What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-06-25 08:42:00 | Even weak hackers can pull off a password reset MitM attack via account registration (lien direct) | At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack†(pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures.They dubbed the attack: password reset man-in-the-middle (PRMitM). The researchers said Google is “extremely vulnerable†to PRMitM, but Facebook, Yahoo, LinkedIn, Yandex and other sites and email services are also vulnerable as well as mobile apps like Whatsapp, Snapchat and Telegram.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-29 08:35:00 | IBM on the state of network security: Abysmal (lien direct) | The state of online security is darn dreadful. At least if you look at the results from the IBM Security's 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as: The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion -- more than the combined total from the two previous years. In one case, a single source leaked more than 1.5 billion records [see Yahoo breach]. In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year. In 2016, many significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised. The most popular types of malcode we observed in 2016 were Android malware, banking Trojans, ransomware offerings and DDoS-as-a-service vendors. Since DDoS tools are mostly sold as a service and not as malware per se, we will focus here on banking Trojans, Android malware and ransomware. In December 2016, a malware developer with an ongoing banking Trojan project showed up in underground forums, aspiring to sell some licenses as he worked on completing the development of all its modules. The actor promised to deliver future capabilities, such as a Socket Secure (SOCKS) proxy and hidden virtual network computing alongside technical support and free bug fixes. The malware was named Nuclear Bot, or NukeBot, at the time. IBM wrote it has yet to see NukeBot/Micro Bot active in the wild, analyses performed by X-Force and other vendors found that it has the potential to rise in 2017 and bring back commercial Trojan sales in the underground. In 2015, Healthcare was the most attacked industry with Financial Services falling to third, however, attackers in 2016 refocused back on Financial Services. IBM did note that while the healthcare industry continued to be beleaguered by a high number of incidents, attackers hit on smaller targets resulting in a lower number of leaked records. In 2016, only 12 million records were compromised in healthcare - keeping it out of the top 5 most-breached industries. For perspective, nearly 100 million healthcare records were compromised in 2015 resulting in an 88% drop in 2016, IBM stated.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-17 11:12:00 | A cybersecurity risk assessment is a critical part of M&A due diligence  (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  As of mid-February, the plan for Verizon Communications to acquire a majority of Yahoo's web assets is still on, despite the announcement of Yahoo having suffered two massive breaches of customer data in 2013 and 2014. The sale price, however, has been discounted by $350 million, and Verizon and Altaba Inc. have agreed to share any ongoing legal responsibilities related to the breaches. Altaba is the entity that will own the portion of Yahoo that Verizon is not acquiring.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-16 17:57:45 | Yahoo breach exposes the drawbacks of state-sponsored hacking (lien direct) | When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they're taking a big risk. On the one hand, it gives them a bit of plausible deniability while reaping the potential spoils of each attack, but if the hackers aren't kept on a tight leash things can turn bad. Karim Baratov, the 22-year-old Canadian hacker who the FBI alleges Russia's state security agency hired to carry out the Yahoo breach, didn't care much for a low profile. His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars -- the latest an Aston Martin DB9 with the license plate "MR KARIM."To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-16 05:52:00 | Want good cyber insurance? Read the fine print (lien direct) | One of the main reasons to buy insurance is to prevent the cost of an accident or other disaster from breaking the bank. But what if simply buying insurance threatens to break the bank?That scenario is starting to worry some organizations, for several reasons.First is the simple but powerful market force of supply and demand. More and more organizations, spooked by regular stories of catastrophic breaches – such as the compromise of more than 1.5 billion Yahoo! accounts, which took down its acquisition value by a reported $350 million – are seeking insurance. And when demand rises, the price tends to do so as well.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-15 18:20:04 | US faces limits in busting Russian agents over Yahoo breach (lien direct) | In a rare move, the U.S. has indicted two Russian government agents for their suspected involvement in a massive Yahoo data breach. But what now? Security experts say Wednesday's indictment might amount to nothing more than naming and shaming Russia. That's because no one expects the Kremlin to play along with the U.S. indictment. “I can't imagine the Russian government is going to hand over the two FSB officers,†said Jeremiah Grossman, chief of security strategy at SentinelOne. "Even in the most successful investigations, state hackers are still immune from prosecution or retaliation," said Kenneth Geers, a research scientist at security firm Comodo.