[CERT-daily] Tageszusammenfassung - 03.07.2024

Wed Jul 3 18:11:58 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 02-07-2024 18:00 − Mittwoch 03-07-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================

∗∗∗ Europol takes down 593 Cobalt Strike servers used by cybercriminals ∗∗∗
---------------------------------------------
Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims networks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/europol-takes-down-593-cobalt-strike-servers-used-by-cybercriminals/

∗∗∗ Cyberangriff: Hacker erbeuten Daten von TÜV Rheinland ∗∗∗
---------------------------------------------
Einer Ransomwarebande ist es gelungen, in ein Schulungsnetzwerk des TÜV Rheinland einzudringen. Dabei sind womöglich Zugangsdaten abgeflossen.
---------------------------------------------
https://www.golem.de/news/cyberangriff-hacker-erbeuten-daten-von-tuev-rheinland-2407-186665.html

∗∗∗ South Korean ERP Vendors Server Hacked to Spread Xctdoor Malware ∗∗∗
---------------------------------------------
An unnamed South Korean enterprise resource planning (ERP) vendors product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor.The AhnLab Security Intelligence Center (ASEC), which identified ..
---------------------------------------------
https://thehackernews.com/2024/07/south-korean-erp-vendors-server-hacked.html

∗∗∗ Hijacked: How hacked YouTube channels spread scams and malware ∗∗∗
---------------------------------------------
Here's how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform.
---------------------------------------------
https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/

∗∗∗ LockBit claims cyberattack on Croatia’s largest hospital ∗∗∗
---------------------------------------------
The LockBit ransomware gang has claimed responsibility for a cyberattack on Croatia’s largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, organ and donor data and contracts signed with external companies. 
---------------------------------------------
https://therecord.media/lockbit-claims-cyberattack-croatia-hospital

∗∗∗ Wurde der Blog von Qualys gehackt? (2. Juli 2024) ∗∗∗
---------------------------------------------
Kurze Information zu Qualys, ein Technologieunternehmen mit Dienstleistungsangeboten im Bereich Cloud-Sicherheit und Compliance. Es steht die Frage im Raum, ob die mit ihrem Blog womöglich gehackt wurden.
---------------------------------------------
https://www.borncity.com/blog/2024/07/03/wurde-der-blog-von-qualys-gehackt-2-juli-2024/

∗∗∗ Cisco NX-OS: Update gegen seit April angegriffene Sicherheitslücke ∗∗∗
---------------------------------------------
Im Cisco NX-OS mehrerer Nexus- und MDS-Switches wird eine Sicherheitslücke bereits seit April angegriffen. Jetzt stellt Cisco ein Update bereit.
---------------------------------------------
https://heise.de/-9787532

=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerabilities in PanelView Plus devices could lead to remote code execution ∗∗∗
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/

∗∗∗ Unpatched RCE Vulnerabilities in Gogs: Argument Injection in the Built-In SSH Server ∗∗∗
---------------------------------------------
https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/

∗∗∗ Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024 ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024

∗∗∗ [R1] Tenable Identity Exposure Version 3.59.5 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2024-11

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily