Skip to main content

Yahoo

Yahoo!Xtra users locked out again

posted onFebruary 27, 2013
by l33tdawg

About 1500 Yahoo!Xtra accounts have been caught up in a fresh cyber attack in the last two days and their email accounts have been frozen until they change their passwords.

Earlier there were concerns hackers may have gleaned passwords and log-ons from customers emails but Telecom spokesperson Jo Jalfon said an old warning had gone up on Telecom's website by mistake.

Hackers target Yahoo users in Singapore: SingCert

posted onFebruary 19, 2013
by l33tdawg

Yahoo users in Singapore have been warned about spam e-mail that could leave them vulnerable to attacks by hackers.

A government information watchdog has advised them not to click on the links in these messages - even those that are supposedly sent by friends.

The warning was issued last Friday in a bulletin on the website of the Singapore Computer Emergency Response Team (SingCert). It said that there have been reports of spam e-mail from Yahoo accounts containing links to sites selling "work-from-home" schemes and packages.

Telecom New Zealand admits YahooXtra email accounts were hacked

posted onFebruary 11, 2013
by l33tdawg

Telecom has admitted its outsourced YahooXtra email service has been compromised by hackers resulting in some YahooXtra customer accounts being hijacked to send out malicious email. It is advising all YahooXtra customers to change their passwords.

The company initially blamed a deluge of compromised accounts on a successful phishing attack, saying customers were tricked into clicking on scam emails, but has now acknowledged a "second attack" that was outside customers' control.

Researchers say Yahoo Mail exploit still active, despite claim of being fixed

posted onJanuary 9, 2013
by l33tdawg

On Monday, Yahoo told TNW it had plugged a vulnerability in Yahoo Mail that had resulted in email accounts being compromised after users clicked on a malicious link they received in their inboxes. On Tuesday, the information security training and penetration testing firm Offensive Security said it has discovered the vulnerability is still present.

Yahoo Mail hacked via XSS exploit, loophole fixed soon after

posted onJanuary 9, 2013
by l33tdawg

Reports about a malicious link compromising the security of several Yahoo! Mail accounts surfaced yesterday. The Next Web reports that a hacker going by the name Shahin Ramezany uploaded a YouTube video demonstrating how a Yahoo! account can be compromised with a DOM-based XSS vulnerability that can be misused across all major browsers.

Hacker nabs Yahoo! site backups

posted onDecember 17, 2012
by l33tdawg

A penetration tester has reportedly hacked Yahoo!, claiming to have gained access to website backup and database files for a dozen databases.

The hacker using the handle Virus_Hima published screenshots that showed the purported site backups for a Yahoo! finance subdomain.

The hacker claimed to have accessed the databases via a reflected cross site scripting vulnerability which he told SC was fixed by Yahoo!. He also said he discovered a SQL Injection hole. Virus_Hima disclosed the flaws alleging that Yahoo! had ignored his vulnerability disclosure email.

Yahoo developer feature can be used to steal user data

posted onDecember 4, 2012
by l33tdawg

Attackers can read emails, contacts and other private data from the accounts of Yahoo users who visit a malicious page by abusing a feature present on Yahoo's Developer Network website, according to an independent security researcher.

A limited version of the attack was presented on Sunday at the DefCamp security conference in Bucharest, Romania, by a Romanian Web application bug hunter named Sergiu Dragos Bogdan.

Yahoo account exploit selling on black market

posted onNovember 28, 2012
by l33tdawg

Yahoo is investigating the claims of a hacker who is selling an exploit that apparently hijacks Yahoo mail accounts.

"The exploit, being sold for $US700 by an Egyptian hacker on an exclusive cybercrime forum, targets a cross-site scripting (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users," wrote Brian Krebs, a noted security blogger who reported the illegal offer to Yahoo.

Vulnerability in Yahoo's JavaScript framework YUI 2

posted onNovember 1, 2012
by l33tdawg

In a blog post, Yahoo has said there is a security vulnerability in its JavaScript framework YUI version 2. It does not, though, give a detailed description of the bug. The issue only, now, relates to any project where the developers have hosted their own version of the YUI 2 SWF files (from version 2.4.0 to 2.9.0). Those who have used Yahoo's yui.yahooapis.com CDN or another CDN for YUI 2 or use YUI 3 are not affected by the issue said Yahoo.

We have identified a security vulnerability on self-hosted YUI 2 SWF files.