Yahoo Mail Patches Severe XSS Flaw Affecting Millions Of Users

A stored cross-site scripting (XSS) vulnerability in Yahoo Mail that affects more than 300 million email accounts globally was patched earlier this month, bagging a $10,000 bug bounty for the researcher who discovered it. The flaw allowed malicious JavaScript code to be embedded in a specially formatted email message. The code would be automatically evaluated […]

Have You Misplaced Your USB In The Dry Cleaners?

As many as 20,000 USB sticks may be left in dirty clothes and handed in to dry cleaners every year, with nearly half never returned, according to new research from security vendor Eset. The firm surveyed 500 launderettes and dry cleaners around the country and extrapolated its findings based on the 5,839 such businesses nationwide. […]

PHISHERS TARGET FACEBOOK — USERS WITH SCAM PAGES

Facebook users should be wary following a spate of malicious ‘Security System Pages’ created by phishers to steal people’s personal data. Not satisfied with merely securing a user’s login details, these offenders are now intent on forcing them to part with far more sensitive information. As reported in a Malwarebytes blog, one such scam misleads […]

RESEARCHERS CLAIM NEW EBAY FLAW COULD LEAD TO DATA THEFT

Security researchers are warning of a new vulnerability on the eBay platform, which could allow hackers to spread malware and steal personal information. The flaw could allow an attacker to remotely bypass the e-commerce giant’s code validation checks to serve up malicious JavaScript to a victim, according to Check Point.The security vendor claimed that the […]

EMPLOYEE RETENTION IS CRITICAL TO SOLVING THE SECURITY SKILLS

The skills shortage in IT security is a very real problem, even though companies have become more creative in how they attract talent. But there’s more to consider: A report from AlienVault argues that retaining the talent once acquired should also be a keen focus for HR departments. “One can hypothesize that companies no longer […]

MICROSOFT LAUNCHES EMET 5.5 TO BOOST WINDOWS SECURITY

Microsoft has announced the latest version of its standalone Windows client security tool EMET, but admitted that Windows 10 contains several features that provide equivalent or even better protection. Redmond announced its Enhanced Mitigation Experience Toolkit (EMET) 5.5 in a blog post on Tuesday, revealing new features including Windows 10 compatibility, improved configuration of mitigations via […]

IRS HACK AFFECTS TAX RETURNS

The US Internal Revenue Service (IRS) has been hacked—again. The tax collection agency was the target of a malware attack, it said, that allowed the perpetrators to access the electronic tax-return credentials for 101,000 social security numbers. The IRS said that using personal data stolen elsewhere outside the IRS, identity thieves used an automated botnet in […]

Anonymous Hacks South African Government Data

Anonymous is at the hacktivist game again, this time targeting South African government as part of its #OpAfrica initiative.The group hacked a database within the Government Communications and Information Systems (GCIS) department, leaking names, phone numbers, email addresses and hashed passwords of more than 1,000 government employees.The hackers gained access to an old GCIS portal […]