What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-12-09 12:35:06 | Yahoo Pays Out $10,000 Bounty for Critical Mail Flaw (lien direct) | A researcher has earned $10,000 for finding a critical Yahoo! Mail vulnerability that could have been exploited simply by getting the targeted user to open a specially crafted email. | Yahoo | ||
 |
2016-12-09 12:32:39 | Yahoo flaw, now fixed, allowed hackers to access any user\'s email (lien direct) | Malicious code could have been used to compromise an account, forward messages to an external account, or even spread a Yahoo Mail-infecting virus. | Yahoo | ||
 |
2016-12-09 04:15:50 | Yahoo : une faille permettait de lire les mails de n\'importe quel utilisateur (lien direct) | Un attaquant pouvait insérer du code malveillant dans les attributs HTML des pages de Yahoo Mail. Celui-ci était exécuté automatiquement à l'ouverture du message.  |
Yahoo | ||
 |
2016-12-08 15:42:00 | Yahoo fixes flaw allowing an attacker to read any user\'s emails (lien direct) | The company issued a $10,000 reward to the researcher for privately reporting the flaw. | Yahoo | ||
 |
2016-12-08 10:30:41 | Yahoo Flaw Allowed Hackers to Read Anyone\'s Emails (lien direct) | Yahoo has patched a critical security vulnerability in its Mail service that could have allowed an attacker to spy on any Yahoo user's inbox.
Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS (Cross-Site Scripting) in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code.
In
|
Yahoo | ||
 |
2016-12-05 17:25:13 | Snowden blasts US justice department, says Petraeus leaks \'far more highly classified\' than his own (lien direct) | In a recent interview with Yahoo's Katie Couric, former NSA contractor Edward Snowden spoke about how he believes justice in the US is 'two-tiered.' | Yahoo | ||
 |
2016-11-29 13:00:54 | 2017 Cybersecurity Predictions: The Year We Get Serious About IoT Security (lien direct) | This post is part of an ongoing blog series examining “Sure Things†(predictions that are almost guaranteed to happen) and “Long Shots†(predictions that are less likely to happen) in cybersecurity in 2017. Throughout 2016, cybersecurity moved more into the public eye than ever before. Hacks into the Democratic National Committee, BitFinex, Yahoo, Dropbox, LinkedIn, and Verizon were just a few of the high-profile security breaches that grabbed headlines this year. With 2017 fast approaching, we expect that we'll continue to see breaches in the news. Let's look at some … | Yahoo | ||
 |
2016-11-23 10:15:00 | European Regulator Probes Yahoo\'s 2015 Secret Email Scan (lien direct) | Dublin-based Data Protection Commissioner trying to ascertain if Yahoo broke Europe's privacy laws. | Yahoo | ||
 |
2016-11-17 14:27:13 | Yahoo! Voice Call 2FA Fail (lien direct) | Netflix recently fixed an account takeover vulnerability involving automated phone calls and caller ID spoofing. The issue? An attacker could use Netflix’s “forgot email/password” feature to reset an account’s password by directing the reset code to a voice call. In order to force the code to voice mail, the attacker would need to call the […] |
Yahoo | ||
 |
2016-11-17 08:25:40 | Data breach claims are often poorly researched, unsubstantiated and ultimately fake (lien direct) | I have multiple Yahoo data breaches. I have a Twitter data breach. I have Facebook data breaches. I know they are data breaches from those sources because people told me they are, ergo, they're data breaches. Except they're not - they're all fake. Problem is though, fake data breaches don't | Yahoo | ||
 |
2016-11-17 07:14:56 | Example of Getting Analysts & Researchers Away, (Wed, Nov 16th) (lien direct) | It is well-known that bad guys implement pieces of code to defeat security analysts and researchers. Modern malwareshave VM evasiontechniques to detect as soon as possible if they are executed in a sandboxenvironment. The same applies for web services like phishing pages or CC control panels. Yesterday, I found a website delivering a malicious PE file. The URL was http://www.[redacted].com/king/prince.exe. This PE file was downloaded and executed by a malicious Office document. Nothing special here, its a classic attack scenario. Usually, when I receive aURL like this one, Im always trying to access the upper directory indexes and also some usual filenames / directories (I built and maintain my own dictionary for this purpose). Playing active-defense" /> The file zz.php is less interesting, its a simple PHP mailer. The dbl directory contains interesting pages that providea fake" /> In this case, attackers made another mistake, the source code of the phishing site was left on the server in the dbl.zip file. Once downloaded and analyzed, it revealed a classic attack trying to lure visitors and collect credentials. Note that the attacker was identified via his gmail.com address present in the scripts. But the most interesting file is called blocker.php"> ...include(blocker.php... Lets have a look at this file. It performs several checks based on the visitors details (IP and browser). First of all, it performs a reverse lookup of the visitor"> $hostname = gethostbyaddr($_SERVER[REMOTE_ADDR$blocked_words = array(above,google,softlayer,amazonaws,cyveillance,phishtank,dreamhost,netpilot,calyxinstitute,tor-exit, paypalforeach($blocked_words as $word) { if (substr_count($hostname, $word) 0) { header(HTTP/1.0 404 Not Found }} Next, the visitorif(in_array($_SERVER[REMOTE_ADDR],$bannedIP)) { header(HTTP/1.0 404 Not Found} else { foreach($bannedIP as $ip) { if(preg_match(/ . $ip . /,$_SERVER[REMOTE_ADDR])){ header(HTTP/1.0 404 Not Found } }} Here is the list of more relevant banned network: Google Digital Ocean Cogent Internet Systems Consortium Amazon Datapipe DoD Network Information Center Omnico"> if(strpos($_SERVER[HTTP_USER_AGENT], google) or strpos($_SERVER[HTTP_USER_AGENT], msnbot) or strpos($_SERVER[HTTP_USER_AGENT], Yahoo! Slurp) or strpos($_SERVER[HTTP_USER_AGENT], YahooSeeker) or strpos($_SERVER[HTTP_USER_AGENT], Googlebot) or strpos($_SERVER[HTTP_USER_AGENT], bingbot) or strpos($_SERVER[HTTP_USER_AGENT], crawler) or strpos($_SERVER[HTTP_USER_AGENT], PycURL) or strpos($_SERVER[HTTP_USER_AGENT], facebookexternalhit) !== false) { header(HTTP/1.0 404 Not Found } Surprisingly, this last"> Wget/1.13.4 (linux-gnu)curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5python-requests/2.9.1Python-urllib/2.7Java/1.8.0_111... Many ranges of IP addresses belongs to hosting companies. Many researchers use VPS and servers located there, thats why they are banned. In the same way, interesting targets for the phishing page are residential customers of the bank, connected via classic big ISPs. Conclusion: if you are hunting for malicious code / sites, use an anonymous IP address (a residential DSL line or cable is top) and be sure to use the right User-Agents to mimic classic targets. Xavier Mertens (@xme) ISC Handler - Freelance Security Consultant PGP Key (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. | Yahoo APT 32 | ||
 |
2016-11-16 04:00:51 | Here\'s What Happens After Your Webmail Account is Compromised (lien direct) | 2016 will forever be remembered for all the “mega-breaches” that exposed users’ personal information. Most of those larger-than-life security incidents dated back several years, with some breaches having made a larger splash in the security community than others. LinkedIn and Tumblr certainly stood out. But all other events paled in comparison to Yahoo. Why? By […]… Read More | Yahoo | ||
 |
2016-11-11 11:04:03 | Yahoo staff knew they were breached two years ago (lien direct) | Its quarterly report says that a state-sponsored actor had access to the company's network in late 2014 |
Yahoo | ||
 |
2016-11-10 16:50:12 | Yahoo Tells SEC It Knew About Data Breach in 2014 (lien direct) | Yahoo's latest SEC filing includes confirmation that it knew attackers were on its network in 2014 and stole information on 500 million accounts. | Yahoo | ||
 |
2016-11-10 14:20:53 | Yahoo admits some staff knew of mega breach in 2014 (lien direct) | Independent committee probes who knew what when as more hacker claims surface. | Yahoo | ||
 |
2016-11-10 13:00:00 | SEC Documents Show Yahoo Knew of Massive Data Breach Since 2014 (lien direct) | Documents filed by Yahoo yesterday with the US Securities and Exchange Commission (SEC) reveal that at least some Yahoo employees knew since 2014 of the massive security incident through which an unknown attacker stole details of 500 million users. [...] | Yahoo | ★★★★★ | |
|
2016-11-10 10:31:29 | Facebook Buys Leaked Passwords From Black Market, But Do You Know Why? (lien direct) | Facebook is reportedly buying stolen passwords that hackers are selling on the underground black market in an effort to keep its users' accounts safe.
On the one hand, we just came know that Yahoo did not inform its users of the recently disclosed major 2014 hacking incident that exposed half a billion user accounts even after being aware of the hack in 2014.
On the other hand, Facebook
|
Yahoo | ||
 |
2016-11-10 10:24:01 | Some Yahoo staff knew in 2014 that it had been hacked (lien direct) |  Yahoo has admitted that some of its staff knew back in 2014 that its systems had been breached by hackers.
|
Yahoo | ||
 |
2016-11-10 08:00:59 | Yahoo admits data breach may affect Verizon acquisition (lien direct) | In its latest SEC filing, Yahoo admits some people knew of the 2014 breach shortly after, that the true cost of the breach is still unknown, and that the breach could affect its deal with Verizon | Yahoo | ||
|
2016-11-10 03:09:58 | Yahoo Reveals More Details About Massive Hack (lien direct) | 
|
Yahoo | ||
 |
2016-11-09 20:41:36 | Yahoo investigating if insiders knew of hack (lien direct) | Yahoo said investigators into the late 2014 theft of information of at least 500 million user accounts are looking into the possibility that some people within the company knew about the security incident at the time.Law enforcement authorities on Monday also “began sharing certain data that they indicated was provided by a hacker who claimed the information was Yahoo user account data,â€Â the company said in a regulatory filing to the U.S. Securities and Exchange Commission. Yahoo said it would “analyze and investigate the hacker's claim.†It isn't clear if this data is from the 2014 hack or from another breach.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-11-07 13:07:32 | Oil exec accused of impersonating Elon Musk in an email sues Tesla over Twitter hack (lien direct) | Todd Katz says Tesla illegally accessed his Twitter account in its investigation of a Yahoo email crafted to look like it came from Musk. |
Yahoo Tesla | ||
|
2016-11-03 10:48:01 | Flaw in Wix website builder risked computer worm (lien direct) | Wix, the provider of a widely used cloud-based web development platform, appears to have had a significant bug on its hands that could have paved the way for a computer worm to do serious damage to websites around world.The problem was related to an XSS (cross-site scripting) vulnerability that was found in websites built with Wix, according to Matt Austin, a researcher with Contrast Security.Though Wix says it has fixed the issue, it illustrates how a few lines of bad code can potentially do widespread damage.XSS vulnerabilities are common, and result from flaws in websites' coding. Hackers can take advantage of them to trick users' browsers into running malicious scripts that, for example, could download a computer virus or expose the internet cookies that are on their machines. Austin found the same kind of problem in websites from Wix, which builds websites and has 87 million users in Europe, Latin America, Asia.To read this article in full or to leave a comment, please click here | Yahoo | ||
 |
2016-10-31 15:39:07 | EU privacy regulators query Yahoo CEO on breach (lien direct) | Yahoo CEO Marissa Mayer was sent a letter from a watchdog group overseeing privacy regulators in the European Union seeking answers on the affect of a massive breach the company experienced. |
Yahoo | ||
|
2016-10-28 15:06:48 | EU Regulators Raise Concerns over Yahoo and WhatsApp (lien direct) | European data protection regulators have written to both WhatsApp and Yahoo. With Yahoo concerns center around the breach and theft of 500 million user accounts, and sharing content with the US government. The WhatsApp concern is over sharing EU personal data with US Facebook. In both cases the issues will be discussed in November. | Yahoo | ||
|
