In hopes of eliminating the password, at least on the company’s mobile apps, Yahoo on Friday deployed a stable version of its Account Key mechanism. The feature, essentially two-step authentication—without the first step—allows Yahoo users to log into the company’s Finance, Fantasy, Mail, Messenger, or Sports apps on iOS and Android devices. When users attempt to...

Home Depot agreed to pay $19.5 million to compensate the 40 million cardholders it said were impacted by a massive 2014 data breach. As part of a proposed settlement by Home Depot, it admits no wrongdoing or liability in the breach, according to court filings with the US District Court for the Northern District of...

In the end, it was a nail-biter pitting Tencent Security Team Sniper (KeenLab and PC Manager) against JungHoon Lee (lokihardt) for the title of Master of Pwn for Pwn2Own 2016. After a tense last two minutes of the competition, it was Tencent Security Team Sniper and its successful code execution of a vulnerability in Microsoft’s...

Millions of Android users are at risk of a new Metaphor exploit that can take over Samsung, LG and HTC phones in under 20 seconds. The hack gives attackers access to the targeted phones including the ability to inject malware and take control over key smartphone functions. Discovered by Israeli-based security firm NorthBit, the vulnerability...

Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures (CVE) in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of reported vulnerabilities to the organization. The...

Thousands of serial servers connected to the internet aren’t password protected and lack encryption, leaving data that transfers between them and devices they’re connected to open to snooping, experts warn. To make matters worse, the servers, manufactured by Taiwan-based networking device company Moxa, have had shoddy security for a while, according to researchers at Rapid7. Joakim...

Apple Safari and Adobe Flash have proved to be Pwn2Own 2016’s biggest punching bags so far—hackers took down both, earning $282,500 in prizes at the first day of the annual hacking challenge in Vancouver on Wednesday. There were four successful attempts, one partial, and one failed attempt at the competition, which is held in tandem with the...

Apple iOS devices are in the crosshairs of another malware attack that has already infected an estimated six million non-jailbroken iOS devices in China, according to researchers. Palo Alto Networks found the new malware called AceDeceiver that infects iOS devices via Windows PCs and which leverages design flaws in Apple’s DRM software. So far, AceDeceiver has only impacted iOS...

Apple has matched the Department of Justice’s recent vitriol, by this week calling the FBI’s request for code to help it unlock Syed Farook’s iPhone unconstitutional. Furthermore, Apple in a court filing this week again challenged the validity of the government’s use of the All Writs Act of 1789 as justification in compelling Apple to...

American Express has begun notifying cardholders that their data may have been compromised in a third-party breach. A notification letter filed on March 10 with California’s attorney general indicates that AmEx account numbers, user names and other information including expiration dates may have been accessed. “We became aware that a third party service provider engaged...