 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
In den Stunden vor der Abschaltung von ChatGPT, war es demnach für einige Benutzer möglich, den Vor- und Nachnamen, die E-Mail- und Zahlungsadresse, die letzten vier Ziffern der Kreditkartennummer und das Ablaufdatum der Kreditkarte eines anderen aktiven Benutzers zu sehen. Die vollständigen Kreditkartennummern seien zu keinem Zeitpunkt offengelegt worden.
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
New York (CNN Business)Clearview AI, a startup that compiles billions of photos for facial recognition technology, said it lost its entire client list to hackers.
The company said it has patched the unspecified flaw that allowed the breach to happen.
In a statement, Clearview AI's attorney Tor Ekeland said that while security is the company's top priority, "unfortunately, data breaches are a part of life. Our servers were never accessed." He added that the company continues to strengthen its security procedures and that the flaw has been patched.
Clearview AI continues "to work to strengthen our security," Ekeland said.
In a notification sent to customers obtained by Daily Beast, Clearview AI said that an intruder "gained unauthorized access" to its customer list, which includes police forces, law enforcement agencies and banks. The company said that the person didn't obtain any search histories conducted by customers, which include some police forces.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Facial+Recognition https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Clearview
|
|
Scooped by
Gust MEES
|
Selon les informations d’ Associated Press, l’Organisation des Nations Unies aurait été victime d’un piratage informatique en 2019 qui a été délibérément passé sous silence. Les réseaux de informatiques de l’ONU à Genève et à Vienne ont été infiltrés dans le cadre d'une opération d'espionnage qui aurait été dissimulée par de hauts fonctionnaires. On ne sait pas exactement qui étaient les pirates ni à quelle quantité de données ils ont accédé.
Selon un document confidentiel interne divulgué à The New Humanitarian , des dizaines de serveurs auraient été compromis, notamment ceux du bureau des droits de l'homme des Nations Unies, où des données sensibles sont collectées. « L’ensemble du personnel, y compris moi, n'a pas été informé », a déclaré Ian Richards, président du Conseil du personnel des Nations unies. « Tout ce que nous avons reçu, c'est un courriel (le 26 septembre) nous informant de travaux de maintenance des infrastructures ».
|
|
Scooped by
Gust MEES
|
Capital One has disclosed that it has suffered a data breach impacting 100 million people in the United States, and 6 million in Canada.
The company said in a statement that data between 2005 and 2019 was accessed and related to information on consumers at the time when they applied for a credit card.
"This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income," the company said.
"Beyond the credit card application data, the individual also obtained portions of credit card customer data, including: Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information; Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018."
Approximately 1 million Canadian social insurance numbers, as well as 140,000 American social security numbers and 80,000 bank account numbers were also accessed.
"No bank account numbers or Social Security numbers were compromised," the bank said before listing the above numbers. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
Data visualization of the world biggest data breaches, leaks and hacks. Constantly updated. Powered by VizSweet.
|
|
Scooped by
Gust MEES
|
According to the notice posted by T-Mobile on its website, the suspicious activity took place this Monday. Hackers managed to breach a database by exploiting a vulnerable API -- or application programming interface, which is a set of software building blocks that make it easier for developers to access data or technologies when creating an app.
T-Mobile cyber security staff detected the attack a short time after it began. In a statement to Motherboard, a T-Mobile spokesperson said that "less than 3%" of the company's roughly 76 million subscribers was accessed. Limiting the damage to such a small percentage is certainly a positive... but it still means that roughly 2 million T-Mobile customers were impacted.
The company's announcement states that customers' names, billing zip codes, phone numbers, email addresses and account numbers may have been exposed. The particular API that the hackers exploited was not, however, wired in to any payment card data. Social security numbers and passwords were also not accessible via the API. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
Sportswear maker Adidas announced a data breach yesterday evening, which the company says it impacted shoppers who used its US website.
The company says it became aware of the breach on Tuesday, June 26, when it learned that an unauthorized party was claiming to have acquired the details of Adidas customers.
"According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords," an Adidas spokesperson said.
"Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted," he added.
The company said it's still investigating the breach with law enforcement and security firms.
A few millions impacted Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables
|
|
Scooped by
Gust MEES
|
A previously undisclosed flaw in Nike's website allowed anyone with a few lines of code to read server data like passwords, which could have provided greater access to the company's private systems.
An 18-year-old researcher Corben Leo discovered the flaw late last year and contacted Nike through the company's dedicated email address for reporting security flaws, which it advertises on its bug bounty page.
After hearing nothing back for more than three months, Leo contacted ZDNet, which also alerted the company to the vulnerability.
The bug exploited an out-of-band XML external entities (OOB-XXE) flaw that abused how Nike's website parses XML-based files, allowing the researcher to read files directly on the server. OOB-XXE flaws are widely seen as esoteric and difficult to carry out, but can be used to gain deep access to a server's internals. Gaining access to a server's files can disclose other avenues for exploitation, such as remote code execution or pivoting to other connected servers or databases. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/
|
|
Scooped by
Gust MEES
|
Have you watched a YouTube video lately in a country where English is widely used?
If so, we’re willing to bet that you’ve seen an advert for Grammarly, an online spelling and grammar checker.
In fact, we’ll suggest you’ve seen the Grammarly ad many times, perhaps even very many times – we certainly have.
The ads seem to be working, with the product currently closing in on 1,000,000 installs in Firefox, and already claiming more than 10,000,000 in Chrome.
As the product pitch in the Firefox add-on store explains:
Once you register your new account, you will start to receive weekly emails with personalized insights and performance stats (one of our most popular new features). Working on a large project, an essay, or a blog post? No sweat. You can create and store all of your documents in your new online editor.
In other words, your Grammarly account ends up knowing a lot about you, and holding copies of a lot of what you’ve written.
A security hole in Grammarly could therefore tell crooks much more about you than you’d like them to know. Learn more / En savoir plus / Mehr erfahren. https://www.scoop.it/t/securite-pc-et-internet/?&tag=Grammarly
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
An Amazon Web Services (AWS) S3 cloud storage bucket containing information from data analytics firm Alteryx has been found publicly exposed, comprising the personal information of 123 million US households.
The S3 bucked, located at the subdomain "alteryxdownload", was found by Californian cybersecurity firm UpGuard, with its Cyber Risk Team discovering the leak on October 6, 2017.
According to UpGuard, exposed within the repository were datasets belonging to Alteryx partners, consumer credit reporting agency Experian, and the US Census Bureau.
Full datasets for both Experian's ConsumerView marketing database and the 2010 US Census were available. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Alteryx https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
|
Scooped by
Gust MEES
|
Clubhouse CEO Paul Davison said Sunday that a report claiming personal user data had been leaked was “false.” Cyber News reported a SQL database with users’ IDs, names, usernames, Twitter and Instagram handles and follower counts were posted to an online hacker forum. According to Cyber News, it did not appear that sensitive user information such as credit card numbers were among the leaked info.
Clubhouse did not immediately reply to a request for more information from The Verge on Sunday. But Davison said in response to a question during a town hall that the platform had not suffered a data breach. “No, This is misleading and false, it is a clickbait article, we were not hacked. The data referred to was all public profile information from our app. So the answer to that is a definitive ‘no.’” Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Clubhouse https://www.scoop.it/topic/social-media-and-its-influence https://www.scoop.it/topic/securite-pc-et-internet
|
|
Scooped by
Gust MEES
|
Telefonnummern und persönlichen Daten von Hunderten Millionen Facebook-Nutzern sind am Samstag in einem Forum für Hacker veröffentlicht worden. Das berichten mehrere Medien. Obwohl die Daten schon einige Jahre alt sein sollen, stellen sie für diejenigen, deren Angaben publik wurden, ein Risiko dar.
Die Veröffentlichungen sollen persönliche Informationen von über 533 Millionen Facebook-Nutzern aus 106 Ländern umfassen, darunter über 32 Millionen Datensätze zu Nutzern in den USA, 11 Millionen zu Nutzern in Großbritannien und 6 Millionen zu Nutzern in Indien. Die Datensätze enthalten Telefonnummern, Facebook-IDs, vollständige Namen, Standorte, Geburtsdaten und in einigen Fällen auch E-Mail-Adressen.
Die nun aufgetauchten Daten sollen von dem Cybercrime-Unternehmen Hudson Rock entdeckt worden sein. Sie könnten Kriminellen wertvolle Informationen liefern. So ist denkbar, dass Unbefugte die persönlichen Daten von Menschen verwenden, um sich als diese auszugeben. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
Dr. Reddy’s, the contractor for Russia’s “Sputinik V” COVID-19 vaccine and a major generics producer, has had to close plants and isolate its data centers.
COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports.
The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, which is about to enter Phase 2 human trials. The Drug Control General of India (DCGI) gave the company the go-ahead on Oct. 19.
In the U.S., it’s a major producer of generics, including therapeutics for gastrointestinal, cardiovascular, pain management, oncology, anti-infectives, pediatrics and dermatology.
In addition to shutting down plants, the drug-maker has isolated all data center services in order to apply remediations, The Economic Times reported. Citing sources, ET said that the company was victimized by a data breach. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Coronavirus
|
|
Scooped by
Gust MEES
|
The US agency in charge of secure communication for the White House has been the victim of a cyber-attack.
The US Department of Defence confirmed that computer systems controlled by the Defence Information Systems Agency (DISA) had been hacked, exposing the personal data of about 200,000 people.
The agency oversees military communications including calls for US President Donald Trump.
The data exposed included names and social security numbers.
The agency is responsible for the military cyber-security and it sets up communications networks in combat zones.
On its website, DISA says its vision is "to be the trusted provider to connect and protect the war fighter in cyber-space."
There are 8,000 military and civilian employees at the DISA, but through its operations, it handles data for many other individuals.
This is why the personal information for so many people was exposed. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
Forscher fanden insgesamt über eine Milliarde personenbezogene Patientendaten auf unsicher konfigurierten Servern im Internet. Das sei jedoch noch nicht die endgültige Zahl. Bereits im November 2019 sorgten Berichte über das Datenleck, das weltweit mehrere Millionen Patientendaten betraf, für Aufsehen.
Die nun veröffentlichten Informationen zeigen, dass sich bislang offenbar wenig an der Situation geändert hat. In Zusammenarbeit mit Techcrunch berichtet The Mighty von der Gefahr, die von den offen zugänglichen medizinischen Daten ausgehe und wofür Datendiebe diese nutzen können. Neben Gesundheitsschäden, etwa wenn Informationen über Allergien aus den Patientenakten verschwinden, zählen demnach zu den möglichen Folgen auch Schwierigkeiten beim Abschluss einer Lebensversicherung. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
Instagram's website leaked user contact information, including phone numbers and email addresses, over a period of at least four months, a researcher says.
The source code for some Instagram user profiles included the account holder's contact information whenever it loaded in a web browser, says David Stier, a data scientist and business consultant, who notified Instagram shortly after he discovered the problem earlier this year. The contact information wasn't displayed on the account holder's profiles on the desktop version of the Instagram website, although it was used by the photo sharing site's app for communication. It isn't clear why the information was included in the website's source code. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=Instagram
|
|
Scooped by
Gust MEES
|
Erneut ist eine riesige Menge gehackter Nutzeraccounts ins Netz gelangt: Nach der Passwort-Sammlung "Collection #1" kursieren nun auch die Collections #2 bis #5.
Diese sind deutlich umfangreicher als Teil 1, einer ersten Einschätzung von heise Security zufolge sind sie insgesamt über 600 GByte groß. Nach Angaben des Hasso-Plattner-Institus kursieren durch die Collections #1 bis #5 nun rund 2,2 Milliarden Mail-Adressen und die dazugehörigen Passwörter.
Treffer, versenkt: Über den HPI Identity Leak Checker findet man heraus, ob sich die eigenen Mail-Adresse in den Collections #1-5 und weiteren Leaks befindet.
Die Daten sind offenbar nicht komplett neu, sondern stammen zu einem einem Großteil aus älteren Leaks. Dennoch dürfte durch die Zusammenstellung und erneute Veröffentlichung die Wahrscheinlichkeit steigern, dass die Zugansdaten von Cyber-Ganoven ausprobiert werden. Zunächst wurden die gigantischen Datenpakete in einem einschlägigen Online-Forum gehandelt, inzwischen sind sie auch über den Hoster Mega öffentlich zugänglich. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
So praktisch SaaS ist. Das Konzept birgt auch große Risiken, wenn wie jetzt etwa Typeform ein SaaS-Provider das Opfer eines Datendiebstahls wird. Dann sind meist auch die Kunden des Anbieters betroffen.
Viele Unternehmen binden heutzutage immer wieder diverse Online-Umfragen in ihre Web-Seiten ein. Dabei greifen sie gerne auf vorgenerierte Formulare von externen Anbietern zu. Eines dieser Unternehmen, der spanische Software-as-a-Service-Spezialist (SaaS) Typeform, musste nun einen Datendiebstahl eingestehen, bei dem auch zahlreiche Datensätze von Kunden des Unternehmens geklaut worden sein sollen.
Der oder die Angreifer konnten sich laut Typeform Zugriff auf ein Backup von Anfang Mai dieses Jahres verschaffen. Darin enthalten waren API-Keys, Token zum Zugriff auf die von Typeform angebotenen Dienste und Zugangsdaten zu OAuth-Applikationen, aber auch Daten von Kunden, die Online-Formulare ausgefüllt hatten. Um welche Informationen es sich dabei genau handelte, teilte Typeform nicht mit. Laut Medienberichten meldeten sich aber bereits mehrere betroffene Unternehmen wie Fortnum & Mason.
Wie das Londoner Kaufhaus mitteilte, wurden ihm etwa 23.000 Datensätze gestohlen. Sie enthielten E-Mail-Adressen, Antworten auf Fragen und teilweise auch Postadressen sowie andere private Informationen der Nutzer. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
A little-known, Florida-based marketing firm called Exactis may be responsible for a significant amount of personal data being exposed. According to a report from Wired, the firm left 340 million individual records on a publicly accessible server that any person could have gotten ahold of.
The leak was discovered earlier this month by security researcher Vinny Troia, founder of the New York-based security firm Night Lion Security. He reported his find to the FBI and Exactis earlier this week, and while the company has since protected the data, it’s unclear just how long it sat exposed.
So just how bad is the leak? It’s pretty bad! The data stored on the server amounts to about two terabytes worth of personal information.
Troia told Wired the database from Exactis appears to have data from “pretty much every US citizen” in it, with approximately 230 million records on American adults and 110 million records on US business contacts. That falls in line with Exactis’ own claim on its website that it has data on 218 million individuals. If the leak is truly as big as estimated, it would make for one of the largest exposures of personal information in recent memory. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers – most of whom were mobile subscribers.
Data exposed during the breach included:
Customers’ first and last names
Customers’ home addresses
Customers’ dates of birth
Customers’ telephone numbers
Interestingly, in a press release, Swisscom pointed a finger of blame at an unnamed third-party sales partner who had been granted “limited access” to the data in order that they could identify and advise customers approaching contract renewal.
That sales partner, Swisscom says, suffered its own security breach – somehow allowing its access keys to Swisscom to fall into criminal hands.
A routine check of Swisscom’s operational activities uncovered the unauthorised data access, and the offending partner’s access rights revoked.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
Grammarly has fixed a security bug in its Chrome extension that inadvertently allowed access to a user's account -- including their private documents and data.
Tavis Ormandy, a security researcher at Google's Project Zero who found the "high severity" vulnerability, said the browser extension exposed authentication tokens to all websites.
That means any website can access a user's documents, history, logs, and other data, the bug report said.
"I'm calling this a high severity bug, because it seems like a pretty severe violation of user expectations," said Ormandy, because "users would not expect that visiting a website gives it permission to access documents or data they've typed into other websites."
In proof-of-concept code, he explained how to trigger the bug in four lines of code.
More than 22 million users have installed the grammar-checking extension.
Ormandy filed his bug report Friday, subject to a 90-day disclosure deadline -- as is the industry standard. Grammarly issued an automatic update Monday to fix the issue.
Ormandy has in recent months examined several vulnerable web browser extensions. Earlier this year, he found a remote code execution flaw in the Cisco WebEx Chrome extension, and a data-stealing bug in the popular LastPass password manager.
A spokesperson for Grammarly did not immediately return a request for comment.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES
|
|
Scooped by
Gust MEES
|
|
In den Stunden vor der Abschaltung von ChatGPT, war es demnach für einige Benutzer möglich, den Vor- und Nachnamen, die E-Mail- und Zahlungsadresse, die letzten vier Ziffern der Kreditkartennummer und das Ablaufdatum der Kreditkarte eines anderen aktiven Benutzers zu sehen. Die vollständigen Kreditkartennummern seien zu keinem Zeitpunkt offengelegt worden.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/21st-century-innovative-technologies-and-developments/?&tag=ChatGPT
https://www.scoop.it/t/21st-century-innovative-technologies-and-developments/?&tag=AI
https://www.scoop.it/topic/21st-century-innovative-technologies-and-developments/?&tag=Ethics