Comprehensive Software Reviews to make better IT decisions
Hacker Compromises Data of 106 Million Capital One Customers
Tech worker Paige A. Thompson has been charged with computer fraud for compromising the data of 106 million Capital One customers.
Thompson took advantage of a firewall misconfiguration to access data stored in a Capital One cloud server.
The cloud provider was confirmed as Amazon Web Services. Thompson was also revealed to be a former Amazon Web Services employee.
Source: SoftwareReviews Amazon Web Services Scorecard, accessed August 14, 2019
In their statement, Capital One said that “this type of vulnerability is not specific to the cloud.” What this means is that the data breach had nothing to do with security vulnerabilities of Amazon Web Services itself. The problem instead lay with a misconfigured firewall internal to Capital One.
Indeed, the relevant takeaway from this story is probably not to do with the security of Amazon Web Services. It is instead to do with why Capital One’s own Cloud Custodian – an open source governance, security, and compliance engine for cloud services – overlooked this firewall misconfiguration.
As always, clients should ensure that data stored anywhere (either in the cloud or otherwise) is protected by secure firewalls. Info-Tech’s security blueprints offer effective strategies to ensure clients can appropriately select and implement firewalls, alongside specific information on cloud security.
Source: Info-Tech Research Group Ensure Cloud Security in IaaS, PaaS, and SaaS Environments
Want to Know More?
Trend Micro Partners With NINJIO, InfoSec, GoldPhish, and NextTech Security to Offer Free Training Content
Trend Micro has added training content to its free Phish Insight tool, originally a simple, cloud-based phishing platform. The new training content comes from partnerships with NINJIO, InfoSec, GoldPhish, and NextTech Security.
Prebuilt, Layered Campaign Kits Make Security Awareness and Training a Low-Effort, High-Value Initiative
Infosec now offers campaign kits through its Infosec IQ product: prebuilt campaigns consisting of layered training materials and implementation recommendations. While many vendors are willing to provide guidance on how you should build and deliver your campaign, these kits from Infosec Institute already have that guidance built in.
Avaya’s newly released firmware addresses a vulnerability that has survived for 10 years in VoIP phone models configured with H.323 signaling.
Apple has delivered a silent update to Macs, rectifying a security flaw in its Zoom web-conferencing service.
Cyberattacks are terrible and require the same dedication to overcome them as would any other disaster response effort. Just like natural disasters, cyberattacks cause millions of dollars in damage, disrupt infrastructure, and impede citizens from their daily lives.
LogPoint, the next generation SIEM, UEBA, and big data analytics company, continues to expand into the global market outside of its European base.
To Combat the Reactive Culture Surrounding New Data Privacy Laws, MediaPRO Releases Training on the CCPA
MediaPRO has taken the lead in the market on offering training around the impending California Consumer Privacy Act (CCPA), a data privacy law set to go into effect on January 1, 2020.
Analysis by Frost & Sullivan recently claimed that the Security Information and Event Management (SIEM) market will grow to $3.23 billion by 2023 as a result of recent advances and greater versatility.
Chronicle’s Backstory marks Google’s first foray into the SIEM industry by introducing a SIEM that claims full data retention “forever.” Organizations must weigh the benefits of Backstory’s cloud-based SIEM against their perceptions of Google’s previous data collection practices.