Month: February 2019

According to a recent report, Finnish researcher Jouko Pynnönen discovered a cross-site scripting (XSS) vulnerability affecting Yahoo! Mail. This was the third time for Pynnönen to report an XSS flaw with Yahoo!. He discovered the flaw in December 2018, which he then reported to Yahoo!. In January, Yahoo! fixed the flaw and acknowledged Pynnönen’s efforts with a bug bounty of $10,000.

Read more about it here.

The Internet Corporation for Assigned Names and Numbers (ICANN) declared “an ongoing and significant risk” key parts of the Domain Name System (DNS) infrastructure. “There have been targeted attacks in the past, but nothing like this”. The attacks go back to 2017. “There isn’t a single tool to address this”, as ICANN called for an overall hardening of web defenses. ICANN urged broader implementation of DNSSEC to prevent traffic hijacking and to prevent internet users from being misdirected from intended websites.

Read more about it here.

Google recently began the rollout of the February 2019 Android security update, that addresses 42 issues. One of the vulnerabilities fixed could enable a remote attacker using a specially crafted PNG file to execute arbitrary code. That means, access to the device it is viewed on.

The vulnerability affects Android 7.0 and above versions. While Google has released a fix, the fix is currently available on for Pixel smartphones, the Pixel C tablet, and the Essential Phone.

What can you do in the meantime ? Don’t open an image, especially a PNG file received from an untrusted source. And apply the security update as soon as it becomes available.

Read more about it here.