Security

Yahoo, which was in the limelight for revealing a massive hack on its users earlier this year, has fixed a highly critical cross-site scripting (XSS) security flaw in its email system that would have allowed attackers to access any email.

The flaw was discovered and reported by Finland-based security researcher Jouko Pynnonen who earned $10,000 for the feat from Yahoo's bug bounty program. The flaw allowed an attacker to read a victim's email or create a virus infecting Yahoo Mail accounts among other things.

Last week it was reported that AirDroid, the popular app that allows Android users to read/send messages and remotely access files on their device from a PC/Mac, has been plagued with several security holes over the last several months. Security research firm Zimperium detailed how hackers could easily gain access to users’ information and Android device. Fortunately that news spurred AirDroid’s developers to take action, as fixes are now available for both the mobile app and PC/Mac clients.

magine a computing platform that would have no single point of failure and would be resilient to the cyberattacks that are making the headlines these days. This is the promise behind blockchain, the distributed ledger that underlies cryptocurrencies like Bitcoin and Ethereum and challenges the traditional server/client paradigm.

In 2009, Bitcoin became the first real application of blockchain, a secure decentralized monetary exchange platform that removed the need for central brokers. More recently, blockchain has proven its worth in other fields.

A former Expedia IT professional admitted on Monday to illegally trading on secrets he discovered by hacking his own company's senior executives.

Jonathan Ly stole passwords and infiltrated devices of Expedia's chief financial officer and head of investor relations, allowing him to make a series of "highly profitable" trades in stock options that scored him $331,000, according to prosecutors.

The long, slow march of Adobe's Flash technology off the web has reached another milestone with the debut of Google's Chrome 55 web browser.

Over the last few years, Google has been slowly enacting elements of its plans to deprecate support for Flash in Chrome, in favor of HTML5 based media. In Chrome 42, which debuted in April 2015, Google made Flash content 'click-to-play,' requiring users to click a button before a flash file activates and disabling auto-play of flash content.

Google announced its last regularly scheduled security patch update for Android in 2016 on Dec. 5, patching no less than 74 different vulnerabilities in the mobile operating system. The December vulnerability patch count is an improvement over the 83 vulnerabilities patched by Google in the November Android security update.

Thieves can guess your secret Visa payment card data in as little as six seconds, according to researchers at Newcastle University in the UK. Bad actors can use browser bots to distribute guesses across hundreds of legitimate online merchants.

Android is based on the Linux kernel, so right from the start, tinkerers and power users were interested in gaining root access to make changes and graft on new features. In the early days, this was a fairly simple procedure on most devices. There were several apps and tools that could root almost any Android phone or tablet, and you’d be ready to truly master your device in mere minutes. As Android became more capable, the allure of rooting has diminished somewhat — it’s also much harder and riskier than it used to be.

Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft.

But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features.

Research by cyber-security company Positive Technologies has uncovered the depth of impact on customer loyalty in the aftermath of a hacking incident.

Almost half of the 1,000 people questioned by OnePoll (48 percent) claimed they'd cancel accounts if a provider of theirs suffered a data breach. In addition, 35 percent said they would actively avoid choosing a company that had been hacked in the future if they were switching providers.