Search Results for “CBC”


October 1, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
German Academics Develop New Attack, PDFex, That Can Extract and Steal Data From Encrypted Files

A team of six academics from Ruhr-University Bochum and Münster University in Germany has developed a new attack called PDFex that can extract and steal data from encrypted PDF files, sometimes without user interaction. The attack comes in two variations and the researchers successfully tested it against 27 desktop and web PDF viewers, including popular software such as Adobe Acrobat, Foxit Reader, Evince, Nitro, and Chrome and Firefox’s built-in PDF viewers. PDFex targets the encryption schemes supported by the Portable Document Format (PDF) standard that supports native encryption so that PDF apps can encrypt files that can be opened by any other app, and prevent user lock-in for one specific PDF software due to the use of shady encryption scheme. The first of the two attacks is called “direct exfiltration.” It takes advantage of the fact that PDF apps don’t encrypt the entirety of a PDF file, leaving some parts unencrypted. The second type of attack uses CBC gadgets which means that the ciphertext is modified to exfiltrate itself after decryption.

Related: TechNadu, SensorsTechForum, PDFInsecurity.org (PDF)

Tweets:@seecurity @hanno @oss_security @softwarnet @campuscodi

TechNadu: Researchers Find Two Methods to Steal Data from Encrypted PDF Files
SensorsTechForum : Major Vulnerabilities in PDF Encryption Create the PDFex Attack
PDFInsecurity.org: Practical Decryption exFiltration: Breaking PDF Encryption (PDF)

@seecurity: New Paper: “Practical Decryption exFiltration: Breaking PDF Encryption“ describing new attacks that uncover the plaintext of encrypted PDFs. To be presented at @acm_ccs and joint work with @jensvoid @Murgi @v_mladenov @CheariX @JoergSchwenk . #PDFex 1/n
@hanno: PDF encryption is broken in the same way as emails were broken #efail #PDFex I can tell you a "secret": For ZIP-files, Word DOCs, ODT files & probably almost every other password-encryption format that's older than 10 years the same or similar attacks apply.
@oss_security: PDFex: Security weakness in PDF encryption: Posted by Jens Müller on Oct 01TL;DR In the scope of academic research at Ruhr University Bochum and Münster and University of Applied Sciences, Germany, two severe flaws in the PDF encryption standard have… http://dlvr.it/RFG78h
@softwarnet: #infosec https://zdnet.com/article/new-pdfex-attack-can-exfiltrate-data-from-encrypted-pdf-files/ New PDFex attack can exfiltrate data from encrypted PDF filesAll the 27 desktop and web PDF viewer apps that were tested were found to be vulnerable in a way or another.
@campuscodi: PDFex paper [PDF]: https://pdf-insecurity.org/download/paper-pdf_encryption-ccs2019.pdfPDFex: website: https://pdf-insecurity.org/encryption/encryption.htmlPDFex blog post: https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.htmlInteresting Twitter thread:


September 24, 2019
Leo Kelion / BBC News

Leo Kelion / BBC News  
EU’s Top Court Rules That Google Doesn’t Have to Apply Right to Be Forgotten Globally

The EU’s top court, the European Court of Justice has ruled that Google does not have to apply the right to be forgotten globally, requiring the firm to remove links only from its search results in Europe after receiving an appropriate request. The decision stems from a demand by the French privacy regulator CNIL which ordered the firm to globally remove search result listings to pages containing damaging or false information about a person. The right to be forgotten gives EU citizens the power to demand data about them be deleted.

Related: CBC , The Hindu – News, The Hindu – News, AP Breaking News, Channel News Asia, Engadget, The Next Web, BetaNews, The Verge, EJ Insight, Tech Insider, New York Times, NYT > Business Day, WRAL Tech Wire, Silicon Republic, Fortune, Deutsche Welle, Washington Post, The Guardian, AFP, Gizmodo

Tweets:@WomaninHavana @eLAWnora @StevePeers @alemannoEU

CBC : Google wins ‘right-to-be forgotten’ fight with France
The Hindu – News: Google not required to apply ‘right to be forgotten’ worldwide: European Court of Justice
AP Breaking News: EU top court rules in favor of Google on search engine issue
Channel News Asia: Google wins ‘right to be forgotten’ fight with France
Engadget: Google told it doesn’t have to apply ‘right to be forgotten’ results globally
The Next Web: EU top court rules Google doesn’t need to apply the ‘right to be forgotten’ globally
BetaNews: Court rules Google need only apply the ‘right to be forgotten’ in Europe, not worldwide
The Verge: ‘Right to be forgotten’ only applies to Google in the EU, court rules
EJ Insight: Google wins in ‘right to be forgotten’ fight with France
Tech Insider: Google has just been told it doesn’t have to apply ‘right to be forgotten’ globally
New York Times: Europe’s Top Court Limits ‘Right to Be Forgotten’ Privacy Rule
WRAL Tech Wire: EU’s top court backs Google on ‘right to be forgotten’ limits
Silicon Republic: Google wins EU case to limit the right to be forgotten
Fortune: Top Court Rules Google Doesn’t Have to Censor Around the World Because of European Privacy Laws
Deutsche Welle: EU court: Google need not apply ‘right to be forgotten’ outside EU
Washington Post: Google scores major victory in E.U. ‘right to be forgotten’ case
The Guardian: ‘Right to be forgotten’ on Google only applies in EU, court rules
AFP: Google wins EU fight against ‘right to be forgotten’ worldwide
Gizmodo: Google told it doesn’t have to apply ‘right to be forgotten’ results globally

@WomaninHavana: It’s the day for landmark judgments.CJEU on the #righttobeforgotten #Google case as to whether it has to remove links to sensitive personal data worldwide or only within the EU. #privacy #freedomofexpression
@eLAWnora: BREAKING: CJEU rules that in right to be forgotten cases a search engine is not required to undertake global delisting. However, it mandates EU-wide delisting and geo-blocking
@StevePeers: CJEU clarifies the obligations of search engines re the "right to be forgotten":
@alemannoEU: Has Google won? Not yet. EU Court requires Google to #nudge users: while no global delisting obligation exists (beyond the EU), #Google expected to prevent, or at least discourage, users from circumventing EU right to be forgotten via access to third-countries’ links #forgotten


August 31, 2019
Brian Barrett / Wired

Brian Barrett / Wired  
Anonymous Hacker Compromised Twitter CEO Jack Dorsey’s Account Through SIM Swapping and Tweeted String of Racist Messages, Bomb Threats

An anonymous hacker took over Twitter CEO Jack Dorsey’s account for 20 minutes and used it to send out a string of racist messages and bomb threats. A group that calls itself the “Chuckle Gang,” which has broken into other high-profile Twitter accounts before, apparently broke into the @jack account at 3:45 pm and sent out dozens of tweets and retweets. Other who have been attacked by these hackers blamed so-called SIM swap attacks, with a particular focus on AT&T and Twitter confirmed that Dorsey’s breach was a SIM swap as well. It’s unclear, however, how Dorsey was able to regain access to his account so quickly if the attack was a result of a SIM swap.

Related: Deutsche Welle, Digital Trends, The Hill: CybersecurityAvira Blog, Firstpost, Sydney Morning Herald, Reuters, The Next Web, Tech Insider, Stars and Stripes, PCMag.com, ZDNet, ABC News: U.S., CBC, TribLIVE, Financial Times, Washington Post, SlashGear » security, Stuff.co.nz – Stuff, CNET News, ZDNet, New York Times, CBC, The A.V. Club, BuzzFeed – Tech, Sky News, Mashable, TORONTO STAR, Dark Reading: Attacks/Breaches, USA Today, Social Media Today , Vox, OneZero – Medium, FOX News, The Verge, VentureBeat, Gizmodo, Evening Standard, Daring FireballWindows Central , TechCrunch, Daily Dot, Tech Insider, CBSNews.com, Digital Trends, Heavy.com, Quartz, Neowin, Daily Beast, The Verge, Slashdot, CNET News, CNN.com, Android Central , San Francisco Chronicle, SFist, Axios, Vox, MobileSyrup.com, The Inquisitr News, CCN, AP Breaking News, iAfrikan, TIME, iMore, Memeburn, The Guardian, Android Central , RT USA, Boing BoingAndroid Authority, The Register, CNN.com, San Francisco Chronicle, Quartz, Cybersecurity Insiders, SC Magazine, THE INQUIRER, DataBreachToday.com, THE INQUIRER, iTnews – Security, PCMag.com, Haaretz.com

Deutsche Welle: Twitter CEO Jack Dorsey’s account sent racist tweets after hack
Digital Trends: Twitter CEO Jack Dorsey’s account was hacked and used to tweet racist messages
The Hill: Cybersecurity: Hillicon Valley: Twitter CEO Jack Dorsey’s account hacked | Google found iPhone security bug | YouTube reportedly to pay up to $200M to settle child privacy investigation | DNC expected to nix Iowa virtual caucus plans
Firstpost: Twitter CEO’s hacked account sends racist tweets before being secured
Sydney Morning Herald: Twitter CEO Jack Dorsey’s account hacked, racist tweets sent
Reuters: Twitter CEO’s hacked account sends racist tweets before being secured
Channel News Asia: Twitter CEO’s hacked account sends racist tweets before being secured
The Next Web: Twitter CEO Jack Dorsey’s account has been hacked
Tech Insider: Twitter CEO Jack Dorsey’s Twitter account was hacked to send out racist tweets with the n-word and phrases like ‘Hitler is innocent’ (TWTR)
Stars and Stripes: Twitter CEO Dorsey’s account sent racist tweets after hack
PCMag.com: Twitter CEO’s Account Hacked, Defaced With Racist Posts
ZDNet: Jack Dorsey’s Twitter account got hacked
ABC News: U.S.: Twitter CEO Dorsey’s account sent racist tweets after hack
CBC: Twitter says CEO’s account sent out racist, vulgar tweets after it was hacked
TribLIVE: Twitter CEO Jack Dorsey hacked; account sent racist tweets
Financial Times: Jack Dorsey’s Twitter account hacked
Washington Post: Twitter co-founder Jack Dorsey’s account hacked
SlashGear » security: Twitter CEO’s @Jack account hacked [Update]
Stuff.co.nz – Stuff: Twitter CEO Jack Dorsey’s account sends racist tweets after hack
CNET News: Jack Dorsey’s Twitter account hacked – CNET
New York Times: Twitter C.E.O. Jack Dorsey’s Account Hacked
The A.V. Club: Someone hacked Jack Dorsey’s Twitter account to say even dumber stuff than usual
BuzzFeed – Tech: Jack Dorsey, The CEO Of Twitter, Was Hacked On Twitter
Sky News: Twitter founder’s account hacked as racist tweets posted
Mashable: Jack Dorsey’s Twitter account hacked to spread pro-Hitler message
TORONTO STAR: Twitter founder Jack Dorsey’s account hacked
Dark Reading: Attacks/Breaches: @jack Got Hacked — Twitter CEO’s Tweets Hijacked
USA Today: Twitter says it is investigating how CEO Jack Dorsey's account was compromised
Social Media Today : Hackers Gain Access to the Twitter Account of Platform CEO Jack Dorsey, Tweet Offensive Content
Vox: Jack Dorsey’s hack encapsulates Twitter’s struggle with problematic content
OneZero – Medium: Three Takeaways From the Hack of Jack Dorsey’s Twitter Account
FOX News: Twitter CEO Jack Dorsey’s own account was hacked, used to post vulgar messages
The Verge: Twitter CEO Jack Dorsey’s account has been hacked
VentureBeat: Twitter is investigating CEO Jack Dorsey’s account being hacked
Gizmodo: Jack Dorsey’s Twitter Account Was Hacked
Evening Standard: Twitter CEO Jack Dorsey's own Twitter account hijacked with series of racist tweets
Daring Fireball: Jack Dorsey’s Twitter Account Was Compromised
Windows Central : Jack Dorsey, Twitter’s CEO, had his account hacked
TechCrunch: A hacker has compromised Jack Dorsey’s Twitter account
Daily Dot: Twitter CEO’s account hacked, retweets pro-Nazi propaganda
Tech Insider: How to delete your Fitbit account and erase your personal data
CBSNews.com: Hackers tweet racial slurs from Twitter CEO Jack Dorsey’s account
Digital Trends: Twitter CEO Jack Dorsey’s account was hacked and used to tweet racist messages
Heavy.com: Jack Dorsey’s Twitter Account Hacked by ‘Chuckling Squad’
Quartz: Jack Dorsey’s Twitter account got hacked—here’s what we know
Neowin: Twitter CEO, Jack Dorsey, gets account taken over by hackers
Tech Insider: It took Twitter longer to secure Jack Dorsey’s account from hackers than it would for a nuclear missile to travel around the world — and that should terrify you
Daily Beast: Twitter CEO Jack Dorsey’s Account Gets Hacked, Posts Racist Messages
The Verge: Twitter CEO Jack Dorsey’s account has been hacked
CNN.com: Jack Dorsey’s Twitter account was hacked — and he’s the CEO of Twitter
Android Central : How to change your Twitter password and activate two-factor authentication
San Francisco Chronicle: Twitter CEO Dorsey’s account sent racist tweets after hack
SFist: Hackers Seize Jack Dorsey’s Twitter, Make Bomb Threats, Praise Hitler
Axios: Twitter CEO Jack Dorsey’s account hacked
Vox: Jack Dorsey’s hack encapsulates Twitter’s struggle with problematic content
MobileSyrup.com: Twitter CEO Jack Dorsey has been hacked
The Inquisitr News: Twitter CEO Jack Dorsey’s Account Was Hacked
CCN: Jack Dorsey Twitter Hack a Sick Way to Protest Hate Speech
AP Breaking News: Twitter CEO Dorsey’s account sent racist tweets after hack
iAfrikan: Jack Dorsey’s Twitter account hacked
TIME: Twitter CEO Jack Dorsey’s Twitter Account Has Been Hacked
iMore: Worried about getting your Twitter account hacked? Set up 2FA to protect it
Memeburn: Jack Dorsey’s Twitter account has been hacked, yet again
The Guardian: Jack Dorsey: Twitter CEO’s account hacked in embarrassing security lapse
Android Central : Jack Dorsey, Twitter’s CEO, had his account hacked
RT USA: Twitter CEO Jack Dorsey’s account ‘compromised,’ posted racial slurs
Boing Boing: How did Twitter CEO Jack Dorsey’s account get hacked?
Android Authority: Regularly changing your Twitter password is important, as Twitter CEO found out
Tech Insider: What we know about how Twitter CEO Jack Dorsey’s account was hacked, and the group called ‘Chuckling Squad’ who is claiming responsibility
The Register: JACK OF ALL TIRADES: Twitter boss loses account to cunning foul-mouthed pranksters
CNN.com: Jack Dorsey’s Twitter account was hacked — and he’s the CEO of Twitter
San Francisco Chronicle: Twitter CEO Dorsey’s account sent racist tweets after hack
Quartz: Hong Kong’s fast-learning, dexterous protesters are stumped by Twitter
Cybersecurity Insiders: Twitter Mobile Security flaw allows hackers to post Racist comments
SC Magazine: Twitter CEO’s account hacked in SIM-swapping scheme | SC Media
THE INQUIRER: Twitter CEO Jack Dorsey gets his Twitter account hacked
DataBreachToday.com: Hey Jack, How Was Your Account Hacked?
iTnews – Security: Twitter CEO’s hacked account sends racist tweets before being secured
PCMag.com: Twitter CEO’s Account Hacked, Defaced With Racist Posts
Haaretz.com: Twitter CEO Jack Dorsey’s account sends out pro-Nazi tweets after being hacked


August 9, 2019
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Apple Expands Its Bug Bounty Program to Include Macs, MacBooks, Apple TVs, and Apple Watches, Ups Top Bounty to $1 Million

Apple announced it will expand its bug bounty program to include Macs and MacBooks, as well as Apple TV and Apple Watch, three years after launching a bug bounty program for iOS. Apple said it will open its bug bounty program to all researchers and increase the size of the bounty from the current maximum of $200,000 per exploit to $1 million for a zero-click full chain kernel code execution attack with persistence. Any researcher who finds a vulnerability in pre-release builds reported before general release will qualify for up to 50% bonus on top of the category of vulnerability they discover. The Cupertino giant also confirmed a Forbes report earlier this week that it will give a number of “dev” iPhones to vetted and trusted security researchers and hackers under the new iOS Security Research Device Program.

Related: Techradar, MacRumors, SC Magazine, ThreatpostVentureBeat, ZDNetiDownloadBlog.com, iTnews – SecurityReuters, CBC, Cult of Mac, Thomas Brewster – Forbes, iMore, VICE News, The Verge


July 29, 2019
Emily Flitter and Karen Weise / New York Times

Emily Flitter and Karen Weise / New York Times  
Firewall Misconfiguration by Capital One Allowed Hacker to Steal Millions of Credit Applications, Social Security and Bank Account Numbers Affecting More Than 100 Million People in North America

In one of the largest cases of bank data theft ever, software engineer Paige Thompson hacked into a server holding customer information for Capital One, exploiting a firewall misconfiguration in the bank’s network to steal millions of credit card applications, federal prosecutors say. Thompson, who used the online handle “erratic” was the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.” The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service. Thompson stole 140,000 U.S. Social Security numbers and 77,000 bank account numbers, along with one million Canadian social insurance numbers affecting more than 100 million people in the United States and Canada. A“firewall misconfiguration” by the bank had allowed Ms. Thompson to communicate with the server where Capital One was storing its information and, eventually, gain access to customer files, an FBI agent investigating the case said in court documents. Ms. Thompson worked as a systems engineer at Amazon from 2015 to 2016.

Related: CNN, Reuters, Associated Press, Axios, CNBC, NBC News, Politico, Capital One, The Register, Bloomberg, Washington Post, TechCrunch, TechCrunch, Wired, Justice.gov, Ars Technica, CNET, Wall Street Journal, The Verge, The Hill, Venture Beat, Law360, Reuters, Daily Mail,DataBreachToday.com, BGR, USATODAY, Business Insider, The Daily Swig, Newsweek, Financial Times, CRN, CRN, UPI.comDataBreaches.net, SecurityWeek, MobileSyrup.com, BetaNews, The Verge, GBHackers On Security, SlashGear » security, E-Commerce Times, CNN.com, PCMag.com, The VergeEvening Standard, EngadgetMarketWatch.com – Software Industry News, TechSpot, Digital Trends, Neowin, Fast Company, Mother Jones, New York Daily News, New on MIT Technology Review, FOX News, The Hacker News, Help Net Security, CBSNews.com, Fortune, Technology News | Boston.com, SecurityWeek, The Huffington Post, Cyberscoop, IT World Canada, ARN, The Guardian, Digital Trends, The Next Web, Android Central , GeekWire, SC Magazine, Techerati, SlashdotABC News: U.S., Graham Cluley, Japan Times,Security Affairs, Cyber Kendra, PYMNTS.com, Heavy.com, Computer Business Review, TechNadu, Silicon Republic, Infosecurity Magazine, The State of Security, DataBreaches.netGadgets Now, Courthouse News Service, BBC News – WorldBleepingComputer.comITV News, RT USA, AOL, New York Post, EJ Insight, Mercury News, TODAYonline, CBC , Deutsche Welle, Gizmodo, News : NPR, POLITICO, Gizmodo, Daily BeastGeekWire

Tweets:@zackwhittaker @briankrebs @cnbcnow @gregotto @yoda @RepKatiePorter @zackwhittaker @Wired @BleepingComputer @kimzetter @dnvolz @BleepingComputer @McGrewSecurity @weldpond @h0tdish @hacks4pancakes @RayRedacted @catcalvinla @malwarejake @somanyshrimp @TorresLuzardo

CNN: A hacker gained access to 100 million Capital One credit card applications and accounts
Reuters: Capital One reveals 100M affected by data breach, hacker arrested
Associated Press: Capital One says hacker gained access to personal information of more than 100 million people
Axios: 100 million credit card applications stolen from Capital One
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
NBC News: Over 100 million credit card applicants at risk in Capital One breach, Seattle woman arrested
Politico: Capital One reveals historic data breach after FBI arrests Seattle suspect
Capital One: Capital One Announces Data Security Incident
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
Bloomberg: Capital One Says Breach Hit 100 Million Individuals in U.S.
Washington Post: Capital One says data breach affected 100 million credit card applications
TechCrunch: Capital One’s breach was inevitable, because we did nothing after Equifax
TechCrunch: Capital One hacked, over 100 million customers affected
Wired: THE ALLEGED CAPITAL ONE HACKER DIDN’T COVER HER TRACKS
Justice.gov: Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company
Ars Technica: Feds: former cloud worker hacks into Capital One and takes data for 106 million people
CNET: Capital One data breach involves 100 million credit card applications
Wall Street Journal: Capital One Reports Data Breach Affecting 100 Million Customers, Applicants
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
The Hill: Woman arrested, accused of hacking 100 million Capital One records
Venture Beat : Capital One announces hack affecting 106 million U.S. and Canadian customers
Law360: Capital One Says Breach Impacted 106M As Suspect Arrested – Law360
Daily Mail : Ex-tech worker arrested for Capital One hack after stealing data from 100 million customers
DataBreachToday.com: Woman Arrested in Massive Capital One Data Breach
BGR: Hacker steals data for more than 100 million Capital One users, then brags about it and gets arrested
USATODAY: Massive data breach hits Capital One affecting more than 100 million customers
Business Insider: Capital One data breach, affecting tens of millions
The Daily Swig: Millions affected by Capital One data breach
Newsweek: Capital One Data Breach: How to Know, and What You Should Do, If Your Account Has Been Compromised
Financial Times: Capital One reports massive data breach
CRN: Capital One Breach Exposed Data From 106M Credit Card Applicants, Users
UPI.com: Capital One data breach affects 100M credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
SecurityWeek: CapitalOne Discloses Massive Data Breach: 106 Million Impacted
MobileSyrup.com: Capital One data breach could have affected six million Canadian bank accounts
BetaNews: Personal details of 106 million Americans and Canadians stolen in huge Capital One data breach
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
GBHackers On Security: Capital One Hacked – Over 100 Million Credit Card Application Data Exposed
SlashGear » security: Capital One hack affects over 100 million people in the US and Canada
E-Commerce Times: Equifax Data Breach Settlement No Wrist Slap
CNN.com: Worried about the Capital One hack? Here’s what to do
PCMag.com: Capital One Suffers Data Breach Affecting 100 Million Customers
Evening Standard: Capital One data breach 2019: What to do if you have been affected
Engadget: Capital One data breach affected 100 million in the US
MarketWatch.com – Software Industry News: Everything you need to know about the massive Capital One hack, but were afraid to ask
TechSpot: Capital One hack exposed 100 million US customers’ personal details
Digital Trends: New Capital One data breach affects 100 million people. Here’s the very latest
Neowin: Over 100 million accounts compromised after Capital One data breach
Fast Company: Capital One data breach: what was stolen and how to find out if you are affected
Mother Jones: What’s In Your Wallet?
New York Daily News: Capital One hit with data breach affecting some 100 million U.S. customers
New on MIT Technology Review: A hacker stole the personal data of 100 million Capital One customers
FOX News: Capital One data breach exposes info of 106M customers, applicants; suspect arrested
The Hacker News: Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Help Net Security: Capital One breach: Info on 106 million customers compromised, hacker arrested
CBSNews.com: Capital One data breach hits more than 100 million people
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
Fortune: Hacker May Have Stole Info About Millions of Capital One Customers, U.S. Says
Technology News | Boston.com: Capital One target of massive data breach
SecurityWeek: Capital One Target of Massive Data Breach
The Huffington Post: Credit Card Company Reveals 100 Million People May Be Affected By Hack
Cyberscoop: Capital One announces massive data breach; lone suspect arrested in Seattle
IT World Canada: Six million Canadians impacted by Capital One data breach
ARN: Capital One: hacker gained access to personal information of over 100 million Americans
The Guardian: Capital One: hacker stole data of over 100m Americans
Ars Technica: Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One
Axios: 100 million credit card applications were stolen from Capital One
The Next Web: Capital One data breach compromises 106 million customers’ personal data
Android Central : Capital One breach exposes personal details of over 100 million customers
SC Magazine: Capital One hacker who stole personal info on 100M arrested | SC Media
AP Breaking News: Capital One target of massive data breach
Techerati: Capital One breach affecting 106 million customers caused by misconfigured cloud storage
Slashdot: Capital One Says Hacker Breached Accounts of 100 Million People; Ex-Amazon Employee Arrested
ABC News: U.S.: Capital One target of massive data breach
Graham Cluley: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
Japan Times: Hacker accesses over 100 million Capital One credit applications in massive data breach
Zero Hedge: Capital One Admits Massive Data Breach: 100 Million Americans Affected, Seattle Woman Arrested
Security Affairs: Capital One data breach: hacker accessed details of 106M customers before its arrest
Cyber Kendra: Capital One Suffered Data Breach 106 Million People Affected
PYMNTS.com: Cap One Hack Hits 100M Credit Card Applications
Heavy.com: Paige Adele Thompson: 5 Fast Facts You Need to Know
Computer Business Review: Capital One Hacker was Ex-AWS Employee
TechNadu: Capital One Reports a Major Data Breach Affecting 106 Million Individuals in the USA & Canada
Infosecurity Magazine: Capital One Breached by Cloud Insider in Major Attack
Tech Insider: Amazon’s cloud was at the heart of the big Capital One hack, even though it doesn’t seem to be at fault (AMZN, COF)
The State of Security: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
Gadgets Now: Capital One hacked, says information of 100 million-plus users leaked
Reuters: Capital One says information of over 100 million individuals in U.S., Canada hacked
BBC News – World: Capital One data breach: Arrest after details of 100m US individuals stolen
TIME: Capital One Information Hacked in Massive Data Breach
NDTV Gadgets360.com: Capital One Bank Targeted in Massive Data Breach
BleepingComputer.com: Capital One Data Breach Affects 106 Million People, Suspect Arrested
ITV News: 100 million applications targeted in Capital One bank data breach
RT USA: 100mn+ people’s data exposed in Capital One bank hack, thousands of SSNs & accounts leaked
AOL: Capital One: information of over 100 mln individuals in U.S., Canada hacked
New York Post: Capital One reveals 100M affected by data breach, hacker arrested
EJ Insight: Capital One data breach affects millions in US, Canada
Mercury News: Capital One: Hacker got info on 100M in the US, 6M in Canada
CBC : Hacker obtained personal information of 6 million people in Canada
Deutsche Welle: Capital One data theft: US arrests ‘erratic’ hacker
Gizmodo: Hacker Claims to Be in Possession of Personal Info on Up to 20,000 LAPD Applicants
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
POLITICO: Capital One reveals historic data breach after FBI arrests Seattle suspect
Daily Beast: Tens of Millions of Credit Card Applications Stolen in Capital One Breach
GeekWire: Seattle engineer arrested for Capital One hack that affected 100M people

