Tageszusammenfassung - 03.07.2024

End-of-Day report

Timeframe: Dienstag 02-07-2024 18:00 - Mittwoch 03-07-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl

News

Europol takes down 593 Cobalt Strike servers used by cybercriminals

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims networks.

https://www.bleepingcomputer.com/news/security/europol-takes-down-593-cobalt-strike-servers-used-by-cybercriminals/


Cyberangriff: Hacker erbeuten Daten von TÜV Rheinland

Einer Ransomwarebande ist es gelungen, in ein Schulungsnetzwerk des TÜV Rheinland einzudringen. Dabei sind womöglich Zugangsdaten abgeflossen.

https://www.golem.de/news/cyberangriff-hacker-erbeuten-daten-von-tuev-rheinland-2407-186665.html


South Korean ERP Vendors Server Hacked to Spread Xctdoor Malware

An unnamed South Korean enterprise resource planning (ERP) vendors product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor.The AhnLab Security Intelligence Center (ASEC), which identified ..

https://thehackernews.com/2024/07/south-korean-erp-vendors-server-hacked.html


Hijacked: How hacked YouTube channels spread scams and malware

Here's how cybercriminals go after YouTube channels and use them as conduits for fraud - and what you should watch out for when watching videos on the platform.

https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/


LockBit claims cyberattack on Croatia-s largest hospital

The LockBit ransomware gang has claimed responsibility for a cyberattack on Croatia-s largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, organ and donor data and contracts signed with external companies.

https://therecord.media/lockbit-claims-cyberattack-croatia-hospital


Wurde der Blog von Qualys gehackt? (2. Juli 2024)

Kurze Information zu Qualys, ein Technologieunternehmen mit Dienstleistungsangeboten im Bereich Cloud-Sicherheit und Compliance. Es steht die Frage im Raum, ob die mit ihrem Blog womöglich gehackt wurden.

https://www.borncity.com/blog/2024/07/03/wurde-der-blog-von-qualys-gehackt-2-juli-2024/


Cisco NX-OS: Update gegen seit April angegriffene Sicherheitslücke

Im Cisco NX-OS mehrerer Nexus- und MDS-Switches wird eine Sicherheitslücke bereits seit April angegriffen. Jetzt stellt Cisco ein Update bereit.

https://heise.de/-9787532


Vulnerabilities

Vulnerabilities in PanelView Plus devices could lead to remote code execution

https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/


Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server

https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/


Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024


[R1] Tenable Identity Exposure Version 3.59.5 Fixes Multiple Vulnerabilities

https://www.tenable.com/security/tns-2024-11