Tag Archives: yahoo

10Fold Clients Weigh in on Yahoo’s Ultimate Failure

“See what these security experts have to say about the Yahoo breach”

But first, some context

In 2013 a hack of the Yahoo network affected all company accounts. The breach was officially disclosed in December of 2016, and Yahoo said the breach affected one billion accounts. While this still led to a huge amount of compromised data, the story would only get worse for the company.

However, now they’re singing a different tune. On Tuesday the firm reported that the data breach was far larger, wherein every single account on their servers had been breached. This is obviously quite a difference, and unprecedented in security failures for firms of yahoo’s size.

RELATED: WiFi Systems Exposed with KRACK, 10Fold Clients Comment

Here’s what some security big shots (and 10Fold clients) recently said about the recent Yahoo debacle.

“Back when the breach was first disclosed, we noted that many large enterprises lack the necessary controls to limit unauthorized access. While this remains the case, a breach where virtually all Yahoo users are affected is unprecedented,” said Bitglass CEO Rich Campagna. “It’s difficult to imagine any circumstance in which an organization committed to security could have all network segmentation, policies, and security measures bypassed completely. Even over a prolonged period of time, it is exceedingly difficult to exfiltrate 3 billion records without setting off a single actionable alarm.”

Calling the incident “an epic failure,” Carl Wright, CRO at AttackIQ, called for companies to “seriously, find protection failures before the adversary does.”

Consumers worldwide as well as shareholders “deserve better,” he said. “It is one thing to deploy security controls, it is completely another thing to know that they are working correctly.”

Find more information: Yahoo Says All 3 Billion Accounts Compromised in Breach

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 199

Solar Panel Flaws Put Power Grids Security at Risk: Researcher

“Could allow widescale, lasting outages if hacked”

Researcher Willem Westerhof has identified several serious vulnerabilities in widely used solar power processes that he believes could trigger intense outages for thousands of people. Calling the potential scenario “Horus,” after the ancient Egyptian divine, Westerhof outlines how an attack on solar panel systems could cause billions in damages.

UK organisations could face huge fines for cyber security failures

“Fines of up to £17m in talks”

British organizations could be hit with fines amounting to 4% of global turnover if measure to ensure cybersecurity are not undertaken. Financial penalties, according to the proposals, are intended to be used only as a last resort and not applicable if the institutions can claim that they assess and protect against risk adequately.

Three Hungarian banks targeted by phishing attempts: central bank

“No funds reported as lost”

Three major Hungarian banks have been the targets of phishing attempts in the last several months, with earliest reports of attacks in the month of June. The National Bank of Hungary, the nations central bank who oversees regulations for lending institutions and financial markets, has indicated that no funds have been lost but advises caution in future processes.

Top 5 tools to protect internet privacy

“Learn how to protect and monetize data here”

Years ago the big web search engines like Google, Bing, Yahoo, etc., began to harvest and monetize user web data. This resulted in a public outcry for security and protection services, birthing a new industry. Governments allowing ISP’s to engage in the same practices has created an even bigger demand for these products. Check out the full article for the top 5 internet privacy tools.

Hackers hiding malware threats inside images, report says

“Steganography used to hide malicious code”

Kaspersky Labs is reporting that Cybercriminals are using what has been called the equivalent of cyber steganography, the hiding of hidden messages inside images to conceal activities on a targets computer. Researchers are seeing at least three large-scale operations employing this shifty technique as regular methodology, prompting developing security concerns.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 142

Hacks all the time. Engineers recently found Yahoo systems remained compromised

“Systems remain compromised after public disclosure of security breach”

Five months after the announcement of over $500 million accounts being compromised, a new report has found that many Yahoo systems remain vulnerable today. This report also mentions that Verizon would lower its offer by $350 million to buy the internet business.

End-Of-Life Software Alive And Well 

“United States PC users at risk”

A new Secunia Research report has found that, on average, contain 75 programs installed and that 7.4% of them contain ‘End-of-Life’ software that does not receive new software updates. This leaves the machines vulnerable to new versions of malware systems.

Sneaky Hack Steals Data By Watching Computer LEDs Blink

“Air-Gapping threats increase”

Organizations will often ‘Air-Gap,’ or ensure the computer is not connected to the internet, a computer to ensure its security. This ensures that the computer is not connected to other devices and vulnerable to attacks.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 135

New York Times investigating apparent Twitter hack

“NYT video account tweeted hoax story”

The New York Times video Twitter account (@nytvideo) tweeted earlier this morning about a fake story involving a Russian missile attack against the United States to more than 250,000 followers. The alleged “attack” was based on a “leaked statement” from Vladimir Putin, the Russian President.

Saudi Arabia warns of cyber attacks 

“Nations labor ministry hit”

Organizations and ministries were put on alert today as a version of the Shamoon virus attacked a chemical firm Monday, causing network disruption in the labor ministry’s functionality. The telecoms authority has given advisory notifications to other branches of the government. Saudi Arabi had been left vulnerable by a Shamoon variant in 2012, crippling thousands of computers at the nationalized oil firm ARAMCO.

Symantec issues more illegit HTTPS certificates

“The firm is already in the hotseat”

Security researchers have revealed that three trusted CA’s operated by Symantec issued more than 100 invalidated transport security certificates. Some cases saw that certificates allowed some HTTPS-protected websites.

Heartbleed Still Affecting Many Devices: Shodan

“Nearly 200,000 continue to suffer from the flaw”

The OpenSSL flaw labeled as ‘Heartbleed’ has been found to affect many thousands of devices, Shodan search engine finds. CVE-2014-0160 is a vulnerability that gives hackers the ability to steal information under SSL/TLS encryption. Many researchers see the flaw as the culprit in a recent healthcare attack that obtained 4.5 million records.

SEC to investigate Yahoo: Report

“Concerns over time taken to disclose recent breaches”

Audits will soon hit Yahoo from the U.S. Securities and Exchange Commission (SEC). Authorities will investigate as to why it took the firm as long as it had to reveal their servers had been breached twice to its customers.

10Fold- Security Never Sleeps- 133

Trojan Malware Blamed for Health Cyberattack 

“Targeted hospital computer systems forced offline”

Barts Health NHS Trust computer systems were taken offline by cybercriminls with a Trojan malware program on Friday. Nearly all department systems, even those unaffected, were set offline as a precaution. How the infiltration entered into the network is still undisclosed.

Yahoo hack compromised accounts of over 3,000 Australian government officials

“Largest known data breach of its kind”

The victim count of a massive cyberattack on Yahoo has risen to over 3,000 Australian government officials. High profile positions such as MP’s, judges, and federal police were among those compromised, exposing a large amount of high risk information to cybercriminals. Security firm InfoArmor has released information that an Eastern European hacker collective “Group E” stole data from Yahoo in 2013, and the Department of Defence was apparently notified of this fact in October of last year. The breach has prompted Malcolm Turnbull, the Australian Prime Minister, to begin to probe the incident.

Fighting cybercrime using IoT and AI-based automation

“Murder case gains ground with new tech”

Detectives investigating a murder in Arkansas were able to pull valuable data off a smart meter, measuring 140 gallons of water in the early hours of the morning. This was far more than the home had ever been used before, possibly providing the time of death and attempts to conceal evidence.

Firefox Update Will Kill This Sneaky Tracking Technique

“Captures information in ‘browser fingerprinting'”

A new Firefox patch will probe for various softwares that use pieces of information that are indicative of whether or not the actual owner of the computer is using it. Some surprising factors, such as screen resolution, interface language and plug-ins, are actually quite accurate in recognizing the correct user.

10Fold- Security Never Sleeps- 130

Hacker group takes over Netflix Twitter account

“Showcases the lack of security in twitter systems”

A hacking entity by the name of “OurMine” has recently breached one of the Netflix twitter accounts (@netflix). After the initial hack, several tweets were sent out from the compromised account, including; “World Security is shit. We are here to prove this.” Most of these tweets were deleted within minutes, but highlights the concerns of businesses and users of popular internet sites.

Panasonic Inflight Entertainment System Vulnerable To Attack

“In-flight displays compromised on several major airlines”

Panasonic Avionic IFE’s has recently been found to contain several vulnerabilities that allow hackers to access audio and visual systems of passengers devices. Airlines affected include Virgin Atlantic, American Airlines, United Airlines, among many others.

The 10 biggest hacks, breaches, and security stories of 2016

“Yahoo takes the cake, again”

Millions of hacked IoT devices allowed for a massive internet attack, Russians look like they had some level of breach into influential aspects of the United States Presidential election. Was John Oliver right about 2016?

