Experts challenge Yahoo’s assertion that state-sponsored hackers were behind a 2014 breach that resulted in 500 million lost records.

Crypto company Venafi points out potential holes in Yahoo’s processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network.

Yahoo confirmed that in 2014 state-sponsored hackers stole information associated with 500 million accounts from its network.

Yahoo is expected to confirm a data breach that exposed hundreds of millions of credentials dating back to 2012.

Yahoo says it is investigating reports of 200 million user credentials advertised for sale on the Dark Web by a hacker that goes by the handle “peace_of_mind”. The Yahoo credentials, according to the site listing the database for sale, includes usernames, passwords (hashed using the MD5 algorithm), birthdates and backup emails for some accounts. The...

A popular mobile application that provides financial market research material operates without a measure of encryption, putting user information, including credentials and strategic financial interests at risk. The Seeking Alpha mobile app for Android and iOS also leaks everything from HTTP cookies to stock positions the user may be interested in. The app is not...

Mike Mimoso and Chris Brook recap the news of the week, including a Bitcoin phishing campaign, the Kaspersky Lab ransomware report, misconfigured email servers, and a decline in Angler exploit kit traffic. Download: Threatpost_News_Wrap_June_24_2016.mp3 Music by Chris Gonsalves

Most major technology companies offer some take on two-factor authentication as an option for users to secure access to accounts and web-based services. Making users drink from that pond, however, has been a different story. Simplifying the process of using the second form of authentication, most often a verification code sent to a mobile device,...

Citrix Systems is forcing all its GoToMyPC remote desktop access service customers to reset their passwords because of a “very sophisticated attack” that targeted the service over the weekend. John Bennett, product line director for Citrix said the attack was a result of leaked passwords from other accounts used to crack open existing GoToMyPC accounts....

Github is forcing a password reset on some of its users after it detected a number of successful intrusions into its repositories using credentials compromised in other breaches. “This appears to be the result of an attacker using lists of email addresses and passwords from other online services that have been compromised in the past,...