A hacker has begun selling what they claim is a zero-day exploit that will let criminals hijack control of Yahoo Mail users' accounts.
The hacker, who goes by the moniker TheHell, posted a video marketing a $700 exploit kit on the secretive Darkode cybercrime market on Monday. The video was later spotted and re-posted onto YouTube by security blogger Brian Krebs.
"I'm selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers. And you don't need to bypass IE or Chrome xss filter as it do that itself because it's stored xss," TheHell proclaimed in his marketing video.
"Prices around for such exploit is $1,100 - $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don't want it to be patched soon"
The exploit infects users machines via a malicious email link and reportedly targets a cross-site scripting (XSS) weakness in Yahoo.com .
TheHell claimed that when clicked the malicious link exploits a cross-site scripting bug that lets criminals steal Yahoo Mail cookies. The cookies can then reportedly be used to log into and steal control of any compromised Yahoo mail account.
Krebs has reportedly informed Yahoo of the vulnerability, though at the time of publishing the company had not responded to V3's request for comment.
The new processors support Intel's Optane memory acceleration technology
Blockchain's killer app is bitcoin, the rest is mostly 'pure marketing', says MaidSafe's David Irvine
Blockchains are not suited to many of the data security purposes being put forward for them
Applications from some member states were down more than 40 per cent
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.