[CERT-daily] Tageszusammenfassung - Freitag 30-12-2016

Fri Dec 30 19:12:40 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 29-12-2016 18:00 − Freitag 30-12-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Session Stealer Script Used In OpenCart ***
---------------------------------------------
With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few clicks you can set up an online storefront and sell your products. While the process to get the site up may be simple, there are .. ---------------------------------------------
https://blog.sucuri.net/2016/12/session-stealer-script-used-opencart.html


*** Recent Spam Runs in Germany Show How Threats Intend to Stay in the Game ***
---------------------------------------------
In early December, GoldenEye ransomware (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/recent-spam-runs-in-germany-show-how-threats-intend-to-stay-in-the-game


*** Grizzly Steppe: FBI nennt 900 IP-Adressen russischer Hackerangriffe ***
---------------------------------------------
Nach den Sanktionen folgen die Indikatoren: Die US-Regierung veröffentlicht ihre Analyse zu den angeblich russischen Hackerattacken auf weltweite Institutionen. Auch über IP-Adressen aus Deutschland sollen die Angriffe gelaufen sein.
---------------------------------------------
http://www.golem.de/news/grizzly-steppe-fbi-nennt-900-ip-adressen-russischer-hackerangriffe-1612-125304.html


*** Apples iMessage anfällig für manipulierte Kontaktdateien ***
---------------------------------------------
Eine manipulierte vCard, die aktuell per iMessage und MMS im Umlauf ist, kann die Nachrichten-App auf dem iPhone oder iPad des Empfängers zum Absturz bringen – und komplett lahmlegen. Es gibt aber einen Ausweg.
---------------------------------------------
https://heise.de/-3582980


*** Vuln: Lenovo Transition CVE-2016-8227 Local Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95159


*** More on Protocol 47 denys ***
---------------------------------------------
Following up on yesterdays diary on an increase in Protocol 47 traffic. Thanks to everyone who sent the ISC PCAPs and more information. Current speculation is the Protocol 47 uptick is backscatter from a DDOS containing GRE traffic and using ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21867&rss


*** Cyber-Angriffe: Die schwierige Spurensuche ***
---------------------------------------------
Vorwürfe eher auf Basis eines Motivs denn auf Basis technischer Hinweise oder Beweise
---------------------------------------------
http://derstandard.at/2000050034274


*** Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF ***
---------------------------------------------
SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. The WAF was bypassed via form-based CSRF.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5393.php


*** Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS ***
---------------------------------------------
SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the curUserName GET parameter in the appFirewallSummary.html script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5391.php


*** Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass ***
---------------------------------------------
Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5390.php


*** Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities ***
---------------------------------------------
Dell SonicWALL GMS suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5389.php


*** Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection ***
---------------------------------------------
Dell SonicWALL GMS suffers from multiple SQL Injection vulnerabilities. Input passed via the GET parameters searchBySonicwall, firstChangeOrderID, secondChangeOrderID and coDomainID is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5388.php