Month: September 2016

The leak of NSA hacking tools was caused by a staffer mistakeSecurity Affairs

According to the sources, it seems that an employee or a contractor mistakenly left the NSA hacking tools unattended on a remote server about three years ago during a cyber operation. The NSA was aware of the incident and did not inform the companies of the risks related to the exposure of the exploits.

Source: The leak of NSA hacking tools was caused by a staffer mistakeSecurity Affairs

Yahoo Data Breach, the company confirms the incident that exposed 500M accountsSecurity Affairs

The company has finally made the announce, the news related the Yahoo data breach is in the headlines. The IT giant confirmed that hackers have stolen at least 500 million user accounts in a data breach dating back to 2014.

“We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”

Source: Yahoo Data Breach, the company confirms the incident that exposed 500M accountsSecurity Affairs

As of Oct 5, automatic OAuth 2.0 token revocation upon password resetSecurity Affairs

Google announced a change to its security policy to increase the account security that includes the OAuth 2.0 token revocation upon password reset.

Google aims to improve users’ security limiting the impact on the usability of its application, at least in this first phase so although initially planned for a wider set of applications, the OAuth 2.0 token revocation rule will be limited to the email mail service.

Source: As of Oct 5, automatic OAuth 2.0 token revocation upon password resetSecurity Affairs

CVE-2016-6415 – CISCO confirms a new 0Day linked to Equation GroupSecurity Affairs

Cisco revealed the existence of another zero-day vulnerability, tracked as CVE-2016-6415, in the Equation Group archive leaked by the Shadow Broker hackers.

Further analysis revealed that the flaw exploited by the BENIGNCERTAIN, tracked as CVE-2016-6415, also affects products running IOS, IOS XE and IOS XR software.

Source: CVE-2016-6415 – CISCO confirms a new 0Day linked to Equation GroupSecurity Affairs