- Yahoo flaw allowed hackers to read anyone’s email
Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS (Cross-Site Scripting) in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code. According to researcher the researcher a malicious attacker could have sent the victim’s inbox to an external site, and created a virus that attached itself to all outgoing emails by secretly adding a malicious script to message signatures. The malicious code is in mail body, code will execute once victim open the body part and its hidden payload script will covertly submit victim’s inbox content to an external website controlled by the attacker. It is happened due to Yahoo Mail failed to properly filter potentially malicious code in HTML emails which could allow attacker to launch xss.
Cyber Security tips: Yahoo has patched this critical security vulnerability, but users are strictly recommended that change your password, avoid to open spam mails and use strong password.
- North Korea hacks South Korea’s cyber command
SEOUL: North Korea appears to have hacked South Korea’s cyber command, the military said on Tuesday. According to report intranet server of the cyber command has been contaminated with malware, also found that some military documents, including confidential information, have been hacked,” an official at the Ministry of National Defence told Yonhap News Agency. The cyber command said it isolated the affected server from the whole network to avoid the spread of viruses. Investigation is going on and it has yet to fully determine what data were leaked. The attacker use malware for hacking said report.
Cyber Security Tips: To protect yourself from such kind of attack keep your network secure with Intrusion detection and Prevention system, use updated antivirus to protect systems from malwares and also give information security awareness training to employee.
- Germany’s ThyssenKrupp hit by sustained hacking attack
ThyssenKrupp, one of the world’s largest steel makers. Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG (TKAG.DE) in cyber-attacks earlier this year, the German company said on Thursday. The company said it was “a professional attack which according to our information can be attributed to a group in Southeast Asia.” ThyssenKrupp says the attackers targeted its Industrial Solutions unit and some data appeared to have been stolen. How much data is stolen is not confirm yet. Internal security team of company had discovered security breach in February said report.
Cyber Security Tips: To protect from such a hacking protect your network with updated antivirus, doing vulnerability assessment and penetration testing of network and web application, patch the vulnerability after assessment and use firewall to filtered request.