Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.
The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a “state-sponsored actor” in 2014, which exposed the accounts of at least 500 Million Yahoo users.
But, now it seems that Yahoo has downplayed a mega data breach and triying to hide it’s own security blunder.
Recently the information security firm InfoArmor that analyzed
Experts challenge Yahoo’s assertion that state-sponsored hackers were behind a 2014 breach that resulted in 500 million lost records.
A researcher earned a $10,000 bounty from Yahoo for a stored cross-site scripting vulnerability in Yahoo Mail.
Yahoo has hired former Twitter and Rapid7 security executive Bob Lord as its new CISO, taking over for Alex Stamos, who this summer left Yahoo for Facebook.
Yahoo CISO Alex Stamos said a preview of the company’s end to end encryption plugin has been released to GitHub for review.
A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk.
A new SMTP header developed by Facebook and Yahoo confirms ownership of Yahoo email accounts.
Yahoo CISO Alex Stamos confirmed that three servers had been infected with malware by hackers looking for machines vulnerable to Shellshock.