Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by US intelligence officials.

The company complied with a classified US government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the NSA or FBI, said three former employees and a fourth person apprised of the events. Some surveillance experts said this represents the first case to surface of a US Internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

Has the shock and awe of Yahoo’s 500 million user credential hack died down yet? Everyone breathing a bit easier? Passwords changed, dead accounts deleted?

For those of you chuckling and noting, “I never had a Yahoo Account,” or “Who uses Yahoo, anyway?” you may want to look into some of your accounts because you may have a Yahoo account and not even know it. Wait, what? You’ve probably heard of or use Google Apps for Work, tools including e-mail that some companies use to run their businesses. What you may not know, given Google’s ubiquitous presence, is that Yahoo offers a similar service (called Aabaco Small Business).

Malware authors can be quite creative when it comes to avoiding security researchers, but after almost three decades of malware analysis, there are malware families that manage to surprise infosec professionals once in a while.

Such is the case of a backdoor trojan that Palo Alto Network has detected in two separate cyber-espionage campaigns. While low-quality malware uses IP addresses hardcoded in its source code, top-shelf threats use dynamic domain name generation algorithm in order to hide the real C&C server IP addresses under ever-changing domain names.

At least half a billion Yahoo accounts have been breached by what investigators believe is a nation-sponsored hacking operation.

Attackers probably gained access to a wealth of holders' personal information, including names, e-mail addresses, phone numbers, birth dates, answers to security questions, and cryptographically protected passwords. With at least 500 million accounts included in Yahoo's official statement, the breach is among the biggest ever to hit a single Web property. Yahoo is also in the process of notifying potentially affected account holders of the breach and asking them to promptly change their passwords.

A notorious cybercriminal is advertising 200 million of alleged Yahoo user credentials on the dark web, and the company has said it is “aware” of the hacker’s claims, but has not confirmed nor denied the legitimacy of the data.

The hacker known as Peace, who has previously sold dumps of Myspace and LinkedIn, listed supposed credentials of Yahoo users on The Real Deal marketplace. Peace told that he has been trading the data privately for some time, but only now decided to sell it openly. “We are aware of a claim,” a Yahoo spokesperson told in an email, before the data was made public. The company did not deny that the customer details were Yahoo users.

Technology firm Yahoo has released the contents of three secretive National Security Letters routinely used by the FBI to request personal information and communications data about targets deemed to be a threat to the nation.

The letters outline the vast demands for data by the FBI while legally gagging Yahoo from speaking out. Over the past few years, snippets of details have emerged about the content of these requests however the move by Yahoo to release the letters marks the first case of a company being able to publicly acknowledge receiving an NSL without engaging in a years-long court battle.

Security researchers said they discovered malicious ads planted in Yahoo’s network and alerted Yahoo. The malware was found in Yahoo’s ads network at ads.yahoo.com, which runs ads across Yahoo’s sites like its finance, games and news portals.

Users may have come across the infected ads when visiting Yahoo’s sites. A Yahoo spokeswoman declined to say how many advertisers were affected. The attack used a method known as malvertising, in which attackers dupe online publishers into running malicious ads. They look like any other ads and may not require any interaction from users to infect their machines.

Turns out nobody can remember their Yahoo passwords. Now the company wants to make it so no one has to. Yahoo! launched a new service, which lets someone log into a Yahoo account using a short password the company texts to their phone instead of having to remember their own password. 

This is the first step to eliminating passwords. The process feels like a common process for logging into websites called two-factor authentication, where you first enter your own password, then enter a second password the company sends to your phones. 

A strain of French-language cyber espionage malware spotted by security researchers shows that the National Security Agency isn’t the only spook agency brewing custom bad things to steal sensitive and personal data.

The malware was tied to a spying exercise codenamed Operation Snowglobe, which also spawned a seemingly related remote access trojan codenamed EvilBunny. Implants associated with Snowglobe are more advanced than Babar itself, which Canadian spies discovered in November 2009. Babar’s feature set includes keystroke logging, clipboard logging, screenshot snapping and, more unusually, the possibility to log audio conversations held through Skype messenger.

In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. For years, privacy and security experts worldwide have called on the general public to adopt strong, open-source cryptography to protect our communications.

Many companies offer “secure messaging” products — but are these systems actually secure? The Electronic Frontier Foundation’s secure messaging scorecard made a list of mobile and Internet messaging services that scored well on privacy and security and the services that scored poorly. Let’s focus primarily on the most popular messengers.