@zackwhittaker: Wow. Capital One discloses massive data breach: 100M in US, 6M in Canada. One person in FBI custody. Credit files, applications, the lot. Hard to see this as anything other than Equifax 2.0. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@briankrebs: Nice write up. Yes, this appears to be her resume. Worked at Amazon 2015-2016
@cnbcnow: BREAKING: Capital One says data breach has “affected approximately 100M individuals in the United States & approximately 6M in Canada” but “no credit card account numbers or log-in credentials were“ taken and “99% of Social Security numbers” weren’t stolen
@gregotto: According to the FBI, a firewall misconfiguration was partly responsible for allowing Thompson to access the Capital One cloud storage
@yoda: what kind of wordsmith fuckery is this???
@RepKatiePorter: One week *to the day* after Equifax announced its settlement terms. It’s clear corporations won’t clean up their acts on their own. We need to create an enforceable federal data privacy standard, so I’m drafting that bill.
@zackwhittaker: Incredible. Capital One's data breach site is titled "Facts."And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.Fuck you, Capital One.
@Wired: On Monday, the FBI and Capital One disclosed a data breach of 106 million credit card applications, one of the biggest breaches of a major financial institution ever.And now someone has been arrested in connection with the crime:
@BleepingComputer: The suspect allegedly posted about her accessing of Capital One's data on GitHub. A security researcher saw her post and contacted Capital One.
@kimzetter: This Capital One breach definitely has more going on to it than the headlines suggest. Perhaps not a coordinated vuln disclosure gone wrong ?but something is def weird about it - she used Tor to access the data but then publicly posted the data to an account with her name?
@dnvolz: The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong
@BleepingComputer: This breach was discovered by a security researcher who responsibly disclosed a vulnerability to Capital One. After investigating the vulnerability, Capital One discovered that an unauthorized user accessed their systems and data between March 22 and 23, 2019.
@McGrewSecurity: Located the Capital One hacker's twitter (also thanks to those that backchanneled on the topic). Clearly they were/are in a bad state mentally/emotionally. I've deleted the earlier tweets about her. I hope they find some peace.
@weldpond: The FBI said the suspect, Paige A. Thompson, was apprehended after she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,”
@h0tdish: Insider/ex employee threats and those who willingly commit crimes, creating, selling malware or stealing info via exploit/breach ARE NOT hero's & anyone who frames it that way has to explain why they're not currently launching a legal $ raiser for her but did for other criminals.
@hacks4pancakes: I feel a great disturbance in the Force, like dozens of Capital One cybersecurity analysts who were screaming futilely for into the wind for years were suddenly silenced.
@RayRedacted: I have removed all of my OSINT posts about the Capital One hacker, because it is clear that she is suffering from mental illness.Mental illness does not discriminate. It can affect anyone. I truly hope she gets the help she needs.
@catcalvinla: At this point, I’m getting like two breach notices a day. Who DOESN’T have my info?
@malwarejake: Takeaways from #CapitalOne: 1. Having a disclosure program may have saved them. I'm FAR less likely to report to an org that lacks a disclosure policy. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@somanyshrimp: Losing your personal information in a massive data breach is just a thing that happens now, like 110 degree days and regular mass shootings
@TorresLuzardo: I'm trying to come up with an analogy but there's really no topping this.No SSNs were stolen except 140,000 of them.


July 24, 2019
MARCY GORDON and BARBARA ORTUTAY / Associated Press

MARCY GORDON and BARBARA ORTUTAY / Associated Press  
FTC Privacy Probe Settlement Imposes $5 Billion Penalty, New Restrictions and Modified Corporate Structure on Facebook, Mark Zuckerberg Held Personally Responsible for Privacy Programs Compliance

The Federal Trade Commission (FTC) announced that Facebook will pay a record-breaking $5 billion penalty and submit to new restrictions and a modified corporate structure to hold the company accountable for the decisions it makes about its users’ privacy. The fine and new restrictions settle an FTC investigation into whether Facebook violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information specifically in regards to the data of  87 million Facebook users used without their permission in the Cambridge Analytica scandal. Under the settlement between Facebook and the FTC, Mark Zuckerberg is held personally responsible in a limited fashion and will have to personally certify his company’s compliance with its privacy programs. False certifications could expose him to civil or criminal penalties.

Related: Gadgets Now, NDTV Gadgets360.com, The Drum, Al Bawaba, CCN, The Guardian, Wall Street Journal, CNET, E-Commerce Times, PYMNTS.com, Tech Insider, Tech Insider, MarketWatch.com – Software Industry New, Asia One World, Reuters, Federal Trade Commission, Politico, Vox, CNET, FOX News, Voice of America, Washington Post, Zero Hedge, Axios, AndroidHeadlines.com, TechCrunch, Facebook Newsroom, The Verge, TechCrunch, TIME, LA Daily News, CNET, Wall Street Journal, Technology News | Boston.com, The Age, Al BawabaUSA Today, Gizmodo, New York Times, Financial Times, News : NPR, USA Today, CNBC, TechJuice, Telecomlive.com, Courthouse News Service, TribLIVE, NYT > Business Day, CBC , Star Tribune, Chicago Tribune, CNBC, Engadget, Telecompaper Headlines, CCN, AppleInsider, CPO MagazineSky News, 9to5Mac, Tech Insider, Bloomberg, NDTV Gadgets360.com, VentureBeat

Tweets:@sarahfrier @sarahfrier @jtrevorhughes @DaveLeeBBC @ashk4n

Gadgets Now: Facebook to create privacy panel, pay $5 billion to US to settle allegations
NDTV Gadgets360.com: Facebook Said to Agree to Create Privacy Panel as Part of US FTC Settlement
The Drum: Facebook appoints board-level privacy panel as part of $5bn US FTC settlement
Al Bawaba: Facebook to Pay $5 Billion Fine Over Users’ Privacy Violations
CCN: Facebook’s Stock Falters as the DOJ Knives Come Out
The Guardian: Facebook agrees to pay $5bn in vast privacy settlement, insiders say
Wall Street Journal: Facebook Expected to Settle SEC Claims of Inadequate Disclosures Over Privacy Practices
CNET: Facebook to settle with SEC after probe into privacy practices
E-Commerce Times: Facebook Unfazed by $5B FTC Settlement
PYMNTS.com: Facebook Could Pay $100M To Settle SEC Investigation
Tech Insider: ‘Too cheap to keep ignoring’: Wall Street thinks Facebook is set to soar because its loyal users outweigh its endless scandals (FB)
MarketWatch.com – Software Industry News: The Wall Street Journal: Facebook set to pay fine of more than $100 million to settle SEC investigation
Asia One World: Facebook agrees to pay $6.8 billion fine over privacy issues; will set up privacy panel
Reuters: Facebook to create privacy panel, pay $5 billion to U.S. to settle allegations
Federal Trade Commission: FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook
Politico: FTC announces $5B settlement with Facebook
Vox: Facebook will pay the US government a $5 billion fine for privacy failures — but it won’t have to change the way it does business
CNET: Facebook agrees to $100 million SEC settlement after privacy probe
FOX News: Facebook pays historic $5B fine and agrees to new privacy regulations as part of massive settlement
Voice of America: Big Tech Faces Broad US Justice Department Antitrust Probe
Washington Post: U.S. government issues stunning rebuke, historic $5 billion fine against Facebook for repeated privacy violations
Zero Hedge: Facebook To Pay Record $5 Billion Fine In FTC Settlement
Axios: Facebook settles with FTC regulators over privacy
AndroidHeadlines.com: FTC Slaps Facebook With $5B Fine Over Cambridge Analytica Scandal
TechCrunch: Facebook ends friend data access for Microsoft and Sony, the last 2 of its legacy partners, under FTC deal
Facebook Newsroom: Cleaning Up Data Access for Partners
The Verge: FTC hits Facebook with $5 billion fine and new privacy checks
TechCrunch: Facebook settles with FTC: $5 billion and new privacy guarantees
TIME: Facebook Agrees to Pay Record $5 Billion Settlement in Privacy Investigation
LA Daily News: FTC fines Facebook $5 billion, adds limited oversight on privacy
CNET: Facebook agrees to $100 million SEC settlement after privacy probe
Wall Street Journal: Facebook Expected to Settle SEC Claims of Inadequate Disclosures Over Privacy Practices
Technology News | Boston.com: FTC fines Facebook $5B, adds limited oversight on privacy
The Age: Facebook to pay record $7.1b fine over privacy violations
Al Bawaba: Facebook to Pay $5 Billion Fine Over Users’ Privacy Violations
USA Today: Facebook fined $5 billion by FTC, must update and adopt new privacy, security measures
Gizmodo: Report: FTC to Accuse Facebook of Using 2FA Numbers for Ads, Hiding Facial Recognition Settings
New York Times: Facebook Fined $5 Billion and Ordered to Add Oversight of Data Practices
Financial Times: Facebook to pay $5bn to resolve probe into privacy violations
News : NPR: FTC To Hold Facebook CEO Mark Zuckerberg Liable For Any Future Privacy Violations
USA Today: Facebook fined $5 billion by FTC, must update and adopt new privacy, security measures
CNBC: FTC slaps Facebook with record $5 billion fine, orders privacy oversight
TechJuice: Facebook won’t have to admit guilt in shocking user privacy settlement
Telecomlive.com: Why $5-bn fine is just the tip of the iceberg of Facebook’s settlement woes
Courthouse News Service: FTC Fines Facebook $5 Billion for Privacy Violations
CBC : FTC fines Facebook $5B for privacy violations
Star Tribune: FTC fines Facebook $5B, adds limited oversight on privacy
Chicago Tribune: Feds fine Facebook $5 billion for privacy violations, establish new oversight
CNBC: FTC slaps Facebook with record $5 billion fine, orders privacy oversight
Engadget: Facebook will pay $5 billion fine for Cambridge Analytica data breaches
Wall Street Journal: Facebook Agrees to Pay $5 Billion in FTC Settlement
Telecompaper Headlines: FTC confirms USD 5 bln fine and 20-year compliance agreement for Facebook privacy violations
CCN: Facebook’s Stock Falters as the DOJ Knives Come Out
AppleInsider: Facebook fined $5B by FTC over Cambridge Analytica scandal charges
CPO Magazine: Record-Setting $5 Billion Facebook Fine Too Little Too Late?
Sky News: Facebook to pay record $5bn fine to end US privacy probe
9to5Mac: [Update: It’s official] Facebook fined record $5 billion by FTC for privacy violations
Bloomberg: Facebook’s FTC Privacy Settlement Won’t Hinder Ad Business
NDTV Gadgets360.com: Facebook Said to Agree to Create Privacy Panel as Part of US FTC Settlement
VentureBeat: Facebook to create a privacy panel as part of $5 billion FTC settlement

@sarahfrier: Tucked deep in Facebook’s announcement of the $5 billion FTC settlement is the announcement of a $100 million SEC settlement
@sarahfrier: Both the FTC and Facebook are telling you the $5 billion settlement fundamentally changes how Facebook operates. But the company will still be able to collect the same data and target ads in the same way. @KurtWagner8 and I explain
@jtrevorhughes: Official now. Just as Mueller hearing starts.FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook
@DaveLeeBBC: Facebook’s $5bn fine confirmed by FTC. Company must appoint privacy compliance officers + undergo privacy audits of which Zuckerberg must personally be a part. Also this morn - US financial regulator fines FB additional $100m for misleading investors.
@ashk4n: 1) UPDATE: Having now fully digested the FTC settlement and complaint, I'm of the opinion that this was a *terrible* outcome for our leading privacy regulator and a very sweet deal for @Facebook


April 6, 2017
Dave Seglins, Matthew Braga, Catherine Cullen / CBC News

Dave Seglins, Matthew Braga, Catherine Cullen / CBC News  
RCMP Cops to Using IMSI Catchers for Cellphone Surveillance After Press Reports

Canadian police RCMP took an unprecedented step of admitting it uses cellphone surveillance technology known as IMSI catchers, also known as Stingrays or Mobile Device Identifiers (MDIs), following a series of reports by Canadian news service CBC.  The devices mimic cell phone towers in order to track mobile device users and sometimes listen in to phone calls. The RCMP says it owns ten MDIs which have been used in 19 criminal investigations in 2016 and 24 investigations in 2015. The RCMP employs 24 technicians across Canada to deploy the devices. Although the RCMP says almost all investigations have been conducted under a warrant, at least 11 investigations over the past five years did not have judges’ approval.

July 17, 2018
Matthew Braga, Lori Ward, Andrew Culbert / CBC News

Matthew Braga, Lori Ward, Andrew Culbert / CBC News  
Medical, Financial Data for Up to 237,000 Patients of Ontario Home Care Agency Held for Ransom by Attackers

The detailed medical histories, contact information, bank account details, social insurance card information and credit card numbers of possibly hundreds of thousands of home-care patients being cared for by home medical care services company CarePartners in Ontario are being held for ransom by thieves. Contacted by CBC News, the attackers claim to have stolen hundreds of thousands of patient records and related materials in their possession dating back to 2010. The maximum number of patients that could be affected is 237,000 CarePartners claims. The attackers say they want compensation in exchange for telling the company how to fix their security issues, which, according to the attackers, includes software that hasn’t been patched in two years. CarePartners admits that none of its data was encrypted. CarePartners said it was contacted by the attackers via email on June 11 and informed customers a week later of the breach. The Waterloo Ontario Police, as well as private cybersecurity firm Herjavec Group, are investigating.

June 12, 2019
Anita Elash / CBC News

Anita Elash / CBC News  
Despite the Likely Illegality of Most Stalkerware Apps, Police and Prosectuors Fail to Take Action Against Abusers, App Developers

Abusers can easily purchase so-called stalkerware apps and download them to their victim’s mobile devices without their knowledge, according to the latest report out of Citizen Lab, part of the Munk School of Global Affairs and Public Policy at the University of Toronto. With such apps, abusers can remotely monitor their victim’s every move, including phone calls, text messages, emails, online activity, contacts lists, calendar entries, and location. In some cases, they can turn on the phone’s microphone or take pictures. Despite the variety of laws that such apps, and app developers, are breaking, police and prosecutors routinely turn a blind eye to these stalkerware violations.

Related: The Citizen Lab, The Citizen Lab<

Tweets: @RonDeibert, @josephfcox


August 2, 2016
Russell Brandom / The Verge

Russell Brandom / The Verge  
Bitcoin Exchange Bitfinex Hacked, $61 Million Swiped

Hong Kong Bitcoin exchange Bitfinex has announced it was hacked, with $61 million stolen from various customer accounts. The digital currency exchange halted trading at 2 pm GMT.

[expand title=”More”]

Bitfinex: Security Breach
The Merkle: Is BitGo To Blame For The Bitfinex Bitcoin Theft?
Infosecurity Magazine: Bitfinex Customers Lose Millions in Major Cyber Attack
IBTimes.co.uk : Technology: Testing time for cryptocurrency security as Bitfinex reports $65m of bitcoin stolen by hackers
Financial Times: Bitcoin plunges after Hong Kong hack
SCMP : Hong Kong Bitcoin exchange hacked, estimated US$66m stolen: thieves may have exploited market closure during typhoon
Quartz: One of the world’s largest bitcoin exchanges lost $65 million in a hack
Digital Trends: Bitcoin exchange loses more than $60 million in digital heist
FOX News: Bitcoin exchange loses more than $60 million in digital heist
TechCrunch: Bitcoin drops 20% after $70M worth of Bitcoin was stolen from Bitfinex exchange
Hacking Distributed: How the Bitfinex Heist Could Have Been Avoided
The Huffington Post : Bitcoin And Ethereum Are Plummeting: Why?
The Verge: Bitcoin exchange hit with $61 million theft
Graham Cluley: $61 million stolen from accounts at Bitcoin exchange Bitfinex
Business Standard: Bitcoin worth $72 million stolen from Bitfinex exchange in Hong Kong
CCM: Bitcoin Price Collapses Following Hack
CBC | Top Stories News: Hackers steal $94M in bitcoin from exchange users’ accounts
Tech | New York Post: Bitcoin plunges after hackers steal $72M from top exchange
V3.co.uk : Bitcoin value crashes 20 per cent after Bitfinex exchange hack
Gizmodo: Hackers Steal $72 Million in Bitcoin From Hong Kong Exchange
BGR: Bitcoin price tumbles after exchange hit with $72 million hack
SiliconANGLE: Leading bitcoin exchange Bitfinex hacked, $65.6m in bitcoin stolen
IBTimes.co.uk : Technology: Bitcoin price drops as hackers steal $65m from Hong Kong-based Bitfinex
Neowin: A supposed $65 million worth of bitcoins disappeared from Bitfinex exchange
Engadget: Hackers steal $63.7 million from Bitcoin exchange
DataBreaches.net: Bitfinex Suspends Operations after Security Breach
Finextra : Bitcoin tumbles as hackers steal $65 million from Hong Kong exchange
The Register: $67M in bitcoin stolen as hacking typhoon lashes Hong Kong’s Bitfinex
CNNMoney.com: Hackers steal millions in bitcoins
TechSpot: Hackers steal around $61 million from Bitcoin exchange
Ars Technica: Bitcoin value falls off cliff after $77M stolen in Hong Kong exchange hack
Silicon Republic: 120,000 bitcoins stolen from Hong Kong exchange, value drops 20pc
Mashable: Prominent Bitcoin exchange hacked wiping $65 million from wallets
The Hacker News: Bitcoin Price Drops 20% After $72 Million in Bitcoin Stolen from Bitfinex Exchange
Help Net Security: $77 million in Bitcoin stolen from Bitfinex exchange

[/expand]