What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-05-22 19:51:48 | “Yahoobleed†flaw leaked private e-mail attachments and credentials (lien direct) | Yahoo promptly retired ImageMagic library after failing to install 2-year-old patch. | Yahoo | ||
 |
2017-05-22 11:12:40 | Yahoo Retires Problematic Library After Bug Exposes User Email Content (lien direct) | Yahoo's engineering staff have retired the ImageMagick library from active duty after a security researcher found a bug that would have allowed an attacker to expose server memory, which, due to the library's nature, leaked image data from users' inboxes. [...] | Yahoo | ||
 |
2017-05-22 05:39:15 | Yahoo retires ImageMagick library after 18-byte exploit leaks user email content (lien direct) | The simple line of code made it possible for attackers to view private Yahoo Mail images. | Yahoo | ||
 |
2017-05-19 10:00:00 | Deconstructing the 2016 Yahoo Security Breach (lien direct) | One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us. | Yahoo | ||
 |
2017-05-17 20:21:07 | May Sketch: Reactions to Macron\'s Victory (lien direct) | World Leaders’ Reactions to Macron’s Presidential Victory As reported by Yahoo Share This: | Guideline | Yahoo | |
 |
2017-05-12 06:34:35 | When Bad Guys are Pwning Bad Guys..., (Fri, May 12th) (lien direct) | A few months ago, I wrote a diary about webshells[1] and the numerous interesting features they offer. Theyre plenty of web shells available, there are easy to find and install. They are usually delivered as one big obfuscated (read: Base64, ROT13 encoded and gzip width:801px" /> Im pretty sure that some people are using web shells as a remote administration tool. Is it really a good idea? Not sure When we install a software on our computer, one of the recommendations is to check the hash of the files/archives with the one provided by the developer to be sure that the software has not been altered by any means. It could be a good idea to make the same with web shells! While preparing a presentation about web shells and testing some of them in a lab, I found a specific version of the RC-Shell (v2.0.2011.0827) that started to generatesuspicious traffic. Almost at the same time, I was contacted by one of our readers that reported to me the same behaviour. He did some analysis on his side and the conclusion was thatthe web shell was backdoored! The PHP code contains anarray of Base64 encoded images which are icons used to identify the file types. In the backdoored version, the unknown padding:5px 10px"> $images = array( small_unk = iVBORw0KGgoAAAANSU ..., unknown = iVBORw0KGgoAAAANSU ... MD5 (unknown.png) = 1470521de78ef3d0795f83ea7af7c6ad If you have a look at the picture metadata, you will see that the unknown width:800px" /> Multiple functions have been added to the web shell to deploy the backdoor. padding:5px 10px"> function z8t($i, $o)//run backdoor { $r = @create_function($o, return @ . z7v($o, 0) . } Note: I found different versions of the web shell with different function names. The decoding of the PNG image comment and the installation of the backdoor is available here[3]. The code of the backdoor is located here[4]. Basically, it collects juicy information (local PHP variables and details about the web shell and phone home via two channels: SMTP is used to drop an email to peterlegere51@yahoo[.]com HTTP is used to post the same data to padding:5px 10px"> To: peterlegere51@yahoo.com Subject: Linux|http://shiva/lab/VW4Zy8Yg.php? X-PHP-Originating-Script: 1000:VW4Zy8Yg.php(830) : runtime-created function(1) : eval()d code Message-Id: 20170509202418.BE96124112C@shiva .NET CLR SERVER_NAME=xxxxxx SERVER_ADDR=192.168.254.8 SERVER_PORT=80 HTTP_REFERER=http://shiva/lab/ PHP_SELF=/lab/VW4Zy8Yg.php REQUEST_URI=/lab/VW4Zy8Yg.php SCRIPT_NAME=/lab/VW4Zy8Yg.php SCRIPT_FILENAME=/var/www/lab/VW4Zy8Yg.php REMOTE_ADDR=192.168.254.11 So, be warned when you download and use tools from unknown or unreliable sources. Even underground tools can be backdoored! [1]https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257 [2]http://entropymine.com/jason/tweakpng/ [3]https://gist.github.com/anonymous/319ef7124affebec67ebc56bc83cbe87 [4]https://pastebin.com/bgj7aH9u Xavier Mertens (@xme) ISC Handler - Freelance Security Consultant PGP Key (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. | Yahoo | ||
 |