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-15 15:37:00 | Inside the Russian hack of Yahoo: How they did it (lien direct) | One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people. The U.S. Federal Bureau of Investigation has been investigating the intrusion for two years, but it was only in late 2016 that the full scale of the hack became apparent. On Wednesday, the FBI indicted four people for the attack, two of whom are Russian spies. Here's how the FBI says they did it: The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It's unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-15 09:07:14 | Four charged, including Russian gov\'t agents, for massive Yahoo hack (lien direct) | The U.S. Federal Bureau of Investigation has charged four people, including two Russian state intelligence agents, for their involvement in a massive hack of Yahoo that affected half a billion accounts.In September, Yahoo said hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a "state-sponsored" group.On Wednesday, the FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2017-03-07 09:58:00 | Honeypot catches social engineering scams on social media (lien direct) | Say you just got laid off from your job. Bills are piling up and the pressure to get a new job quickly is building. Your desperation has you taking chances you wouldn't normally take, such as clicking on a link to a job offer - even if something about it doesn't quite look right.Research firm ZeroFOX has found that unless a company has a verified recruiting account, it can be difficult for an applicant to decipher a legitimate account from an impersonator. One way to spot an impersonator is that they commonly provide Gmail, Yahoo, and other free email provider addresses through which applicants can inquire about a job and send their resumes (more advanced scammers can spoof company email domains). Some also include links to official job sites and LinkedIn for follow-up. In most cases, the impersonator uses the company logo to portray themselves as an official recruiter for the company. To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-04 13:07:00 | Enough with "the Cyber"! (lien direct) | Email is great; it's transformed business, enabled geographically dispersed families and friends to stay in touch, redefined news distribution, transformed sales pipelines … the list of good stuff about email is endless. But, as many people have discovered to their cost, keeping control of your email account requires effort, effort like not using dumb, easy-to-guess passwords, and making sure your email hosting service is reliable and not, for example, Yahoo or AOL. And these issues aren't anything like new, recent discoveries; we've all known for over a decade where the risks lie … well, all of us except, apparently, for the government.I don't know about you, but during the 2016 election I was fairly surprised when the Democratic National Committee email system was hacked after which the email account of John Podesta, the DNC chairperson, was hacked. You'd have thought that the folks who manage IT for these people would have known the risks and done more to minimize exposure but when simple phishing and malware intrusions that should never of happened and which went undetected were successful, then you have to wonder where the disconnect lies.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-01 17:01:38 | Yahoo execs botched its response to 2014 breach, investigation finds (lien direct) | If your company has experienced a data breach, it's probably a good idea to thoroughly investigate it promptly.Unfortunately, Yahoo didn't, according to a new internal investigation. The internet pioneer, which reported a massive data breach involving 500 million user accounts in September, actually knew an intrusion had occurred back in 2014, but allegedly botched its response.The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach, which the company has blamed on a state-sponsored hacker.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-01 08:28:00 | IDG Contributor Network: To improve information security, enterprises and government must share information (lien direct) | Information security is forever weaved into our daily lives. From the massive data breaches impacting Target, Yahoo and Anthem to IoT-powered DDoS attacks that take down substantial portions of the internet for extended periods of time, information security impacts everyone.The reality is providing protection in this kind of environment is so challenging that no single entity, whether it's a company or a government agency, can accomplish this task alone. There needs to be some kind of cooperation between the private and public sectors. This leads to the questions of what kind of relationship should the government and companies have, how can they work together and what's preventing this process from happening?To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2017-02-21 06:54:00 | We finally know how much a data breach can cost (lien direct) | Everyone knows corporate data breaches can be expensive, but does anyone really know exactly how expensive? Recent estimates for the average cost have landed all over the map, ranging from $4 million to $7 million. But when it comes to the top end of the scale, those appraisals turn out to be laughably small.+ Also on Network World: Everything you know about cyberwar is wrong + The massive Yahoo data breaches of 2013 and 2014 now have a real cost attached to them, and it's a couple orders of magnitude larger than those piddly estimates. Simply put, the breaches forced Yahoo to renegotiate its sale to Verizon, cutting the price by $350 million. To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-21 06:41:55 | Verizon knocks off $350M from Yahoo deal after breaches (lien direct) | Verizon Communications will pay US$350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.Verizon will pay about $4.48 billion for Yahoo's operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.Back in October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-15 10:46:38 | Yahoo warns users of account breaches related to recent attacks (lien direct) | Yahoo has begun warning individual users that their accounts with the service may have been compromised in a massive data breach it reported late last year.The warning, in email messages sent from Yahoo CISO Bob Lord, tell users that a forged cookie may have been used to access their accounts in previous years.The warning to Yahoo users come at the same time that news reports suggest that Verizon Communications, in negotiations to buy Yahoo, may be seeking a discount of US$250 million because of the data breaches.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-03 04:35:00 | How AI is stopping criminal hacking in real time (lien direct) | Almost every day, there's news about a massive data leak -- a breach at Yahoo that reveals millions of user accounts, a compromise involving Gmail phishing scams. Security professionals are constantly moving the chess pieces around, but it can be a losing battle.Yet, there is one ally that has emerged in recent years. Artificial intelligence can stay vigilant at all times, looking for patterns in behavior and alerting you to a new threat.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-02 04:53:00 | Why 2017 will be the worst year ever for security (lien direct) | Sony. Anthem. The Office of Personnel Management. Target. Yahoo. The past two years have seen one mega-breach after another-and 2017 promises to be the most catastrophic year yet.Security experts have long warned that most organizations don't even know they've been breached. Attackers rely on stealth to learn about the network, find valuable information and systems, and steal what they want. Only recently have organizations improved their detection efforts and started investing the time, capital, and people needed to uncover vulnerabilities. When they do, the results are often alarming.[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] “I think we are going to find more, not less, breaches in 2017,†says Ray Rothrock, CEO of RedSeal, a security analytics firm.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-26 05:32:00 | Top data breach trends in 2016 - Phishing, skimming rise; hacking holds ground (lien direct) | When news broke in December of a massive data breach at Yahoo, it was met with a collective “This, again? Didn't they just report a breach?†The company had, in fact, reported a record-breaking breach of 500 million user accounts three months earlier, but it was dwarfed by the December breach, which impacted over 1 billion records.That pair of record breaking breaches was a fitting way to cap off a year marked by massive data breaches. As security intelligence provider Risk Based Security (RBS) points out in its newly-released 2016 Data Breach Trends report, “six 2016 breaches have taken their place on the Top 10 List of All Time Largest Breaches.â€To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-25 18:28:59 | Password-free security uses voice, user behavior to verify identity (lien direct) | Tired of conventional passwords? So is Nuance Communications, a tech firm that is promoting the human voice as a way to secure user accounts.The company's voice biometric product is among the technologies that promise to replace traditional -- and often vulnerable -- password authentication systems, which can be easy to hack. That isn't the case with Nuance's solution, the company claims.   “To determine if it's you or not, we are looking at over 100 different characteristics of your voice,†said Brett Beranek, Nuance's director of product strategy.The problem with passwords The need to move beyond passwords hasn't been more urgent, given that hackers are routinely finding ways to steal them. Last year, Yahoo, LinkedIn and Dropbox all reported major data breaches involving account details such as email addresses and hashed passwords.  To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-23 15:17:14 | Yahoo pushes back timing of Verizon deal after breaches (lien direct) | Verizon's planned acquisition of Yahoo will take longer than expected and won't close until this year's second quarter, the internet company said on Monday.The $4.8 billion deal was originally slated to close in the first quarter, but that was before Yahoo reported two massive data breaches that analysts say may scrap the entire deal.Although Yahoo continues to work to close the acquisition, there's still work required to meet closing the deal's closing conditions, the company said in an earnings statement, without elaborating.Verizon has suggested that the data breaches, and the resulting blow to Yahoo's reputation, might cause it to halt or renegotiate the deal.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-10 07:27:00 | Mayer: not so much leaving Yahoo, as taking it with her? (lien direct) | Marissa Mayer is getting ready to say goodbye to Yahoo's board, but not necessarily to the Yahoo brand. The company said in a U.S. Securities and Exchange Commission filing Monday that it will shed almost everything that makes it Yahoo, including its name, when its deal with Verizon closes. If you're a Yahoo shareholder, you might notice the difference, but for Yahoo users, the consequences of Monday's filing are minimal. Yahoo the company has two major assets: a worldwide network of internet portals, and a 15 percent stake in Chinese internet giant Alibaba worth many times that. When a plan to sell off the Alibaba stake ran into tax complications, the company pivoted, instead striking a deal to sell its portals, its brand -- almost everything but the Alibaba stake, in fact -- to Verizon.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-09 21:55:08 | Privacy legislation reintroduced for mail older than 180 days (lien direct) | A bill has been reintroduced in the U.S. House of Representatives that would require that law enforcement agencies get a warrant before they poke around users' emails and other communications in the cloud that are older than 180 days.The Email Privacy Act, reintroduced on Monday, aims to fix a loophole in the Electronic Communications Privacy Act that allowed the government to search without warrant email and other electronic communications older than 180 days, stored on servers of third-party service providers such as Google and Yahoo.“Thanks to the wording in a more than 30-year-old law, the papers in your desk are better protected than the emails in your inbox,†digital rights organization, Electronic Frontier Foundation said in a blog post Monday.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-03 11:25:00 | IDG Contributor Network: How mainframes prevent data breaches (lien direct) | 2016 was a strange year marked by everything from election surprises to a seemingly endless spate of celebrity deaths. But when historians look back at this mirum anno-weird year-it may end up being known as the year of the data breach. Of course, this sort of thing isn't restricted to 2016, but its impact on the world was hard to ignore. Among government organizations, the IRS and FBI suffered data breaches, and corporate victims included LinkedIn, Target, Verizon and Yahoo. Literally millions of people had their private information exposed to black hats, thieves and other ne'er-do-wells of the digital world. This epidemic of data theft calls upon security experts to get serious about creating new solutions.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-26 04:51:00 | Corporate boards aren\'t prepared for cyberattacks (lien direct) | Major cyberattacks against organizations of all sizes seem to happen almost weekly. On Dec. 14, Yahoo announced the largest-ever data breach, involving more than 1 billion customer accounts.Despite the scale and potential harm from such attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to defend their companies against such attacks. It's not just a problem of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2016-12-19 03:13:00 | 10 biggest hacks of user data in 2016 (lien direct) | You take great pains to come up with a strong password when registering for an account on a website -- only to see your efforts go for naught when that site gets hacked. Several sites had their databases of user accounts not only breached but stolen this year, which include the necessary information for logins (i.e. username, password). The following sites are ranked starting at the fewest number of user accounts with passwords that were taken.Also, these hacks were reported to have been executed during 2016. So this list does not feature Myspace (427 million user accounts stolen) or Yahoo! (a cool billion). Both were hacked supposedly before 2016, but were only reported this year. This list also does not include reports of user records that were exposed due to poor security, but where there is no evidence they were actually stolen.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-16 05:04:00 | 4 historic security events of 2016 and what they teach us [Infographic] (lien direct) | What is it they say about failing to learn the lessons of history and being doomed to repeat it? However the famous saying goes, I think we can agree that the events of 2016 can be very instructive if we choose to pay attention.Just yesterday, for example, Yahoo disclosed a breach from 2013 involving more than 1 billion user accounts - and those are unrelated to the 2014 breach disclosed in September involving over 500 million user accounts.Among the lessons from the Yahoo breaches is that hackers are very good at what they do and are getting increasingly sophisticated. What can you do to prevent an email-based attack from happening in your organization? Above all, pay attention to the human element.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-15 06:29:16 | 5 things you should do following the Yahoo breach (lien direct) | Internet giant Yahoo announced a massive data breach Wednesday that affected over one billion accounts, making it by far the largest data breach in history. This follows the disclosure in September of a different breach that affected more than 500 million of the company's customers.What stands out with this new security compromise is that it occurred over three years ago, in August 2013, and that hackers walked away with password hashes that can be easily cracked.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-14 19:08:43 | Yahoo breach means hackers had three years to abuse user accounts (lien direct) | Security researchers are disturbed it took Yahoo three years to discover that details of over 1 billion user accounts had been stolen back in 2013.It means that someone -- possibly a state-sponsored actor -- had access to one of the largest email user bases in the world, without anyone knowing. The stolen database may have even included information on email ids of U.S. government and military employees.“It is extremely alarming that Yahoo didn't know about this,†said Alex Holden, chief information security officer with Hold Security.Yahoo said back in November it first learned about the breach when law enforcement began sharing with the company stolen data that had been provided by a hacker. At the time, the company was already dealing with a separate data breach, reported in September, involving 500 million user accounts.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-12-14 14:41:00 | Yahoo reports massive data breach involving 1 billion accounts (lien direct) | In what is likely the largest data breach ever, Yahoo is reporting that data associated with more than 1 billion user accounts was stolen in August 2013.The incident is separate from a breach Yahoo reported in September involving at least 500 million users that originally occurred in late 2014 and shook public trust in the company.FREAKIN' OUT? DON'T CARE? Discuss on our Facebook pageStolen user data from this new breach involves names, email addresses, telephone numbers, dates of birth, and hashed passwords using an aging algorithm known as MD5 that can be cracked.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-11-09 20:41:36 | Yahoo investigating if insiders knew of hack (lien direct) | Yahoo said investigators into the late 2014 theft of information of at least 500 million user accounts are looking into the possibility that some people within the company knew about the security incident at the time.Law enforcement authorities on Monday also “began sharing certain data that they indicated was provided by a hacker who claimed the information was Yahoo user account data,â€Â the company said in a regulatory filing to the U.S. Securities and Exchange Commission. Yahoo said it would “analyze and investigate the hacker's claim.†It isn't clear if this data is from the 2014 hack or from another breach.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-11-03 10:48:01 | Flaw in Wix website builder risked computer worm (lien direct) | Wix, the provider of a widely used cloud-based web development platform, appears to have had a significant bug on its hands that could have paved the way for a computer worm to do serious damage to websites around world.The problem was related to an XSS (cross-site scripting) vulnerability that was found in websites built with Wix, according to Matt Austin, a researcher with Contrast Security.Though Wix says it has fixed the issue, it illustrates how a few lines of bad code can potentially do widespread damage.XSS vulnerabilities are common, and result from flaws in websites' coding. Hackers can take advantage of them to trick users' browsers into running malicious scripts that, for example, could download a computer virus or expose the internet cookies that are on their machines. Austin found the same kind of problem in websites from Wix, which builds websites and has 87 million users in Europe, Latin America, Asia.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-28 04:30:00 | IDG Contributor Network: How the government can help businesses fight cyber attacks (lien direct) | When a criminal robs a store, the police visit the scene, conduct an investigation and try to bring the perpetrator to justice. What happens when a criminal breaches that same store's server and makes off with its customer's credit-card numbers? I'd argue that the response to the physical crime would be much greater and effective than how the cyber crime would be handled, although cyber attacks have the potential to cause more damage than robberies.Blame cyber criminals, not nation-states, for attacks While nation-states are typically blamed for breaches, the culprits are usually cyber criminals who are using nation-state techniques and procedures. Companies likely claim infiltration by nation-state attackers because it provides them with some cover from lawsuits and preserves business deals and partnerships. (Yahoo is using this tactic with little success.) The reasoning could look like this: how could our organization protect itself from attackers who have the support and resources of a major government? We're simply outgunned.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-28 04:00:00 | IDG Contributor Network: How much does a data breach actually cost? (lien direct) | The American public has become so inured to data breaches that it's difficult to remember them all. Infamous breaches like the ones at Target and Sony become almost forgettable when confronted with the recently disclosed half-billion accounts compromised at Yahoo in 2014.The numbers are simply staggering. It is estimated over 900,000,000 records of personally identifiable information (PII) have been stolen in the U.S. over the past few years. Keeping a memory of all the hacks and when they happened may require the use of complex data visualization.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-27 08:53:00 | IDG Contributor Network: Securing the breach trumps breach prevention (lien direct) | In my prior posts, I discussed both the changing face of data breaches and the reality distortion field surrounding today's IT security professionals when they talk about effective ways to combat data breaches. Three things we know for certain, though, is that data breaches are not going away, our adversaries are continuing to innovate and attack, and the costs of a breach are becoming more tangible.Just this month, Verizon claimed the massive hack on Yahoo caused irreparable harm to the tech company in terms of customer trust, possibly allowing the wireless provider to withdraw from or renegotiate the terms of its $4.83 billion acquisition agreement. Also, in October, the U.K. Information Commissioner's Office hit TalkTalk with more than $400,000 in fines for its 2015 cyber attack.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-19 13:21:29 | Yahoo asks US for clarity on email scanning controversy (lien direct) | Yahoo is asking that the U.S. government set the record straight on requests for user data, following reports saying the internet company has secretly scanned customer emails for terrorism-related information.  