#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Yahoo bug bounty | Breaking Cybersecurity News | The Hacker News

Yahoo Flaw Allowed Hackers to Read Anyone's Emails

Yahoo Flaw Allowed Hackers to Read Anyone's Emails

Dec 08, 2016
Yahoo has patched a critical security vulnerability in its Mail service that could have allowed an attacker to spy on any Yahoo user's inbox. Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS (Cross-Site Scripting) in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code. In his blog post published today, the researcher demonstrated how a malicious attacker could have sent the victim's inbox to an external site, and created a virus that attached itself to all outgoing emails by secretly adding a malicious script to message signatures. Since the malicious code is in the message's body, the code will get executed as soon as the victim opens the boobytrapped email and its hidden payload script will covertly submit victim's inbox content to an external website controlled by the attacker. This issue is because Yahoo Mail failed to properly filter potentially malici
Yahoo! pays $24,000 to Hacker for finding Security Vulnerabilities

Yahoo! pays $24,000 to Hacker for finding Security Vulnerabilities

Mar 17, 2015
Yahoo! has offered $24,000 to a security researcher for finding out and reporting three critical security vulnerabilities in its products including Yahoo! Stores and Yahoo!-hosted websites. While testing all the company's application, Mark Litchfield , a bug bounty hunter who often works with different companies, discovered three critical vulnerabilities in Yahoo!'s products. All the three vulnerabilities have now been fixed by Yahoo!. THREE CRITICAL SECURITY VULNERABILITIES The first and most critical vulnerability gives hackers full administrator access to Yahoo!'s e-commerce platform, Yahoo! Small Business , a portal that allows small business owners to create their own web stores through Yahoo! and sell merchandise. According to the researcher, the flaw in the service allowed him to fully administrator any Yahoo store and thereby gain access to customers' personally identifiable information, including names, email addresses, telephone numbers.
cyber security

external linkSay Goodbye to SaaS Blind Spots: Wing Security Unveils Free Discovery Tool

websitewww.wing.securitySaaS Security / Attack Surface
Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.
Cybersecurity Resources