¿À´ÃÀÇ Å°¿öµå : ǪµéÀÇ ±Íȯ, MS ÆÐÄ¡, ¾îµµºñ ÆÐÄ¡, Åжó
SSL v3 ÇØ°áÇß´õ´Ï TSL Ÿ°í µÇµ¹¾Æ¿Â Ǫµé
MS, ¾îµµºñ ÆÐÄ¡ ²ÙÁØ, °·ÂÇÑ Åжó ¸Ö¿þ¾î À̹ø¿£ ¸®´ª½º °Ü³É
[º¸¾È´º½º ¹®°¡¿ë] ǪµéÀÌ µ¹¾Æ¿Ô½À´Ï´Ù! MSÀÇ Á¤±â ÆÐÄ¡µµ ÀÖ¾ú°í, ¾îµµºñ ¿ª½Ã ÆÐÄ¡ ÀÛ¾÷À» ´Ù Çß½À´Ï´Ù. ³Ê¹« °·ÂÇؼ Á¤ºÎ Â÷¿ø¿¡¼ ºÎ¼¸¦ ½Å¼³ÇßÀ» Á¤µµÀÎ Åжó(Turla) ¸Ö¿þ¾î°¡ ¿ø °ø°Ý Ÿ±êÀº À©µµ¿ì¸¦ ³Ñ¾î IoT¿¡¼ ±¤¹üÀ§ÇÏ°Ô »ç¿ëµÇ°í ÀÖ´Â ¸®´ª½º¸¦ ³ë¸®´Â Á¤È²ÀÌ ¹ß°ßµÇ¾ú´Ù°í ÇÕ´Ï´Ù. Ǫµé¿¡ Åжó¿¡, ÁÁÁö ¾ÊÀº ºÎÈ° ¼Ò½ÄÀÌ ÇÑÇØ ¸¶¹«¸®¸¦ ÂóÂóÇÏ°Ô ÇÕ´Ï´Ù.
1. Ǫµé °ø°Ý, TLS¿¡¼µµ ÅëÇÏ´Â °ÍÀ¸·Î µå·¯³ª(Security Week)
http://www.securityweek.com/poodle-attacks-also-work-against-tls-researchers
Á»ºñ °°Àº Ǫµé, À̹ø¿£ TLS¿¡ ±â»ý(The Register)
http://www.theregister.co.uk/2014/12/09/zombie_poodle_wanders_in_cocks_leg_on_tls/
Àü¹®°¡µé, ¡°Çªµé °ø°ÝÀ¸·Î TLS¿¡µµ ¿µÇâ ÁÖ´Â °ÍÀÌ °¡´É¡±(Threat Post)
http://threatpost.com/researchers-say-poodle-attack-affects-some-tls-implementations/109764
Ǫµé ºÎÈ°, Àü ¼¼°è À¥ »çÀÌÆ® 10% ¾Ç¿µÇâ(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/poodle-returns-to-torment-10-of/
Ǫµé ¶§¹®¿¡ ¹Ù·Î ÇѵΠ´Þ Àü¿¡ ³¸®°¡ ³µ¾úÁÒ. SSL v3À» ÅëÇÑ °ø°ÝÀÎ °É ¾Ë°í Å©·Ò, ÆÄÀ̾îÆø½º µî °¢Á¾ ´ëÇü ºê¶ó¿ìÀúµéÀÌ ¼µÑ·¯ SSL v3¸¦ ºñÈ°¼ºÈ ½ÃÅ°´Â »õ·Î¿î ¹öÀüÀ» ³»³õÀ» Á¤µµ·Î Å« »ç°ÇÀ̾ú½À´Ï´Ù. ±×·¸°Ô ¸êÁ¾½ÃŲ ÁÙ ¾Ë¾Ò´ø, ȤÀº ´ëó°¡ ºü¸£°Ô ÀÌ·ç¾îÁø °ÍÀ¸·Î ¾Ë¾Ò´ø ǪµéÀÌ À̹ø¿£ TLS¸¦ Ÿ°í ´Ù½Ã µ¹¾Æ¿Ô½À´Ï´Ù. Á¤È®È÷ ¸»Çϸé TLS¿¡ ÀÖ´Â CVE-2014-8730 Ãë¾àÁ¡À» ÅëÇÑ °ø°ÝÀÌ °¡´ÉÇÏ´Ù´Â °Ô ¹àÇôÁø °ÍÀä, ÀÌ´Â ¾à Àü ¼¼°è ¼¹öÀÇ ¾à 10%°¡ Ãë¾àÇÏ´Ù´Â ¶æÀ̶ó°í ÇÕ´Ï´Ù. ÀÎÅͳÝÀÇ À¯Åë±âÇÑ ¾ø´Â ¼Ó¼ºÀÌ ¸Ö¿þ¾î¿¡µµ ±×´ë·Î Àû¿ëÀÌ µÇ´Â °Í °°½À´Ï´Ù. À¯Åë±âÇÑÀ» °ÅºÎÇÏ´Â ¼¼Æ÷°¡ ½ÇÁ¦ ¿ì¸® ¸öÀÇ ¾Ï¼¼Æ÷¶ó°í ÇÏ´Ï, ¿ì¸° ¾î¼¸é ¾Ï°ú ´ëÇ×ÇÏ°í ÀÖ´Â °ÍÀÎÁöµµ ¸ð¸£°Ú½À´Ï´Ù.
2. MS, Ä¡¸íÀûÀÎ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥(Security Week)
http://www.securityweek.com/microsoft-releases-critical-ie-security-update-patch-tuesday
MS, ¼¼ °¡Áö Ä¡¸íÀûÀÎ ¹ö±× Æ÷ÇÔ ÃÑ 25°³ÀÇ ¹ö±× ¼öÁ¤(SC Magazine)
http://www.scmagazine.com/patch-tuesday-addressed-25-cves-with-seven-bulletins/article/387446/
IE, SChannel Æ÷ÇÔÇÑ ÆÐÄ¡ ¹ßÇ¥(Threat Post)
http://threatpost.com/ie-schannel-bulletins-re-released-with-patch-tuesday-updates/109782
2015³âÀÌ ´Ù µÇ¾î°¡´Âµ¥, ¾ÆÁ÷µµ ºñÁÖ¾ó º£ÀÌÁ÷ ½ºÅ©¸³Æ®°¡ ÀÖ´Ù?(The Register)
http://www.theregister.co.uk/2014/12/09/year_ends_with_seven_microsoft_patch_tuesday_fixes/
Áö³ ¹ã, MS¿¡¼ »õ·Î¿î ÆÐÄ¡¸¦ ¹ßÇ¥Çß½À´Ï´Ù. ÃÑ 25°¡ÁöÀÇ Ãë¾àÁ¡À» ¼öÁ¤Çß°í, ±× Áß ¼¼ °³´Â Ä¡¸íÀûÀÎ ¼öÁØÀ¸·Î ºÐ·ù°¡ µÇ¾ú½À´Ï´Ù. ƯÈ÷ Exchange, IE, ¿ÀÇǽº, À©µµ¿ì Á¦Ç°±º¿¡¼ ÀÌ 25°¡Áö Ãë¾àÁ¡ÀÌ ¹ß°ßµÆ°í, À̸¦ À̹ø¿¡ ÀüºÎ ¼öÁ¤ÇÑ °ÍÀ̶ó°í Çϴµ¥¿ä, Àü¹®°¡µé ¿ª½Ã À̹ø ÆÐÄ¡¸¦ »¡¸® Àû¿ëÇÏ´Â °Ô ÁÁÀ» °ÍÀ̶ó°í ±ÇÀåÇÏ°í ÀÖ½À´Ï´Ù. ÀÚ, ÀÌÁ¦ ¸çÄ¥ ¾È¿¡ ±î°Å³ª Âù¾çÇϰųª ¾î¶² ¼Ò¸®°¡ ³ª¿ÃÁö ±â´Ù·Áº¾½Ã´Ù.
3. ¾îµµºñ, Ç÷¡½Ã Ç÷¹À̾î ÆÐÄ¡·Î °ø°Ý¿¡ ¾Ç¿ëµÇ´Â Ãë¾àÁ¡ ¼öÁ¤(Threat Post)
http://threatpost.com/adobe-patches-flash-player-vulnerability-under-attack/109773
¾îµµºñ, Ç÷¹½Ã Ç÷¹ÀÌ¾î ¹ö±× ÆÐÄ¡ÇØ(SC Magazine)
http://www.scmagazine.com/adobe-release-addresses-flash-player-bug-being-actively-targeted-includes-other-critical-fixes/article/387421/
¾îµµºñ¿¡¼µµ ¸®´õ¿Í ¾ÆÅ©·Î¹î¿¡ Ãë¾àÁ¡ÀÌ ÀÖ´Ù´Â ¹ßÇ¥¸¦ ÇÏ°í ±×¿¡ ´ëÇÑ ÆÐÄ¡¸¦ ¹ßÇ¥Çß½À´Ï´Ù. ±×·±µ¥ ¿©±â¿¡´Â ¿¹°í¿¡ ¾ø´ø Ç÷¡½Ã Ç÷¹À̾î Ãë¾àÁ¡ ÆÐÄ¡µµ Æ÷ÇԵǾî ÀÖ´Â °ÍÀ¸·Î µå·¯³µ½À´Ï´Ù. ÃÖ±Ù ÇØÄ¿µéÀÌ È°¹ßÇÏ°Ô ¾Ç¿ëÇÏ°í ÀÖ´ø Ç÷¡½Ã Ç÷¹À̾î Ãë¾àÁ¡ ¿©¼¸ °¡Áö°¡ Æ÷ÇԵǾî ÀÖ°í¿ä, ÀÌ´Â PC ¹× ¸ÅŲÅä½Ã »ç¿ëÀÚ ¸ðµÎ¸¦ À§Çè¿¡ ³ëÃâ½ÃÅ°´ø °ÍÀ̾ú½À´Ï´Ù. ±×¹Û¿¡ ¿¹°í°¡ µÇ¾ú´ø ¸®´õ¿Í ¾ÆÅ©·Î¹î¿¡¼´Â 20°³ÀÇ Ä¡¸íÀûÀÎ Ãë¾àÁ¡ÀÌ ÇØ°áµÇ¾ú½À´Ï´Ù.
4. ¸®´ª½º ¸ðµâ, Åжó APT¿ÍÀÇ Ä¿³Ø¼Ç ¹ß°ß(Threat Post)
http://threatpost.com/linux-modules-connected-to-turla-apt-discovered/109765
¸®´ª½º ¼ÒÇÁÆ®¿þ¾î Áú ³ª»Û ¿Â¶óÀÎ °ø°Ý¿¡ ¾Ç¿ëµÅ(The Register)
http://www.theregister.co.uk/2014/12/09/deadly_snake_lurks_in_watering_hole_bites_linux/
»õ·ÎÀÌ ¹ß°ßµÈ Åжó ¸Ö¿þ¾î, ¸®´ª½º ½Ã½ºÅÛ ³ë·Á(Security Week)
http://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems
¸®´ª½º¿Í ÅÐ¶ó°¡ ÀÌ ±â»çµéÀÇ Å°¿öµåÀÎ °Ç ºÐ¸íÇѵ¥ Çìµå¶óÀθ¸ ºÁ¼´Â ¹«½¼ ÀÏÀÎÁö´Â Á¤È®È÷ ¸ð¸£°Ú³×¿ä. ¸ÕÀú ÅÐ¶ó°¡ ¹ºÁö ¾Ë¾Æ¾ß ÇÕ´Ï´Ù. Åжó(Turla) APT´Â ¹éµµ¾î ¸Ö¿þ¾îÀÇ ÀÏÁ¾À¸·Î À©µµ¿ìXP ¹× À©µµ¿ì ¼¹ö 2003ÀÇ Á¦·Îµ¥ÀÌ ¹× ¾îµµºñ ¸®´õÀÇ Á¦·Îµ¥ÀÌ Ãë¾àÁ¡À» °ø·«ÇØ ½Ã½ºÅÛÀÇ ±ÇÇÑÀ» ÇØÄ¿°¡ °¡Á®°¡µµ·Ï ÇÏ´Â ±â´ÉÀ» ¼öÇàÇÕ´Ï´Ù. ¾îÂ °·ÂÇÑÁö ¹Ì±¹ÀÇ »çÀ̹ö Ä¿¸Çµå(US Cyber Command)°¡ â¼³µÇ±â¿¡ À̸£·¶ÁÒ. ±× ¾Ç¸í ³ôÀº ¸Ö¿þ¾î°¡ ÀÌÁ¦ ¸®´ª½º ½Ã½ºÅÛ¿¡±îÁö ¼ÕÀ» »¸Ä¡°í ÀÖ´Ù°í ÇÏ´Â °Ì´Ï´Ù. ¸®´ª½º¶ó¸é IoTÀÇ °¡Àå ÁÖ·ù ±â¹Ý OSÁÒ. ÅжóÀÇ °·ÂÇÔ°ú ¸®´ª½ºÀÇ ±¤¹üÀ§ÇÔÀÌ ÇÕÇØÁö¸é, ±× ¿©ÆÄ°¡ ÀÛÁö ¾Ê°Ú´Ù´Â °Ç »ó»óÀÌ °¡´ÉÇÕ´Ï´Ù.
5. ¼ÒÇÁÆ®¿þ¾î Ãë¾àÁ¡, ¿ÃÇØ 40% Áõ°¡ÇÒ µí(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/software-vulnerabilities-set-to/
¼ÒÇÁÆ®¿þ¾î Ãë¾àÁ¡ °³¼ö°¡ ¸Å³â Áõ°¡ÇØ¿À´Â Ãß¼¼ÀÔ´Ï´Ù. ±× Áß 2014³âÀº ƯÈ÷³ª ¾öû³ Áõ°¡ÆøÀ» º¸¿©ÁÙ µí ÇÏ´Ù´Â Åë°è°¡ ³ª¿Ô½À´Ï´Ù. ¿¬¸»±îÁö ÀÌ´ë·Î °¡¸é À۳⿡ ºñÇØ 40%³ª Áõ°¡ÇÒ µí Çѵ¥¿ä, ÀÌ´Â ¿Ã ÇÑÇظ¦ Á¤¸®ÇÑ´Ù´Â Àǹ̺¸´Ù ´Ù°¡¿À´Â 2015³â¿¡ Ãë¾àÁ¡ ¾çÀÌ ´õ Å« ÆøÀ¸·Î Áõ°¡ÇÒ °¡´É¼ºÀ» Á¦±âÇÏ´Â °ÍÀ̱⠶§¹®¿¡ ¡®¹«½Ã¹«½ÃÇÑ¡¯ Åë°èÀÎ °ÍÀÌÁÒ. °Ô´Ù°¡ ÀÚÆøÇÏ´Â ¡®µ¥½ºÅä¹ö¡¯´Ï, ¸ðµâÈ ±â´ÉÀÌ ÀÖ¾î ¹«±Ã¹«ÁøÇÑ º¯È°¡ °¡´ÉÇÑ ¡®·¹±ä¡¯ÀÌ µîÀåÇÑ ½ÃÁ¡¿¡¼ ¾ç±îÁö ÀÌ·¸°Ô ´Ã¾î³´Ù´Ï, ÀÔ¸ÀÀÌ ¾¹¾µÇÕ´Ï´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>