Victims can sue Yahoo for massive breaches, federal judge says

Plaintiffs suing Yahoo for failing to protect all of the company’s 3 billion users can move forward with the majority of their case, a federal judge in California ruled on Friday. U.S. District Judge Lucy Koh denied in part a motion by Verizon, which owns Yahoo, to dismiss the case. The plaintiffs are claiming that Yahoo was too slow to correct security vulnerabilities, as well as disclose three data breaches between 2013 and 2016. Since Yahoo’s breaches affected virtually every user, the plaintiffs are seeking class certification. “Plaintiffs explain that, had they known about the inadequacy of these security measures, they ‘would have taken measures to protect themselves,’” Koh writes in the ruling. “Plaintiffs’ allegations are sufficient to show that they would have behaved differently had Defendants disclosed the security weaknesses of the Yahoo Mail system.” The plaintiffs argue that the breaches have put them at risk of identity theft and forced them to spend time […]

The post Victims can sue Yahoo for massive breaches, federal judge says appeared first on Cyberscoop.

Continue reading Victims can sue Yahoo for massive breaches, federal judge says

Yahoo Agrees to $80 Million Settlement Over Data Breaches

Yahoo has agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches that compromised the personal information of three billion users. The suit was filed by several shareholders in January 2017, al… Continue reading Yahoo Agrees to $80 Million Settlement Over Data Breaches

Why does DKIM verification succeed with a signature from Yahoo when all headers are spoofed to look like GMail?

Today I got a scam e-mail which I decided to disect. I quickly found that it was sent from a GMail address (From, Reply-To, Return-Path) but that the mail itself came from Yahoo.

HELO from Yahoo
Received from IP maps both … Continue reading Why does DKIM verification succeed with a signature from Yahoo when all headers are spoofed to look like GMail?

DNC hires first ever CSO ahead of 2018 midterms

The Democratic National Committee has named Bob Lord as its new chief security officer, hiring the former Yahoo CISO to lead the committee’s cybersecurity operations heading into the 2018 midterm elections. The hire was announced Thursday through a statement released by the DNC. The committee mentions that Lord will work with the organization’s own internal security team as well as in the field to support state parties, including efforts to update their “information security strategies” and improve practices to “change the economics” for attackers. “I’m confident Bob’s skills and hard work will help protect us against the sort of cyberattacks and intrusions that are unfortunately all too common in today’s age,” DNC Chair Tom Perez said in a release. “Defense is an essential part of any game plan, and I couldn’t be happier with Bob holding the line for the DNC.” The DNC has never employed a CSO before. But the […]

The post DNC hires first ever CSO ahead of 2018 midterms appeared first on Cyberscoop.

Continue reading DNC hires first ever CSO ahead of 2018 midterms

How Verizon delicately handled the Yahoo breach

While the tech world was left spinning in late 2016 when it was discovered that Yahoo suffered a massive breach, Verizon stayed calm. In the 72 hours immediately following the disclosure, the telecommunications giant which was moving to acquire Yahoo, reportedly made no snap judgments or assumptions, said Craig Silliman, Verizon’s EVP of Public Policy and General Counsel. After aligning their strategic interests with Yahoo, Silliman said that his first question was to ask about “the effect on the reason [Verizon] was buying this asset in the first place.” “We bought Yahoo for user and user engagement,” he said at the Wall Street Journal’s Cybersecurity Executive Forum in New York Wednesday. “So when you have a breach on the user, how that company reacts is important.” Silliman said he spent countless hours talking to C-suite level executives from both Verizon and Yahoo in the wake of the breach. During and […]

The post How Verizon delicately handled the Yahoo breach appeared first on Cyberscoop.

Continue reading How Verizon delicately handled the Yahoo breach

Cyber News Rundown: 2017 Year in Review

As 2017 comes to a close, we’re looking back at the 10 most significant (or simply the most devastating) cybersecurity stories of the year. Read through the list below to see which attacks,…read more
The post Cyber News Rundown: 2017 Year in Re… Continue reading Cyber News Rundown: 2017 Year in Review

Weekly Cyber Risk Roundup: Uber’s Breach Woes, Major Cybercriminals Prosecuted

Uber was the week’s top trending cybercrime target due to the announcement of a year-old breach that affects 57 million customers and drivers. In addition, the company admitted to paying the hackers $100,000 in an effort to keep the breach out th… Continue reading Weekly Cyber Risk Roundup: Uber’s Breach Woes, Major Cybercriminals Prosecuted