End-of-Shift report
Timeframe: Donnerstag 29-12-2016 18:00 − Freitag 30-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Session Stealer Script Used In OpenCart
With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few clicks you can set up an online storefront and sell your products. While the process to get the site up may be simple, there are ..
https://blog.sucuri.net/2016/12/session-stealer-script-used-opencart.html
Recent Spam Runs in Germany Show How Threats Intend to Stay in the Game
In early December, GoldenEye ransomware (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human ..
http://blog.trendmicro.com/trendlabs-security-intelligence/recent-spam-runs-in-germany-show-how-threats-intend-to-stay-in-the-game
Grizzly Steppe: FBI nennt 900 IP-Adressen russischer Hackerangriffe
Nach den Sanktionen folgen die Indikatoren: Die US-Regierung veröffentlicht ihre Analyse zu den angeblich russischen Hackerattacken auf weltweite Institutionen. Auch über IP-Adressen aus Deutschland sollen die Angriffe gelaufen sein.
http://www.golem.de/news/grizzly-steppe-fbi-nennt-900-ip-adressen-russischer-hackerangriffe-1612-125304.html
Apples iMessage anfällig für manipulierte Kontaktdateien
Eine manipulierte vCard, die aktuell per iMessage und MMS im Umlauf ist, kann die Nachrichten-App auf dem iPhone oder iPad des Empfängers zum Absturz bringen – und komplett lahmlegen. Es gibt aber einen Ausweg.
https://heise.de/-3582980
Vuln: Lenovo Transition CVE-2016-8227 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/95159
More on Protocol 47 denys
Following up on yesterdays diary on an increase in Protocol 47 traffic. Thanks to everyone who sent the ISC PCAPs and more information. Current speculation is the Protocol 47 uptick is backscatter from a DDOS containing GRE traffic and using ..
https://isc.sans.edu/diary.html?storyid=21867&rss
Cyber-Angriffe: Die schwierige Spurensuche
Vorwürfe eher auf Basis eines Motivs denn auf Basis technischer Hinweise oder Beweise
http://derstandard.at/2000050034274
Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF
SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. The WAF was bypassed via form-based CSRF.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5393.php
Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS
SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the curUserName GET parameter in the appFirewallSummary.html script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5391.php
Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass
Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5390.php
Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities
Dell SonicWALL GMS suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5389.php
Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection
Dell SonicWALL GMS suffers from multiple SQL Injection vulnerabilities. Input passed via the GET parameters searchBySonicwall, firstChangeOrderID, secondChangeOrderID and coDomainID is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5388.php