2020년 3월 9일 보안정보 스크래핑

3월 9일 보안정보 스크래핑 

==================================================================== 

+ 주요 취약점 - Cisco Releases Security Updates
 1. Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities affecting multiple products.
- https://www.us-cert.gov/ncas/current-activity/2020/03/05/cisco-releases-security-updates

==================================================================== 

+ 취약점 - Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload 외 1건

 1. Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload
Exploit Type: traversal path vulnerability
- https://packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html

 2. PHP-FPM 7.x Remote Code Execution
Exploit Type: Remote Code Execution
- https://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html

==================================================================== 

+ 보안이슈 - 다크웹까지 찾아볼 수 있게 해주는 검색엔진, 킬로스 외 2건 

 1. 다크웹까지 찾아볼 수 있게 해주는 검색엔진, 킬로스
다크웹까지 검색할 수 있게 해주는 서비스, 킬로스 등장.
이전 검색엔진이었던 그램즈의 뒤를 잇는 것으로, 배후 세력 비슷할 것으로 추측됨.
머신러닝 알고리즘도 있어 시간이 지나면서 성능 좋아질 것으로 보이나, 안정성은 물음표.
출처: 보안뉴스 (https://www.boannews.com/media/view.asp?idx=86825)

 2. 안전을 위해 선택한 재택근무, 보안도 고려하셨나요?
안전하고 편리한 재택근무를 위한 제품들 많아...최근에는 협업 솔루션 부각돼
출처: 보안뉴스 (https://www.boannews.com/media/view.asp?idx=86830)

 3. ‘보안 인증서가 만료되었다’는 메시지를 클릭하면 큰일
일부 웹사이트에 접속할 경우 ‘보안 인증서를 갱신하시오’라는 경고가 뜸.
이를 클릭하면 모크스나 보에락이라는 멀웨어가 다운로드 됨.
보안 인증서를 테마로 한 피싱 공격, 앞으로 증가할 것.
출처: 보안뉴스 (https://www.boannews.com/media/view.asp?idx=86823)

====================================================================