On Wednesday, Yahoo sent a letter to the Director of National Intelligence James Clapper, saying the company has been "unable to respond" to news articles earlier this month detailing the alleged government-mandated email scanning."Your office, however, is well positioned to clarify this matter of public interest," the letter said.The scanning allegedly involved searching through the email accounts of every Yahoo user and may have gone beyond other U.S. government requests for information, according to a report from Reuters.  To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-18 10:34:00 | Down the rabbit hole, part 4: Securing your email (lien direct) | As I strive to make my life safe and secure from prying eyes, one area stands out as being astoundingly critical: email.Heck, you can barely go 24 hours without another example of leaked or hacked emails being released to the public. Add to that the recent revelations that Yahoo has been working secretly with United States government agencies to scan all email going through their system, and it quickly becomes clear that the majority of us have email accounts that are not even remotely private or secure.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-17 06:26:00 | How to avoid being the next Yahoo (lien direct) | It's no longer about whether or not you'll get attacked, it's about knowing what the repercussions are and if you have the right controls to minimize or completely eliminate the fallout. In order to be able to do this effectively, you need be attuned with your network controls and architecture. Asking the right questions can get you there and also ensuring that network architects are aligned with business and security goals.VArmour CEO Tim Eades offers a few questions decision makers should be asking to ensure they keep their organizations from being the next Yahoo.If we were subject to a data breach, how would our controls and processes appear when described on tomorrow's front page news? Why is this important?To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-14 08:31:04 | US lawmakers want answers on Yahoo email surveillance (lien direct) | A bipartisan group of 48 U.S. lawmakers wants two government agencies to explain a surveillance program in which Yahoo reportedly scanned all the messages of its email users on behalf of the FBI.After recent news reports of the email scanning program, the Department of Justice and the Office of the Director of National Intelligence need to brief Congress about the efforts, the lawmakers said in a letter to the two agencies.The first news reports about the program contained "conflicting reports about which legal authority was used" for the email scans, said the letter, organized by Representatives Justin Amash, a Michigan Republican, and Ted Lieu, a California Democrat.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-13 14:11:36 | Verizon signals Yahoo data breach may affect acqusition (lien direct) | Verizon has signaled that Yahoo's massive data breach may be enough reason to halt its US$4.8 billion deal to buy the internet company.On Thursday, Verizon's general counsel Craig Silliman said the company has a "reasonable basis" to believe that the breach involving 500 million Yahoo accounts has had a material impact on the acquisition. This could give the company room to back out or get a large discount."We're looking to Yahoo to demonstrate to us the full impact," he added. "If they believe that it's not, then they'll need to show us that."In response, Yahoo said, "We are confident in Yahoo's value and we continue to work towards integration with Verizon."To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-13 05:42:00 | Yahoo shows that breach impacts can go far beyond remediation expenses (lien direct) | Companies that focus on the immediate breach remediation costs may be missing the big picture, and could be under-investing in security as a result.Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included costs.But the actual numbers could be several times higher.Take the Yahoo breach, for example, which could lead to a $1 billion drop in the company's value.To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2016-10-11 06:55:00 | Yahoo Mail suspends automatic mail forwarding as privacy controversies swirl (lien direct) | In what can only be called awfully suspicious timing, Yahoo has turned off automatic email forwarding-a crucial feature when changing email accounts-for Yahoo Mail users. Anyone who has already enabled the feature is not affected, but others cannot activate it.On its help pages, Yahoo says mail forwarding is currently under development. “While we work to improve it, we've temporarily disabled the ability to turn on Mail Forwarding for new forwarding addresses,†the help page says.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-06 17:40:02 | Verizon may want a $1 billion discount on Yahoo (lien direct) | Verizon may be getting cold feet with its acquisition of Yahoo. Reportedly, it's asking for a $1 billion discount on the original $4.8 billion deal for the Internet company.Recent news about Yahoo's massive data breach and its alleged secret email scanning program has diminished the company's value in the eyes of Verizon, according to a Thursday report by the New York Post.Tim Armstrong, the head of AOL, which Verizon acquired in 2015, reportedly has met with Yahoo executives about reducing the acquisition price. Â "He's pretty upset about the lack of disclosure and he's saying can we get out of this or can we reduce the price?" the report said, quoting what it called a source familiar with Verizon's thinking.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-06 10:51:00 | What CSOs can learn from the Yahoo breach (lien direct) | In the latest episode of Security Sessions, CSO Editor-in-chief Joan Goodchild talks about the implications of the Yahoo data breach, in which up to 500 million accounts were hacked. Joining Goodchild in the discussion is Kevin O'Brien, CEO and founder of GreatHorn, who offers advice to CSOs and other IT security leaders on ways to learn from this particular breach. | Guideline | Yahoo | |
