Yahoo fixed XSS flaw in its email system
Security researcher Jouko Pynnonen has found XSS flaw in yahoo mail that allowed hackers to access and read yahoo email. Yahoo has awarded researcher with $10,000 reward. It was easy to bypass HTML filter with link hiding malicious JavaScript code. Therefore, users did not have to click on links sent by hackers and they can open emails easily. The flaw can create virus that could infect Yahoo mail. Yahoo was informed about the flaw on November 12 2016 and Yahoo fixed it on November 29 2016.
People commonly used “Love”, “Angel” and “Star” as passwords, survey said
CBT Nuggets did research on most used passwords from 50K leaked emails and passwords. The most used password included “Love”, “Angel”, “star”, and “Girl”. There are names also commonly used like rock, miss, hell, Mike, and John. The research also showed that men were slightly more prone to hacking whose age falls between 25 to 34 years. The first number on email hacked were from Yahoo subsequent by Hotmail and Gmail accounts.
Dailymotion hacked; around 87 million accounts compromised
Dailymotion a video sharing platform suffered from hacking and around 87 million accounts were affected. The stolen details included email, username, hashed passwords of registered users. There were also some passwords, which were not encrypted. Dailymotion users are requested to change passwords.
North Korea hacked South Korea military network
North Korean hackers compromised South Korea military network. The attack took place on September 23 2016 and targeted systems that were used to update the network. The ministry revealed that they discovered evidence, code, etc. The military made an investigation and found that some military data was accessed and this attack was launched from Chinese servers. There is state secrets were also accessed in this hacking.
Adobe Flash Player remained main target for Exploit kit
Recorded Future has researched and published a report on common vulnerabilities used by attackers in exploit kits. Adobe Flash Player and Microsoft products were mostly target by threat actors. In 2016, hacking campaigns launched by nation-state actors have rules in cyber world and crooks spread malware and ransomware via exploit kits. Adobe Flash Player held 6 out of 10 most critical vulnerabilities. CVE-2016-0189 vulnerability affected IE browser cited on most security blogs, deep web forum postings and dark web sites.
German based ThyssenKrupp- a steel company hit with Cyber attack
ThyssenKrupp – a German based steel company suffered from cyber-attack and hackers stole steal trade secrets from IT system. The attack was done from Southeast Asia targeted to gain access to knowledge and research about steel technology from company’s production and manufacturing plant. The attack was identified in its early stage and hackers did not attempt to tamper production system. The attack has also not damaged property or exposed personal safety.
