Home > Àüü±â»ç

[±Û·Î¹ú ´º½º Ŭ¸®ÇÎ] ¡°MS, ÆÐÄ¡ °øÁö À¯·áÈ­¡± èâ

ÀÔ·Â : 2015-01-09 11:50
ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

¿À´ÃÀÇ Å°¿öµå : MS, OpenSSL, ¹Ìµð¾î ÇØÅ·, ¸Æ, ½ºÀ§½ºÀºÇà

MS ¡°ÆÐÄ¡ ÀÚµ¿È­·Î »çÀü ¿¹°í ÇÊ¿ä ¾ø¾î¡±, ¾÷°è ¡°ÈÄÁøÀûÀÎ »ç°í¡±

»õÇظ¦ ¸Â¾Æ Ãë¾àÁ¡ ¹× ¸Ö¿þ¾î ´Ù·®À¸·Î ½ñ¾ÆÁö°í ÀÖ¾î


[º¸¾È´º½º ¹®°¡¿ë] MS¿¡¼­ ¸Å´Þ ÁøÇàÇÏ´Â Á¤±â ÆÐÄ¡°¡ ÀÚµ¿È­µÇ¸é¼­ ÆÐÄ¡ ÀÏÁÖÀÏ Àü¿¡ ¹Ì¸® ÆÐÄ¡ ³»¿ëÀ» °øÁöÇÏ´ø ¼­ºñ½º°¡ ¾ø¾îÁ³½À´Ï´Ù. ¾ø¾îÁ³´Ù±âº¸´Ù ÀÌÁ¦ µ·À» ³»¾ß¸¸ ¿­¶÷ÀÌ °¡´ÉÇÕ´Ï´Ù. ¡®ÀÚµ¿È­ ¶§¹®¿¡ ÀÌÁ¦ »çÀü °øÁö¸¦ ´«¿©°Ü º¸´Â »ç¿ëÀÚ°¡ ±ØÈ÷ µå¹°´Ù¡¯´Â °Ô MSÀÇ ÀÔÀåÀÌÁö¸¸ ¾÷°è´Â ¡®Ãë¾àÁ¡°ú ÆÐÄ¡ °ü¸®¸¦ ¾Ë¾Æ¼­ ÇÏ´Ï Âï ¼Ò¸®µµ ¸»°í µû¸£¶ó´Â °ÍÀ̳ġ¯¸ç ¹Ý¹ßÇÏ°í ÀÖ½À´Ï´Ù.

 

 ¡ã ÀÚ, ÀÌÁ¦ºÎÅÍ´Â µ·À» ³»¾ß ÇÕ´Ï´Ù.

¾îÁ¦ ¿À´Ã, Ãë¾àÁ¡µµ ¸¹ÀÌ ¹ß°ßµÇ°í ¸Ö¿þ¾îµµ ¸¹ÀÌ ¹ß°ßµÇ°í ÀÖ½À´Ï´Ù. ºÐ¾ß°¡ ¹«¾ùÀ̵ç 2015³â¿¡´Â ¿­½ÉÈ÷ »ì°Ú´Ù´Â »õÇØ °á½ÉÀÌ º¸¾È ¾÷°è³ª ÇØÄ¿µé »çÀÌ¿¡¼­ ¾ÆÁ÷±îÁö »ì¾ÆÀÖ³ª º¾´Ï´Ù. ±× ¿ÍÁß¿¡ ¸Ö¹öŸÀÌ¡À¸·Î ¼¼°èÀÇ °¢Á¾ ¾ð·Ð»ç°¡ ÇØÅ· À¯Æ÷ »çÀÌÆ®·Î º¯Çß°í, Áß±¹Àº °æÂûµéÀÌ ¸Ö¿þ¾î¸¦ »ç¿ëÇØ ½Ã¹ÎµéÀ» °¨½ÃÇÑ °ÍÀ¸·Î µå·¯³µ½À´Ï´Ù. 2015³â ÃʹݺÎÅÍ ÆĶõ¸¸ÀåÇÕ´Ï´Ù.


1. MS, Á¤±â ÆÐÄ¡ ¿¹°í ¼­ºñ½º ÀÏ¹Ý ´ëÁß¿¡°Õ Áß´Ü(Security Week)

http://www.securityweek.com/microsoft-no-longer-making-patch-tuesday-advanced-notification-available-general-public


MS ¡®È­¿äÀÏ ÆÐÄ¡¡¯ ³»¿ë, ÀÌÁ¦ ÇÁ¸®¹Ì¾î °í°´¿¡°Ô¸¸ °ø°³(Threat Post)

http://threatpost.com/microsoft-limits-advanced-patch-notifications-to-premier-customers/110294

¸Å´Þ Áß¼ø¿¡ °¡±î¿î È­¿äÀÏ MS°¡ Á¤±â ¾÷µ¥ÀÌÆ®¸¦ ÇÕ´Ï´Ù. ÀÌ ÀüÅëÀÌ Çϵµ À¯¸íÇØÁ®¼­ À̸§±îÁö ºÙ¾úÁÒ. ÆÐÄ¡ Æ©½ºµ¥ÀÌ(Patch Tuesday)¶ó°í¿ä. ±×¸®°í ÀÌ ÆÐÄ¡ Æ©½ºµ¥ÀÌ ÀÏÁÖÀÏ Àü¿¡´Â ÆÐÄ¡ ³»¿ëÀ» ±¸¼ºÇÏ´Â ³»¿ëÀÌ ¹«¾ùÀÎÁö »çÀü¿¡ ¾Ë·ÁÁÖ´Â ¼­ºñ½º(Advanced Patch Notification : ANS)µµ Çß¾ú½À´Ï´Ù. ÆÐÄ¡¸¦ Àû¿ëÇϱâ 1ÁÖÀÏ Àü¿¡ ¹Ì¸® °èȹÀ» ¼¼¿ì°í ´ëºñ¸¦ Ç϶ó´Â ¹è·Á¿´ÁÒ. ½ÇÁ¦ ¸¹Àº »ç¿ëÀÚµéÀÌ ÆÐÄ¡¸¦ ½Ã½ºÅÛ¿¡ Àû¿ëÇϱâ À§ÇØ 1ÁÖÀÏ Àü¿¡ ¿¹°íµÇ´Â ÀÌ ³»¿ëÀ» ÁÖÀÇ ±í°Ô »ìÆñ½À´Ï´Ù. ±×·±µ¥ MS¿¡¼­ ÀÌ ¼­ºñ½º¸¦ Áß´ÜÇϱâ·Î Çß½À´Ï´Ù. ÆÐÄ¡´Â ±×´ë·Î À̾îÁöÁö¸¸, ¿¹°í¸¦ ÇÏÁö ¾Ê°Ú´Ù´Â °Ì´Ï´Ù. MS´Â ÀÚµ¿ ¾÷µ¥ÀÌÆ®°¡ È°¼ºÈ­µÇ¾ú±â ¶§¹®¿¡ ¾Æ¹«µµ ÆÐÄ¡ ³»¿ëÀ» ¾Ö½á µé¿©´Ùº¸·Á ÇÏÁö ¾Ê±â ¶§¹®À̶ó°í ÇÕ´Ï´Ù. ÇÏÁö¸¸ À¯·á °í°´¿¡°Õ °è¼Ó ¼­ºñ½º¸¦ ÇÒ ¿¹Á¤À̶ó°í ÇÕ´Ï´Ù. Áï, ¹«·á ¼­ºñ½º°¡ À¯·áÈ­µÈ °ÍÀÔ´Ï´Ù. ´ç¿¬È÷ ¾÷°è ¹Ý¹ßÀÌ ½ÉÇÕ´Ï´Ù. ´ëºÎºÐ À̹ø °áÁ¤À» µÎ°í ¡°ÆÐÄ¡ °í¹Î ÇÒ °Í ¾øÀÌ ¿ì¸®°¡ Ç϶ó´Â ´ë·Î¸¸ ÇÏ¸é µÅ¡±¶ó´Â ¸Þ½ÃÁö·Î Çؼ®ÇÏ°í Àֱ⠶§¹®ÀÔ´Ï´Ù.


2. »õ·Ó°Ô ¹ßÇ¥µÈ OpenSSL, 8°¡Áö Ãë¾àÁ¡ ¼öÁ¤(SC Magazine)

http://www.scmagazine.com/two-moderate-six-low-severity-openssl-vulnerabilities-fixed/article/391700/


OpenSSL ÇÁ·ÎÁ§Æ®·Î 8°¡Áö º¸¾È ¹ö±× ÇØ°á(Security Week)

http://www.securityweek.com/openssl-project-swats-8-security-bugs

OpenSSL ÇÁ·ÎÁ§Æ®¿¡¼­ 1.0.1k¿Í 1.0.0p, 0.9.8zd ¹öÀüÀ» °ø°³Çß½À´Ï´Ù. ÃÑ 8°¡Áö Ãë¾àÁ¡À» ÇØ°áÇߴµ¥¿ä, ÀÌÁß 2°³´Â DoS °ø°ÝÀ¸·Î±îÁö À̾îÁú ¼ö ÀÖ´Â Ãë¾àÁ¡À¸·Î ¡®º¸Å롯 ¼öÁØÀÇ À§Ç輺À» °¡Áö°í ÀÖ´Â °ÍÀ̾ú½À´Ï´Ù. ³ª¸ÓÁö 6°³ÀÇ À§Ç輺Àº ¡®³·À½¡¯ ¼öÁØÀ̾ú½À´Ï´Ù. Ãë¾àÁ¡ÀÇ Á¤½Ä ¸íĪÀº CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570ÀÔ´Ï´Ù.


3. °ÔÀÓÁ¸, ÇãÇÎÆ°Æ÷½ºÆ®¿¡ ¸Ö¹öŸÀÌ¡ °ø°Ý(CSOOnline)

http://www.csoonline.com/article/2866713/application-security/gamezone-huffington-post-hit-by-malvertising-attack.html

¾ó¸¶ Àü AOL¿¡¼­ ¹ß°ßµÈ ¸Ö¹öŸÀÌ¡ÀÇ Æı޷ÂÀÌ ¾öû³ª°Ô Ä¿Áö°í ÀÖ´Â ¸ð¾ç»õÀÔ´Ï´Ù. AOL ÀÚü¿¡¼­´Â ÀÌ¹Ì ¹ß°ß ÈÄ ÀÌƲ ¸¸¿¡ ¸Ö¹öŸÀÌ¡À» ÀüºÎ ¾ø¾Ö´Â µ¥ ¼º°øÇßÁö¸¸ ÀÌ¹Ì ÀÎÅÍ³Ý »ó¿¡¼­ ÆÛÁö°í ³­ µÚ¿´½À´Ï´Ù. ±×·¡¼­ ÇãÇÎÆ°Æ÷½ºÆ®, LA À§Å¬¸®, °ÔÀÓÁ¸ µîÀÇ °¢Á¾ ¹Ìµð¾î »çÀÌÆ®¿¡¼­µµ ¸Ö¿þ¾î°¡ ±Þ¼Óµµ·Î ÆÛÁö°í ÀÖ´Ù°í ÇÕ´Ï´Ù. ¿ì¿¬ÀÎÁö ¾Æ´ÑÁö ¿äÁò ¼¼°è °÷°÷ÀÇ ¹Ìµð¾î »çÀÌÆ®°¡ ÀÚ²Ù¸¸ ÀÌ·± »çÀ̹ö °ø°Ý¿¡ ´çÇÏ°í ÀÖ´Â Ãß¼¼ÀÔ´Ï´Ù. ¾ü±×Á¦´Â ÇÁ¶û½º ÇÑ ¸Åü¿¡ ½ÇÁ¦ Å×·¯ ´Üü°¡ ³­ÀÔÇØ ±âÀÚµéÀ» »ìÇØÇϱ⵵ Çß¾ú°í¿ä.


4. ¸Æ OS X¿¡¼­ ¶Ç Ãë¾àÁ¡ ¹ß°ß(Threat Post)

http://threatpost.com/first-public-mac-os-x-firmware-bootkit-unleashed/110287


OS X Æß¿þ¾î ºÎƮŶÀÇ À§Ç輺 µå·¯³½ ¸Ö¿þ¾î(Security Week)

http://www.securityweek.com/experimental-malware-shows-threat-posed-os-x-firmware-bootkits

ÃÖ±ÙºÎÅÍ ¾ÖÇÃÀÇ ¡®´Ü´ÜÇÑ º¸¾È¼º¡¯¿¡ Á¶±Ý¾¿ ±ÝÀÌ °¡±â ½ÃÀÛÇÏ´õ´Ï À̹ø¿¡µµ ¶Ç OS X¿ë Æß¿þ¾î ºÎƮŶÀÌ ¹ß°ßµÇ¾ú½À´Ï´Ù. ÀÌ ¸Æ¿ë ºÎƮŶÀÌ Æß¿þ¾î¿¡ ¼³Ä¡°¡ µÇ¸é ÇØÄ¿°¡ ½Ã½ºÅÛÀ» ¸¶À½´ë·Î ÁÖ¹«¸¦ ¼ö ÀÖ°Ô µË´Ï´Ù. ´ÙÇàÈ÷ ºÎƮŶÀº ÇØÄ¿°¡ ¸¸µç °Ô ¾Æ´Ï¶ó ¸®¹ö½º ¿£Áö´Ï¾î¸µÀ» Ãë¹Ì·Î ÇÏ°í ÀÖ´Â º¸¾È Àü¹®°¡ÀÎ Æ®¶ó¸á Çãµå½¼(Trammel Hudson)ÀÌ Á¦ÀÛÇÑ °ÍÀ¸·Î ¸Æ OS X¿¡ ÀÖ´Â Ãë¾àÁ¡À» µå·¯³»±â À§Çؼ­ Á¦ÀÛÇß´Ù°í ÇÕ´Ï´Ù. ÀÌ ºÎƮŶÀÇ À̸§Àº ½ã´õ½ºÆ®¶óÀÌÅ©(Thunderstrike)·Î ¼³Ä¡µÇ´Â µ¥¿¡ ¼ö ºÐ Á¤µµ¸¸ ¼Ò¿äµÈ´Ù°í ÇÕ´Ï´Ù. ¹®Á¦´Â ÇöÀç ½Ã½ºÅÛÀ¸·Î¼­´Â ÀÌ ½ã´õ½ºÆ®¶óÀÌÅ©¸¦ °¨ÁöÁ¶Â÷ ÇÒ ¼ö ¾ø´Ù´Â °ÍÀÔ´Ï´Ù. ¾ÖÇÃÀÌ ¾ó¸¶³ª ºü¸£°Ô ÀÌ¿¡ ´ëÇØ Á¶Ä¡¸¦ ÃëÇÏ´À³Ä¸¦ µÎ°í ºÁ¾ß ÇÒ °Í °°½À´Ï´Ù.


5. ÇØÄ¿µé, ½ºÀ§½ºÀºÇà¿¡¼­ Á¤º¸ ÈÉÃÄ Çù¹Ú ½Ãµµ(Security Week)

http://www.securityweek.com/hackers-try-blackmail-swiss-bank-after-stealing-data-report

¾Æ¸¶ ¼¼°è¿¡¼­ °¡Àå À¯¸íÇÑ ±ÝÀ¶±â°üÀÌ ÀÖ´Ù¸é ½ºÀ§½ºÀºÇàÀÌ ¾Æ´Ò±î ÇÕ´Ï´Ù. ±×·±µ¥ ±×·± ½ºÀ§½ºÀÇ ÇÑ ÀºÇàÀÌ ¶Õ·Á ¼öõ ¼ö¸¸ ¸í¿¡ ´ÞÇÏ´Â °í°´ÀÇ Á¤º¸°¡ »õ³ª°¬½À´Ï´Ù. ÇÏÁö¸¸ ¾ÆÁ÷ ±ÝÀüÀûÀÎ ¼ÕÇØ´Â ¾ø¾ú´Ù°í ÇÕ´Ï´Ù. À̹ø ÇØÅ·À» °¨ÇàÇÑ °Ç ·º½º ¹®µð(Rex Mundi)¶ó´Â ±×·ìÀ¸·Î Àϸ¸ À¯·Î¸¦ °Ç³×Áö ¾ÊÀ¸¸é 3¸¸ ¿©°³ÀÇ À̸ÞÀÏ ÁÖ¼Ò¸¦ ÀÎÅͳݿ¡ °ø°³ÇÏ°Ú´Ù°í Çù¹ÚÀ» ÇÏ°í ÀÖ½À´Ï´Ù. ÇöÀç ¼ö»ç±â°üÀº ÀÌ¹Ì ¼ö»ç¿¡ ³ª¼¹À¸¸ç ÀºÇàÀº ÀÎÅͳݰúÀÇ ¿¬°áÀ» ÀüºÎ ²÷°í ¿¬°áÀ» Â÷´ÜÇÑ »óÅÂÀÔ¤¤µð¤¿.


6. ÄÚ½º¹ÍµàÅ©ÀÇ º¯Á¾, ½Ã½ºÅÛ¿¡ ¹Ì´ÏµàÅ© ½É¾î(Security Week)

http://www.securityweek.com/cosmicduke-variant-installs-miniduke-infected-systems-f-secure

Á¤º¸ Å»Ãë ±â´ÉÀ» °¡Áø ¸Ö¿þ¾î Áß¿¡ ÄÚ½º¹ÍµàÅ©¶ó(CosmicDuke)´Â °Ô ÀÖ¾ú½À´Ï´Ù. 2014³â 4¿ù¿¡ óÀ½ ¹ß°ßµÇ¾ú¾úÁÒ. ¾Ç¼º Äڵ带 Æ÷ÇÔÇÑ ¹®¼­ ÆÄÀÏÀ» ÅëÇØ ¹èÆ÷µÇ´Âµ¥¿ä, ÀÌ ¹®¼­¿¡´Â ¿ìÅ©¶óÀ̳ª, ÅÍÅ°, Æú¶õµå, ·¯½Ã¾Æ µîÀÇ Áö¿ªÀ» °¡¸®Å°´Â ÈùÆ®µéÀÌ ÀÖ¾ú´Ù°í ÇÕ´Ï´Ù. ±×·± ÄÚ½º¹ÍµàÅ©ÀÇ º¯Á¾ÀÌ À̹ø¿¡ ¹ß°ßµÇ¾ú°í¿ä, ¿©ÀüÈ÷ ¿¹Àüó·³ ¹Ì´ÏµàÅ©(MiniDuke)¶ó´Â ¸Ö¿þ¾î¸¦ ¼³Ä¡ÇÏ´Â ±â´ÉÀ» °¡Áö°í ÀÖ½À´Ï´Ù. Àü¹®°¡µéÀº ÀÌ µàÅ© ½Ã¸®Áî ¸Ö¿þ¾îµéÀ» ·¯½Ã¾Æ»êÀ̶ó°í º¸°í ÀÖÀ¸¸ç ±×Áß ÀϺδ ½ÉÁö¾î ·¯½Ã¾Æ Á¤ºÎ°¡ ¸Ö¿þ¾î Á¦ÀÛ ¹× ¹èÆ÷¿¡ Âü¿©ÇÏ°í ÀÖ´Ù°í º¸°íµµ ÀÖ½À´Ï´Ù.


7. Áß±¹ °æÂû, ¸ð¹ÙÀÏ Æ®·ÎÀ̸ñ¸¶ ±¸ÀÔÇØ ½Ã¹Î °¨½Ã(Infosecurity Magazine)

http://www.infosecurity-magazine.com/news/chinese-police-buy-mobile-trojan/

Á¦¸ñ ±×´ë·ÎÀÔ´Ï´Ù. Áß±¹ ÀúÀ强ÀÇ °ü¸®ÀÚµéÀÌ 2¸¸ 4õºÒÀ» µé¿© ¸ð¹ÙÀÏ Æ®·ÎÀ̸ñ¸¶¸¦ ±¸ÀÔÇØ ½Ã¹ÎµéÀ» °¨½ÃÇß´Ù´Â ³»¿ëÀÔ´Ï´Ù. ÀÌ ¸ð¹ÙÀÏ Æ®·ÎÀ̸ñ¸¶´Â Å»¿ÁÇÑ ±â±âµé¿¡°Ô ƯÈ÷ È¿°úÀûÀ̶ó°í ¾Ë·ÁÁ® ÀÖÀ¸¸ç °æÂûµéÀº ÀڽŵéÀÌ ¸ñÇ¥·Î ÇÏ°í ÀÖ´Â ´ë»óÀ» Á¤È®ÇÏ°Ô °Ü³ÉÇØ ¸Ö¿þ¾î¸¦ ¹èÆ÷ÇÑ °ÍÀ¸·Î ¾Ë·ÁÁ® ÀÖ½À´Ï´Ù. »çÀ̹ö °­´ë±¹À» Ç¥¹æÇÏ°í ÀÖ´Â ³ª¶ó¿¡¼­ ÀÌ·± ÀÏÀÌ ÀÚÇàµÇ°í ÀÖ´Ù´Â °Ç ±¹°¡ÀûÀÎ Å« ¼öÄ¡°¡ ¾Æ´Ò ¼ö ¾ø´Ù´Â °Ô Àü¹®°¡µéÀÇ ÆòÀÔ´Ï´Ù.

[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]


<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>

  •  
  • 1
  • ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

  • ¡°
  •  SNS¿¡¼­µµ º¸¾È´º½º¸¦ ¹Þ¾Æº¸¼¼¿ä!! 
  • ¡±
¾Æ½ºÆ®·Ð½ÃÅ¥¸®Æ¼ ÆÄ¿öºñÁî 2023³â2¿ù23ÀÏ ½ÃÀÛ ³Ý¾Øµå ÆÄ¿öºñÁî ÁøÇà 2020³â1¿ù8ÀÏ ½ÃÀÛ~2021³â 1¿ù8ÀϱîÁö À§Áîµð¿£¿¡½º 2018
¼³¹®Á¶»ç
³»³â ȸ»ç¿¡ ²À µµÀÔÇÏ°í ½ÍÀº º¸¾È ¼Ö·ç¼Ç ¶Ç´Â Ç÷§ÆûÀº ¹«¾ùÀΰ¡¿ä?
XDR
EDR
AI º¸¾È
Á¦·ÎÆ®·¯½ºÆ®
°ø±Þ¸Á º¸¾È ü°è(SBOM)
Ŭ¶ó¿ìµå º¸¾È ¼Ö·ç¼Ç
±âŸ(´ñ±Û·Î)