Yahoo is warning users over state-sponsored cookie-forging attacks

us charges russian yahoo hackers 1
New Yorker
Yahoo’s security woes continue with the company sending out a fresh warning to users over hacked accounts at the hands of allegedly state-sponsored actors.

In an email to users, Yahoo said it has identified evidence of cookie-forging attacks on some accounts, which would allow attackers to access an account without re-entering a password. The email was only sent to accounts that Yahoo believes have been affected by these intrusion attempts so we don’t know how many people have been impacted.

“Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password,” the email reads. “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”

It is believed that hackers obtained Yahoo’s source code for creating cookies. The company’s forensics team has invalidated any corrupted cookies it found.

It’s not clear what evidence Yahoo has to suggest these cookie forging attempts were state-sponsored. However, Yahoo has been the victim of at least two major hacks that were disclosed in the last few months for which it pointed the finger at possible hackers acting on behalf of a government.

The numerous data breaches at the web firm included 500 million accounts compromised in 2014 and up to 1 billion accounts compromised in 2013. But it wasn’t until last year that these mega breaches — as they’ve been dubbed — came to light. Yahoo is now currently under investigation by the Securities and Exchange Commission over why it waited years before disclosing the details of the hacks.

The security blunders could be costly for Yahoo as Verizon, its purchaser, has since sought a price tag reduction between $250 million and $350 million (off the original $4.83 billion offer), as it was unaware of these breaches when the offer was made.

Computing

Just when you thought spam was dead, it’s back and worse than ever

Spam emails might seem like an outdated way to spread malware, but in 2018 they are proving to be the most effective attack vector thanks to new techniques and tricks.
Social Media

Instagram hackers are changing account info into Russian email addresses

Have you logged in to your Instagram lately? A hack circulating this month has Instagram users locked out of their accounts because a hacker changed all the profile data, according to a report.
Computing

Researchers hack John McAfee’s ‘unhackable’ Bitfi cryptocurrency wallet

Researchers have successfully hacked John McAfee's Bitfi cryptocurrency wallet. Researchers show that the device can be hacked, as they have gained access to the device's private keys and passphrase despite McAfee's security promotion.
Smart Home

White-hat Chinese hackers turn Alexa into a spy, briefly

A team of Chinese researchers revealed this week that they were able to use a cracked Amazon Echo to exploit a series of Alexa interface flaws to take control over an unteuched Echo running on the same network.
Social Media

How to use Adobe Spark Post to spice up your social media images

Images are proven to get more likes than plain text -- but only if those images are good. Adobe Spark post is an AI-powered design program for non-designers. Here's how to use it to take your social media feeds to the next level.
Mobile

Google One subscriptions offer more cloud storage for low prices, other perks

Can't get enough storage on Google Drive, Photos, or Gmail? Google One is the new way to boost your cloud storage. But it's not just about more space -- Google One comes with a loads of benefits.
Photography

A turn for the better: Loupedeck+ adds custom dials, more to Lightroom console

The Loupedeck+ improves on the original Lightroom console by adding welcome customization options and introducing support for Skylum Aurora HDR. What's even better is that it does this all at an even lower price.
Computing

Intel serves up ‘Bean Canyon’ NUCs revved with ‘Coffee Lake’ CPUs

Looking for a super-compact PC for streaming media that doesn’t break the bank? Intel updated its NUC family with its new “Bean Canyon” kits. Currently, there are five with a starting price of $300 packing eighth-generation Intel Core…
Deals

Save hundreds with the best MacBook deals for August 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Computing

Lost without 'Print Screen'? Here's how to take a screenshot on a Chromebook

Chrome OS has a number of built-in screenshot options, and can also be used with Chrome screenshot extensions for added flexibility. You have a lot of options, but learning how to take a screenshot on a Chromebook is easy.
Computing

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.
Computing

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement, or an unwanted trip to your local repair shop.
Computing

Asus claims ‘world’s thinnest’ title with its new Zephyrus S gaming laptop

The Republic of Gamers arm at Asus is claiming “world’s thinnest” with the introduction of its new Zephyrus S gaming laptop measuring just 0.58 inches at its thinnest point. The company also revealed the Strix SCAR II.
Computing

Intel teases new dedicated graphics card slated for 2020 release

Intel has confirmed plans to launch a dedicated graphics card in 2020. Although precious few details exist for the card at this time, it was silhouetted in a recent Intel video showcased at Siggraph 2018.