[CERT-daily] Tageszusammenfassung - Freitag 31-08-2012

Mon Sep 17 15:05:35 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 27-08-2012 18:14 - Freitag 31-08-2012 18:14
Handler:     Stephan Richter
Co-Handler:  Christian Wojner


*** Is the death knell sounding for traditional antivirus? ***
---------------------------------------------
"Antivirus developers need to run malcode in their labs in order to create
malware-identifying signatures. What happens if they cant? Developers of
traditional antivirus depend on:The ability to run malware in their labs...."
---------------------------------------------
http://www.techrepublic.com/blog/security/is-the-death-knell-sounding-for-traditional-antivirus/8317


*** Joomla com_weblinks SQL Vulnerability ***
---------------------------------------------
Topic: Joomla com_weblinks SQL Vulnerability Risk: Medium Text: ## # #
Exploit Title : Joomla Com_Weblinks Sql Vulnerability # # Author : IrIsT.Ir
# # Discovered By : N...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/E7Kh6tyN_0k/WLB-2012080279


*** ReIssued Red Alert - Dorifel Decrypter v1.5 released. Supports new
Dorifel variant found in Canada, new RC4 key etc. ***
---------------------------------------------
"In the beginning of August 2012, Dutch government, public sector and
networks of private companies are hit hard by a new wave of crypto malware
named Trojan-Ransom. Win32. Dorifel...."
---------------------------------------------
http://www.surfright.nl/en/support/dorifel-decrypter


*** Bugtraq: Seeker Adv MS-06 - .Net Cross Site Scripting - Request
Validation Bypassing ***
---------------------------------------------
Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing
---------------------------------------------
http://www.securityfocus.com/archive/1/524043


*** Phishing without a webpage - researcher reveals how a link *itself* can
be malicious ***
---------------------------------------------
"The need for a reliable place to host your malicious website has been the
bane of phishers for much of the last decade. But, no longer. A researcher
at the University of Oslo in Norway says that page-less phishing and other
untraceable attacks may be possible, using a tried and true internet
communications standard: the uniform resource identifier, or URI...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-researcher-reveals-how-a-link-itself-can-be-malicious/


*** News, Technologies and Techniques: Virus on virus â set a thief to
catch a thief ***
---------------------------------------------
The old debate on whether it would be ethical to use viruses to detect and
even clean other viruses has largely been won by the law of unintended
consequences: its simply too dangerous. But that doesnât mean it
doesnât happen accidentally...
---------------------------------------------
http://www.infosecurity-magazine.com/view/27901/virus-on-virus-set-a-thief-to-catch-a-thief/