ICT Security-Sécurité PC et Internet

Capital One has disclosed that it has suffered a data breach impacting 100 million people in the United States, and 6 million in Canada.

The company said in a statement that data between 2005 and 2019 was accessed and related to information on consumers at the time when they applied for a credit card.

"This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income," the company said.

"Beyond the credit card application data, the individual also obtained portions of credit card customer data, including: Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information; Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018."

Approximately 1 million Canadian social insurance numbers, as well as 140,000 American social security numbers and 80,000 bank account numbers were also accessed.

"No bank account numbers or Social Security numbers were compromised," the bank said before listing the above numbers.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

A Canadian hospital's website has been hacked in order to serve up the notorious Teslacrypt ransomware to unsuspecting visitors.

Jérôme Segura, a senior security researcher at Malwarebytes, explains in a blog post that out-of-date server-side software is likely to blame for the site hack of Norfolk General Hospital, which is based in Ontario:

"The web portal is powered by the Joomla CMS, running version 2.5.6 (latest version is 3.4.8) according to a manifest file present on their server. Several vulnerabilities exist for this outdated installation, which could explain why the site has been hacked."

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=eHealth

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

A company that collects the real-time location data on millions of cell phone customers across North America had a bug in its website that allowed anyone to see where a person is located -- without obtaining their consent.

US cell carriers are selling access to your real-time phone location data

The company embroiled in a privacy row has "direct connections" to all major US wireless carriers, including AT&T, Verizon, T-Mobile, and Sprint -- and Canadian cell networks, too.

Earlier this week, we reported that four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before.

The company, LocationSmart, is a data aggregator and claims to have "direct connections" to cell carriers to obtain locations from nearby cell towers. The site had its own "try-before-you-buy" page that lets you test the accuracy of its data. The page required explicit consent from the user before their location data can be used by sending a one-time text message to the user. When we tried with a colleague, we tracked his phone to a city block of his actual location.

But that website had a bug that allowed anyone to track someone's location silently without their permission.

"Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call.

"The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here."

The "try" website was pulled offline after Xiao privately disclosed the bug to the company, with help from CERT, a public vulnerability database, also at Carnegie Mellon.

Xiao said the bug may have exposed nearly every cell phone customer in the US and Canada, some 200 million customers.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

https://www.scoop.it/t/securite-pc-et-internet/?&tag=tracking

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Big+Data

Every week seems to bring news of another case of ransomware.

It’s nasty stuff. Nasty enough that the US and Canada on Thursday issued a rare joint cyber alert warning about the recent surge in ransomware attacks, in which data is encrypted and crooks demand payment for it to be unlocked.

The plague doesn’t appear to be going away anytime soon. Why should it? It’s proving a lucrative swindle for cyberthieves.

Enabling the ransomware plague is the fact that many people and businesses aren’t protecting themselves by locking down their computers and files.

If you do get infected with ransomware, unless you’ve got back-ups or the crooks made some kind of cryptographic mistake, you’re left with either paying or losing your locked-up files forever: a prospect that’s caused many to pay up.

From the alert, distributed by the US Department of Homeland Security and the Canadian Cyber Incident Response Centre:...

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware