Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.
Tag Archives: Yahoo Security
Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users
The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a “state-sponsored actor” in 2014, which exposed the accounts of at least 500 Million Yahoo users.
But, now it seems that Yahoo has downplayed a mega data breach and triying to hide it’s own security blunder.
Recently the information security firm InfoArmor that analyzed
Yahoo Challenged on Claims Breach Was State-Sponsored Attack
Experts challenge Yahoo’s assertion that state-sponsored hackers were behind a 2014 breach that resulted in 500 million lost records.
Critical Yahoo Mail Flaw Patched, $10K Bounty Paid
A researcher earned a $10,000 bounty from Yahoo for a stored cross-site scripting vulnerability in Yahoo Mail.
Yahoo Hires Bob Lord as its CISO
Yahoo has hired former Twitter and Rapid7 security executive Bob Lord as its new CISO, taking over for Alex Stamos, who this summer left Yahoo for Facebook.
Yahoo Previews End-To-End Email Encryption Plug-In
Yahoo CISO Alex Stamos said a preview of the company’s end to end encryption plugin has been released to GitHub for review.
Researcher: ‘Lax’ Crossdomain Policy Puts Yahoo Mail At Risk
A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk.
Facebook, Yahoo Curb Identity Theft with New Email Ownership Header
A new SMTP header developed by Facebook and Yahoo confirms ownership of Yahoo email accounts.
Yahoo Confirms Infected Servers Unrelated to Shellshock
Yahoo CISO Alex Stamos confirmed that three servers had been infected with malware by hackers looking for machines vulnerable to Shellshock.