ICT Security-Sécurité PC et Internet

In den Stunden vor der Abschaltung von ChatGPT, war es demnach für einige Benutzer möglich, den Vor- und Nachnamen, die E-Mail- und Zahlungsadresse, die letzten vier Ziffern der Kreditkartennummer und das Ablaufdatum der Kreditkarte eines anderen aktiven Benutzers zu sehen. Die vollständigen Kreditkartennummern seien zu keinem Zeitpunkt offengelegt worden.

Erst Facebook dann LinkedIn: Sicherheitsexperten melden, dass Angreifer 500 Millionen Profil-Daten zum Verkauf anbieten.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

Der Cyberangriff auf die europäische Arzneimittelbehörde wurde wohl durch chinesische Spione sowie den russischen Geheimdienst verübt. Dabei wurde auch auf COVID-19-Impfstoff-Daten zugegriffen.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Coronavirus

New York (CNN Business)Clearview AI, a startup that compiles billions of photos for facial recognition technology, said it lost its entire client list to hackers.

The company said it has patched the unspecified flaw that allowed the breach to happen.
In a statement, Clearview AI's attorney Tor Ekeland said that while security is the company's top priority, "unfortunately, data breaches are a part of life. Our servers were never accessed." He added that the company continues to strengthen its security procedures and that the flaw has been patched.
Clearview AI continues "to work to strengthen our security," Ekeland said.

In a notification sent to customers obtained by Daily Beast, Clearview AI said that an intruder "gained unauthorized access" to its customer list, which includes police forces, law enforcement agencies and banks. The company said that the person didn't obtain any search histories conducted by customers, which include some police forces.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Facial+Recognition

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Clearview

Selon les informations d’ Associated Press, l’Organisation des Nations Unies aurait été victime d’un piratage informatique en 2019 qui a été délibérément passé sous silence. Les réseaux de informatiques de l’ONU à Genève et à Vienne ont été infiltrés dans le cadre d'une opération d'espionnage qui aurait été dissimulée par de hauts fonctionnaires. On ne sait pas exactement qui étaient les pirates ni à quelle quantité de données ils ont accédé.

Selon un document confidentiel interne divulgué à The New Humanitarian , des dizaines de serveurs auraient été compromis, notamment ceux du bureau des droits de l'homme des Nations Unies, où des données sensibles sont collectées. « L’ensemble du personnel, y compris moi, n'a pas été informé », a déclaré Ian Richards, président du Conseil du personnel des Nations unies. « Tout ce que nous avons reçu, c'est un courriel (le 26 septembre) nous informant de travaux de maintenance des infrastructures ».

Researchers believe that criminals were able to obtain personal information for millions of Facebook users.

A database exposing the names, phone numbers and Facebook user IDs of millions of platform users was left unsecured on the web for nearly two weeks before it was removed.

Security researcher Bob Diachenko, who along with Comparitech discovered the unsecured Elasticsearch database, believe it belongs to a cybercriminal organization, as opposed to Facebook. Diachenko went to the internet service provider (ISP) managing the IP address of the server so that the access could be removed.

“A database this big is likely to be used for phishing and spam, particularly via SMS,” according to the Thursday report. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Facebook

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=DATA-BREACHES

Facebook is staring down yet another security blunder, this time with an incident involving an exposed server containing hundreds of millions of phone numbers that were previously associated with accounts on its platform.

The situation appears to be pinned to a feature no longer enabled on the platform but allowed users to search for someone based on their phone number. TechCrunch’s Zack Whittaker first reported Wednesday that a server—which did not belong to Facebook but was evidently not password protected and therefore accessible to anyone who could find it—was discovered online by security researcher Sanyam Jain and found to contain records on more than 419 million Facebook users, including 133 records on users based in the U.S.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Facebook

Fingerabdrücke, Gesichtsscans, Passwörter und Sicherheitsfreigaben: Durch ein Leck hatten Hacker aus Israel Zugriff auf die Daten einer internationalen Sicherheitsfirma.
14. August 2019, 11:26 Uhr Quelle: ZEIT ONLINE, dpa, kg

Ein Irisscan auf einer Biometrie-Messe 2004 in London © Ian Waldie/​Getty Images

Sicherheitsforscher aus Israel haben eine riesige Datenbank mit rund einer Million Fingerabdrücken und anderen biometrischen Daten aufgespürt, die quasi ungeschützt und unverschlüsselt im Web abgerufen werden konnten. Die Daten stammen vom System Biostar 2 der koreanischen Sicherheitsfirma Suprema, die nach eigenen Angaben Marktführer in Europa bei biometrischen Zutrittskontrollsystemen ist.

Biostar 2 arbeitet mit Fingerabdrücken oder Gesichtsscans auf einer webbasierten Plattform für intelligente Türschlösser, mit der Unternehmen die Zugangskontrolle für ihre Büros oder Lagerhallen selbst organisieren können. Wie der Guardian berichtet, wird das System auch von der britischen Polizei sowie mehreren Verteidigungsunternehmen und Banken genutzt.
Entdeckt wurde die Sicherheitslücke von den israelischen Hackern Noam Rotem und Ran Lokar, die für den Dienst vpnMentor arbeiten. Die Schwachstelle habe dazu geführt, dass man die vollständige Kontrolle über die Konten im System erhalten konnte, sagte Rotem dem Portal Calcalist. 

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=biometrics

Instagram's website leaked user contact information, including phone numbers and email addresses, over a period of at least four months, a researcher says.

The source code for some Instagram user profiles included the account holder's contact information whenever it loaded in a web browser, says David Stier, a data scientist and business consultant, who notified Instagram shortly after he discovered the problem earlier this year. The contact information wasn't displayed on the account holder's profiles on the desktop version of the Instagram website, although it was used by the photo sharing site's app for communication. It isn't clear why the information was included in the website's source code.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Instagram

Erneut ist eine riesige Menge gehackter Nutzeraccounts ins Netz gelangt: Nach der Passwort-Sammlung "Collection #1" kursieren nun auch die Collections #2 bis #5.

Diese sind deutlich umfangreicher als Teil 1, einer ersten Einschätzung von heise Security zufolge sind sie insgesamt über 600 GByte groß. Nach Angaben des Hasso-Plattner-Institus kursieren durch die Collections #1 bis #5 nun rund 2,2 Milliarden Mail-Adressen und die dazugehörigen Passwörter.

Treffer, versenkt: Über den HPI Identity Leak Checker findet man heraus, ob sich die eigenen Mail-Adresse in den Collections #1-5 und weiteren Leaks befindet.
Die Daten sind offenbar nicht komplett neu, sondern stammen zu einem einem Großteil aus älteren Leaks. Dennoch dürfte durch die Zusammenstellung und erneute Veröffentlichung die Wahrscheinlichkeit steigern, dass die Zugansdaten von Cyber-Ganoven ausprobiert werden. Zunächst wurden die gigantischen Datenpakete in einem einschlägigen Online-Forum gehandelt, inzwischen sind sie auch über den Hoster Mega öffentlich zugänglich.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

So praktisch SaaS ist. Das Konzept birgt auch große Risiken, wenn wie jetzt etwa Typeform ein SaaS-Provider das Opfer eines Datendiebstahls wird. Dann sind meist auch die Kunden des Anbieters betroffen.

Viele Unternehmen binden heutzutage immer wieder diverse Online-Umfragen in ihre Web-Seiten ein. Dabei greifen sie gerne auf vorgenerierte Formulare von externen Anbietern zu. Eines dieser Unternehmen, der spanische Software-as-a-Service-Spezialist (SaaS) Typeform, musste nun einen Datendiebstahl eingestehen, bei dem auch zahlreiche Datensätze von Kunden des Unternehmens geklaut worden sein sollen.

Der oder die Angreifer konnten sich laut Typeform Zugriff auf ein Backup von Anfang Mai dieses Jahres verschaffen. Darin enthalten waren API-Keys, Token zum Zugriff auf die von Typeform angebotenen Dienste und Zugangsdaten zu OAuth-Applikationen, aber auch Daten von Kunden, die Online-Formulare ausgefüllt hatten. Um welche Informationen es sich dabei genau handelte, teilte Typeform nicht mit. Laut Medienberichten meldeten sich aber bereits mehrere betroffene Unternehmen wie Fortnum & Mason.

Wie das Londoner Kaufhaus mitteilte, wurden ihm etwa 23.000 Datensätze gestohlen. Sie enthielten E-Mail-Adressen, Antworten auf Fragen und teilweise auch Postadressen sowie andere private Informationen der Nutzer.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

A little-known, Florida-based marketing firm called Exactis may be responsible for a significant amount of personal data being exposed. According to a report from Wired, the firm left 340 million individual records on a publicly accessible server that any person could have gotten ahold of.

The leak was discovered earlier this month by security researcher Vinny Troia, founder of the New York-based security firm Night Lion Security. He reported his find to the FBI and Exactis earlier this week, and while the company has since protected the data, it’s unclear just how long it sat exposed.

So just how bad is the leak? It’s pretty bad! The data stored on the server amounts to about two terabytes worth of personal information.

Troia told Wired the database from Exactis appears to have data from “pretty much every US citizen” in it, with approximately 230 million records on American adults and 110 million records on US business contacts. That falls in line with Exactis’ own claim on its website that it has data on 218 million individuals. If the leak is truly as big as estimated, it would make for one of the largest exposures of personal information in recent memory.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers – most of whom were mobile subscribers.

Data exposed during the breach included:

Customers’ first and last names
Customers’ home addresses
Customers’ dates of birth
Customers’ telephone numbers

Interestingly, in a press release, Swisscom pointed a finger of blame at an unnamed third-party sales partner who had been granted “limited access” to the data in order that they could identify and advise customers approaching contract renewal.

That sales partner, Swisscom says, suffered its own security breach – somehow allowing its access keys to Swisscom to fall into criminal hands.

A routine check of Swisscom’s operational activities uncovered the unauthorised data access, and the offending partner’s access rights revoked.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

Clubhouse CEO Paul Davison said Sunday that a report claiming personal user data had been leaked was “false.” Cyber News reported a SQL database with users’ IDs, names, usernames, Twitter and Instagram handles and follower counts were posted to an online hacker forum. According to Cyber News, it did not appear that sensitive user information such as credit card numbers were among the leaked info.

Clubhouse did not immediately reply to a request for more information from The Verge on Sunday. But Davison said in response to a question during a town hall that the platform had not suffered a data breach. “No, This is misleading and false, it is a clickbait article, we were not hacked. The data referred to was all public profile information from our app. So the answer to that is a definitive ‘no.’”

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Clubhouse

https://www.scoop.it/topic/social-media-and-its-influence

https://www.scoop.it/topic/securite-pc-et-internet

Telefonnummern und persönlichen Daten von Hunderten Millionen Facebook-Nutzern sind am Samstag in einem Forum für Hacker veröffentlicht worden. Das berichten mehrere Medien. Obwohl die Daten schon einige Jahre alt sein sollen, stellen sie für diejenigen, deren Angaben publik wurden, ein Risiko dar.

Die Veröffentlichungen sollen persönliche Informationen von über 533 Millionen Facebook-Nutzern aus 106 Ländern umfassen, darunter über 32 Millionen Datensätze zu Nutzern in den USA, 11 Millionen zu Nutzern in Großbritannien und 6 Millionen zu Nutzern in Indien. Die Datensätze enthalten Telefonnummern, Facebook-IDs, vollständige Namen, Standorte, Geburtsdaten und in einigen Fällen auch E-Mail-Adressen.

Die nun aufgetauchten Daten sollen von dem Cybercrime-Unternehmen Hudson Rock entdeckt worden sein. Sie könnten Kriminellen wertvolle Informationen liefern. So ist denkbar, dass Unbefugte die persönlichen Daten von Menschen verwenden, um sich als diese auszugeben.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

Dr. Reddy’s, the contractor for Russia’s “Sputinik V” COVID-19 vaccine and a major generics producer, has had to close plants and isolate its data centers.

COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports.

The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, which is about to enter Phase 2 human trials. The Drug Control General of India (DCGI) gave the company the go-ahead on Oct. 19.

In the U.S., it’s a major producer of generics, including therapeutics for gastrointestinal, cardiovascular, pain management, oncology, anti-infectives, pediatrics and dermatology.

In addition to shutting down plants, the drug-maker has isolated all data center services in order to apply remediations, The Economic Times reported. Citing sources, ET said that the company was victimized by a data breach.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Coronavirus

The US agency in charge of secure communication for the White House has been the victim of a cyber-attack.

The US Department of Defence confirmed that computer systems controlled by the Defence Information Systems Agency (DISA) had been hacked, exposing the personal data of about 200,000 people.

The agency oversees military communications including calls for US President Donald Trump.

The data exposed included names and social security numbers.

The agency is responsible for the military cyber-security and it sets up communications networks in combat zones.

On its website, DISA says its vision is "to be the trusted provider to connect and protect the war fighter in cyber-space."