|
2016-10-06 06:44:03 | EU privacy watchdogs have questions about Yahoo\'s secret email scanning (lien direct) | European Union privacy watchdogs are concerned by reports that Yahoo has been secretly scanning its users' email at the request of U.S. intelligence services."It goes far beyond what is acceptable," said Johannes Caspar, Commissioner for Data Protection and Freedom of Information in Hamburg, Germany.Reuters reported on Tuesday that Yahoo had built a system for U.S. government agencies to search all of its users' incoming emails. Other tech companies were quick to distance themselves, saying they would have challenged any such request in court.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-05 16:06:20 | Yahoo\'s secret email scans helped the FBI probe terrorists (lien direct) | What Yahoo was looking for with its alleged email scanning program may have been signs of code used by a foreign terrorist group. The company was searching for a digital "signature" of a communication method used by a state-sponsored terrorist group, according to a new report from The New York Times that provided more details on Yahoo's email scanning.  The report on Wednesday report didn't identify the signature or say if it involved any cryptographic computer code. But the article said it was the U.S. Department of Justice, and not the National Security Agency, that had obtained a court order forcing Yahoo to comply. A Reuters report on Tuesday wasn't clear about what agencies were involved in the probe.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-05 07:30:06 | Yahoo calls report of secret email scanning \'misleading\' (lien direct) | Yahoo has called a Reuters article about a secret email scanning program "misleading," and said no such system exists. On Tuesday, the Reuters article claimed that Yahoo had created the custom software program after receiving a classified U.S. government order.  That software program is reportedly capable of scanning all incoming emails from Yahoo customers for information provided by U.S. intelligence officials.However, on Wednesday Yahoo disputed the report.“We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems," the company said in an email. To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2016-10-04 17:37:53 | US tech giants say they didn\'t do Yahoo-style email spying (lien direct) | Reports of a secret Yahoo program to search through customers' incoming emails has spurred other tech companies to deny ever receiving a similar request from the U.S. government.The program, reportedly created last year through a classified U.S. order, involves Yahoo searching through hundreds of millions of user accounts at the behest of the National Security Agency or FBI.Other U.S. tech companies, including Google, Microsoft, Twitter and Facebook, denied doing anything like it. Most also said they would challenge such a request in court.Privacy advocates said the government enlisting Yahoo to assist in email monitoring would be wrong.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-04 11:47:19 | Yahoo may have allowed US government to search user emails (lien direct) | Yahoo has reportedly searched through all of its users' incoming emails with a secret software program that's designed to ferret out information for U.S. government agencies.The software program, which was created last year, has scanned hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, according to a Tuesday report from Reuters.Yahoo reportedly created the program to comply with a U.S. classified government directive. It's unclear if the mass email searching program is still in use."Yahoo is a law-abiding company and complies with the laws of the United States," the company said in a statement.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-28 16:32:33 | The Yahoo hackers weren\'t state-sponsored, a security firm says (lien direct) | Common criminals, not state-sponsored hackers, carried out the massive 2014 data breach that exposed information about millions of Yahoo user accounts, a security firm said Wednesday. Yahoo has blamed state actors for the attack, but it was actually elite hackers-for-hire who did it, according to InfoArmor, which claims to have some of the stolen information. Â Â The independent security firm found the alleged data as part of its investigation into "Group E," a team of five professional hackers believed to be from Eastern Europe.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-09-28 09:41:12 | Meet Apache Spot, a new open source project for cybersecurity (lien direct) | Hard on the heels of the discovery of the largest known data breach in history, Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation with a focus on using big data analytics and machine learning for cybersecurity.Originally created by Intel and launched as the Open Network Insight (ONI) project in February, the effort is now called Apache Spot and has been accepted into the ASF Incubator."The idea is, let's create a common data model that any application developer can take advantage of to bring new analytic capabilities to bear on cybersecurity problems," Mike Olson, Cloudera co-founder and chief strategy officer, told an audience at the Strata+Hadoop World show in New York. "This is a big deal, and could have a huge impact around the world."To read this article in full or to leave a comment, please click here | Yahoo |
To see everything:
Our RSS (filtrered)