2016-10-28 04:30:00 | IDG Contributor Network: How the government can help businesses fight cyber attacks (lien direct) | When a criminal robs a store, the police visit the scene, conduct an investigation and try to bring the perpetrator to justice. What happens when a criminal breaches that same store's server and makes off with its customer's credit-card numbers? I'd argue that the response to the physical crime would be much greater and effective than how the cyber crime would be handled, although cyber attacks have the potential to cause more damage than robberies.Blame cyber criminals, not nation-states, for attacks While nation-states are typically blamed for breaches, the culprits are usually cyber criminals who are using nation-state techniques and procedures. Companies likely claim infiltration by nation-state attackers because it provides them with some cover from lawsuits and preserves business deals and partnerships. (Yahoo is using this tactic with little success.) The reasoning could look like this: how could our organization protect itself from attackers who have the support and resources of a major government? We're simply outgunned.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-28 04:00:00 | IDG Contributor Network: How much does a data breach actually cost? (lien direct) | The American public has become so inured to data breaches that it's difficult to remember them all. Infamous breaches like the ones at Target and Sony become almost forgettable when confronted with the recently disclosed half-billion accounts compromised at Yahoo in 2014.The numbers are simply staggering. It is estimated over 900,000,000 records of personally identifiable information (PII) have been stolen in the U.S. over the past few years. Keeping a memory of all the hacks and when they happened may require the use of complex data visualization.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-27 08:53:00 | IDG Contributor Network: Securing the breach trumps breach prevention (lien direct) | In my prior posts, I discussed both the changing face of data breaches and the reality distortion field surrounding today's IT security professionals when they talk about effective ways to combat data breaches. Three things we know for certain, though, is that data breaches are not going away, our adversaries are continuing to innovate and attack, and the costs of a breach are becoming more tangible.Just this month, Verizon claimed the massive hack on Yahoo caused irreparable harm to the tech company in terms of customer trust, possibly allowing the wireless provider to withdraw from or renegotiate the terms of its $4.83 billion acquisition agreement. Also, in October, the U.K. Information Commissioner's Office hit TalkTalk with more than $400,000 in fines for its 2015 cyber attack.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-24 09:09:12 | How to delete your Yahoo account (lien direct) |  Thinking of deleting your Yahoo account? Here are the steps, and things you should consider first...
David Bisson reports.
|
Yahoo | ||
|
2016-10-20 16:24:33 | Yahoo Asks DNI to De-Classify Email Scanning Order (lien direct) | Yahoo wrote DNI James Clapper asking the government to confirm and declassify an order to scan email for intelligence surveillance purposes. | Yahoo | ★★★ | |
|
2016-10-20 11:24:47 | Over 43 Million Weebly Accounts Hacked; Foursquare Also Hit By Data Breach (lien direct) | 2016 is the year of data breaches that has made almost every major companies victims to the cyber attacks, resulting in compromise of over billion of online users accounts.
Weebly and Foursquare are the latest victims of the massive data breach, joining the list of "Mega-Breaches" revealed in recent months, including LinkedIn, MySpace, VK.com, Tumblr, Dropbox, and the biggest one -- Yahoo.
|
Yahoo | ||
|
2016-10-20 10:20:00 | Yahoo Demands Government Be More Transparent About Data Requests (lien direct) | In a letter to the Director of National Intelligence, the tech company says this transparency would also help clear Yahoo's name in customer email scan case. | Yahoo | ||
|
2016-10-19 23:30:11 | Yahoo Calls for \'Transparency\' From U.S. Spy Agencies (lien direct) | Yahoo asked US spy agencies Wednesday to offer public "transparency" about data they make internet companies provide on users and to declassify any secret order served on the company. | Yahoo | ||
|
2016-10-19 13:21:29 | Yahoo asks US for clarity on email scanning controversy (lien direct) | Yahoo is asking that the U.S. government set the record straight on requests for user data, following reports saying the internet company has secretly scanned customer emails for terrorism-related information.  On Wednesday, Yahoo sent a letter to the Director of National Intelligence James Clapper, saying the company has been "unable to respond" to news articles earlier this month detailing the alleged government-mandated email scanning."Your office, however, is well positioned to clarify this matter of public interest," the letter said.The scanning allegedly involved searching through the email accounts of every Yahoo user and may have gone beyond other U.S. government requests for information, according to a report from Reuters.  To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-19 04:54:24 | Spam Delivered via .ICS Files, (Tue, Oct 18th) (lien direct) | Yesterday, I received a few interesting emails in myhoneypot. I set up catch-all email addresses for domains that are well known by spammers. Im capturing emails and extracting MIME attachments for further analysis. Today, my honeypot received three ICS files. iCalendar[1]is a file format used to exchange meetinginformation between users, mainly via email or a file sharing system. Such files use the extension .ics"> Oct 18 11:27:07 marge postfix/cleanup[9842]: 444817C2519: warning: header From: OFICE FILE \ from=xxxx to=xxxx proto=ESMTP helo=xxxx The ICS file attached to the mail had a valid formatbut with some interesting characteristics. First, it was a cancellation">METHOD:CANCEL Then, many recipients (approximately 50) were added as requiredRSVP=TRUE:mailto:kiotoambiental@ig.com.brRSVP=TRUE:mailto:kirk.pearson@leg.wa.govRSVP=TRUE:mailto:kissimmeesdb@yahoo.comRSVP=TRUE:mailto:kitanamileene@bol.com.brRSVP=TRUE:mailto:kitty.hotel@hotmail.com" /> You can see that all the participants are listed. Depending on the way the user will cancel or reply to the mail, a notification could be sent to all the attendees, propagating the spam. Note that the mail was sent approximately 30 minutes (11:27 GMT+2) before the scheduled time in the meeting request (12:00 - 13:00 GMT+2). The message in itself does not contain malicious content (an ICS file contains only text) but your mail server could be used to spread the message to other attendees and affect its reputation in anti-spam lists. The meeting details could also contain a link to a malicious website. Did you also seesuch emails or do you have more information? Feel free to share! [1] http://icalendar.org/ Xavier Mertens (@xme) ISC Handler - Freelance Security Consultant PGP Key (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. | Yahoo | ||
|
2016-10-18 20:59:00 | What happened to Yahoo\'s traffic after it revealed it was hit by hackers? (lien direct) | The huge theft of customer data affected over 500 million users. | Yahoo | ||
|
2016-10-18 10:34:00 | Down the rabbit hole, part 4: Securing your email (lien direct) | As I strive to make my life safe and secure from prying eyes, one area stands out as being astoundingly critical: email.Heck, you can barely go 24 hours without another example of leaked or hacked emails being released to the public. Add to that the recent revelations that Yahoo has been working secretly with United States government agencies to scan all email going through their system, and it quickly becomes clear that the majority of us have email accounts that are not even remotely private or secure.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-18 00:16:02 | DarkReading: California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Courthttp://ubm.io/2eoWa04Â (lien direct) | DarkReading: California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Courthttp://ubm.io/2eoWa04Â | Yahoo | ||
|
2016-10-17 17:30:00 | California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Court (lien direct) | Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law. | Yahoo | ||
|
2016-10-17 17:02:33 | US Lawmakers Seek Answers on Yahoo Email Scanning (lien direct) | U.S. lawmakers want the Department of Justice and the Office of the Director of National Intelligence to provide clarifications on the reports about Yahoo being asked to scan its customers' emails. | Yahoo | ||
|
2016-10-17 16:49:36 | US Reps Requesting Further Intel Around Yahoo Surveillance Story (lien direct) | U.S. representatives are asking Yahoo for clarity around a surveillance program mentioned in reports earlier this month. | Yahoo | ||
|
2016-10-17 06:26:00 | How to avoid being the next Yahoo (lien direct) | It's no longer about whether or not you'll get attacked, it's about knowing what the repercussions are and if you have the right controls to minimize or completely eliminate the fallout. In order to be able to do this effectively, you need be attuned with your network controls and architecture. Asking the right questions can get you there and also ensuring that network architects are aligned with business and security goals.VArmour CEO Tim Eades offers a few questions decision makers should be asking to ensure they keep their organizations from being the next Yahoo.If we were subject to a data breach, how would our controls and processes appear when described on tomorrow's front page news? Why is this important?To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-14 17:16:55 | DarkReading: Yahoo Breach May Trigger \'Material Adverse Change\' Clausehttp://ubm.io/2eAey9m (lien direct) | DarkReading: Yahoo Breach May Trigger 'Material Adverse Change' Clausehttp://ubm.io/2eAey9m | Yahoo | ||
|
2016-10-14 14:34:43 | Verizon is playing hard ball with Yahoo after hack (lien direct) |  Verizon could reduce the price it will pay to acquire Yahoo, or walk away from the $5 billion deal completely.
|
Yahoo | ||
|
2016-10-14 11:15:00 | Yahoo Breach May Trigger \'Material Adverse Change\' Clause (lien direct) | The Yahoo data breach, which compromised 500 million user accounts, may cause Verizon to renegotiate its $4.8 billion acquisition deal. | Yahoo | ||
|
2016-10-14 08:31:04 | US lawmakers want answers on Yahoo email surveillance (lien direct) | A bipartisan group of 48 U.S. lawmakers wants two government agencies to explain a surveillance program in which Yahoo reportedly scanned all the messages of its email users on behalf of the FBI.After recent news reports of the email scanning program, the Department of Justice and the Office of the Director of National Intelligence need to brief Congress about the efforts, the lawmakers said in a letter to the two agencies.The first news reports about the program contained "conflicting reports about which legal authority was used" for the email scans, said the letter, organized by Representatives Justin Amash, a Michigan Republican, and Ted Lieu, a California Democrat.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-13 20:45:01 | Verizon Says Massive Yahoo Hack Could Impact Deal (lien direct) |
Verizon said Thursday the massive breach affecting 500 million Yahoo customers could have a "material" effect on the $4.8 billion deal to acquire key assets of the Internet group.
|
Yahoo | ★★★★★ | |
|
2016-10-13 15:48:53 | Another Potential Victim of the Yahoo! Breach: Federated Login (lien direct) | Password proliferation is bad, for many, many, many reasons. But the worst reason is that people tend to re-use passwords all over the place. | Yahoo | ||
|
2016-10-13 14:11:36 | Verizon signals Yahoo data breach may affect acqusition (lien direct) | Verizon has signaled that Yahoo's massive data breach may be enough reason to halt its US$4.8 billion deal to buy the internet company.On Thursday, Verizon's general counsel Craig Silliman said the company has a "reasonable basis" to believe that the breach involving 500 million Yahoo accounts has had a material impact on the acquisition. This could give the company room to back out or get a large discount."We're looking to Yahoo to demonstrate to us the full impact," he added. "If they believe that it's not, then they'll need to show us that."In response, Yahoo said, "We are confident in Yahoo's value and we continue to work towards integration with Verizon."To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-13 05:42:00 | Yahoo shows that breach impacts can go far beyond remediation expenses (lien direct) | Companies that focus on the immediate breach remediation costs may be missing the big picture, and could be under-investing in security as a result.Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included costs.But the actual numbers could be several times higher.Take the Yahoo breach, for example, which could lead to a $1 billion drop in the company's value.To read this article in full or to leave a comment, please click here | Guideline | Yahoo |
To see everything:
Our RSS (filtrered)
