2020년 3월 31일 보안정보 스크래핑

3월 31일 보안정보 스크래핑 

==================================================================== 

+ 주요 취약점 - 특이사항 없음

==================================================================== 

+ 취약점 - WordPress Event-Registration 5.43 Arbitrary File Upload 외 1건

 1. WordPress Event-Registration 5.43 Arbitrary File Upload
vulnerability type: arbitrary file upload vulnerability
- https://packetstormsecurity.com/files/156960/WordPress-Event-Registration-5.43-Arbitrary-File-Upload.html

 2. Joomla! com_fabrik 3.9.11 - Directory Traversal
vulnerability type: Directory Traversal
- https://www.exploit-db.com/exploits/48263

==================================================================== 

+ 보안이슈 - ‘텔레그램 n번방 전체회원 신상공개’된다고? 알고 보니 스미싱 공격 외 2건

 1. ‘텔레그램 n번방 전체회원 신상공개’된다고? 알고 보니 스미싱 공격
'TTN（속보）N번방 전체회원 신상공개 https://bit.ly/xxxxxxx’ 문자로 유포
URL 클릭해 악성앱 다운로드 및 설치 시 스마트폰 정보 대부분 해커에게 전송
출처: 보안뉴스 https://www.boannews.com/media/view.asp?idx=87271

 2. 더 정교해진 ‘네이버 사칭 피싱 메일’ 발견... 정부지원 해커 공격
최근 네이버와 다음카카오 등 메일 서비스 사칭한 공격 증가
피싱공격 늘면서 사람들 관심 옅어져... 실제로는 거대 공격의 한 흐름
네이버는 자사에서 메일 보낼 경우 N 로고로 표시
출처: 보안뉴스 https://www.boannews.com/media/view.asp?idx=87266

 3. 베스트바이에서 USB를 보내줬다? 정성스런 USB 공격 발견돼
이상한 공격자들, USB를 표적에게 직접 소포로 보내는 공격 기법 선보임.
USB는 일명 배드USB로 꼽으면 바로 악성 코드가 컴퓨터에 심겨짐.
흔하고 친숙하기 때문에 신뢰도 높은 USB에 대한 인식을 노린 공격.
출처: 보안뉴스 https://www.boannews.com/media/view.asp?idx=87270

====================================================================