2017-05-12 02:51:43 | Some notes on Trump\'s cybersecurity Executive Order (lien direct) | President Trump has finally signed an executive order on "cybersecurity". The first draft during his first weeks in power were hilariously ignorant. The current draft, though, is pretty reasonable as such things go. I'm just reading the plain language of the draft as a cybersecurity expert, picking out the bits that interest me. In reality, there's probably all sorts of politics in the background that I'm missing, so I may be wildly off-base.Holding managers accountableThis is a great idea in theory. But government heads are rarely accountable for anything, so it's hard to see if they'll have the nerve to implement this in practice. When the next breech happens, we'll see if anybody gets fired."antiquated and difficult to defend Information Technology"The government uses laughably old computers sometimes. Forces in government wants to upgrade them. This won't work. Instead of replacing old computers, the budget will simply be used to add new computers. The old computers will still stick around."Legacy" is a problem that money can't solve. Programmers know how to build small things, but not big things. Everything starts out small, then becomes big gradually over time through constant small additions. What you have now is big legacy systems. Attempts to replace a big system with a built-from-scratch big system will fail, because engineers don't know how to build big systems. This will suck down any amount of budget you have with failed multi-million dollar projects.It's not the antiquated systems that are usually the problem, but more modern systems. Antiquated systems can usually be protected by simply sticking a firewall or proxy in front of them."address immediate unmet budgetary needs necessary to manage risk"Nobody cares about cybersecurity. Instead, it's a thing people exploit in order to increase their budget. Instead of doing the best security with the budget they have, they insist they can't secure the network without more money.An alternate way to address gaps in cybersecurity is instead to do less. Reduce exposure to the web, provide fewer services, reduce functionality of desktop computers, and so on. Insisting that more money is the only way to address unmet needs is the strategy of the incompetent.Use the NIST frameworkProbably the biggest thing in the EO is that it forces everyone to use the NIST cybersecurity framework.The NIST Framework simply documents all the things that organizations commonly do to secure themselves, such run intrusion-detection systems or impose rules for good passwords.There are two problems with the NIST Framework. The first is that no organization does all the things listed. The second is that many organizations don't do the things well.Password rules are a good example. Organizations typically had bad rules, such as frequent changes and complexity standards. So the NIST Framework documented them. But cybersecurity experts have long opposed those complex rules, so have been fighting NIST on them.Another good example is intrusion-detection. These days, I scan the entire Internet, setting off everyone's intrusion-detection systems. I can see first hand that they are doing intrusion-detection wrong. But the NIST Framework recommends they do it, because many organizations do it, but the NIST Framework doesn't demand they do it well.When this EO forces everyone to follow the NIST Framework, then, it's likely just going to i | Guideline | Yahoo Tesla | |
|
2017-05-10 02:16:35 | OAuth, and It\'s High Time for Some Personal "Security-Scaping" Today, (Wed, May 10th) (lien direct) | After Bojans recent story on the short-lived Google Docs OAuth issues last week (https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/), I got to thinking. The compromise didnt affect too many people, but it got me thinking about OAuth. The piece of OAuth that I focused on is the series of permisssions and tokens that allow interaction between applications, which is what the recent compromise took advantage of. My personal mantra is the best day to change the password for X is today, and as part of this Ive expanded that proverb to include looking at application permissions and privacy settings! For instance, using Googles Security Checkup at https://myaccount.google.com/security , I found that at some point in the past, I granted TripAdvisor access to my Gmail account. This wasnt intentional, it was probably an OK prompt during an install or update process you know, the ones you sometimes just click quickly / accidentally without paying attention to? Then wonder if you just clicked something dumb right after? Anyway, yes, one of those - *click* - gone now! I moved on to Facebook - application settings are here: https://www.facebook.com/settings and privacy settings are here: https://www.facebook.com/settings?tab=privacy Really, everything in that page needs to be looked at!. Me, I was surprised to find that I was using an older email address for my Facebook login (oops) with the login buried in my iPad app, it wasnt something I had thought about (plus Im not in facebook too much lately) Other sites of interest: Twitter: https://twitter.com/settings/account In particular: https://twitter.com/settings/safety And: https://twitter.com/settings/applications Linkedin: https://www.linkedin.com/psettings/ Really, most apps that you run have a privacy or a security page it never seems to be front-and-center though, in fact for many of the apps I access primarily from a dedicated app on my phone or tablet, I needed to go to the real application in my browser to find these settings. As you go, be sure to translate the security questions to plain English. For instance, from Googles privacy checkup, youbase64,iVBORw0KGgoAAAANSUhEUgAAAwQAAABsCAIAAABb1uIfAAAgAElEQVR4nOy9Z1dcSbYm3D9p3o8zs9adO/ftrq6qLkkljwBhlSC89wiPkAQyIIckQB5ZZAp5A3IgCYQTMiAJhIf0mcfGOXEinvkQSRZluqf7TvVU1TTPyiUlJzMj4+zYe8cTO/aO/AOWsYxlLGMZy1jGMv6F8YdfuwPLWMYylrGMZSxjGb8mlsnQMpaxjGUsYxnL+JfGMhlaxjKWsYxlLGMZ/9JYJkPLWMYylrGMZSzjXxrLZGgZy1jGMpaxjGX8S2OZDC1jGctYxjKWsYx/afwBAOccAGPsR6+pqmqapnjOGHO73X9no4QQxpho9teCZVm6rovnlFJxI4qi/Ipd+llomgYgKGdKKQC/3/9Ltf9LyeH3Is/fETjnnHPTNAkh4opQhmX857DUgxmGsVRFg/a1rLe/ffwG7cI0TVVVgwpmWRYASikhRExzv+5kt4xfBD8gQ2KMOedL3Yqu63+P71BVdenb+CJ++S7/I9B1/Vc3pL8HQZ4hy/I/qf1fRA6/F3n+9vGjmVuY3jL+DyEm0eCfQSGrqvqjJ8v4beK3ZhdBzyzAGAsuBZfCsqyfRhOW8fvCHwBYliVYi2maIjLx1/D3uJKlXCpI7f/vI8jMRB8Mw/gFwy2/IITBBwUlSdIva/+/lBx+L/L8vYAQQik1DCNoLLqu/+qu//eLoBjFet00TRGctizLsqylZEhc+fV6uoy/hd+aXSxd0gsmFLy+9G3LSvX/AP4AgFIqBjI4opTSN2/enDlzpqioqLCwMCsrKyUlpbCwMDs7O+evIzs7u7CwMD09vamp6d27d7/ujf2Ipwu3+Gt15m/gnx08+6Xk8HuR5+8XhmH82l34fWPpWi7o05bxe8evbheWZWma9iN1opRSSpejQf8vIRAZEnG/IBkaGxurq6urqalJT0/Pzc3NzMxMTEwsKSnJy8v7a0woMzMzJSUlNzc3JSVl7969hw4dGhoa+nXvTZIkTdM458GdnV8xUvU3IFZCuq4LV/6LG9gvJYffizx/Fwj6VsaYqqo+n++nsfdl/ENQFMXn8y2dtIJujTFmGIaINyyTpN8yfmt28dNVHyEk6AAFJQq+tMyNftcIVJOJWS0YXr506VJGRsbY2NiP3v23M1qEKliW5XK5cnNz6+vr/zl9/ruwdO | Guideline | Yahoo Guam | |
 |
2017-05-08 18:05:39 | Yahoo Paid Out $2 Million in Bug Bounty Program (lien direct) | Yahoo reported on Monday that between the launch of its bug bounty program in 2013 and December 2016 it had paid out a total of more than $2 million. | Yahoo | ||
 |
2017-05-04 17:18:00 | OAuth Worm Targeting Google Users - You Need to Watch Cloud Services (lien direct) |
Yesterday, many people received an e-mail from someone they knew and trusted asking them to open a "Google Doc.” The email looked, felt, and smelled like the real thing—an email that Google normally sends whenever a share request is made. However, the email contained a button that mimicked a link to open a document in Google Docs.
When users clicked on the button, they were prompted to give “Google Docs” permission to read / send email, manage their email, and access their contact lists.
In reality, this was a malicious application registered by the attackers. And, in fact, is one of the most well-crafted phishing attempts in the last year.
By clicking on the ALLOW button, users authorized the malicious application to perform actions on their behalf. The users’ browsers were redirected to one of the malicious servers set up by the attackers, for example:
https://googledocs[.]docscloud[.]win/g.php.
The AlienVault Labs Security Research Team detected the activity, and while the attack was still in progress, we created a Pulse in the Open Threat Exchange (OTX) with all the indicators of the infrastructure the attackers used (mainly the domains they used in redirection).
In addition, several OTX users jumped in and shared more malicious infrastructure in a matter of minutes!
This helped get the indicators out immediately to the 30,000+ people that follow the AlienVault OTX account. Kudos to the OTX members who jumped in and delivered this valuable information so quickly to the community!
Sign up to OTX to join the 53,000+ users who already benefit from this free service >
Going back to the attack–when the user was redirected to one of the servers after allowing the malicious application to perform those actions, it was served with the JavaScript code that contained the self-replication / worm functionality.
First, the malicious JavaScript would get access to the contact list (first 1000 entries):
The code parsed the names and email addresses of those contacts and then prioritize addresses from gmail.com, avoiding addresses containing the words “google”, “keeper” and “unty”.
Once the list of potential victims was crafted, the code sent the same email to them as well, thus propagating the attack:
When sending the email, the attackers also decided to BCC the address hhhhhhhhhhhhhhhh[at]mailinator[.]com -, presumably to monitor progress or collect the list of victims.
Impact
Luckily, Google reacted to this quickly, and the malicious applications were shut down in about an hour after the start of the campaign. Cloudflare, which the attackers used in front of the malicious infrastructure, took down that part of the attack infrastructure quickly, too.
It is important to mentio |
Guideline | Yahoo APT 28 | |
 |
2017-05-01 16:08:01 | Flickr Vulnerability Worth $7K Bounty to Researcher (lien direct) | Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty. | Yahoo | ||
|
2017-05-01 13:07:45 | Yahoo Awards $7,000 for Flickr Account Hijacking Flaws (lien direct) | A bug bounty hunter has earned $7,000 from Yahoo for finding vulnerabilities in the company's image and video hosting service Flickr. | Yahoo | ||
|
2017-04-05 13:00:00 | Defining and Addressing the Growing Cyber Insider Threat (lien direct) |
The Cyber Insider Threat is one of the most difficult challenges for companies, organizations, and countries. It is often difficult to discover, defend and remediate because such threats can involve a combination of human behavioral elements and hardware and software technologies. Many of the threat actors are tech-savvy and are becoming increasingly sophisticated in their methods of infiltration. What Is Insider Threat – read more
The recent “Vault 7” WikiLeaks download of thousands of pages of sensitive CIA hacking tools and techniques is the latest episode of high profile insider breaches. Other noted examples include Army Pfc Chelsea Manning - 400,000 documents - Iraq War logs, 91,000 documents- Afghanistan database, Edward Snowden - 50,000 to 200,000 NSA documents, Harold Thomas Martin III NSA Contractor- 50,000 gigabytes, about 500 million documents, Home Depot data breach - 56 million credit cards, Yahoo - 1 billion accounts, and Twitter - 32 million accounts. Healthcare – 4 million patient records. Average cost of a data breach in 2016 was $4 million dollars/company (Ponemon). Global business loss in 2014 – $1.7 trillion dollars with 23% annual growth. 2016 losses could be higher than $3 trillion dollars globally (stats courtesy of Mr. Thomas Kupiec – Chief Information Security Officer – SMS and former CISO of the National Geospatial Intelligence Agency)
There are voluminous lists of breaches (see infographic), not all of them are insider breaches, but many of them can be attributed to actions from someone on the inside. These data breaches touch every vertical of society; security, healthcare, financial, transportation, and commerce.
Source for Infographic
For Chief Information Security Officers (CISOs), defending against insider threats is a biggest challenge. In fact, according to a recent SANS Survey on Insider Threats, 74% of CISOs expressed concern about employees stealing sensitive company information. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all cyber- attacks were carried out by insiders. The Verizon 2016 DBIR Report [KB2] disclosed that that 77 percent of internal breaches were deemed to be by employees, 11 percent by external actors only, 3 percent were from partners and 8 percent involved internal-external collusion which makes them hard to categorize. And according to Accenture HfS Research 69% of enterprise security executives reported experiencing an attempted theft or corruption of data by insiders during the last 12 months.
TYPES OF INSIDER BREACHES
To understand vulnerabilities to insider threats, it is important to be able to define and categorize the types. The Information Security Forum (ISF) provides a good framework for describing insider breaches:
Malicious: Malicious insider behavior combines a motive to harm with a decision to act inappropriately. For example, keeping and turning over sensitive proprietary information to a competitor after being terminated.
Negligent: Negligent behavior can occur when people look for ways to avoid poli |
Yahoo | ||
 |
2017-03-30 09:24:51 | Smashing Security #014: Protecting webmail (lien direct) |  What can you do to better protect your online email accounts?
In this special edition of the "Smashing Security" podcast, regular hosts Graham Cluley and Carole Theriault, joined by special guest Paul Ducklin, share tips on how to better defend your Gmail/Yahoo/Hotmail/Outlook/etc account.
|
Yahoo | ||
 |
2017-03-29 08:35:00 | IBM on the state of network security: Abysmal (lien direct) | The state of online security is darn dreadful. At least if you look at the results from the IBM Security's 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as: The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion -- more than the combined total from the two previous years. In one case, a single source leaked more than 1.5 billion records [see Yahoo breach]. In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year. In 2016, many significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised. The most popular types of malcode we observed in 2016 were Android malware, banking Trojans, ransomware offerings and DDoS-as-a-service vendors. Since DDoS tools are mostly sold as a service and not as malware per se, we will focus here on banking Trojans, Android malware and ransomware. In December 2016, a malware developer with an ongoing banking Trojan project showed up in underground forums, aspiring to sell some licenses as he worked on completing the development of all its modules. The actor promised to deliver future capabilities, such as a Socket Secure (SOCKS) proxy and hidden virtual network computing alongside technical support and free bug fixes. The malware was named Nuclear Bot, or NukeBot, at the time. IBM wrote it has yet to see NukeBot/Micro Bot active in the wild, analyses performed by X-Force and other vendors found that it has the potential to rise in 2017 and bring back commercial Trojan sales in the underground. In 2015, Healthcare was the most attacked industry with Financial Services falling to third, however, attackers in 2016 refocused back on Financial Services. IBM did note that while the healthcare industry continued to be beleaguered by a high number of incidents, attackers hit on smaller targets resulting in a lower number of leaked records. In 2016, only 12 million records were compromised in healthcare - keeping it out of the top 5 most-breached industries. For perspective, nearly 100 million healthcare records were compromised in 2015 resulting in an 88% drop in 2016, IBM stated.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-17 19:27:52 | Kremlin Denies Involvement after Yahoo Cyberattack Charges (lien direct) | The Kremlin on Thursday denied any official Russian involvement in cybercrimes after the US indicted two FSB intelligence agents over cyberattacks on Yahoo that compromised 500 million accounts. | Yahoo | ||
|
2017-03-17 11:12:00 | A cybersecurity risk assessment is a critical part of M&A due diligence  (lien direct) | This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  As of mid-February, the plan for Verizon Communications to acquire a majority of Yahoo's web assets is still on, despite the announcement of Yahoo having suffered two massive breaches of customer data in 2013 and 2014. The sale price, however, has been discounted by $350 million, and Verizon and Altaba Inc. have agreed to share any ongoing legal responsibilities related to the breaches. Altaba is the entity that will own the portion of Yahoo that Verizon is not acquiring.To read this article in full or to leave a comment, please click here | Yahoo | ||
 |
2017-03-17 03:00:09 | Yahoo! Bleeds for the Protection of Customer Data (lien direct) | On March 1, Marissa Mayer, Yahoo!'s Chief Executive Office, gave up millions of dollars. As she noted in a blog post on Tumblr, “I am the CEO of the company [Yahoo!] and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant.†All in, Mayer gave up […]… Read More | Yahoo | ||
 |
2017-03-16 18:41:43 | News in brief: Yahoo \'was spear-phished\'; McDonald\'s Twitter hijacked; Samsung moots face recognition for payments (lien direct) | Your daily round-up of some of the other stories in the news |
Yahoo | ||
|
2017-03-16 17:57:45 | Yahoo breach exposes the drawbacks of state-sponsored hacking (lien direct) | When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they're taking a big risk. On the one hand, it gives them a bit of plausible deniability while reaping the potential spoils of each attack, but if the hackers aren't kept on a tight leash things can turn bad. Karim Baratov, the 22-year-old Canadian hacker who the FBI alleges Russia's state security agency hired to carry out the Yahoo breach, didn't care much for a low profile. His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars -- the latest an Aston Martin DB9 with the license plate "MR KARIM."To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-16 16:15:00 | Mandiant: Financial Cybercriminals Looking More Like Nation-States (lien direct) | As the cybercriminal-cyber espionage connection in the Yahoo breach demonstrates the security challenges facing organizations today. | Yahoo | ||
 |
2017-03-16 10:48:38 | US charges Russian FSB officials in connection with massive Yahoo security breach (lien direct) | The United States has charged four men, including two officials of Russia's FSB intelligence agency, in connection with a hacking attack against Yahoo that saw the details of 500 million users stolen and the use of forged cookies to break into accounts. | Yahoo | ||
 |
2017-03-16 06:45:57 | US accuses Russian spies of directing Yahoo breach (lien direct) | US authorities have arrested a man in Canada who has been charged alongside two Russian intelligence officers and a Russian hacker in connection with a 2014 data breach at Yahoo affecting 500 million accounts | Yahoo | ||
|
2017-03-16 05:52:00 | Want good cyber insurance? Read the fine print (lien direct) | One of the main reasons to buy insurance is to prevent the cost of an accident or other disaster from breaking the bank. But what if simply buying insurance threatens to break the bank?That scenario is starting to worry some organizations, for several reasons.First is the simple but powerful market force of supply and demand. More and more organizations, spooked by regular stories of catastrophic breaches – such as the compromise of more than 1.5 billion Yahoo! accounts, which took down its acquisition value by a reported $350 million – are seeking insurance. And when demand rises, the price tends to do so as well.To read this article in full or to leave a comment, please click here | Yahoo | ||
 |
2017-03-16 04:26:08 | Comment les hackers russes ont siphonné les données de Yahoo (lien direct) | Quatre personnes, dont deux agents russes, ont été accusées par le FBI du piratage des comptes utilisateurs de Yahoo. On sait désormais que ce sont bien de faux cookies qui ont été conçus pour y parvenir.  |
Yahoo | ★★★★ | |
 |
2017-03-16 03:10:32 | Yahoo! Hack! How It Took Just One-Click to Execute Biggest Data Breach in History (lien direct) | In the digital world, it just takes one click to get the keys to the kingdom.
Do you know spear-phishing was the only secret weapon behind the biggest data breach in the history?
It's true, as one of the Yahoo employees fell victim to a simple phishing attack and clicked one wrong link that let the hackers gain a foothold in the company's internal networks.
You may be familiar with phishing
|
Yahoo | ||
 |
2017-03-16 00:49:07 | Four Men Charged With Hacking 500M Yahoo Accounts (lien direct) | The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of the men named in the indictments worked for a unit of the Russian Federal Security Service (FSB) that serves as the FBI's point of contact in Moscow on cybercrime cases. Here's a look at the accused, starting with a 22-year-old who apparently did not try to hide his tracks. According to a press release put out by the Justice Department, among those indicted was Karim Baratov (a.k.a. Kay, Karim Taloverov), a Canadian and Kazakh national who lives in Canada. Baratov is accused of being hired by the two FSB officer defendants in this case -- Dmitry Dokuchaev, 33, and Igor Sushchin, 43 -- to hack into the email accounts of thousands of individuals. According to a press release put out by the Justice Department, among those indicted was Karim Baratov (a.k.a. Kay, Karim Taloverov), a Canadian and Kazakh national who lives in Canada. Baratov is accused of being hired by the two FSB officer defendants in this case -- Dmitry Dokuchaev, 33, and Igor Sushchin, 43 -- to hack into the email accounts of thousands of individuals. | Yahoo | ||
|
2017-03-15 21:13:05 | How did Yahoo get breached? Employee got spear phished, FBI suggests (lien direct) | Unwitting sysadmin or other employee was conned out of credentials, FBI theorizes. | Yahoo | ||
|
2017-03-15 18:37:39 | News in brief: France drops e-voting; alleged Yahoo hackers indicted; Google tool for parents (lien direct) | Your daily round-up of some of the other stories in the news |
Yahoo | ||
|
2017-03-15 18:20:04 | US faces limits in busting Russian agents over Yahoo breach (lien direct) | In a rare move, the U.S. has indicted two Russian government agents for their suspected involvement in a massive Yahoo data breach. But what now? Security experts say Wednesday's indictment might amount to nothing more than naming and shaming Russia. That's because no one expects the Kremlin to play along with the U.S. indictment. “I can't imagine the Russian government is going to hand over the two FSB officers,†said Jeremiah Grossman, chief of security strategy at SentinelOne. "Even in the most successful investigations, state hackers are still immune from prosecution or retaliation," said Kenneth Geers, a research scientist at security firm Comodo.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-15 18:20:00 | DoJ Indicts Russian FSB Officers and Cybercriminals in Yahoo Breach (lien direct) | Russian intelligence officials hired renowned cybercriminals to do their bidding in massive hacks that compromised Yahoo, Gmail, and other email accounts of millions of people in the US, Russia, elsewhere. | Yahoo | ||
|
2017-03-15 18:17:23 | U.S. Government Indicts Two Russian FSB Officers Over Yahoo Hack (lien direct) | U.S. Government Indicts Four Over 2014 Yahoo Hack, Including Two Russian FSB Officers | Yahoo | ||
|
2017-03-15 17:32:37 | FSB Officers, Criminal Hackers Indicted in Yahoo Breach (lien direct) | The Department of Justice indicted four individuals, including two Russian FSB officers, for their roles in the Yahoo breach. | Yahoo | ||
|
2017-03-15 16:26:07 | US charges two Russian agents with ordering hack of 500m Yahoo accounts (lien direct) | Russian law enforcement agency that works with FBI hired Yahoo hackers. | Yahoo | ||
|
2017-03-15 15:42:00 | Justice Dept. charges four Russia-backed hackers over Yahoo breach (lien direct) | The indictments include two members of Russian intelligence and two hackers hired by the Russian government. | Yahoo | ||
|
