BeQuiet Jubiläum Banner 970x90
Breaking News

Envision Enhances Its Range of Smart Glasses For Blind and Low-Vision Communities - Making Them More Accessible For Everyone ASUS Announces All-New Vivobook Go 15 OLED and Vivobook Go 14 Pioneer Japan updates firmware for their X13 lineup (30-01-2023) DLSS 3 Delivers Ultimate Boost in Latest Game Updates on GeForce NOW DualSense Edge wireless controller launches globally today

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Yahoo Blog Hijacked, Bitdefender Says

Yahoo Blog Hijacked, Bitdefender Says

Enterprise & IT Jan 31,2013 0

An email-based attack has been hijacking Yahoo accounts, security software company Bitdefender Labs has reported. The security firm warned that a spam wave that has been circulating for roughly a month has been stealing Yahoo login credentials by exploiting an old vulnerability in a component of the Yahoo Developers blog.

The spam message features a bit.ly shortened URL that takes the user to a web page impersonating the popular MSNBC page, but which turns out to be located on a series of subdomains on hxxp://com-im9.net.

Whois information for the domain reveals it was bought in Ukraine and hosted in a data center in Nicosia, Cyprus, Bitdefender says.

Once the user lands on the alleged MSNBC page, a piece of JavaScript code inside tries to exploit a known vulnerability (CVE-2012-3414) in the SWF Uploader component on the Yahoo Developers Blog, which is powered by WordPress.

Since the exploitable component is located on a sub-domain of the target website, the same-origin policy does not prevent the exploit code access to cookies, which are subsequently sent to the attacker. Once they have the log-in cookie, they can authenticate into the victim's account and send spam or harvest contacts' e-mail addresses for other spam campaigns.

Bitdefender's experts believe this is the account recruitment stage of the operation and we expect the next wave of messages to feature links to malware.

Bitdefender said it had notified Yahoo about the incident and had provided the proof-of-concept documentation.

Tags: Yahoo
Previous Post
Up To $80 Discount For CyberLink's PowerDirector 11 Software
Next Post
DVD and Blu-ray Still Drive Home Entertainment Revenue

Related Posts

  • Yahoo and Verizon Launch Yahoo Mobile Unlimited Phone Service

  • Yahoo Groups Website is Closing

  • Yahoo Together Comes to Organize Group Messaging

  • Altaba Sells Yahoo Japan stake for $4.3 billion

  • Japan Accuses Apple of Pressuring Game Rivals: Nikkei

  • Oath Scans Your Yahoo and AOL Mail for Targeted Advertising

  • Mozilla Files Cross-Complaint Against Yahoo and Oath

  • Yahoo Says All 3 Billion Accounts Were Hacked in 2013 Security Breach

BeQuiet Jubiläum Banner 300x600

 

Latest News

Envision Enhances Its Range of Smart Glasses For Blind and Low-Vision Communities - Making Them More Accessible For Everyone
Enterprise & IT

Envision Enhances Its Range of Smart Glasses For Blind and Low-Vision Communities - Making Them More Accessible For Everyone

ASUS Announces All-New Vivobook Go 15 OLED and Vivobook Go 14
Enterprise & IT

ASUS Announces All-New Vivobook Go 15 OLED and Vivobook Go 14

Pioneer Japan updates firmware for their X13 lineup (30-01-2023)
Optical Storage

Pioneer Japan updates firmware for their X13 lineup (30-01-2023)

DLSS 3 Delivers Ultimate Boost in Latest Game Updates on GeForce NOW
GPUs

DLSS 3 Delivers Ultimate Boost in Latest Game Updates on GeForce NOW

DualSense Edge wireless controller launches globally today
Gaming

DualSense Edge wireless controller launches globally today

Popular Reviews

Withings Thermo Wi-Fi-connected temporal thermometer

Withings Thermo Wi-Fi-connected temporal thermometer

EnGenius ECW230 Access Point

EnGenius ECW230 Access Point

Withings Body Plus Scale

Withings Body Plus Scale

Withings Sleep Analyzer

Withings Sleep Analyzer

Noctua NH-D12L CPU Cooler

Noctua NH-D12L CPU Cooler

EnGenius ECW230S AP

EnGenius ECW230S AP

Scythe Fuma 2 CPU Cooler

Scythe Fuma 2 CPU Cooler

be quiet! Pure Rock 2 FX

be quiet! Pure Rock 2 FX

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed