#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

yahoo email hack exploit | Breaking Cybersecurity News | The Hacker News

Category — yahoo email hack exploit
Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

Oct 02, 2019
An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos. According to an press note released by the U.S. Justice Department, Reyes Daniel Ruiz , a 34-year-old resident of California and former Yahoo software engineer, admitted accessing Yahoo internal systems to compromise accounts belonging to younger women, including his personal friends and work colleagues. Once he had access to the users' Yahoo accounts, Ruiz then used information obtained from users' email messages and their account's login access to hacking into their iCloud, Gmail, Facebook, DropBox, and other online accounts in search of more private material. Besides this, Ruiz also made copies of private images and videos that he found in the personal accounts of Yahoo users without their permission and stored them on a private computer a
Yahoo Mail hijacking exploit available for $700

Yahoo Mail hijacking exploit available for $700

Nov 27, 2012
An Egyptian hacker " TheHell " is selling an exploit in $700 that allows individuals to hijack a Yahoo! email account. The method is shown off in a video that was posted on YouTube. A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts. In order to work, the victim must click on a malcious link. Upon doing so, the user's cookies will be stolen and he or she will be redirected back to the Yahoo! email home page. " I'm selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers ," "TheHell" explained. " And you don't need to bypass IE or Chrome xss filter as it do that itself because it's stored xss ." Yahoo! has been notified and is looking for the security hole, which it says can be fixed in a few hours once discovered. They says this XSS flaw falls into the category of a stored vulnerability, which inserts malicious code into a file, database, or back-end system. The mali
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

Nov 01, 2024SaaS Security / Insider Threat
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major vulnerabilities. So, how can CISOs reduce the noise? What misconfiguration should security teams focus on first? Here are five major SaaS configuration mistakes that can lead to security breaches. #1 Misconfiguration: HelpDesk Admins Have Excessive Privileges Risk: Help desk teams have access to sensitive account management functions making them prime targets for attackers. Attackers can exploit this by convincing help desk personnel to reset MFA for privileged users, gaining unauthorized access to critical systems. Impact: Compromised help desk accounts can lead to unauthorized changes to admin-
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources