[CERT-daily] Tageszusammenfassung - Dienstag 2-08-2016

Daily end-of-shift report team at cert.at
Tue Aug 2 18:03:47 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 01-08-2016 18:00 − Dienstag 02-08-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Android Security Bulletin August 2016 ***
---------------------------------------------
https://source.android.com/security/bulletin/2016-08-01.html




*** Google Domain Enables HSTS Protection ***
---------------------------------------------
Google ensures HTTPS connections to its domains with support for HTTP Strict Transport Security, or HSTS.
---------------------------------------------
http://threatpost.com/google-domain-enables-hsts-protection/119597/




*** DSA-3637 chromium-browser - security update ***
---------------------------------------------
https://www.debian.org/security/2016/dsa-3637




*** Slinging Hash: Speeding Cyber Threat Hunting Methodologies via Hash-Based Searching ***
---------------------------------------------
Introduction The term "hash" is thrown around in casual IT conversation quite a bit nowadays, ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Slinging-Hash--Speeding-Cyber-Threat-Hunting-Methodologies-via-Hash-Based-Searching/




*** 36000 SAP systems exposed online, most open to attacks ***
---------------------------------------------
ERPScan released the first comprehensive SAP Cybersecurity Threat Report, which covers three main angles: Product Security, Implementation Security, and Security Awareness. The company used its own scanning method to gather ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/08/02/sap-cybersecurity-report/




*** Im Darknet werden 200 Millionen Yahoo-Accounts verkauft ***
---------------------------------------------
Login-Informationen zu rund 200 Millionen Yahoo-Accounts werden zum Verkauf angeboten. Und Yahoo weiß darüber Bescheid.
---------------------------------------------
http://futurezone.at/digital-life/im-darknet-werden-200-millionen-yahoo-accounts-verkauft/213.257.439




*** FireEye admits filtering out legitimate emails in sniffer snafu ***
---------------------------------------------
Benign messages frogmarched into quarantine FireEye has admitted that a snafu involving its email filtering technology meant harmless messages were shuffled off to quarantine for no good reason.
---------------------------------------------
www.theregister.co.uk/2016/08/02/fireeye_filtering_snafu/




*** Kasperskys Herz für Hacker: 50.000 US-Dollar für gemeldete Bugs ***
---------------------------------------------
Als zweiter AV-Hersteller führen die Russen ein Bug-Bounty-Programm ein. Sicherheitsforscher sollen nun Geld dafür bekommen, Schwachstellen in Kaspersky-Produkten zu finden.
---------------------------------------------
http://heise.de/-3284172




*** Introducing the p0f BPF compiler ***
---------------------------------------------
Two years ago we blogged about our love of BPF (BSD packet filter) bytecode.CC BY 2.0 image by jim simonsonThen we published a set of utilities we are using to generate the BPF ..
---------------------------------------------
https://blog.cloudflare.com/introducing-the-p0f-bpf-compiler/




*** Timing Attacks in the Modern Web ***
---------------------------------------------
Before you explore all the details of these browser-based timing attacks, head over to my laboratories to play around with these attacks yourself!
---------------------------------------------
https://tom.vg/2016/08/browser-based-timing-attacks/


More information about the Daily mailing list