Verizon was able to save even more money following Yahoo’s email hacks.
The telecommunications company announced a deal to buy the core business of Yahoo for $4.48 billion —managing to secure a $350 million discount it was pursuing because of two major security breaches, the last of which affected over 1 billion accounts.
The deal states that both Yahoo and Verizon will share some liabilities following the 2013 and 2014 hacks. The companies will split cash liabilities linked to some lawsuits and government investigations, but Yahoo alone will be saddled with some liabilities from shareholder lawsuits and U.S. Securities and Exchange Commission investigations.
The malware that may have swung the U.S. presidential election could be on its way to a Mac near you.
Security researchers have discovered a macOS malware program that’s likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.
The group, known under such names as “Fancy Bear”, “Pawn Storm” and “APT28”, has been active for almost a decade and is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.
X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.
You pay less if the item you’re buying has a couple of dings on it.
Verizon is apparently close to purchasing Yahoo’s Internet properties for roughly $4.8 billion, a price that includes a $250 million discount after the revelation of security breaches at the web company.
Sources close to the store cited the discounted price as well as Yahoo’s possibly being renamed “Altaba Inc.”. An announcement of the new agreement could come in a matter of days or weeks, said the sources. The revised agreement isn’t final and could still change.
Yahoo said in December that cyberthieves in 2013 siphoned information including users’ e-mail addresses, scrambled account passwords and dates of birth. The stolen data may allow criminals to go after more sensitive personal information elsewhere online. The announcement followed news in September of a 2014 breach that affected at least 500 million customer accounts.
Apple’s Activation Lock web site may have been involved in a hack, thus explaining its sudden removal and elimination.
As it turns out, the Activation Lock website was a vital part of a bypass hack used to unlock devices bricked by Activation Lock, perhaps hinting at why Apple shelved it.
The hack centered around the perpetrators changing one or two characters of an invalid serial number, thereby generating a valid serial number for an iOS device. The valid number could then be used to gain full access to the iPhone, iPad or iPod touch.
It doesn’t look good when half a billion of your company’s email accounts are hacked.
And it looks a bit worse when a cool billion of them in total were hacked.
Yahoo on Wednesday announced that it believes more than one billion Yahoo user accounts were compromised in a hack by an unauthorized third party in August of 2013.
The company disclosed that information stolen from affected accounts includes names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information were not believed to be accessed in the attack.
The Touch Bar on the new MacBook Pro notebooks has its fans and its detractors, but the fact that developer Adam Bell was able to run a copy of the classic shooter “Doom” on it is nothing short of awesome.
Keep in mind that since the Touch Bar is essentially a mini Apple Watch jammed above the notebook keyboard, there’s no reason it too can’t get involved. Bell stepped up to the plate for this one, uploading the following killer video to YouTube:
Following up on the large-scale distributed denial of service (DDoS) attack on Friday that temporarily took down large chunks of the Internet, it looks like Apple’s controversial “walled garden” approach to its HomeKit devices may have worked out.
As detailed in recent reports, the attack, which also targeted unprotected “Internet of Things” (IoT) devices, focused on Dyn, an internet management company that provides DNS services to many major web entities.
A series of repeated attacks caused websites including The Verge, Imgur and Reddit, as well as services like HBO Now, and PayPal, to see slowdowns and extended downtimes. Follow-up waves played havoc with The New York Times, CNN, Netflix, Twitter and the PlayStation Network, among many others.
Yet another chunk of malware for OS X/macOS to worry about.
Security researchers at Palo Alto Networks have identified a new trojan known as “Komplex”, which can download, execute, and delete files from an infected Mac. Interestingly, the Trojan will also save a PDF document to the infected system concerning the Russian space program.
The PDF document details planned Russian space projects from 2016 to 2025, but also acts as a decoy.
Well, this is why they invented bug fixes and updates.
A new discovery by iOS and security forensics company Elcomsoft has revealed that encrypted iOS backups saved via iTunes are now much easier to crack in iOS 10 than in recent years. The change in security is apparently due to a new password verification method in iOS 10.
The discovery focuses on the backup method, which in iOS 10, apparently “skips certain security checks” that were present in past versions of iOS. This allows passwords to be attempted signficnatly faster than before. The new backup method works alongside the old back up method, meaning that for pre-iOS 10 backups, the old method is used.
In the annals of hacks and breaches, this is pretty epic.
Yahoo confirmed on Thursday data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever.
The company said it believes a “state-sponsored actor” was behind the data breach, meaning an individual acting on behalf of a government. The breach is said to have occurred in late 2014.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.