VMware removes hard-coded root access key from vSphere Data Protection

“New hotfix unexpectedly allows for potential remote access”

A new VMware VDP patch has unintentionally given hackers an exploitable access to the appliance. The disk-based recovery product integrates with vCenter, providing centralized management of over 100 virtual machines.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 119

Some Yahoo Employees Knew of Massive Hack in 2014

“Will create more concern in Verizon acquisition”

Yahoo has now admitted that many employees were aware of a state-sponsored hacking attempt that resulted in a critical breach of its network. Personal information from at least half a billion accounts, what is considered to be the largest in history, involved over 200 million usernames and passwords being stolen from users and customers.

Possible Health Data Breach From Employee Laptop

“MGA Home Healthcare notifies patients of possible personal information theft”

Potential data breaches may have occurred with a vendor downloading information in an unauthorized manner while servicing homes. Over 3,000 patient and employee information blocks may have possibly been compromised, left vulnerable in an employee’s vehicle. Law enforcement has been notified and released a statement; “has been conducting a thorough review of the potentially affected records to confirm what information was exposed.”

IoT Worm Can Hack Smart Devices, Prompts Concerns

“Chain reaction can create chain reaction in other devices as well”

A proof-of-concept worm developed by Eyal Ronen, Adi Shamir, and Achi-Or Weingarten of Weizmann Institute of Science, and Colin O’Flynn of Dalhousie that can create insecure web-connected chain reaction hacks is exploiting universal encryption keys over ZigBee networks. This is then capable of moving to other devices via other devices universal keys, able to spread exponentially in what is described as a city-wide basis.

Major Cloud Malware Infested Says Researchers

“Concerns over difficulty identify mount”

Many computer experts are saying that repositories are supplying malware to users, creating a serious epidemic for those using cloud based technologies. Hundreds of buckets have possibly been compromised, says Xiaojing Liao, a graduate student at Georgia Tech who is leading a study that is addressing possible solutions to the issue.

Trump Victory Sparks Fears Over U.S. Encryption, Surveillance Policy

“Donald Trump’s surprise win has brought fears of rights violations, security”

Civil Libertarians and technology companies have voiced serious concern over some of Trump’s potential policies that call for closing down certain parts of the internet to fight Islamic terrorism. Trump won the election Tuesday night, a victory unforeseen by much of the media. The new President-Elect has been a vocal opponent of tech companies being uncooperative with the government on unlocking their technologies to assist with terrorist investigations.

10Fold- Security Never Sleeps- 103

Hack Claims from Guccifer 2.0 Denounced by Clinton Foundation

“Widely believed to be political in motivation”

Guccifer 2.0, the hacker who claims responsibility for the Democratic National Committee leaks that aimed to expose corruption within its ranks, claims to have breached the servers of the Clinton Foundation and attained documents that could be damaging to Hillary Clinton’s presidential campaign, despite denial from the Clinton Foundation itself. The hacker posted screenshots of spreadsheets online, claiming that they were documents from the institution and that: ‘… her staff don’t even bother about the information security.”

The political motivations of the cyber-attack remain obvious, as the hacker made clear favorable reference to Julian Assange, founder of WikiLeaks and outspoken opponent of Hillary Clinton.

Report Claims that Email Provider Yahoo Assisted in Spying on U.S. Citizens

“Raises questions of why Yahoo did not fight the order”

A program developed by Yahoo Inc. last year reportedly allows the U.S. Federal government to search through email databases for certain phrases. Anonymous former employees narrowed government agencies involved to either or both the National Security Agency or the Federal Bureau of Intelligence.

The news is surprising, given the typical resistance to government mandates to enter customer accounts that tech firms generally uphold. However, Yahoo not only complied with the order, but dedicated its own resources and staff to assist with the operation.

TalkTalk fined £400K for mistakes that led to 2015 hack

“Actions first taken to clear its reputation of highly hacked service”

After the personal data theft of over 155,000 customers Telecom firm TalkTalk has been fined £400,000 for its security vulnerabilities in 2015. Well over 15,000 of those affected had bank information stolen and suffered serious ramifications for what Information Commissioner Elizabeth Dunham reported that even the most basic of security measures failed to be acted upon and “…(the company) could have done more to safeguard its customer information.”

Malware Infested-Ads Plaguing Spotify

“Free version of service seems to open malicious sites”

Malware seems to have worked its way into the Spotify servers and is continuously serving itself to the users who use the Spotify free product to stream music. The ads have been reported to open infected sites, causing potential harm to those that travel to them.