ICT Security-Sécurité PC et Internet
87.2K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
June 29, 2018 7:00 AM
Scoop.it!

Adidas Announces Data Breach | #CyberSecurity #DataBreaches

Adidas Announces Data Breach | #CyberSecurity #DataBreaches | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - June 29, 2018 7:00 AM

Sportswear maker Adidas announced a data breach yesterday evening, which the company says it impacted shoppers who used its US website.

The company says it became aware of the breach on Tuesday, June 26, when it learned that an unauthorized party was claiming to have acquired the details of Adidas customers.

"According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords," an Adidas spokesperson said.

"Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted," he added.

The company said it's still investigating the breach with law enforcement and security firms.

A few millions impacted

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

 

 

 

Gust MEES's insight:

Sportswear maker Adidas announced a data breach yesterday evening, which the company says it impacted shoppers who used its US website.

The company says it became aware of the breach on Tuesday, June 26, when it learned that an unauthorized party was claiming to have acquired the details of Adidas customers.

"According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords," an Adidas spokesperson said.

"Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted," he added.

The company said it's still investigating the breach with law enforcement and security firms.

A few millions impacted

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
March 7, 2018 7:32 AM
Scoop.it!

Nike website flaw exposed sensitive server data | #CyberSecurity #DataBreaches #Wearables #Privacy #IoT

Nike website flaw exposed sensitive server data | #CyberSecurity #DataBreaches #Wearables #Privacy #IoT | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.com - March 6, 2018 6:57 AM

A previously undisclosed flaw in Nike's website allowed anyone with a few lines of code to read server data like passwords, which could have provided greater access to the company's private systems.

An 18-year-old researcher Corben Leo discovered the flaw late last year and contacted Nike through the company's dedicated email address for reporting security flaws, which it advertises on its bug bounty page.

After hearing nothing back for more than three months, Leo contacted ZDNet, which also alerted the company to the vulnerability.

The bug exploited an out-of-band XML external entities (OOB-XXE) flaw that abused how Nike's website parses XML-based files, allowing the researcher to read files directly on the server. OOB-XXE flaws are widely seen as esoteric and difficult to carry out, but can be used to gain deep access to a server's internals.

 

Gaining access to a server's files can disclose other avenues for exploitation, such as remote code execution or pivoting to other connected servers or databases.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

 

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

 

Gust MEES's insight:

A previously undisclosed flaw in Nike's website allowed anyone with a few lines of code to read server data like passwords, which could have provided greater access to the company's private systems.

An 18-year-old researcher Corben Leo discovered the flaw late last year and contacted Nike through the company's dedicated email address for reporting security flaws, which it advertises on its bug bounty page.

After hearing nothing back for more than three months, Leo contacted ZDNet, which also alerted the company to the vulnerability.

The bug exploited an out-of-band XML external entities (OOB-XXE) flaw that abused how Nike's website parses XML-based files, allowing the researcher to read files directly on the server. OOB-XXE flaws are widely seen as esoteric and difficult to carry out, but can be used to gain deep access to a server's internals.

 

Gaining access to a server's files can disclose other avenues for exploitation, such as remote code execution or pivoting to other connected servers or databases.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

 

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

 

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn