Tageszusammenfassung - Freitag 31-08-2012

End-of-Shift report

Timeframe: Montag 27-08-2012 18:14 - Freitag 31-08-2012 18:14 Handler: Stephan Richter Co-Handler: Christian Wojner

Is the death knell sounding for traditional antivirus?

"Antivirus developers need to run malcode in their labs in order to create malware-identifying signatures. What happens if they cant? Developers of traditional antivirus depend on:The ability to run malware in their labs...."

http://www.techrepublic.com/blog/security/is-the-death-knell-sounding-for-traditional-antivirus/8317

Joomla com_weblinks SQL Vulnerability

Topic: Joomla com_weblinks SQL Vulnerability Risk: Medium Text: ## # # Exploit Title : Joomla Com_Weblinks Sql Vulnerability # # Author : IrIsT.Ir # # Discovered By : N...

http://feedproxy.google.com/~r/securityalert_database/~3/E7Kh6tyN_0k/WLB-2012080279

ReIssued Red Alert - Dorifel Decrypter v1.5 released. Supports new Dorifel variant found in Canada, new RC4 key etc.

"In the beginning of August 2012, Dutch government, public sector and networks of private companies are hit hard by a new wave of crypto malware named Trojan-Ransom. Win32. Dorifel...."

http://www.surfright.nl/en/support/dorifel-decrypter

Bugtraq: Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing

Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing

http://www.securityfocus.com/archive/1/524043

Phishing without a webpage - researcher reveals how a link *itself* can be malicious

"The need for a reliable place to host your malicious website has been the bane of phishers for much of the last decade. But, no longer. A researcher at the University of Oslo in Norway says that page-less phishing and other untraceable attacks may be possible, using a tried and true internet communications standard: the uniform resource identifier, or URI...."

http://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-researcher-reveals-how-a-link-itself-can-be-malicious/

News, Technologies and Techniques: Virus on virus – set a thief to catch a thief

The old debate on whether it would be ethical to use viruses to detect and even clean other viruses has largely been won by the law of unintended consequences: its simply too dangerous. But that doesn’t mean it doesn’t happen accidentally...

http://www.infosecurity-magazine.com/view/27901/virus-on-virus-set-a-thief-to-catch-a-thief/