- https://www.us-cert.gov/ncas/current-activity/2020/02/25/google-releases-security-updates-chrome

2. 중요한 취약점을 해결하기 위한 OpenSMTPD 릴리스 버전 6.6.4p1
OpenSMTPD는 중요한 취약점을 해결하기 위해 버전 6.6.4p1을 출시
- https://www.us-cert.gov/ncas/current-activity/2020/02/25/opensmtpd-releases-version-664p1-address-critical-vulnerability

==================================================================== 

+ 취약점 - Cisco Unified Contact Center Express Privilege Escalation 외 1건

 1. Cisco Unified Contact Center Express Privilege Escalation
Exploit Type:  privilege escalation vulnerability
- https://packetstormsecurity.com/files/156531/Cisco-Unified-Contact-Center-Express-Privilege-Escalation.html

 2. PHP-Fusion cross-site scripting
Exploit Type: XSS
- https://exchange.xforce.ibmcloud.com/vulnerabilities/176748

==================================================================== 

+ 보안이슈 - 4G와 5G 네트워크를 혼란스럽게 만들 임프포지티 공격법 개발돼 외 2건 

 1. 4G와 5G 네트워크를 혼란스럽게 만들 임프포지티 공격법 개발돼
LTE 망에는 사용자와 통신사가 상호 인증하는 기술이 있는데, 사용자의 데이터 무결성을 지켜주는 장치가 없음.
이를 악용하면 특정 통신사인 것처럼, 혹은 특정 사용자인 것처럼 공격자가 위장할 수 있음.
통신사 측에서 무결성 보호 단계를 하나 더 추가하면 되는데, 비용 부담이 있을 것임.
출처: 보안뉴스 (https://www.boannews.com/media/view.asp?idx=86626)

 2. “2년 간 금융업계서 발생한 API 공격 약 5억 건”
2019년 8월 금융 서비스업체 대상 최대 크리덴셜 스터핑 공격 발생...5,500만회 악성 로그인 시도
출처: 데일리시큐 (https://www.dailysecu.com/news/articleView.html?idxno=106657)

 3. Linux 및 OpenBSD 이메일 서버에서 새로운 OpenSMTPD RCE 취약점 발견
New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers
출처: THE HACKER NEWS (https://thehackernews.com/2020/02/opensmtpd-email-vulnerability.html)

====================================================================