======================= = End-of-Shift report = ======================= Timeframe: Montag 27-08-2012 18:14 - Freitag 31-08-2012 18:14 Handler: Stephan Richter Co-Handler: Christian Wojner

*** Is the death knell sounding for traditional antivirus? *** --------------------------------------------- "Antivirus developers need to run malcode in their labs in order to create malware-identifying signatures. What happens if they cant? Developers of traditional antivirus depend on:The ability to run malware in their labs...." --------------------------------------------- http://www.techrepublic.com/blog/security/is-the-death-knell-sounding-for-tr...

*** Joomla com_weblinks SQL Vulnerability *** --------------------------------------------- Topic: Joomla com_weblinks SQL Vulnerability Risk: Medium Text: ## # # Exploit Title : Joomla Com_Weblinks Sql Vulnerability # # Author : IrIsT.Ir # # Discovered By : N... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/E7Kh6tyN_0k/WLB-201...

*** ReIssued Red Alert - Dorifel Decrypter v1.5 released. Supports new Dorifel variant found in Canada, new RC4 key etc. *** --------------------------------------------- "In the beginning of August 2012, Dutch government, public sector and networks of private companies are hit hard by a new wave of crypto malware named Trojan-Ransom. Win32. Dorifel...." --------------------------------------------- http://www.surfright.nl/en/support/dorifel-decrypter

*** Bugtraq: Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing *** --------------------------------------------- Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing --------------------------------------------- http://www.securityfocus.com/archive/1/524043

*** Phishing without a webpage - researcher reveals how a link *itself* can be malicious *** --------------------------------------------- "The need for a reliable place to host your malicious website has been the bane of phishers for much of the last decade. But, no longer. A researcher at the University of Oslo in Norway says that page-less phishing and other untraceable attacks may be possible, using a tried and true internet communications standard: the uniform resource identifier, or URI...." --------------------------------------------- http://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-resear...

*** News, Technologies and Techniques: Virus on virus – set a thief to catch a thief *** --------------------------------------------- The old debate on whether it would be ethical to use viruses to detect and even clean other viruses has largely been won by the law of unintended consequences: its simply too dangerous. But that doesn’t mean it doesn’t happen accidentally... --------------------------------------------- http://www.infosecurity-magazine.com/view/27901/virus-on-virus-set-a-thief-t...