500 Million Yahoo Accounts Stolen By State-Sponsored Hackers

Yahoo says it was the victim of state-sponsored hackers who stole information associated with 500 million accounts. Yahoo CISO Bob Lord said the attack happened on the company’s network in late 2014; he did not name the country responsible. “The account information may have included names, email...

IRS Reinstates Get Transcript Service Following Hack

The Internal Revenue Service has reinstated its Get Transcript service, more than a year after hackers managed to manipulate settings in the system in order to steal information on more than 720,000 U.S. taxpayers. The IRS suspended the service – which gives citizens a way to look up line-by-line...

Hotels.com Phishing Scam Duping Travelers

An undisclosed number of travelers who use Hotels.com may have been victims of a phishing scheme. The company said some customers were recently tricked into disclosing their names, phone numbers, email addresses and travel bookings. An individual was reportedly able to convince customers that the...

LastPass Network Breached; Calls for Master Password Reset

Password manager LastPass disclosed today that its network was breached and advised users to change their master passwords and enable multifactor authentication. CEO and founder Joe Siegrist said in a security notice that LastPass on Friday discovered suspicious activity on its network; encrypted...

Cybersecurity Vulnerabilities Identified in Banking Vendors

In hopes of bolstering security, banks in New York over the next several weeks want to enact new regulations for any third party vendors they do business with. A report released last week pointed out that one in three N.Y. banks don’t require their vendors to notify them in the event they...

Hacker exploits Heartbleed bug to Hijack VPN Sessions

Cyber criminals have explored one more way to exploit Heartbleed OpenSSL bug against organisations to hijack multiple active web sessions conducted over a virtual private network connection. The consulting and incident response Mandiant investigated targeted attack against an unnamed organization...

Targeted Attack Uses Heartbleed to Hijack VPN Sessions

A targeted attack against an unnamed organization exploited the Heartbleed OpenSSL vulnerability to hijack web sessions conducted over a virtual private network connection. Incident response and forensics firm Mandiant shared some details on a recent investigation of an incident that began April ...

DS3 Authentication Server - Multiple Issues

Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt =============================== - Advisory - =============================== Tittle: DS3 Authentication Server - Command Execution Post Authentication & other minor issues Risk: High Date: 27.May.2013 Author: Pedro Andujar .:...