Tageszusammenfassung - 03.07.2024

End-of-Day report

Timeframe: Dienstag 02-07-2024 18:00 - Mittwoch 03-07-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl

News

Europol takes down 593 Cobalt Strike servers used by cybercriminals

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims networks.

https://www.bleepingcomputer.com/news/security/europol-takes-down-593-cobalt-strike-servers-used-by-cybercriminals/

---

Cyberangriff: Hacker erbeuten Daten von TÜV Rheinland

Einer Ransomwarebande ist es gelungen, in ein Schulungsnetzwerk des TÜV Rheinland einzudringen. Dabei sind womöglich Zugangsdaten abgeflossen.

https://www.golem.de/news/cyberangriff-hacker-erbeuten-daten-von-tuev-rheinland-2407-186665.html

---

South Korean ERP Vendors Server Hacked to Spread Xctdoor Malware

An unnamed South Korean enterprise resource planning (ERP) vendors product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor.The AhnLab Security Intelligence Center (ASEC), which identified ..

https://thehackernews.com/2024/07/south-korean-erp-vendors-server-hacked.html

---

Hijacked: How hacked YouTube channels spread scams and malware

Here's how cybercriminals go after YouTube channels and use them as conduits for fraud - and what you should watch out for when watching videos on the platform.

https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/

---

LockBit claims cyberattack on Croatia-s largest hospital

The LockBit ransomware gang has claimed responsibility for a cyberattack on Croatia-s largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, organ and donor data and contracts signed with external companies.

https://therecord.media/lockbit-claims-cyberattack-croatia-hospital

---

Wurde der Blog von Qualys gehackt? (2. Juli 2024)

Kurze Information zu Qualys, ein Technologieunternehmen mit Dienstleistungsangeboten im Bereich Cloud-Sicherheit und Compliance. Es steht die Frage im Raum, ob die mit ihrem Blog womöglich gehackt wurden.

https://www.borncity.com/blog/2024/07/03/wurde-der-blog-von-qualys-gehackt-2-juli-2024/

---

Cisco NX-OS: Update gegen seit April angegriffene Sicherheitslücke

Im Cisco NX-OS mehrerer Nexus- und MDS-Switches wird eine Sicherheitslücke bereits seit April angegriffen. Jetzt stellt Cisco ein Update bereit.

https://heise.de/-9787532

---

Vulnerabilities

Vulnerabilities in PanelView Plus devices could lead to remote code execution

https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/

---

Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server

https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/

---

Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024

---

[R1] Tenable Identity Exposure Version 3.59.5 Fixes Multiple Vulnerabilities

https://www.tenable.com/security/tns-2024-11