Application security, Network Security, Security Strategy, Plan, Budget

Yahoo deploys two-factor authentication for email

December 20, 2011

To deter account hijacking, Yahoo has announced the availability of two-factor authentication for its Mail users. The feature, which can be enabled though the "Yahoo Account Information" page and is currently available for users in the United States, Canada, India, and the Philippines, requires a second form of verification beyond a password for any “suspicious” login attempt, the search giant announced in a blog post last week. Users would have to answer a security question or enter a verification code sent to their mobile phone. Presumably, such a capability would have protected former Alaska Gov. Sarah Palin's account from being compromised in 2008. In February, Google launched similar functionality for Gmail users, and Facebook followed suit in April.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Learn More

Angela Moscaritolo

Cryptocurrency on Binance trading app, Bitcoin BTC with altcoin digital coin crypto currency, BNB, Ethereum, Dogecoin, Cardano, defi p2p decentralized fintech market

Supply chain

Telegram leveraged by updated PyPI package for crypto exfiltration

SC StaffNovember 26, 2024

Initial compromise of the package was evident with "sync.py" script modifications in aiocpa version 0.1.13 that facilitated the execution of a blob code subjected to multiple encoding and compression that ultimately allowed Telegram bot-based exfiltration of Crypto Pay API tokens.

Today’s columnist, Sebastian Gierlinger of Storyblok, offers nine tips for integrating a content management system with an ecommerce platform. (Credit: Getty Images Stock Photo)

Vulnerability Management

Millions of WordPress sites potentially hijackable due to critical plugin bug

SC StaffNovember 18, 2024

Malicious actors could leverage the vulnerability, which stems from improper user check error management in the two-factor REST API action, to facilitate high-privileged account breaches that could then be used for additional attacks, according to Defiant, a WordPress security provider.

Vulnerability Management

WhatsApp zero-day exploited by NSO Group post lawsuit

SC StaffNovember 18, 2024

While WhatsApp proceeded to disable the "Eden" exploit leveraged by NSO Group, the Israeli firm proceeded to create the "Erised" vector to target the app's users until May 2020, noted a court filing from Meta, which also noted that NSO Group, and not its customers, was primarily behind the spyware attacks.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Yahoo deploys two-factor authentication for email

An In-Depth Guide to Application Security

Related

Telegram leveraged by updated PyPI package for crypto exfiltration

Millions of WordPress sites potentially hijackable due to critical plugin bug

WhatsApp zero-day exploited by NSO Group post lawsuit

Related Events

Rooting Out Overlooked Risks in the Data and AI Supply Chain: Introducing a New Approach

A More Ironclad AppSec: Forecast and Guidance Late 2024 and Early 2025

Apiiro’s Integrated Application Security Posture Management (ASPM) + Software Supply Chain Security (SSCS) Solution

Get daily email updates