To deter account hijacking, Yahoo has announced the availability of two-factor authentication for its Mail users. The feature, which can be enabled though the "Yahoo Account Information" page and is currently available for users in the United States, Canada, India, and the Philippines, requires a second form of verification beyond a password for any “suspicious” login attempt, the search giant announced in a blog post last week. Users would have to answer a security question or enter a verification code sent to their mobile phone. Presumably, such a capability would have protected former Alaska Gov. Sarah Palin's account from being compromised in 2008. In February, Google launched similar functionality for Gmail users, and Facebook followed suit in April.
Yahoo deploys two-factor authentication for email
The feature, which is currently available for users in the U.S. Canada, India, and the Philippines, requires a second form of verification beyond a password for any "suspicious" login attempt.
Such an issue, which was identified and reported by Databricks security team member Kostya Kortchinsky, affects all Apache Avro instances up to version 1.11.3, according to Qualys Manager of Threat Research Mayuresh Dani, who also noted potential abuse of the bug through Kafka.
Attackers who successfully activated "CSS Combine" and "Generate UCSS" within Page Optimization settings could leverage the vulnerability not only to exfiltrate sensitive data but also to elevate privileges and facilitate website takeovers for further compromise, according to an analysis from Patchstack.