8th February, 2018

Big corporate hacks

Mailsploit – 30 email client applications affected

If you use Apple Mail(macOS, iOS, watchOS), Mozilla Thunderbird, several Microsoft email clients, Yahoo mail, ProtonMail, etc you may be affected by a collection of vulnerabilities that allows anyone to send spoofed emails bypassing anti-spoofing mechanisms.

What does it mean: if you receive an email that says “MailSploit” and it appears to be from a friend, please beware and seek help.

Besides spoofing, the researcher found some of the email clients, including Hushmail, Open Mailbox, Spark, and Airmail, are also vulnerable to cross-site scripting (XSS) vulnerabilities, which stems from the email spoofing issue.


Paypal subsidiary hacked

TIO Network is a cloud-based multi-channel bill payment processor and receivables management provider that serves the largest telecom, wireless, cable and utility bill issuers in North America. It was acquired by PayPal for US $23 million in July 2017.

Paypal discovered during an ongoing investigation for security vulnerabilities that TIO had been hacked. Paypal did not disclose much about it.


Author: Murray Bruce