Welcome to Smokey's Security Forums.
As a guest you only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Fileless attacks surge in 2017, security solutions are not stopping them

Fileless attacks are on the rise and are predicted to comprise 35 percent of all attacks next year, according to the Ponemon Institute.

Fileless attacks surge in 2017, security solutions are not stopping them

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: Yahoo Retires ImageMagick After Exploit Leaks Email Content  (Read 31 times)

0 Members and 1 Guest are viewing this topic.

GilbertTopic starter

  • Updates Moderator
  • *
  • Offline Offline
  • location: Arctic
  • Posts: 31619
Yahoo Retires ImageMagick After Exploit Leaks Email Content
22 May 2017, 11:53 pm

Yahoo is once more at the center of a security scandal after a ImageMagick library exploit was found leaking user email content. 

The discovery was made by security researcher Chris Evans, who demonstrated the exploit, showing just how easy it was to break Yahoo's system to trigger email information leaks. Yahoo has since retired the use of the ImageMagick library. 

Evans discovered two ways to get the result he wanted. Yahoobleed1, the first version, involved exploiting the vulnerability in ImageMagick by emailing a maliciously manipulated image file to a Yahoo Mail address. Once the 18-byte file was opened, Yahoo server memory chunks were leaking to the end user. The second version, Yahoobleed2, worked by exploiting the vulnerability. 

The problem here is that ImageMagick, an image-processing library that's supported by doze... (read more)

Source: Softpedia News / Security

>> To obtain the full Softpedia Security News article, click the link in the first post line <<
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included ¬© 2006 - 2017 Smokey Services‚ĄĘ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle