Tageszusammenfassung - Dienstag 2-08-2016

End-of-Shift report

Timeframe: Montag 01-08-2016 18:00 − Dienstag 02-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a

Android Security Bulletin August 2016

https://source.android.com/security/bulletin/2016-08-01.html

Google Domain Enables HSTS Protection

Google ensures HTTPS connections to its domains with support for HTTP Strict Transport Security, or HSTS.

http://threatpost.com/google-domain-enables-hsts-protection/119597/

DSA-3637 chromium-browser - security update

https://www.debian.org/security/2016/dsa-3637

Slinging Hash: Speeding Cyber Threat Hunting Methodologies via Hash-Based Searching

Introduction The term "hash" is thrown around in casual IT conversation quite a bit nowadays, ..

https://www.trustwave.com/Resources/SpiderLabs-Blog/Slinging-Hash--Speeding-Cyber-Threat-Hunting-Methodologies-via-Hash-Based-Searching/

36000 SAP systems exposed online, most open to attacks

ERPScan released the first comprehensive SAP Cybersecurity Threat Report, which covers three main angles: Product Security, Implementation Security, and Security Awareness. The company used its own scanning method to gather ..

https://www.helpnetsecurity.com/2016/08/02/sap-cybersecurity-report/

Im Darknet werden 200 Millionen Yahoo-Accounts verkauft

Login-Informationen zu rund 200 Millionen Yahoo-Accounts werden zum Verkauf angeboten. Und Yahoo weiß darüber Bescheid.

http://futurezone.at/digital-life/im-darknet-werden-200-millionen-yahoo-accounts-verkauft/213.257.439

FireEye admits filtering out legitimate emails in sniffer snafu

Benign messages frogmarched into quarantine FireEye has admitted that a snafu involving its email filtering technology meant harmless messages were shuffled off to quarantine for no good reason. www.theregister.co.uk/2016/08/02/fireeye_filtering_snafu/

Kasperskys Herz für Hacker: 50.000 US-Dollar für gemeldete Bugs

Als zweiter AV-Hersteller führen die Russen ein Bug-Bounty-Programm ein. Sicherheitsforscher sollen nun Geld dafür bekommen, Schwachstellen in Kaspersky-Produkten zu finden.

http://heise.de/-3284172

Introducing the p0f BPF compiler

Two years ago we blogged about our love of BPF (BSD packet filter) bytecode.CC BY 2.0 image by jim simonsonThen we published a set of utilities we are using to generate the BPF ..

https://blog.cloudflare.com/introducing-the-p0f-bpf-compiler/

Timing Attacks in the Modern Web

Before you explore all the details of these browser-based timing attacks, head over to my laboratories to play around with these attacks yourself!

https://tom.vg/2016/08/browser-based-timing-attacks/