2017-03-15 15:37:00 | Inside the Russian hack of Yahoo: How they did it (lien direct) | One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people. The U.S. Federal Bureau of Investigation has been investigating the intrusion for two years, but it was only in late 2016 that the full scale of the hack became apparent. On Wednesday, the FBI indicted four people for the attack, two of whom are Russian spies. Here's how the FBI says they did it: The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It's unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-15 13:24:36 | US Charges Four Hackers in Yahoo 2014 Security Breach, Including Two FSB Agents (lien direct) | The US Department of Justice (DoJ) charged four suspects today for orchestrating the 2014 Yahoo data breach during which attackers stole details for over 500 million Yahoo users. [...] | Yahoo | ★★★★ | |
|
2017-03-15 12:13:59 | US Charges Two Russian Spies & Two Hackers For Hacking 500 Million Yahoo Accounts (lien direct) | The 2014 Yahoo hack disclosed late last year that compromised over 500 million Yahoo user accounts was believed to be carried out by a state-sponsored hacking group.
Now, two Russian intelligence officers and two criminal hackers have been charged by the US government in connection with the 2014 Yahoo hack that compromised about 500 million Yahoo user accounts, the Department of Justice
|
Yahoo | ||
|
2017-03-15 09:07:14 | Four charged, including Russian gov\'t agents, for massive Yahoo hack (lien direct) | The U.S. Federal Bureau of Investigation has charged four people, including two Russian state intelligence agents, for their involvement in a massive hack of Yahoo that affected half a billion accounts.In September, Yahoo said hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a "state-sponsored" group.On Wednesday, the FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2017-03-13 15:51:58 | Yahoo to give Marissa Mayer $23 million parting gift after sale to Verizon (lien direct) | Mayer will leave as what remains of Yahoo becomes Altaba holding company. | Yahoo | ||
 |
2017-03-09 10:40:16 | Cybersécurité : 5 astuces pour se protéger en ligne (lien direct) |  Dans un contexte où la CIA développe des programmes de piratage destinés à transformer les smartphones ou les télévisions connectées en appareils d'écoute, où la messagerie d'Hilary Clinton a pu être accédée frauduleusement, où Yahoo révèle avoir été victime d'une vulnérabilité ayant affecté 32 millions de comptes, les internautes ont pris conscience des risques liés aux cyberattaques. |
Yahoo | ||
|
2017-03-07 09:58:00 | Honeypot catches social engineering scams on social media (lien direct) | Say you just got laid off from your job. Bills are piling up and the pressure to get a new job quickly is building. Your desperation has you taking chances you wouldn't normally take, such as clicking on a link to a job offer - even if something about it doesn't quite look right.Research firm ZeroFOX has found that unless a company has a verified recruiting account, it can be difficult for an applicant to decipher a legitimate account from an impersonator. One way to spot an impersonator is that they commonly provide Gmail, Yahoo, and other free email provider addresses through which applicants can inquire about a job and send their resumes (more advanced scammers can spoof company email domains). Some also include links to official job sites and LinkedIn for follow-up. In most cases, the impersonator uses the company logo to portray themselves as an official recruiter for the company. To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-06 08:50:33 | Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web (lien direct) | Hardly a day goes without headlines about any significant data breach. In past year, billions of accounts from popular sites and services, including LinkedIn, Tumblr, MySpace, Last.FM, Yahoo!, VK.com were exposed on the Internet.
Now, according to the recent news, login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered
|
Yahoo | ||
|
2017-03-06 06:50:36 | Journalists: How hacking details matter (lien direct) | When I write my definitive guide for journalists covering hacking, I'm going to point out how easy it is for journalists to misunderstand the details of a story -- especially when they change the details to fit the story they want to tell.For example, there is the notorious "CIA hacked Senate computers" scandal. In fact, the computers in question were owned by the CIA, located in a CIA facility, and managed/operated by CIA employees. You can't "hack" computers you own. Yes, the CIA overstepped the bounds of an informal agreement with the Senate committee overseeing them, but in no way did anything remotely like "hacking" occur.This detail matter. If the CIA had truly hacked the Senate committee, that would be a constitutional crisis. A small misstep breaking an informal agreement is not.A more recent example is this story, which mentions that AlfaBank-Trump connection, claiming the server was in Trump Tower [*]:What about the computer server at Trump Tower?Several news media outlets have reported that investigators last year were puzzled by data transmissions between a computer server at Trump Tower and a computer server associated with a Russian bank. Although Mr. Trump on Twitter talked about his “phones,†in theory a judge might determine that the computer address of the server in the tower was a facility being used by a foreign power, Russia, to communicate, and authorize surveillance of it.No, the server was not located in Trump Tower. It was located outside Philadelphia. It's owned and operated by a company called Listrak. There's no evidence anybody in the Trump Organization even knew about the server. It was some other company named Cendyn who decided to associate Trump's name with the server. There's no evidence of communication between the server and Alfa -- only evidence of communication about the server from Alfa.The details are important to the story, because it's trying to show how a judge "might determine that the computer ... in the tower was a facility being used by a foreign power". If it's not anywhere near or related to the Trump Tower, no such determination could be made.Then there was that disastrous story from the Washington Post about Russia hacking into a Vermont power plant [*], which still hasn't been retracted despite widespread condemnation. No such hacking occurred. Instead, the details of what happened is that an employee checked Yahoo mail from his laptop. The night before, the DHS had incorrectly configured its "Einstein" intrusion detection system to trigger on innocent traffic with Yahoo as an indicator of compromise from Russian hackers.You can see how journalists make these mistakes. If CIA is spying on computers used by Senate staffers, then the natural assumption is that the CIA hacked those computers. If there was a server associated with the Trump Organization, however tenuous, it's easy to assume a more concrete relationship, such as the server being located in Trump's offices. You can see how once the DHS claims there was a hack, and you've filled your stories with quotes from senators pontificating about the meaning of such hacks, it's very difficult to retract the story when the details emerge there was nothing remotely resembling a hack.I'm not trying to claim that journalists need to be smarter about hacking. I'm instead claiming that journalists need to be smarter about journalism. The flaws here all go one way -- toward the sensational. Instead of paying attention to the details and questioning whether such sensational | Yahoo | ||
|
2017-03-06 05:00:19 | More than a million Gmail and Yahoo account credentials on sale (lien direct) | Usernames, email addresses and plaintext passwords of more than a million Yahoo and Gmail accounts are reportedly on sale on the dark web, posing a threat to corporate security | Yahoo | ||
|
2017-03-04 13:07:00 | Enough with "the Cyber"! (lien direct) | Email is great; it's transformed business, enabled geographically dispersed families and friends to stay in touch, redefined news distribution, transformed sales pipelines … the list of good stuff about email is endless. But, as many people have discovered to their cost, keeping control of your email account requires effort, effort like not using dumb, easy-to-guess passwords, and making sure your email hosting service is reliable and not, for example, Yahoo or AOL. And these issues aren't anything like new, recent discoveries; we've all known for over a decade where the risks lie … well, all of us except, apparently, for the government.I don't know about you, but during the 2016 election I was fairly surprised when the Democratic National Committee email system was hacked after which the email account of John Podesta, the DNC chairperson, was hacked. You'd have thought that the folks who manage IT for these people would have known the risks and done more to minimize exposure but when simple phishing and malware intrusions that should never of happened and which went undetected were successful, then you have to wonder where the disconnect lies.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-03 15:34:08 | Yahoo CEO forgoes annual bonus, worth millions, over security breaches (lien direct) | Yahoo's Marissa Mayer has missed out on $2m from her annual bonus due to her management of security breaches affecting billions of users. | Yahoo | ||
|
2017-03-03 09:27:00 | Yahoo CEO Punished for Data Breaches (lien direct) | Marissa Mayer will be denied her annual bonus of around $2 million and also forgoes annual stock award worth millions. | Yahoo | ||
 |
2017-03-02 15:42:59 | Yahoo confirms 32M accounts breached in 2015-2016 forged cookies attack (lien direct) | In a recent annual report filed with the SEC, Yahoo confirmed that forged cookies were used to hack 32 million accounts. Here's what it means and why your company should be aware of such attacks. | Yahoo | ||
|
2017-03-02 14:55:49 | Yahoo Tells SEC Executives Failed to Act on Breach (lien direct) | Yahoo said in its latest SEC filing that executives and legal reps failed to act sufficiently on the information they had about breaches that exposed more than 1 billion account records. | Yahoo |
To see everything:
Our RSS (filtrered)
