Why Malwarebytes blocks some Yahoo Mail redirects

Some Malwarebytes users have recently noticed frequent web protection alerts while reading email in Yahoo Mail’s web interface. These alerts are caused by background connections from the Yahoo Mail page to a set of third‑party domains that our products and other security tools currently classify ...

SUSE: Security Advisory (SUSE-SU-2023:2849-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2009-3934

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclientimpl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated ...

openSUSE Security Update : alpine (openSUSE-2021-675)

This update for alpine fixes the following issues : Update to release 2.24 - A few crash fixes - Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 - Expansion of the configuration screen for XOAUTH2 to include username, and tenant. - Alpine uses the domain in the From: header of...

Security update for alpine (moderate)

openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0695-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...

Security update for alpine (moderate)

openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0675-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...

O1 Labs: SPF Records

The vulnerability was that you can spoof their email address and then the attacker can send emails from their email address which could lead to sending fake emails or attempts of phishing. To see if you can send an email of a target domain you need to check if it has an SPF Sender Policy Framewor...

Iran-Linked 'Charming Kitten' Touts New Spearphishing Tactics

An Iran-linked advanced persistent threat APT group tied to attacks on President Trump’s 2020 re-election campaign has added new spearphishing techniques to its arsenal in an apparent ramp-up in operations. Charming Kitten—which goes by a number of names, including APT35, Ajax Security Team,...

See how I found Yahoo Mail APP stored XSS vulnerability-vulnerability warning-the black bar safety net

! Today I want to share is to participate in Yahoo（Yahoo!） Vulnerability all test items to find the one on Yahoo Mail iOS app vulnerability, and ultimately, by virtue of the vulnerability, I go into the Yahoo security Hall of Fame and get a$3500 dollar reward. Vulnerability case My test object is...

Mailsploit vulnerability exists in email address resolution

TL;DR: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents MTA aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC DKIM/SPF or spam filters. Bu...

Internet Bug Bounty: Mailsploit: a sender spoofing bug in over 30 email clients

Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents MTA aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC DKIM/SPF or spam filters. Bugs were...

MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients

If you receive an email that looks like it's from one of your friends, just beware! It's possible that the email has been sent by someone else in an attempt to compromise your system. A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client...

Terdot Trojan likes social media

We usually advise people that have fallen victim to banker Trojans to change all their passwords, especially the ones that are related to their financial sites and apps. Besides the dangers of re-used passwords, there are other reasons why this is important. This advice is especially applicable t...

18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The...

Yahoo Mail – Stay Organized! - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Yahoo Mail – Stay Organized! published at the 'play' market has multiple vulnerabilities...

Yahoo mail storage type XSS vulnerabilities, hackers can look at anyone's mail-vulnerability warning-the black bar safety net

Recently from Finland Klikki Oy, a researcher Jouko Pynnönen has published a blog, which demonstrates a malicious attacker how to useXSSvulnerability attack under Yahoo mail, the victims Inbox messages sent to an external site; and constructing a virus, this virus can be passed to the email...

Yahoo Mail XSS Bug Worth Another $10K to Researcher

The déjà vu is real for Finnish security researcher Jouko Pynnonen. Just shy of a year ago, Pynnonen privately disclosed a stored cross-site scripting vulnerability in Yahoo Mail, and was rewarded with a $10,000 bounty through Yahoo’s HackerOne program. Fast forward to last month, and there was...

Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability

Document Title: =============== Yahoo Bug Bounty 37 - Sender Spoofing Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1985 Video: https://www.youtube.com/watch?v=QYZRbRqs50g Advisory: https://www.vulnerability-lab.com/getcontent.php?id=1777 Release Date:...

HackerOne: Unintended HTML inclusion as a result of https://hackerone.com/reports/110578

Hi, I was just reading https://hackerone.com/reports/110578 and testing out the changes. I had previously noticed that the editor would take something like: test and turn it into : test In other words, the code would recursively look at what should be the title string and use the first single or...

Critical Yahoo Mail Flaw Patched, $10K Bounty Paid

A critical vulnerability in Yahoo Mail that could give attackers complete control of an account was patched two weeks ago. The flaw was privately disclosed Dec. 26 by Finnish researcher Jouko Pynnonen and patched Jan. 6. Pynnonen earned himself a $10,000 bounty, one of the highest paid out by Yah...