Yahoo

Pierluigi Paganini October 07, 2014
Romanian Hackers exploited Bash Bug flaw to hack Yahoo servers

The security expert Jonathan Hall found evidence that a gang of Romanian Hackers exploited the Bash Bug flaw to hack Yahoo servers. The Security researcher Jonathan Hall, president of IT consulting firm Future South Technologies, said that a gang of Romanian hackers exploited the Shellshock vulnerability to gain access to Yahoo servers, and Yahoo! has confirmed the violation […]

Pierluigi Paganini September 20, 2014
Yahoo SQL Injection flaw allows Remote Code Execution and privileges scalation

The Egyptian hacker Ebrahim Hegazy has discovered a critical Yahoo SQL Injection flaw exploitable to Remote Code Execution and privilege escalation. My readers know very well the Egyptian hacker Ebrahim Hegazy, he is a great security expert and a friend of mine, which disclosed numerous critical flaws in most popular web services, including Microsoft, Yahoo and Orange. […]

Pierluigi Paganini May 25, 2014
Serious Flaw in Yahoo Websites allows attackers to delete any comment

The Egyptian security researcher Ahmed Aboul-Ela has discovered a vulnerability which allowed deleting comments of any user in all Yahoo sites. A couple of days ago I was contacted by the Egyptian security researcher Ahmed Aboul-Ela which informed me to have disclosed a vulnerability in Yahoo websites which allow attackers to delete any comment from all Yahoo Services, […]

Pierluigi Paganini May 20, 2014
Remote code injection in Microsoft, Yahoo and Orange subdomains

Security researcher Ebrahim Hegazy has identified a remote code injection vulnerability affecting several subdomains of Microsoft, Yahoo, Orange and others. Fortunately, the security Vulnerability has been fixed. While participating in the Yahoo Bug Bounty program, Hegazy has found a “Unauthorized Admin Access” Vulnerability in one of Yahoo domains “mx.horoscopo.yahoo.net.”, that vulnerability led him to find […]

Pierluigi Paganini March 01, 2014
Critical flaw in Yahoo allows Hacker to delete 1.5M records

Vulnerability in Yahoo allowed Egyptian hacker to delete more than 1 million and half records from Yahoo database. Yahoo immediately fixed it. The Egyptian cyber security expert Ibrahim Raafat has discovered a serious flaw  in the Yahoo! website. The hacker demonstrated on his blog how to exploit the “Insecure Direct Object Reference Vulnerability” vulnerability in the Yahoo! sub-domain (suggestions.yahoo.com) to delete all […]

Pierluigi Paganini February 28, 2014
Optic Nerve, GCHQ intercepted webcam images from millions of Yahoo users

The Guardian revealed that under the surveillance program Optic Nerve the GCHQ has intercepted webcam images from millions of Yahoo users around the world. A new collection of documents leaked by Edward Snowden has made public the program Optic Nerve, yet another surveillance operation operated by the intelligence agencies since 2008. The news was reported by The Guardian, Optic […]

Pierluigi Paganini January 26, 2014
Discovered a Remote Command Execution Vulnerability in Yahoo!

The cyber security expert Ebrahim Hegazy has found a Remote Code Execution vulnerability in a Yahoo server hosting numerous sub-domains. The cyber security expert Ebrahim Hegazy has found a serious flaw, as explained by the analyst the website is affected by a Remote Code Execution vulnerability. During the test Hegazy discovered first a Remote PHP Code […]

Pierluigi Paganini December 05, 2013
Two Million social media credentials stolen by cybercriminals

Two Million stolen Facebook, Twitter login credentials were found on ‘Pony Botnet’ Command and Control Server by Trustwave’s researchers. Two Million social media credentials stolen by cybercriminals have been found by security experts at Trustwave’s SpiderLabs, the collection includes popular social media like Facebook and Twitter and popular websites such as Google and Yahoo. Trustwave’s SpiderLabs […]

Pierluigi Paganini April 26, 2013
Yahoo! Blind SQL Injection could lead to data leakage

Yahoo! Blind SQL Injection could allow attackers can inject own SQL commands A Yahoo! Blind SQL Injection has been discovered by an Egyptian information security advisor … What could be the problems arising? Data leakages are the nightmares of every administration of databases, a growing number of services are exposed on the Internet with related data, Billion of customers’ record […]

Pierluigi Paganini July 13, 2012
All the truth about Yahoo Contributor Network data breach

It’s hacking time! Within a few days we saw two attacks that had disastrous consequences, the victims are prominent Formspring portal and the Yahoo Voices service. The Yahoo branch hacked is Yahoo Contributor Network a sort  of content farm that paid users to publish their submissions. The Yahoo service allow users to post articles and media such […]