There are 8,000 military and civilian employees at the DISA, but through its operations, it handles data for many other individuals.

This is why the personal information for so many people was exposed.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

Forscher fanden insgesamt über eine Milliarde personenbezogene Patientendaten auf unsicher konfigurierten Servern im Internet. Das sei jedoch noch nicht die endgültige Zahl. Bereits im November 2019 sorgten Berichte über das Datenleck, das weltweit mehrere Millionen Patientendaten betraf, für Aufsehen.

Die nun veröffentlichten Informationen zeigen, dass sich bislang offenbar wenig an der Situation geändert hat. In Zusammenarbeit mit Techcrunch berichtet The Mighty von der Gefahr, die von den offen zugänglichen medizinischen Daten ausgehe und wofür Datendiebe diese nutzen können. Neben Gesundheitsschäden, etwa wenn Informationen über Allergien aus den Patientenakten verschwinden, zählen demnach zu den möglichen Folgen auch Schwierigkeiten beim Abschluss einer Lebensversicherung.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

It has been coming for some time, but now the major breach of a biometric database has actually been reported—facial recognition records, fingerprints, log data and personal information has all been found on "a publicly accessible database." The damage is not yet clear, but the report claims that actual fingerprints and facial recognition records for millions of people have been exposed.

The issue with biometric data being stored in this way is that, unlike usernames and passwords, it cannot be changed. Once it’s compromised, it’s compromised. And for that reason this breach report will sound all kinds of alarms.

The report published by security researches Noam Rotem and Ran Locar at Vpnmentor relates to Suprema, a company describing itself as a "global Powerhouse in biometrics, security and identity solutions," with a product range that "includes biometric access control systems, time and attendance solutions, fingerprint live scanners, mobile authentication solutions and embedded fingerprint modules."

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=biometrics

Capital One has disclosed that it has suffered a data breach impacting 100 million people in the United States, and 6 million in Canada.

The company said in a statement that data between 2005 and 2019 was accessed and related to information on consumers at the time when they applied for a credit card.

"This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income," the company said.

"Beyond the credit card application data, the individual also obtained portions of credit card customer data, including: Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information; Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018."

Approximately 1 million Canadian social insurance numbers, as well as 140,000 American social security numbers and 80,000 bank account numbers were also accessed.

"No bank account numbers or Social Security numbers were compromised," the bank said before listing the above numbers.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

Data visualization of the world biggest data breaches, leaks and hacks. Constantly updated. Powered by VizSweet.

According to the notice posted by T-Mobile on its website, the suspicious activity took place this Monday. Hackers managed to breach a database by exploiting a vulnerable API -- or application programming interface, which is a set of software building blocks that make it easier for developers to access data or technologies when creating an app.

T-Mobile cyber security staff detected the attack a short time after it began. In a statement to Motherboard, a T-Mobile spokesperson said that "less than 3%" of the company's roughly 76 million subscribers was accessed. Limiting the damage to such a small percentage is certainly a positive... but it still means that roughly 2 million T-Mobile customers were impacted.


The company's announcement states that customers' names, billing zip codes, phone numbers, email addresses and account numbers may have been exposed. The particular API that the hackers exploited was not, however, wired in to any payment card data. Social security numbers and passwords were also not accessible via the API.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

Sportswear maker Adidas announced a data breach yesterday evening, which the company says it impacted shoppers who used its US website.

The company says it became aware of the breach on Tuesday, June 26, when it learned that an unauthorized party was claiming to have acquired the details of Adidas customers.

"According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords," an Adidas spokesperson said.

"Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted," he added.

The company said it's still investigating the breach with law enforcement and security firms.

A few millions impacted

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

A previously undisclosed flaw in Nike's website allowed anyone with a few lines of code to read server data like passwords, which could have provided greater access to the company's private systems.

An 18-year-old researcher Corben Leo discovered the flaw late last year and contacted Nike through the company's dedicated email address for reporting security flaws, which it advertises on its bug bounty page.

After hearing nothing back for more than three months, Leo contacted ZDNet, which also alerted the company to the vulnerability.

The bug exploited an out-of-band XML external entities (OOB-XXE) flaw that abused how Nike's website parses XML-based files, allowing the researcher to read files directly on the server. OOB-XXE flaws are widely seen as esoteric and difficult to carry out, but can be used to gain deep access to a server's internals.

Gaining access to a server's files can disclose other avenues for exploitation, such as remote code execution or pivoting to other connected servers or databases.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/