What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-03-02 12:16:52 | 32 Million Yahoo Accounts Affected by Forged Cookies, Investigation Finds (lien direct) | Investigators have confirmed that attackers used or took forged cookies for 32 million Yahoo accounts after stealing the company’s proprietary software. In a filing submitted to the U.S. Securities and Exchange Commission, Yahoo explains that an Independent Committee of the Board of Directors analyzed three security incidents that the company disclosed in 2016. One event, […]… Read More | Yahoo | ||
 |
2017-03-02 09:54:24 | Forged Cookie Attack Affected 32 Million Yahoo Users (lien direct) | The recently disclosed security incident involving forged cookies affected 32 million user accounts, Yahoo said in its annual filing to the U.S. Securities and Exchange Commission (SEC). | Yahoo | ||
 |
2017-03-02 06:30:32 | Yahoo breaches underline executive role in cyber security (lien direct) | Yahoo's data breaches cost its top lawyer his job, CEO Marissa Mayer millions in bonuses, and $350m off its sale price, highlighting the importance of executive involvement | Yahoo | ||
 |
2017-03-02 06:03:37 | Yahoo CEO Gives Annual Bonus to Employees After Company Confirms New Hacks (lien direct) | Yahoo CEO Marissa Mayer announced she'll forgo her annual bonus ($2 million) and equity grant ($14 million), which she'll be redistributing to Yahoo employees instead. [...] | Yahoo | ||
 |
2017-03-02 01:10:14 | Yahoo cookie hacks affected 32 million accounts, CEO forgoes bonus (lien direct) | Nation-sponsored attackers targeted 26 specific accounts. | Yahoo | ||
 |
2017-03-02 00:46:06 | Yahoo CEO Marissa Mayer will miss out on cash bonus after security breaches (lien direct) |  Also it is revealed that hackers accessed 32 million Yahoo user accounts in the last two years using forged cookies.
|
Yahoo | ||
 |
2017-03-02 00:17:31 | Yahoo Reveals 32 Million Accounts Were Hacked Using \'Cookie Forging Attack\' (lien direct) | Yahoo has just revealed that around 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password.
These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months.
The former tech giant said that in a regulatory filing Wednesday
|
Yahoo | ||
 |
2017-03-01 17:01:38 | Yahoo execs botched its response to 2014 breach, investigation finds (lien direct) | If your company has experienced a data breach, it's probably a good idea to thoroughly investigate it promptly.Unfortunately, Yahoo didn't, according to a new internal investigation. The internet pioneer, which reported a massive data breach involving 500 million user accounts in September, actually knew an intrusion had occurred back in 2014, but allegedly botched its response.The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach, which the company has blamed on a state-sponsored hacker.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-03-01 08:28:00 | IDG Contributor Network: To improve information security, enterprises and government must share information (lien direct) | Information security is forever weaved into our daily lives. From the massive data breaches impacting Target, Yahoo and Anthem to IoT-powered DDoS attacks that take down substantial portions of the internet for extended periods of time, information security impacts everyone.The reality is providing protection in this kind of environment is so challenging that no single entity, whether it's a company or a government agency, can accomplish this task alone. There needs to be some kind of cooperation between the private and public sectors. This leads to the questions of what kind of relationship should the government and companies have, how can they work together and what's preventing this process from happening?To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2017-02-22 16:51:20 | Yahoo Slashes Price of Verizon Deal $350 Million After Data Breaches (lien direct) | NEW YORK - Yahoo slashed the price of the sale of its core Internet business to Verizon by $350 million following a pair of major data breaches at Yahoo, the two companies announced Tuesday. | Yahoo | ||
 |
2017-02-22 09:15:00 | Yahoo Trims Its Price Tag To Verizon By $350 Million (lien direct) | Announcement of new deal price from the previous $4.8 billion allays fears of deal cancellation or even bigger price cut. | Yahoo | ||
 |
2017-02-21 18:37:34 | News in brief: Concern about Windows 10; Hacks cost Yahoo; PHP gets better crypto (lien direct) | Your daily round-up of some of the other stories in the news |
Yahoo | ||
|
2017-02-21 15:45:51 | Hacks all the time. Engineers recently found Yahoo systems remained compromised (lien direct) | Company knocks $350 million off its purchase price. | Yahoo | ||
 |
2017-02-21 14:40:00 | After hacks, Verizon cuts Yahoo price by $1.55 per customer (lien direct) | That may sound like small change, but $350 million overall for two of the largest data breaches on record remains the steepest financial ding in history. | Yahoo | ||
|
2017-02-21 11:15:26 | Yahoo takes $350m cut on deal with Verizon after security breaches (lien direct) | Ending months of speculation, Verizon has announced a revised deal for acquiring Yahoo's core business that is $350m less than the original due to revelations of two major data breaches | Yahoo | ★★★ | |
|
2017-02-21 06:54:00 | We finally know how much a data breach can cost (lien direct) | Everyone knows corporate data breaches can be expensive, but does anyone really know exactly how expensive? Recent estimates for the average cost have landed all over the map, ranging from $4 million to $7 million. But when it comes to the top end of the scale, those appraisals turn out to be laughably small.+ Also on Network World: Everything you know about cyberwar is wrong + The massive Yahoo data breaches of 2013 and 2014 now have a real cost attached to them, and it's a couple orders of magnitude larger than those piddly estimates. Simply put, the breaches forced Yahoo to renegotiate its sale to Verizon, cutting the price by $350 million. To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-21 06:41:55 | Verizon knocks off $350M from Yahoo deal after breaches (lien direct) | Verizon Communications will pay US$350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.Verizon will pay about $4.48 billion for Yahoo's operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.Back in October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-17 18:00:00 | Deleting your Yahoo email account? Yeah, good luck with that (lien direct) | Some Yahoo users say inconsistent security practices makes the account deletion process near impossible. | Yahoo | ||
 |
2017-02-17 14:21:23 | La double authentification et la déconnexion systématique, clés pour contrer les cookies falsifiés (lien direct) |  Après avoir révélé la compromission de 500 millions de comptes en septembre, puis celle de près d'un milliard de données en décembre dans le cadre de cyberattaques, Yahoo alerte aujourd'hui ses utilisateurs de nouveaux piratages. |
Yahoo | ||
|
2017-02-17 13:30:00 | Yahoo Explains Cookie Forgery Related To Two 2016 Breaches (lien direct) | Yahoo's recent update on forged cookies is in relation to two, not three, security breaches announced last year. | Yahoo | ||
|
2017-02-16 17:48:17 | News in brief: cookie breach alert for Yahoo users; text spammer fined; Churchill\'s search for alien life (lien direct) | Your daily round-up of some of the other stories in the news |
Yahoo | ||
|
2017-02-16 10:17:48 | More Yahoo users warned of malicious account access via forged cookies (lien direct) | Some Yahoo users warned their accounts could be accessed by hackers - no password required. | Yahoo | ||
|
2017-02-16 09:25:00 | Yahoo Warns Users Of Forged Cookies In Third Breach (lien direct) | The company sent a warning to users about forged cookies used in a third data breach originally reported in December 2016. | Yahoo | ||
 |
2017-02-16 07:06:30 | Des utilisateurs de Yahoo victimes d\'attaques par faux cookies (lien direct) | Le portail est en train d'alerter une partie de ses utilisateurs sur des éventuelles intrusions en 2015 et 2016. Les pirates se sont appuyés sur des faux cookies d'authentification qui, depuis, ont été invalidés.  |
Yahoo | ★★★ | |
|
2017-02-16 02:26:05 | Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack (lien direct) | Has Yahoo rebuilt your trust again?
If yes, then you need to think once again, as the company is warning its users of another hack.
Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts.
Well, it's happened yet again.
Yahoo sent out another
|
Yahoo | ||
|
2017-02-15 23:35:34 | Yahoo reveals more breachiness to users victimized by forged cookies (lien direct) | Some accounts may have been accessed with forged cookies as recently as 2016. | Yahoo | ||
|
2017-02-15 21:17:27 | Yahoo Notifies Users of Sophisticated Breach Methods (lien direct) | Yahoo said Wednesday it was notifying some users that hackers may have been able to use a maneuver to break into their accounts without stealing passwords. | Yahoo | ||
|
2017-02-15 18:47:50 | News in brief: Nokia to reboot iconic phone; AI assistants set to do voice calls; Yahoo, Verizon \'agree price\' (lien direct) | Your daily round-up of some of the other stories in the news |
Yahoo | ★★ | |
 |
2017-02-15 18:03:06 | Who Ran Leakedsource.com? (lien direct) | Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches -- including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo. In a development that may turn out to be deeply ironic, it seems that the real-life identity of Leakedsource's principal owner may have been exposed by many of the same stolen databases he's been peddling. | Yahoo | ||
|
2017-02-15 10:46:38 | Yahoo warns users of account breaches related to recent attacks (lien direct) | Yahoo has begun warning individual users that their accounts with the service may have been compromised in a massive data breach it reported late last year.The warning, in email messages sent from Yahoo CISO Bob Lord, tell users that a forged cookie may have been used to access their accounts in previous years.The warning to Yahoo users come at the same time that news reports suggest that Verizon Communications, in negotiations to buy Yahoo, may be seeking a discount of US$250 million because of the data breaches.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-13 19:40:00 | Senators frustrated with Yahoo\'s silence around hacks inquiry (lien direct) | The senators are concerned about Yahoo's "willingness to deal with Congress with complete candor" after two cyberattacks announced late last year. | Yahoo | ||
|
2017-02-09 17:21:13 | News in brief: Yahoo faced with suit; dev hits back at support scammers; Note 7 batteries flare up (lien direct) | Your daily round-up of some of the other stories in the news |
Yahoo | ★★ | |
|
2017-02-03 04:35:00 | How AI is stopping criminal hacking in real time (lien direct) | Almost every day, there's news about a massive data leak -- a breach at Yahoo that reveals millions of user accounts, a compromise involving Gmail phishing scams. Security professionals are constantly moving the chess pieces around, but it can be a losing battle.Yet, there is one ally that has emerged in recent years. Artificial intelligence can stay vigilant at all times, looking for patterns in behavior and alerting you to a new threat.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-02-02 04:53:00 | Why 2017 will be the worst year ever for security (lien direct) | Sony. Anthem. The Office of Personnel Management. Target. Yahoo. The past two years have seen one mega-breach after another-and 2017 promises to be the most catastrophic year yet.Security experts have long warned that most organizations don't even know they've been breached. Attackers rely on stealth to learn about the network, find valuable information and systems, and steal what they want. Only recently have organizations improved their detection efforts and started investing the time, capital, and people needed to uncover vulnerabilities. When they do, the results are often alarming.[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] “I think we are going to find more, not less, breaches in 2017,†says Ray Rothrock, CEO of RedSeal, a security analytics firm.To read this article in full or to leave a comment, please click here | Yahoo | ||
 |
2017-01-27 09:30:24 | PayPal users targeted in sophisticated new phishing campaign (lien direct) | Recent phishing scams targeted both Gmail and Yahoo, and now attackers have their sights set on PayPal with some very convincing bait. | Yahoo | ||
 |
2017-01-26 14:00:00 | The Evolution of Threat Intelligence (lien direct) | Hi! My name is Chris Doman and I‘ve just joined AlienVault to work on the Open Threat Exchange (OTX) platform. As a way to say hello, I’ve put down some thoughts on why I was so keen to come work on OTX. A lot has changed since I jumped into cyber security just 5 years ago. First there was the Target breach. Then Sony. OPM. Yahoo. The elections. Between those infamous landmark case studies IT administrators have been battling constant attacks against their own networks. Ransomware trashing network shares. Users clicking “Enable Macros”. Finance teams approving fraudulent wire transactions. The security industry has had to continuously evolve to respond to ever-changing threats. The Evolution of Threat Intelligence Back in 2011 an employee of an incident response company was frustrated at the lack of threat intelligence sharing across the industry. So, they leaked the domain names used by the biggest group of attackers to Pastebin. It was a desperate attempt to prevent the mass of attacks the group was committing against both companies and governments. Two years, and hundreds of compromised organisations later, Mandiant released their landmark APT1 report. It was on the very same attackers, still using many of the same domain names. We’ve come a long way since then. Now security vendors race each other to share new waves of attacks first and government institutions are mandated to do the same. But this has led to other problems. Keeping up with all the reports is in itself a full-time job. And some reports contain false positives that set off security devices like Christmas tree lights. OTX From my viewpoint, Alienvault OTX solves these problems by: Reducing the manpower and effort organisations require to pull IoC’s out of every report. The indicators are peer reviewed for problems and fixes are applied almost instantly. The information is easy in, easy out with a growing API and list of integrations. The power of the massive community that can perform vetted information sharing in a structured format at no-cost. The key for any network like OTX is the community, and so far it’s going strong. Interested in vetted sharing of ransomware indicators? An OTX user has made a group for that. How about importing the indicators into your MISP instance? There's a group for that too. AlienVault has a long history of building community solutions that are available to organisations of all sizes, not just those with the largest security budgets. Some of you may know me from a community project I’ve worked on in my spare-time called ThreatCrowd - another open threat intelligence platform. ThreatCrowd has become used by more people than I could have hoped. It’s been a fun experiment to keep a prototype running for thousands of simultaneous users from a single Linux box! But there are serious limitations to how much I can tack onto a prototype, in my spare time and limited by my own knowledge. I’m looking forward to working with the top-notch team of AlienVault engineers to help enhance OTX and the overall community experience. I’ve only been at AlienVault a few days but I’ve seen there are some awesome enhancements planned to the interface, data-set and integrations. I won’t ruin the surprise! If you’re a user of Thr | Yahoo APT 1 | ||
|
2017-01-26 05:32:00 | Top data breach trends in 2016 - Phishing, skimming rise; hacking holds ground (lien direct) | When news broke in December of a massive data breach at Yahoo, it was met with a collective “This, again? Didn't they just report a breach?†The company had, in fact, reported a record-breaking breach of 500 million user accounts three months earlier, but it was dwarfed by the December breach, which impacted over 1 billion records.That pair of record breaking breaches was a fitting way to cap off a year marked by massive data breaches. As security intelligence provider Risk Based Security (RBS) points out in its newly-released 2016 Data Breach Trends report, “six 2016 breaches have taken their place on the Top 10 List of All Time Largest Breaches.â€To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-25 18:28:59 | Password-free security uses voice, user behavior to verify identity (lien direct) | Tired of conventional passwords? So is Nuance Communications, a tech firm that is promoting the human voice as a way to secure user accounts.The company's voice biometric product is among the technologies that promise to replace traditional -- and often vulnerable -- password authentication systems, which can be easy to hack. That isn't the case with Nuance's solution, the company claims.   “To determine if it's you or not, we are looking at over 100 different characteristics of your voice,†said Brett Beranek, Nuance's director of product strategy.The problem with passwords The need to move beyond passwords hasn't been more urgent, given that hackers are routinely finding ways to steal them. Last year, Yahoo, LinkedIn and Dropbox all reported major data breaches involving account details such as email addresses and hashed passwords.  To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-25 16:45:40 | Verizon\'s $4.8bn acquisition of Yahoo put on hold after breach revelations (lien direct) | Deal to sell core internet business to telecoms giant pushed into second quarter |
Yahoo | ||
|
2017-01-25 11:30:40 | Yahoo faces SEC probe into its two record-breaking data breaches (lien direct) | The US Securities and Exchange Commission is looking into whether Yahoo could have been quicker to tell investors about two record-breaking data breaches. | Yahoo | ||
|
2017-01-24 15:12:53 | Yahoo sale to Verizon delayed, following revelation of massive security breaches (lien direct) |  If you're in the business of scooping up another company, you probably want to uncover all of its dirty little secrets before you hand over any cash.
|
Yahoo | ||
|
2017-01-24 11:50:00 | Verizon Acquisition Of Yahoo Delayed (lien direct) | Deal pushed to next quarter to meet closing conditions of the sale. | Yahoo | ||
|
2017-01-23 22:06:35 | Sale of Core Yahoo Assets to Verizon Delayed (lien direct) | 
|
Yahoo | ||
|
2017-01-23 15:17:14 | Yahoo pushes back timing of Verizon deal after breaches (lien direct) | Verizon's planned acquisition of Yahoo will take longer than expected and won't close until this year's second quarter, the internet company said on Monday.The $4.8 billion deal was originally slated to close in the first quarter, but that was before Yahoo reported two massive data breaches that analysts say may scrap the entire deal.Although Yahoo continues to work to close the acquisition, there's still work required to meet closing the deal's closing conditions, the company said in an earnings statement, without elaborating.Verizon has suggested that the data breaches, and the resulting blow to Yahoo's reputation, might cause it to halt or renegotiate the deal.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2017-01-23 14:40:00 | SEC Investigates Yahoo Data Breaches (lien direct) | Report of an SEC probe of Yahoo serves as a new wake-up call for companies to properly disclose breaches in their earnings reports and disclosures. | Yahoo | ||
|
2017-01-23 14:00:00 | What is Insider Threat? (lien direct) |
As the name implies, this should be an excellent starting point for the subject topic, in this case insider threat. While I make every effort to be thorough and hit every aspect, there are times that I inadvertently omit things or skip them due to scope, time, length or applicability. Email any questions you have about this or any other topic to blog@advancedpersistentsecurity.net
This blog aims to inform you about insider threat. This is from both a personal and a commercial perspective, meaning that it can be applied in both settings. Disclaimer: I am in no way, shape, or form - past or present, compensated to endorse any solutions or software mentioned throughout this blog post.
Introduction
This is a time when organizations are spending more than ever before on information security solutions. Often, these solutions are effective in protecting much of an organization's assets. The one element that there is no true comprehensive solution to protect from attack is the human element. As Social Engineering evolves and grows in application and popularity, people are being exploited more frequently to enable successful attacks that would be otherwise unthinkable.
 Department of Homeland Security
Insider threat, per the US Department of Homeland Security and Carnegie-Mellon University CERT (Computer Emergency Response Team), is a "current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization's information or information systems."
 Director, National Intelligence
The Director of National Intelligence via National Counterintelligence and Security Center (NCSC) : An insider threat arises when a person with authorized access to U.S. Government resources, to include personnel, facilities, information, equipment, networks, and systems, uses that access to harm the security of the United States. Malicious insiders can inflict incalculable damage. They enable the enemy to plant boots behind our lines and can compromise our nation's most important endeavors.
We are seeing more attacks and incidents being associated with various forms of insider threat:
One theory of the Ashley Madison data breach is that insider threat enabled the “Impact Team breach” or readily handed the data over.
With limited knowledge and insight, some believe that the Bank of Bangladesh SWIFT attacks were insider threat.
Seemingly without information, the Yahoo data breaches may be due to insider threat.
What is Not Insider Threat
There is a level of ambiguity in terms of what constitutes insider threat. Some entities state that all actions dealing with users is insider threat. I tend to disagree with this broad generalization. If I am able to crack a password or find a password on a dump site, that is |
Yahoo | ||
|
2017-01-23 13:15:33 | Yahoo Faces SEC Probe into Breach Disclosures (lien direct) | In November 2016 Yahoo announced that it was cooperating with federal, state and foreign agencies, including the US Securities and Exchange Commission (SEC), who were seeking information on the data breaches also announced during 2016. In December, the SEC issued requests for relevant documents from Yahoo, and Yahoo is now reported to be under investigation. | Yahoo | ||
|
2017-01-20 11:00:00 | 3 Lessons From The Yahoo Breach (lien direct) | Your organization must address these blind spots to detect sophisticated attacks. | Yahoo | ||
|
2017-01-17 14:00:00 | The Priority of the Government/Industry Cybersecurity Partnership (lien direct) | The change in the cyber risk environment coinciding with a heightened need for procurement of new technologies and services has created a new paradigm for a cybersecurity partnership between government and industry. The prioritization of that special partnership appears to be in the immediate plans for the new Trump Administration. The appointment of former NYC Mayor Rudy Giuliani as a cybersecurity adviser signals the elevated importance of that intended government/industry partnership. One of his first tasks will be to assemble cybersecurity subject matter experts and leaders from industry to advise and spur innovation in and out of government. Mayor Giuliani has made it clear that the proposed group will work on cutting-edge cybersecurity solutions across industries such as the energy, financial, and transportation sectors. Collaboration between government and industry stakeholders is a proven model that makes good sense. Together, government and the private sector can identify products and align flexible product paths, evaluate technology gaps, and help design scalable architectures that will lead to greater efficiency and fiscal accountability. Bridging R&D spending between the government and private sectors should also allow for a more directed and capable cybersecurity prototype pipeline to meet new technology requirements. In addition to being collaborative, a working partnership of government and industry leaders should be focused and strategic in nature. To be effective the evolving cybersecurity partnership must also be 1) proactive and adaptive to change; 2) coordinated with The Department of Homeland Security (DHS); and 3) have a cyber risk management/consequence strategy. Being Proactive and Adaptive to Change: There are many challenges of functioning in an exponentially changing digital world. This requires restructuring of priorities and missions for both government and industry. That is not an easy task and there is logic in joining forces. As the capabilities and connectivity of cyber devices have grown, so have the cyber intrusions and threats from malware and hackers. The growing and sophisticated cyber threat actors include various criminal enterprises, loosely affiliated hackers, and adversarial nation states. A first mission for the new Administration’s cyber team will be to review recommendations prepared by cybersecurity experts from within and out of government and to assess gaps and vulnerabilities across the threat landscape. In the past decade, the cybersecurity focus and activities by both government and industry have been predominantly reactive to whatever is the latest threat or breach. As a result, containing the threats was difficult because at the outset, defenders were always at least one step behind. That mindset has been changing due to a major series of intrusions and denial of service attacks (including OPM, Anthem, Yahoo, and many others) that exposed a flawed approach to defending data and operating with a passive preparedness. Being proactive is not just procuring technologies and people it also means adopting a working industry and government framework that includes tactical measures, encryption, authentication, biometrics, analytics, and continuous diagnostics and mitigation, as applicable to specific circumstances. The new advisory council led by Mayor Giuliani will become more proactive and adaptive in protecting assets and will also likely address policy and technology development implications around a whole host of other topics related to cyber threats. Some of these topics will include information sharing, securing the Internet of Things (IoT), protection of critical infrastructures, and expanding workforce training to mitigate the shortage of cybersecurity The Department of Homeland Security’s (DHS) Coordination: The government/industry partnership will have to work closely with the Department of Homeland Security. DHS has taken on a formal and increasing | Guideline | Yahoo | |
|
2017-01-12 09:20:00 | EU Dissatisfied With US Clarification On Yahoo Secret Email Scan (lien direct) | Justice Chief Vera Jourova expects detailed explanations and transparency from the EU's Privacy Shield partner. | Yahoo |
To see everything:
Our RSS (filtrered)
