Tageszusammenfassung - 03.07.2024
End-of-Day report
Timeframe: Dienstag 02-07-2024 18:00 - Mittwoch 03-07-2024 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Alexander Riepl
News
Europol takes down 593 Cobalt Strike servers used by cybercriminals
Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims networks.
https://www.bleepingcomputer.com/news/security/europol-takes-down-593-cobalt-strike-servers-used-by-cybercriminals/
Cyberangriff: Hacker erbeuten Daten von TÜV Rheinland
Einer Ransomwarebande ist es gelungen, in ein Schulungsnetzwerk des TÜV Rheinland einzudringen. Dabei sind womöglich Zugangsdaten abgeflossen.
https://www.golem.de/news/cyberangriff-hacker-erbeuten-daten-von-tuev-rheinland-2407-186665.html
South Korean ERP Vendors Server Hacked to Spread Xctdoor Malware
An unnamed South Korean enterprise resource planning (ERP) vendors product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor.The AhnLab Security Intelligence Center (ASEC), which identified ..
https://thehackernews.com/2024/07/south-korean-erp-vendors-server-hacked.html
Hijacked: How hacked YouTube channels spread scams and malware
Here's how cybercriminals go after YouTube channels and use them as conduits for fraud - and what you should watch out for when watching videos on the platform.
https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/
LockBit claims cyberattack on Croatia-s largest hospital
The LockBit ransomware gang has claimed responsibility for a cyberattack on Croatia-s largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, organ and donor data and contracts signed with external companies.
https://therecord.media/lockbit-claims-cyberattack-croatia-hospital
Wurde der Blog von Qualys gehackt? (2. Juli 2024)
Kurze Information zu Qualys, ein Technologieunternehmen mit Dienstleistungsangeboten im Bereich Cloud-Sicherheit und Compliance. Es steht die Frage im Raum, ob die mit ihrem Blog womöglich gehackt wurden.
https://www.borncity.com/blog/2024/07/03/wurde-der-blog-von-qualys-gehackt-2-juli-2024/
Cisco NX-OS: Update gegen seit April angegriffene Sicherheitslücke
Im Cisco NX-OS mehrerer Nexus- und MDS-Switches wird eine Sicherheitslücke bereits seit April angegriffen. Jetzt stellt Cisco ein Update bereit.
https://heise.de/-9787532
Vulnerabilities
Vulnerabilities in PanelView Plus devices could lead to remote code execution
https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/
Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server
https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/
Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024
[R1] Tenable Identity Exposure Version 3.59.5 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2024-11